├── .bazelignore ├── .bazelrc ├── .bazelversion ├── .bcr ├── README.md ├── metadata.template.json ├── presubmit.yml └── source.template.json ├── BUILD.bazel ├── CMakeLists.txt ├── LICENSE ├── MODULE.bazel ├── README.md ├── WORKSPACE ├── WORKSPACE.bzlmod ├── cmake ├── HttpArchive.cmake ├── TinkBuildRules.cmake ├── TinkUtil.cmake └── TinkWorkspace.cmake ├── docs ├── CONTRIBUTING.md └── SECURITY.md ├── examples ├── .bazelrc ├── .bazelversion ├── CMakeLists.txt ├── MODULE.bazel ├── WORKSPACE ├── WORKSPACE.bzlmod ├── aead │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aead_cli.cc │ ├── aead_cli_test.sh │ └── aead_test_keyset.json ├── daead │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── deterministic_aead_cli.cc │ ├── deterministic_aead_cli_test.sh │ └── deterministic_aead_test_keyset.json ├── digital_signatures │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── digital_signature_private_keyset.json │ ├── digital_signature_public_keyset.json │ ├── digital_signatures_cli.cc │ └── digital_signatures_cli_test.sh ├── hybrid_encryption │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── hybrid_cli.cc │ ├── hybrid_cli_test.sh │ └── testdata │ │ ├── BUILD.bazel │ │ ├── hpke_test_private_keyset.json │ │ ├── hpke_test_public_keyset.json │ │ ├── hybrid_test_private_keyset.json │ │ └── hybrid_test_public_keyset.json ├── jwt │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── jwt_generate_public_jwk_set.cc │ ├── jwt_sign.cc │ ├── jwt_signature_cli_test.sh │ ├── jwt_signature_private_keyset.json │ ├── jwt_signature_public_keyset.json │ └── jwt_verify.cc ├── key_derivation │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── key_derivation_cli.cc │ ├── key_derivation_cli_test.sh │ └── keyset.json ├── mac │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── mac_cli.cc │ ├── mac_cli_test.sh │ └── mac_test_keyset.json ├── util │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── util.cc │ └── util.h └── walkthrough │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── create_keyset.cc │ ├── create_keyset.h │ ├── create_keyset_test.cc │ ├── load_cleartext_keyset.cc │ ├── load_cleartext_keyset.h │ ├── load_cleartext_keyset_test.cc │ ├── load_encrypted_keyset.cc │ ├── load_encrypted_keyset.h │ ├── load_encrypted_keyset_test.cc │ ├── obtain_and_use_a_primitive.cc │ ├── obtain_and_use_a_primitive.h │ ├── obtain_and_use_a_primitive_test.cc │ ├── test_util.cc │ ├── test_util.h │ ├── write_cleartext_keyset.cc │ ├── write_cleartext_keyset.h │ ├── write_cleartext_keyset_test.cc │ ├── write_keyset.cc │ ├── write_keyset.h │ └── write_keyset_test.cc ├── extensions.bzl ├── kokoro ├── create_github_release_branch.sh ├── create_github_release_tag.sh ├── gcp_ubuntu │ ├── bazel │ │ └── run_tests.sh │ ├── bazel_fips │ │ └── run_tests.sh │ ├── bzlmod │ │ └── run_tests.sh │ ├── cmake │ │ └── run_tests.sh │ ├── cmake_ccache_update │ │ └── run.sh │ ├── cmake_installed_deps │ │ └── run_tests.sh │ ├── cmake_openssl │ │ └── run_tests.sh │ └── cmake_openssl3 │ │ └── run_tests.sh ├── gcp_windows │ ├── bazel │ │ └── run_tests.bat │ └── cmake │ │ └── run_tests.bat ├── macos_external │ ├── bazel │ │ └── run_tests.sh │ ├── cmake │ │ └── run_tests.sh │ └── cmake_openssl │ │ └── run_tests.sh └── testutils │ ├── BUILD.bazel │ ├── cc_test_container_images.sh │ ├── docker_execute.sh │ ├── github_release_util.sh │ ├── github_release_util_test.sh │ ├── install_openssl.sh │ ├── run_bazel_tests.sh │ ├── run_cmake_tests.sh │ └── test_utils.sh ├── proto ├── BUILD.bazel ├── CMakeLists.txt ├── aes_cmac.proto ├── aes_cmac_prf.proto ├── aes_ctr.proto ├── aes_ctr_hmac_aead.proto ├── aes_ctr_hmac_streaming.proto ├── aes_eax.proto ├── aes_gcm.proto ├── aes_gcm_hkdf_streaming.proto ├── aes_gcm_siv.proto ├── aes_siv.proto ├── chacha20_poly1305.proto ├── common.proto ├── config.proto ├── ecdsa.proto ├── ecies_aead_hkdf.proto ├── ed25519.proto ├── empty.proto ├── experimental │ └── pqcrypto │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── cecpq2_aead_hkdf.proto │ │ ├── dilithium.proto │ │ ├── falcon.proto │ │ ├── ml_kem.proto │ │ └── sphincs.proto ├── hkdf_prf.proto ├── hmac.proto ├── hmac_prf.proto ├── hpke.proto ├── jwt_ecdsa.proto ├── jwt_hmac.proto ├── jwt_rsa_ssa_pkcs1.proto ├── jwt_rsa_ssa_pss.proto ├── kms_aead.proto ├── kms_envelope.proto ├── ml_dsa.proto ├── prf_based_deriver.proto ├── rsa_ssa_pkcs1.proto ├── rsa_ssa_pss.proto ├── slh_dsa.proto ├── test_proto.proto ├── tink.proto ├── x_aes_gcm.proto └── xchacha20_poly1305.proto ├── template_rule.bzl ├── testvectors └── BUILD.bazel ├── third_party ├── BUILD.bazel └── boringssl_fips │ ├── BUILD.bazel │ ├── README.md │ ├── WORKSPACE │ └── boringssl_fips.sh ├── tink ├── BUILD.bazel ├── CMakeLists.txt ├── aead.h ├── aead │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aead_benchmarks.cc │ ├── aead_config.cc │ ├── aead_config.h │ ├── aead_config_test.cc │ ├── aead_factory.cc │ ├── aead_factory.h │ ├── aead_factory_test.cc │ ├── aead_key.h │ ├── aead_key_templates.cc │ ├── aead_key_templates.h │ ├── aead_key_templates_test.cc │ ├── aead_parameters.h │ ├── aead_wrapper.cc │ ├── aead_wrapper.h │ ├── aead_wrapper_test.cc │ ├── aes_ctr_hmac_aead_key.cc │ ├── aes_ctr_hmac_aead_key.h │ ├── aes_ctr_hmac_aead_key_manager.cc │ ├── aes_ctr_hmac_aead_key_manager.h │ ├── aes_ctr_hmac_aead_key_manager_test.cc │ ├── aes_ctr_hmac_aead_key_test.cc │ ├── aes_ctr_hmac_aead_parameters.cc │ ├── aes_ctr_hmac_aead_parameters.h │ ├── aes_ctr_hmac_aead_parameters_test.cc │ ├── aes_ctr_hmac_aead_proto_serialization.h │ ├── aes_ctr_hmac_aead_proto_serialization_test.cc │ ├── aes_eax_key.cc │ ├── aes_eax_key.h │ ├── aes_eax_key_manager.h │ ├── aes_eax_key_manager_test.cc │ ├── aes_eax_key_test.cc │ ├── aes_eax_parameters.cc │ ├── aes_eax_parameters.h │ ├── aes_eax_parameters_test.cc │ ├── aes_eax_proto_serialization.h │ ├── aes_eax_proto_serialization_test.cc │ ├── aes_gcm_key.cc │ ├── aes_gcm_key.h │ ├── aes_gcm_key_manager.h │ ├── aes_gcm_key_manager_test.cc │ ├── aes_gcm_key_test.cc │ ├── aes_gcm_parameters.cc │ ├── aes_gcm_parameters.h │ ├── aes_gcm_parameters_test.cc │ ├── aes_gcm_proto_serialization.h │ ├── aes_gcm_proto_serialization_test.cc │ ├── aes_gcm_siv_key.cc │ ├── aes_gcm_siv_key.h │ ├── aes_gcm_siv_key_manager.h │ ├── aes_gcm_siv_key_manager_test.cc │ ├── aes_gcm_siv_key_test.cc │ ├── aes_gcm_siv_parameters.cc │ ├── aes_gcm_siv_parameters.h │ ├── aes_gcm_siv_parameters_test.cc │ ├── aes_gcm_siv_proto_serialization.h │ ├── aes_gcm_siv_proto_serialization_test.cc │ ├── chacha20_poly1305_key.cc │ ├── chacha20_poly1305_key.h │ ├── chacha20_poly1305_key_test.cc │ ├── chacha20_poly1305_parameters.cc │ ├── chacha20_poly1305_parameters.h │ ├── chacha20_poly1305_parameters_test.cc │ ├── chacha20_poly1305_proto_serialization.h │ ├── chacha20_poly1305_proto_serialization_test.cc │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── cord_aead.h │ ├── cord_aead_wrapper.cc │ ├── cord_aead_wrapper.h │ ├── cord_aead_wrapper_test.cc │ ├── failing_aead.cc │ ├── failing_aead.h │ ├── failing_aead_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── aead_from_zero_copy.cc │ │ ├── aead_from_zero_copy.h │ │ ├── aead_from_zero_copy_test.cc │ │ ├── aead_util.cc │ │ ├── aead_util.h │ │ ├── aead_util_test.cc │ │ ├── aes_ctr_hmac_aead_proto_serialization_impl.cc │ │ ├── aes_ctr_hmac_aead_proto_serialization_impl.h │ │ ├── aes_ctr_hmac_aead_proto_serialization_impl_test.cc │ │ ├── aes_ctr_hmac_proto_structs.cc │ │ ├── aes_ctr_hmac_proto_structs.h │ │ ├── aes_ctr_hmac_proto_structs_test.cc │ │ ├── aes_eax_proto_serialization_impl.cc │ │ ├── aes_eax_proto_serialization_impl.h │ │ ├── aes_eax_proto_serialization_impl_test.cc │ │ ├── aes_gcm_proto_serialization_impl.cc │ │ ├── aes_gcm_proto_serialization_impl.h │ │ ├── aes_gcm_proto_serialization_impl_test.cc │ │ ├── aes_gcm_proto_structs.h │ │ ├── aes_gcm_proto_structs_test.cc │ │ ├── aes_gcm_siv_proto_serialization_impl.cc │ │ ├── aes_gcm_siv_proto_serialization_impl.h │ │ ├── aes_gcm_siv_proto_serialization_impl_test.cc │ │ ├── base_x_aes_gcm.cc │ │ ├── base_x_aes_gcm.h │ │ ├── base_x_aes_gcm_test.cc │ │ ├── chacha20_poly1305_proto_serialization_impl.cc │ │ ├── chacha20_poly1305_proto_serialization_impl.h │ │ ├── chacha20_poly1305_proto_serialization_impl_test.cc │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── cord_aes_gcm_boringssl.cc │ │ ├── cord_aes_gcm_boringssl.h │ │ ├── cord_aes_gcm_boringssl_test.cc │ │ ├── cord_utils.cc │ │ ├── cord_utils.h │ │ ├── cord_utils_test.cc │ │ ├── cord_x_aes_gcm_boringssl.cc │ │ ├── cord_x_aes_gcm_boringssl.h │ │ ├── cord_x_aes_gcm_boringssl_test.cc │ │ ├── key_gen_config_v0.cc │ │ ├── key_gen_config_v0.h │ │ ├── legacy_kms_aead_proto_serialization_impl.cc │ │ ├── legacy_kms_aead_proto_serialization_impl.h │ │ ├── legacy_kms_aead_proto_serialization_impl_test.cc │ │ ├── legacy_kms_envelope_aead_proto_serialization_impl.cc │ │ ├── legacy_kms_envelope_aead_proto_serialization_impl.h │ │ ├── legacy_kms_envelope_aead_proto_serialization_impl_test.cc │ │ ├── mock_zero_copy_aead.h │ │ ├── ssl_aead.cc │ │ ├── ssl_aead.h │ │ ├── ssl_aead_large_inputs_test.cc │ │ ├── ssl_aead_test.cc │ │ ├── wycheproof_aead.cc │ │ ├── wycheproof_aead.h │ │ ├── wycheproof_aead_test.cc │ │ ├── x_aes_gcm_proto_serialization_impl.cc │ │ ├── x_aes_gcm_proto_serialization_impl.h │ │ ├── x_aes_gcm_proto_serialization_impl_test.cc │ │ ├── xchacha20_poly1305_proto_serialization_impl.cc │ │ ├── xchacha20_poly1305_proto_serialization_impl.h │ │ ├── xchacha20_poly1305_proto_serialization_impl_test.cc │ │ ├── xchacha20_poly1305_proto_structs.h │ │ ├── xchacha20_poly1305_proto_structs_test.cc │ │ ├── zero_copy_aead.h │ │ ├── zero_copy_aead_wrapper.cc │ │ ├── zero_copy_aead_wrapper.h │ │ ├── zero_copy_aead_wrapper_test.cc │ │ ├── zero_copy_aes_gcm_boringssl.cc │ │ ├── zero_copy_aes_gcm_boringssl.h │ │ ├── zero_copy_aes_gcm_boringssl_test.cc │ │ ├── zero_copy_x_aes_gcm_boringssl.cc │ │ ├── zero_copy_x_aes_gcm_boringssl.h │ │ └── zero_copy_x_aes_gcm_boringssl_test.cc │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ ├── kms_aead_key_manager.h │ ├── kms_aead_key_manager_test.cc │ ├── kms_envelope_aead.cc │ ├── kms_envelope_aead.h │ ├── kms_envelope_aead_key_manager.cc │ ├── kms_envelope_aead_key_manager.h │ ├── kms_envelope_aead_key_manager_test.cc │ ├── kms_envelope_aead_test.cc │ ├── legacy_kms_aead_key.cc │ ├── legacy_kms_aead_key.h │ ├── legacy_kms_aead_key_test.cc │ ├── legacy_kms_aead_parameters.cc │ ├── legacy_kms_aead_parameters.h │ ├── legacy_kms_aead_parameters_test.cc │ ├── legacy_kms_aead_proto_serialization.h │ ├── legacy_kms_aead_proto_serialization_test.cc │ ├── legacy_kms_envelope_aead_key.cc │ ├── legacy_kms_envelope_aead_key.h │ ├── legacy_kms_envelope_aead_key_test.cc │ ├── legacy_kms_envelope_aead_parameters.cc │ ├── legacy_kms_envelope_aead_parameters.h │ ├── legacy_kms_envelope_aead_parameters_test.cc │ ├── legacy_kms_envelope_aead_proto_serialization.h │ ├── legacy_kms_envelope_aead_proto_serialization_test.cc │ ├── mock_aead.h │ ├── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt │ ├── x_aes_gcm_key.cc │ ├── x_aes_gcm_key.h │ ├── x_aes_gcm_key_manager.cc │ ├── x_aes_gcm_key_manager.h │ ├── x_aes_gcm_key_manager_test.cc │ ├── x_aes_gcm_key_test.cc │ ├── x_aes_gcm_parameters.cc │ ├── x_aes_gcm_parameters.h │ ├── x_aes_gcm_parameters_test.cc │ ├── x_aes_gcm_proto_serialization.h │ ├── x_aes_gcm_proto_serialization_test.cc │ ├── xchacha20_poly1305_key.cc │ ├── xchacha20_poly1305_key.h │ ├── xchacha20_poly1305_key_manager.h │ ├── xchacha20_poly1305_key_manager_test.cc │ ├── xchacha20_poly1305_key_test.cc │ ├── xchacha20_poly1305_parameters.cc │ ├── xchacha20_poly1305_parameters.h │ ├── xchacha20_poly1305_parameters_test.cc │ ├── xchacha20_poly1305_proto_serialization.h │ └── xchacha20_poly1305_proto_serialization_test.cc ├── aead_config.h ├── aead_factory.h ├── aead_key_templates.h ├── big_integer.h ├── binary_keyset_reader.h ├── binary_keyset_writer.h ├── chunked_mac.h ├── cleartext_keyset_handle.h ├── config │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── config_util.cc │ ├── config_util.h │ ├── config_util_test.cc │ ├── fips_140_2.cc │ ├── fips_140_2.h │ ├── fips_140_2_test.cc │ ├── global_registry.cc │ ├── global_registry.h │ ├── global_registry_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt │ ├── key_gen_fips_140_2.cc │ ├── key_gen_fips_140_2.h │ ├── key_gen_fips_140_2_test.cc │ ├── key_gen_v0.cc │ ├── key_gen_v0.h │ ├── tink_config.cc │ ├── tink_config.h │ ├── tink_config_test.cc │ ├── tink_fips.cc │ ├── tink_fips.h │ ├── tink_fips_test.cc │ ├── v0.cc │ ├── v0.h │ └── v0_test.cc ├── configuration.h ├── core │ ├── big_integer.cc │ ├── big_integer_test.cc │ ├── binary_keyset_reader.cc │ ├── binary_keyset_reader_test.cc │ ├── binary_keyset_writer.cc │ ├── binary_keyset_writer_test.cc │ ├── cleartext_keyset_handle.cc │ ├── cleartext_keyset_handle_test.cc │ ├── crypto_format.cc │ ├── crypto_format_test.cc │ ├── ec_point_test.cc │ ├── key_access_test.cc │ ├── key_manager.cc │ ├── key_manager_impl.h │ ├── key_manager_impl_test.cc │ ├── key_manager_test.cc │ ├── key_type_manager.h │ ├── key_type_manager_test.cc │ ├── keyset_handle.cc │ ├── keyset_handle_builder.cc │ ├── keyset_handle_builder_test.cc │ ├── keyset_handle_test.cc │ ├── keyset_manager.cc │ ├── keyset_manager_test.cc │ ├── kms_clients.cc │ ├── kms_clients_test.cc │ ├── partial_key_access_token_test.cc │ ├── primitive_set_test.cc │ ├── private_key_manager_impl.h │ ├── private_key_manager_impl_test.cc │ ├── private_key_type_manager.h │ ├── proto_keyset_format.cc │ ├── proto_keyset_format_test.cc │ ├── proto_parameters_format.cc │ ├── proto_parameters_format_test.cc │ ├── restricted_big_integer.cc │ ├── restricted_big_integer_test.cc │ ├── restricted_data.cc │ ├── restricted_data_test.cc │ ├── template_util.h │ ├── template_util_test.cc │ ├── version.cc │ └── version_test.cc ├── crypto_format.h ├── daead │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aes_siv_key.cc │ ├── aes_siv_key.h │ ├── aes_siv_key_manager.h │ ├── aes_siv_key_manager_test.cc │ ├── aes_siv_key_test.cc │ ├── aes_siv_parameters.cc │ ├── aes_siv_parameters.h │ ├── aes_siv_parameters_test.cc │ ├── aes_siv_proto_serialization.h │ ├── aes_siv_proto_serialization_test.cc │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── deterministic_aead_config.cc │ ├── deterministic_aead_config.h │ ├── deterministic_aead_config_test.cc │ ├── deterministic_aead_factory.cc │ ├── deterministic_aead_factory.h │ ├── deterministic_aead_factory_test.cc │ ├── deterministic_aead_key.h │ ├── deterministic_aead_key_templates.cc │ ├── deterministic_aead_key_templates.h │ ├── deterministic_aead_key_templates_test.cc │ ├── deterministic_aead_parameters.h │ ├── deterministic_aead_wrapper.cc │ ├── deterministic_aead_wrapper.h │ ├── deterministic_aead_wrapper_test.cc │ ├── failing_daead.cc │ ├── failing_daead.h │ ├── failing_daead_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── aes_siv_proto_serialization_impl.cc │ │ ├── aes_siv_proto_serialization_impl.h │ │ ├── aes_siv_proto_serialization_impl_test.cc │ │ ├── aes_siv_proto_structs.h │ │ ├── aes_siv_proto_structs_test.cc │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── key_gen_config_v0.cc │ │ └── key_gen_config_v0.h │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ └── subtle │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── aead_or_daead.cc │ │ ├── aead_or_daead.h │ │ └── aead_or_daead_test.cc ├── deterministic_aead.h ├── deterministic_aead_config.h ├── deterministic_aead_factory.h ├── deterministic_aead_key_templates.h ├── ec_point.h ├── experimental │ ├── kem │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── kem_parameters.h │ │ ├── kem_private_key.h │ │ └── kem_public_key.h │ └── pqcrypto │ │ ├── README.md │ │ ├── kem │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── cecpq2_aead_hkdf_dem_helper.cc │ │ ├── cecpq2_aead_hkdf_dem_helper.h │ │ ├── cecpq2_aead_hkdf_dem_helper_test.cc │ │ ├── cecpq2_aead_hkdf_private_key_manager.cc │ │ ├── cecpq2_aead_hkdf_private_key_manager.h │ │ ├── cecpq2_aead_hkdf_private_key_manager_test.cc │ │ ├── cecpq2_aead_hkdf_public_key_manager.cc │ │ ├── cecpq2_aead_hkdf_public_key_manager.h │ │ ├── cecpq2_aead_hkdf_public_key_manager_test.cc │ │ ├── cecpq2_hybrid_config.cc │ │ ├── cecpq2_hybrid_config.h │ │ ├── cecpq2_hybrid_config_test.cc │ │ ├── cecpq2_hybrid_key_templates.cc │ │ ├── cecpq2_hybrid_key_templates.h │ │ ├── cecpq2_hybrid_key_templates_test.cc │ │ ├── cecpq2_parameters.cc │ │ ├── cecpq2_parameters.h │ │ ├── cecpq2_parameters_test.cc │ │ ├── cecpq2_private_key.cc │ │ ├── cecpq2_private_key.h │ │ ├── cecpq2_private_key_test.cc │ │ ├── cecpq2_proto_serialization.h │ │ ├── cecpq2_proto_serialization_test.cc │ │ ├── cecpq2_public_key.cc │ │ ├── cecpq2_public_key.h │ │ ├── cecpq2_public_key_test.cc │ │ ├── internal │ │ │ ├── BUILD.bazel │ │ │ ├── CMakeLists.txt │ │ │ ├── cecpq2_proto_serialization_impl.cc │ │ │ ├── cecpq2_proto_serialization_impl.h │ │ │ ├── cecpq2_proto_serialization_impl_test.cc │ │ │ ├── ml_kem_decapsulate_aes_gcm.cc │ │ │ ├── ml_kem_decapsulate_aes_gcm.h │ │ │ ├── ml_kem_decapsulate_aes_gcm_test.cc │ │ │ ├── ml_kem_encapsulate_aes_gcm.cc │ │ │ ├── ml_kem_encapsulate_aes_gcm.h │ │ │ ├── ml_kem_encapsulate_aes_gcm_test.cc │ │ │ ├── ml_kem_raw_decapsulate_boringssl.cc │ │ │ ├── ml_kem_raw_decapsulate_boringssl.h │ │ │ ├── ml_kem_raw_decapsulate_boringssl_test.cc │ │ │ ├── ml_kem_raw_encapsulate_boringssl.cc │ │ │ ├── ml_kem_raw_encapsulate_boringssl.h │ │ │ ├── ml_kem_raw_encapsulate_boringssl_test.cc │ │ │ ├── ml_kem_test_util.cc │ │ │ ├── ml_kem_test_util.h │ │ │ └── ml_kem_test_util_test.cc │ │ ├── ml_kem_parameters.cc │ │ ├── ml_kem_parameters.h │ │ ├── ml_kem_parameters_test.cc │ │ ├── ml_kem_private_key.cc │ │ ├── ml_kem_private_key.h │ │ ├── ml_kem_private_key_test.cc │ │ ├── ml_kem_proto_serialization.cc │ │ ├── ml_kem_proto_serialization.h │ │ ├── ml_kem_proto_serialization_test.cc │ │ ├── ml_kem_public_key.cc │ │ ├── ml_kem_public_key.h │ │ ├── ml_kem_public_key_test.cc │ │ ├── subtle │ │ │ ├── BUILD.bazel │ │ │ ├── cecpq2_aead_hkdf_hybrid_decrypt.cc │ │ │ ├── cecpq2_aead_hkdf_hybrid_decrypt.h │ │ │ ├── cecpq2_aead_hkdf_hybrid_decrypt_test.cc │ │ │ ├── cecpq2_aead_hkdf_hybrid_encrypt.cc │ │ │ ├── cecpq2_aead_hkdf_hybrid_encrypt.h │ │ │ ├── cecpq2_aead_hkdf_hybrid_encrypt_test.cc │ │ │ ├── cecpq2_hkdf_recipient_kem_boringssl.cc │ │ │ ├── cecpq2_hkdf_recipient_kem_boringssl.h │ │ │ ├── cecpq2_hkdf_recipient_kem_boringssl_test.cc │ │ │ ├── cecpq2_hkdf_sender_kem_boringssl.cc │ │ │ ├── cecpq2_hkdf_sender_kem_boringssl.h │ │ │ ├── cecpq2_hkdf_sender_kem_boringssl_test.cc │ │ │ ├── cecpq2_subtle_boringssl_util.cc │ │ │ ├── cecpq2_subtle_boringssl_util.h │ │ │ └── cecpq2_subtle_boringssl_util_test.cc │ │ └── util │ │ │ ├── BUILD.bazel │ │ │ ├── test_util.cc │ │ │ ├── test_util.h │ │ │ └── test_util_test.cc │ │ ├── proto │ │ └── BUILD.bazel │ │ └── signature │ │ ├── dilithium_key_template.cc │ │ ├── dilithium_key_template.h │ │ ├── dilithium_key_template_test.cc │ │ ├── dilithium_sign_key_manager.cc │ │ ├── dilithium_sign_key_manager.h │ │ ├── dilithium_sign_key_manager_test.cc │ │ ├── dilithium_verify_key_manager.cc │ │ ├── dilithium_verify_key_manager.h │ │ ├── dilithium_verify_key_manager_test.cc │ │ ├── falcon_key_template.cc │ │ ├── falcon_key_template.h │ │ ├── falcon_key_template_test.cc │ │ ├── falcon_sign_key_manager.cc │ │ ├── falcon_sign_key_manager.h │ │ ├── falcon_sign_key_manager_test.cc │ │ ├── falcon_verify_key_manager.cc │ │ ├── falcon_verify_key_manager.h │ │ ├── falcon_verify_key_manager_test.cc │ │ ├── signature_config.cc │ │ ├── signature_config.h │ │ ├── signature_config_test.cc │ │ ├── signature_config_util_test.cc │ │ ├── sphincs_key_template.cc │ │ ├── sphincs_key_template.h │ │ ├── sphincs_key_template_test.cc │ │ ├── sphincs_sign_key_manager.cc │ │ ├── sphincs_sign_key_manager.h │ │ ├── sphincs_sign_key_manager_test.cc │ │ ├── sphincs_verify_key_manager.cc │ │ ├── sphincs_verify_key_manager.h │ │ ├── sphincs_verify_key_manager_test.cc │ │ ├── subtle │ │ ├── dilithium_avx2_sign.cc │ │ ├── dilithium_avx2_sign.h │ │ ├── dilithium_avx2_sign_test.cc │ │ ├── dilithium_avx2_verify.cc │ │ ├── dilithium_avx2_verify.h │ │ ├── dilithium_avx2_verify_test.cc │ │ ├── dilithium_key.cc │ │ ├── dilithium_key.h │ │ ├── dilithium_key_test.cc │ │ ├── falcon_sign.cc │ │ ├── falcon_sign.h │ │ ├── falcon_sign_test.cc │ │ ├── falcon_subtle_utils.cc │ │ ├── falcon_subtle_utils.h │ │ ├── falcon_subtle_utils_test.cc │ │ ├── falcon_verify.cc │ │ ├── falcon_verify.h │ │ ├── falcon_verify_test.cc │ │ ├── sphincs_helper_pqclean.cc │ │ ├── sphincs_helper_pqclean.h │ │ ├── sphincs_sign.cc │ │ ├── sphincs_sign.h │ │ ├── sphincs_sign_test.cc │ │ ├── sphincs_subtle_utils.cc │ │ ├── sphincs_subtle_utils.h │ │ ├── sphincs_subtle_utils_test.cc │ │ ├── sphincs_verify.cc │ │ ├── sphincs_verify.h │ │ └── sphincs_verify_test.cc │ │ └── util │ │ ├── enums.cc │ │ ├── enums.h │ │ └── enums_test.cc ├── exported_symbols.lds ├── hybrid │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── ecies_aead_hkdf_hybrid_decrypt.cc │ ├── ecies_aead_hkdf_hybrid_decrypt.h │ ├── ecies_aead_hkdf_hybrid_decrypt_test.cc │ ├── ecies_aead_hkdf_hybrid_encrypt.cc │ ├── ecies_aead_hkdf_hybrid_encrypt.h │ ├── ecies_aead_hkdf_hybrid_encrypt_test.cc │ ├── ecies_aead_hkdf_private_key_manager.cc │ ├── ecies_aead_hkdf_private_key_manager.h │ ├── ecies_aead_hkdf_private_key_manager_test.cc │ ├── ecies_aead_hkdf_public_key_manager.cc │ ├── ecies_aead_hkdf_public_key_manager.h │ ├── ecies_aead_hkdf_public_key_manager_test.cc │ ├── ecies_parameters.cc │ ├── ecies_parameters.h │ ├── ecies_parameters_test.cc │ ├── ecies_private_key.cc │ ├── ecies_private_key.h │ ├── ecies_private_key_test.cc │ ├── ecies_proto_serialization.cc │ ├── ecies_proto_serialization.h │ ├── ecies_proto_serialization_test.cc │ ├── ecies_public_key.cc │ ├── ecies_public_key.h │ ├── ecies_public_key_test.cc │ ├── failing_hybrid.cc │ ├── failing_hybrid.h │ ├── failing_hybrid_test.cc │ ├── hpke_config.cc │ ├── hpke_config.h │ ├── hpke_config_test.cc │ ├── hpke_parameters.cc │ ├── hpke_parameters.h │ ├── hpke_parameters_test.cc │ ├── hpke_private_key.cc │ ├── hpke_private_key.h │ ├── hpke_private_key_test.cc │ ├── hpke_proto_serialization.cc │ ├── hpke_proto_serialization.h │ ├── hpke_proto_serialization_test.cc │ ├── hpke_public_key.cc │ ├── hpke_public_key.h │ ├── hpke_public_key_test.cc │ ├── hybrid_config.cc │ ├── hybrid_config.h │ ├── hybrid_config_test.cc │ ├── hybrid_decrypt_factory.cc │ ├── hybrid_decrypt_factory.h │ ├── hybrid_decrypt_factory_test.cc │ ├── hybrid_decrypt_wrapper.cc │ ├── hybrid_decrypt_wrapper.h │ ├── hybrid_decrypt_wrapper_test.cc │ ├── hybrid_encrypt_factory.cc │ ├── hybrid_encrypt_factory.h │ ├── hybrid_encrypt_factory_test.cc │ ├── hybrid_encrypt_wrapper.cc │ ├── hybrid_encrypt_wrapper.h │ ├── hybrid_encrypt_wrapper_test.cc │ ├── hybrid_key_templates.cc │ ├── hybrid_key_templates.h │ ├── hybrid_key_templates_test.cc │ ├── hybrid_parameters.h │ ├── hybrid_private_key.h │ ├── hybrid_public_key.h │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── ecies_aead_hkdf_dem_helper.cc │ │ ├── ecies_aead_hkdf_dem_helper.h │ │ ├── ecies_aead_hkdf_dem_helper_test.cc │ │ ├── hpke_context.cc │ │ ├── hpke_context.h │ │ ├── hpke_context_boringssl.cc │ │ ├── hpke_context_boringssl.h │ │ ├── hpke_context_boringssl_test.cc │ │ ├── hpke_context_test.cc │ │ ├── hpke_decrypt.cc │ │ ├── hpke_decrypt.h │ │ ├── hpke_decrypt_test.cc │ │ ├── hpke_encrypt.cc │ │ ├── hpke_encrypt.h │ │ ├── hpke_encrypt_test.cc │ │ ├── hpke_key_manager_util.cc │ │ ├── hpke_key_manager_util.h │ │ ├── hpke_key_manager_util_test.cc │ │ ├── hpke_private_key_manager.cc │ │ ├── hpke_private_key_manager.h │ │ ├── hpke_private_key_manager_test.cc │ │ ├── hpke_public_key_manager.cc │ │ ├── hpke_public_key_manager.h │ │ ├── hpke_public_key_manager_test.cc │ │ ├── hpke_test_util.cc │ │ ├── hpke_test_util.h │ │ ├── hpke_util.cc │ │ ├── hpke_util.h │ │ ├── hpke_util_boringssl.cc │ │ ├── hpke_util_boringssl.h │ │ ├── hpke_util_boringssl_test.cc │ │ ├── hpke_util_test.cc │ │ ├── key_gen_config_v0.cc │ │ ├── key_gen_config_v0.h │ │ ├── test_hpke_context_boringssl.cc │ │ ├── test_hpke_context_boringssl.h │ │ └── testing │ │ │ ├── BUILD.bazel │ │ │ ├── CMakeLists.txt │ │ │ ├── ecies_aead_hkdf_test_vectors.cc │ │ │ ├── ecies_aead_hkdf_test_vectors.h │ │ │ ├── hpke_test_vectors.cc │ │ │ ├── hpke_test_vectors.h │ │ │ └── hybrid_test_vectors.h │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ └── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt ├── hybrid_config.h ├── hybrid_decrypt.h ├── hybrid_decrypt_factory.h ├── hybrid_encrypt.h ├── hybrid_encrypt_factory.h ├── hybrid_key_templates.h ├── input_stream.h ├── insecure_secret_key_access.h ├── internal │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aes_util.cc │ ├── aes_util.h │ ├── aes_util_test.cc │ ├── bn_encoding_util.cc │ ├── bn_encoding_util.h │ ├── bn_encoding_util_test.cc │ ├── bn_util.cc │ ├── bn_util.h │ ├── bn_util_test.cc │ ├── call_with_core_dump_protection.h │ ├── call_with_core_dump_protection_test.cc │ ├── common_proto_enums.h │ ├── configuration_helper.h │ ├── configuration_impl.h │ ├── configuration_impl_test.cc │ ├── dfsan_forwarders.h │ ├── ec_util.cc │ ├── ec_util.h │ ├── ec_util_test.cc │ ├── endian.h │ ├── endian_test.cc │ ├── err_util.cc │ ├── err_util.h │ ├── err_util_test.cc │ ├── fips_utils.cc │ ├── fips_utils.h │ ├── fips_utils_test.cc │ ├── global_serialization_registry.cc │ ├── global_serialization_registry.h │ ├── global_serialization_registry_test.cc │ ├── internal_insecure_secret_key_access.cc │ ├── internal_insecure_secret_key_access.h │ ├── key_gen_configuration_impl.h │ ├── key_gen_configuration_impl_test.cc │ ├── key_info.cc │ ├── key_info.h │ ├── key_info_test.cc │ ├── key_parser.h │ ├── key_parser_test.cc │ ├── key_serializer.h │ ├── key_serializer_test.cc │ ├── key_status_util.cc │ ├── key_status_util.h │ ├── key_status_util_test.cc │ ├── key_type_info_store.cc │ ├── key_type_info_store.h │ ├── key_type_info_store_test.cc │ ├── keyset_handle_builder_entry.cc │ ├── keyset_handle_builder_entry.h │ ├── keyset_handle_builder_entry_test.cc │ ├── keyset_wrapper.h │ ├── keyset_wrapper_impl.h │ ├── keyset_wrapper_impl_test.cc │ ├── keyset_wrapper_store.h │ ├── keyset_wrapper_store_test.cc │ ├── legacy_proto_key.cc │ ├── legacy_proto_key.h │ ├── legacy_proto_key_test.cc │ ├── legacy_proto_parameters.cc │ ├── legacy_proto_parameters.h │ ├── legacy_proto_parameters_test.cc │ ├── md_util.cc │ ├── md_util.h │ ├── md_util_test.cc │ ├── monitoring.h │ ├── monitoring_client_mocks.h │ ├── monitoring_util.h │ ├── monitoring_util_test.cc │ ├── mutable_serialization_registry.cc │ ├── mutable_serialization_registry.h │ ├── mutable_serialization_registry_test.cc │ ├── output_prefix_util.h │ ├── output_prefix_util_test.cc │ ├── parameters_parser.h │ ├── parameters_parser_test.cc │ ├── parameters_serializer.h │ ├── parameters_serializer_test.cc │ ├── parser_index.h │ ├── parser_index_test.cc │ ├── proto_key_serialization.cc │ ├── proto_key_serialization.h │ ├── proto_key_serialization_test.cc │ ├── proto_parameters_serialization.cc │ ├── proto_parameters_serialization.h │ ├── proto_parameters_serialization_test.cc │ ├── proto_parser.h │ ├── proto_parser_enum_field.h │ ├── proto_parser_enum_field_test.cc │ ├── proto_parser_fields.cc │ ├── proto_parser_fields.h │ ├── proto_parser_fields_test.cc │ ├── proto_parser_message_field.h │ ├── proto_parser_message_field_test.cc │ ├── proto_parser_message_field_with_presence.h │ ├── proto_parser_message_field_with_presence_test.cc │ ├── proto_parser_options.h │ ├── proto_parser_presence_fields.h │ ├── proto_parser_presence_fields_test.cc │ ├── proto_parser_repeated_secret_data_field.h │ ├── proto_parser_repeated_secret_data_field_test.cc │ ├── proto_parser_secret_data_field.h │ ├── proto_parser_secret_data_field_test.cc │ ├── proto_parser_state.cc │ ├── proto_parser_state.h │ ├── proto_parser_state_test.cc │ ├── proto_parser_test.cc │ ├── proto_parser_uint64_field.h │ ├── proto_parser_uint64_field_test.cc │ ├── proto_parsing_helpers.cc │ ├── proto_parsing_helpers.h │ ├── proto_parsing_helpers_test.cc │ ├── proto_parsing_low_level_parser.h │ ├── proto_parsing_low_level_parser_test.cc │ ├── proto_test_proto.proto │ ├── registry_impl.cc │ ├── registry_impl.h │ ├── registry_impl_test.cc │ ├── rsa_util.cc │ ├── rsa_util.h │ ├── rsa_util_test.cc │ ├── safe_stringops.h │ ├── safe_stringops_test.cc │ ├── sanitizing_allocator.h │ ├── sanitizing_allocator_test.cc │ ├── secret_buffer.h │ ├── secret_buffer_test.cc │ ├── serialization.h │ ├── serialization_registry.cc │ ├── serialization_registry.h │ ├── serialization_registry_test.cc │ ├── serialization_test_util.h │ ├── serialization_test_util_test.cc │ ├── serializer_index.h │ ├── serializer_index_test.cc │ ├── ssl_unique_ptr.h │ ├── ssl_util.h │ ├── test_file_util.cc │ ├── test_file_util.h │ ├── test_file_util_bazel.cc │ ├── test_file_util_cmake.cc │ ├── test_random_access_stream.cc │ ├── test_random_access_stream.h │ ├── test_random_access_stream_test.cc │ ├── testing │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── equals_proto_key_serialization.h │ │ ├── equals_proto_key_serialization_test.cc │ │ ├── field_with_number.cc │ │ ├── field_with_number.h │ │ ├── field_with_number_test.cc │ │ ├── wycheproof_util.cc │ │ ├── wycheproof_util.h │ │ └── wycheproof_util_test.cc │ ├── tink_proto_structs.cc │ ├── tink_proto_structs.h │ ├── tink_proto_structs_test.cc │ ├── util.cc │ ├── util.h │ └── util_test.cc ├── json │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── tink_type_resolver.cc │ │ ├── tink_type_resolver.h │ │ └── tink_type_resolver_test.cc │ ├── json_keyset_reader.cc │ ├── json_keyset_reader.h │ ├── json_keyset_reader_test.cc │ ├── json_keyset_writer.cc │ ├── json_keyset_writer.h │ ├── json_keyset_writer_test.cc │ ├── json_proto_keyset_format.cc │ ├── json_proto_keyset_format.h │ └── json_proto_keyset_format_test.cc ├── json_keyset_reader.h ├── json_keyset_writer.h ├── jwt │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── json_util.cc │ │ ├── json_util.h │ │ ├── json_util_test.cc │ │ ├── jwt_ecdsa_sign_key_manager.cc │ │ ├── jwt_ecdsa_sign_key_manager.h │ │ ├── jwt_ecdsa_sign_verify_key_manager_test.cc │ │ ├── jwt_ecdsa_verify_key_manager.cc │ │ ├── jwt_ecdsa_verify_key_manager.h │ │ ├── jwt_format.cc │ │ ├── jwt_format.h │ │ ├── jwt_format_test.cc │ │ ├── jwt_hmac_key_manager.cc │ │ ├── jwt_hmac_key_manager.h │ │ ├── jwt_hmac_key_manager_test.cc │ │ ├── jwt_mac_config_v0.cc │ │ ├── jwt_mac_config_v0.h │ │ ├── jwt_mac_config_v0_test.cc │ │ ├── jwt_mac_impl.cc │ │ ├── jwt_mac_impl.h │ │ ├── jwt_mac_impl_test.cc │ │ ├── jwt_mac_internal.h │ │ ├── jwt_mac_key_gen_config_v0.cc │ │ ├── jwt_mac_key_gen_config_v0.h │ │ ├── jwt_mac_wrapper.cc │ │ ├── jwt_mac_wrapper.h │ │ ├── jwt_mac_wrapper_test.cc │ │ ├── jwt_public_key_sign_impl.cc │ │ ├── jwt_public_key_sign_impl.h │ │ ├── jwt_public_key_sign_internal.h │ │ ├── jwt_public_key_sign_verify_impl_test.cc │ │ ├── jwt_public_key_sign_wrapper.cc │ │ ├── jwt_public_key_sign_wrapper.h │ │ ├── jwt_public_key_verify_impl.cc │ │ ├── jwt_public_key_verify_impl.h │ │ ├── jwt_public_key_verify_internal.h │ │ ├── jwt_public_key_verify_wrapper.cc │ │ ├── jwt_public_key_verify_wrapper.h │ │ ├── jwt_public_key_wrappers_test.cc │ │ ├── jwt_rsa_ssa_pkcs1_sign_key_manager.cc │ │ ├── jwt_rsa_ssa_pkcs1_sign_key_manager.h │ │ ├── jwt_rsa_ssa_pkcs1_sign_verify_key_manager_test.cc │ │ ├── jwt_rsa_ssa_pkcs1_verify_key_manager.cc │ │ ├── jwt_rsa_ssa_pkcs1_verify_key_manager.h │ │ ├── jwt_rsa_ssa_pss_sign_key_manager.cc │ │ ├── jwt_rsa_ssa_pss_sign_key_manager.h │ │ ├── jwt_rsa_ssa_pss_sign_verify_key_manager_test.cc │ │ ├── jwt_rsa_ssa_pss_verify_key_manager.cc │ │ ├── jwt_rsa_ssa_pss_verify_key_manager.h │ │ ├── jwt_signature_config_v0.cc │ │ ├── jwt_signature_config_v0.h │ │ ├── jwt_signature_config_v0_test.cc │ │ ├── jwt_signature_key_gen_config_v0.cc │ │ ├── jwt_signature_key_gen_config_v0.h │ │ ├── raw_jwt_ecdsa_sign_key_manager.cc │ │ ├── raw_jwt_ecdsa_sign_key_manager.h │ │ ├── raw_jwt_ecdsa_sign_key_manager_test.cc │ │ ├── raw_jwt_ecdsa_verify_key_manager.cc │ │ ├── raw_jwt_ecdsa_verify_key_manager.h │ │ ├── raw_jwt_ecdsa_verify_key_manager_test.cc │ │ ├── raw_jwt_hmac_key_manager.cc │ │ ├── raw_jwt_hmac_key_manager.h │ │ ├── raw_jwt_hmac_key_manager_test.cc │ │ ├── raw_jwt_rsa_ssa_pkcs1_sign_key_manager.cc │ │ ├── raw_jwt_rsa_ssa_pkcs1_sign_key_manager.h │ │ ├── raw_jwt_rsa_ssa_pkcs1_sign_key_manager_test.cc │ │ ├── raw_jwt_rsa_ssa_pkcs1_verify_key_manager.cc │ │ ├── raw_jwt_rsa_ssa_pkcs1_verify_key_manager.h │ │ ├── raw_jwt_rsa_ssa_pkcs1_verify_key_manager_test.cc │ │ ├── raw_jwt_rsa_ssa_pss_sign_key_manager.cc │ │ ├── raw_jwt_rsa_ssa_pss_sign_key_manager.h │ │ ├── raw_jwt_rsa_ssa_pss_sign_key_manager_test.cc │ │ ├── raw_jwt_rsa_ssa_pss_verify_key_manager.cc │ │ ├── raw_jwt_rsa_ssa_pss_verify_key_manager.h │ │ └── raw_jwt_rsa_ssa_pss_verify_key_manager_test.cc │ ├── jwk_set_converter.cc │ ├── jwk_set_converter.h │ ├── jwk_set_converter_test.cc │ ├── jwt_ecdsa_parameters.cc │ ├── jwt_ecdsa_parameters.h │ ├── jwt_ecdsa_parameters_test.cc │ ├── jwt_ecdsa_private_key.cc │ ├── jwt_ecdsa_private_key.h │ ├── jwt_ecdsa_private_key_test.cc │ ├── jwt_ecdsa_proto_serialization.cc │ ├── jwt_ecdsa_proto_serialization.h │ ├── jwt_ecdsa_proto_serialization_test.cc │ ├── jwt_ecdsa_public_key.cc │ ├── jwt_ecdsa_public_key.h │ ├── jwt_ecdsa_public_key_test.cc │ ├── jwt_hmac_key.cc │ ├── jwt_hmac_key.h │ ├── jwt_hmac_key_test.cc │ ├── jwt_hmac_parameters.cc │ ├── jwt_hmac_parameters.h │ ├── jwt_hmac_parameters_test.cc │ ├── jwt_hmac_proto_serialization.cc │ ├── jwt_hmac_proto_serialization.h │ ├── jwt_hmac_proto_serialization_test.cc │ ├── jwt_key_templates.cc │ ├── jwt_key_templates.h │ ├── jwt_key_templates_test.cc │ ├── jwt_mac.h │ ├── jwt_mac_config.cc │ ├── jwt_mac_config.h │ ├── jwt_mac_config_test.cc │ ├── jwt_mac_config_v0.cc │ ├── jwt_mac_config_v0.h │ ├── jwt_mac_config_v0_test.cc │ ├── jwt_mac_key.h │ ├── jwt_mac_key_gen_config_v0.cc │ ├── jwt_mac_key_gen_config_v0.h │ ├── jwt_mac_parameters.h │ ├── jwt_public_key_sign.h │ ├── jwt_public_key_verify.h │ ├── jwt_rsa_ssa_pkcs1_parameters.cc │ ├── jwt_rsa_ssa_pkcs1_parameters.h │ ├── jwt_rsa_ssa_pkcs1_parameters_test.cc │ ├── jwt_rsa_ssa_pkcs1_private_key.cc │ ├── jwt_rsa_ssa_pkcs1_private_key.h │ ├── jwt_rsa_ssa_pkcs1_private_key_test.cc │ ├── jwt_rsa_ssa_pkcs1_proto_serialization.cc │ ├── jwt_rsa_ssa_pkcs1_proto_serialization.h │ ├── jwt_rsa_ssa_pkcs1_proto_serialization_test.cc │ ├── jwt_rsa_ssa_pkcs1_public_key.cc │ ├── jwt_rsa_ssa_pkcs1_public_key.h │ ├── jwt_rsa_ssa_pkcs1_public_key_test.cc │ ├── jwt_rsa_ssa_pss_parameters.cc │ ├── jwt_rsa_ssa_pss_parameters.h │ ├── jwt_rsa_ssa_pss_parameters_test.cc │ ├── jwt_rsa_ssa_pss_private_key.cc │ ├── jwt_rsa_ssa_pss_private_key.h │ ├── jwt_rsa_ssa_pss_private_key_test.cc │ ├── jwt_rsa_ssa_pss_proto_serialization.cc │ ├── jwt_rsa_ssa_pss_proto_serialization.h │ ├── jwt_rsa_ssa_pss_proto_serialization_test.cc │ ├── jwt_rsa_ssa_pss_public_key.cc │ ├── jwt_rsa_ssa_pss_public_key.h │ ├── jwt_rsa_ssa_pss_public_key_test.cc │ ├── jwt_signature_config.cc │ ├── jwt_signature_config.h │ ├── jwt_signature_config_test.cc │ ├── jwt_signature_config_v0.cc │ ├── jwt_signature_config_v0.h │ ├── jwt_signature_config_v0_test.cc │ ├── jwt_signature_key_gen_config_v0.cc │ ├── jwt_signature_key_gen_config_v0.h │ ├── jwt_signature_parameters.h │ ├── jwt_signature_private_key.h │ ├── jwt_signature_public_key.h │ ├── jwt_validator.cc │ ├── jwt_validator.h │ ├── jwt_validator_test.cc │ ├── raw_jwt.cc │ ├── raw_jwt.h │ ├── raw_jwt_test.cc │ ├── verified_jwt.cc │ ├── verified_jwt.h │ └── verified_jwt_test.cc ├── kem │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── kem_decapsulate_wrapper.cc │ │ ├── kem_decapsulate_wrapper.h │ │ ├── kem_decapsulate_wrapper_test.cc │ │ ├── kem_encapsulate_wrapper.cc │ │ ├── kem_encapsulate_wrapper.h │ │ ├── kem_encapsulate_wrapper_test.cc │ │ ├── raw_kem_decapsulate.h │ │ └── raw_kem_encapsulate.h │ ├── kem_decapsulate.h │ └── kem_encapsulate.h ├── key.h ├── key_access.h ├── key_gen_configuration.h ├── key_manager.h ├── key_status.h ├── keyderivation │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── config_prf_for_deriver.h │ │ ├── config_prf_for_deriver_test.cc │ │ ├── key_derivers.cc │ │ ├── key_derivers.h │ │ ├── key_derivers_test.cc │ │ ├── prf_based_deriver.cc │ │ ├── prf_based_deriver.h │ │ ├── prf_based_deriver_key_manager.h │ │ ├── prf_based_deriver_key_manager_test.cc │ │ ├── prf_based_deriver_test.cc │ │ ├── prf_based_key_derivation_proto_serialization_impl.cc │ │ ├── prf_based_key_derivation_proto_serialization_impl.h │ │ └── prf_based_key_derivation_proto_serialization_impl_test.cc │ ├── key_derivation_config.cc │ ├── key_derivation_config.h │ ├── key_derivation_config_test.cc │ ├── key_derivation_key.h │ ├── key_derivation_key_templates.cc │ ├── key_derivation_key_templates.h │ ├── key_derivation_key_templates_test.cc │ ├── key_derivation_parameters.h │ ├── keyset_deriver.h │ ├── keyset_deriver_test.cc │ ├── keyset_deriver_wrapper.cc │ ├── keyset_deriver_wrapper.h │ ├── keyset_deriver_wrapper_test.cc │ ├── prf_based_key_derivation_key.cc │ ├── prf_based_key_derivation_key.h │ ├── prf_based_key_derivation_key_test.cc │ ├── prf_based_key_derivation_parameters.cc │ ├── prf_based_key_derivation_parameters.h │ ├── prf_based_key_derivation_parameters_test.cc │ ├── prf_based_key_derivation_proto_serialization.h │ ├── prf_based_key_derivation_proto_serialization_test.cc │ └── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt ├── keyset_handle.h ├── keyset_handle_builder.h ├── keyset_manager.h ├── keyset_reader.h ├── keyset_writer.h ├── kms_client.h ├── kms_clients.h ├── mac.h ├── mac │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aes_cmac_key.cc │ ├── aes_cmac_key.h │ ├── aes_cmac_key_manager.h │ ├── aes_cmac_key_manager_test.cc │ ├── aes_cmac_key_test.cc │ ├── aes_cmac_parameters.cc │ ├── aes_cmac_parameters.h │ ├── aes_cmac_parameters_test.cc │ ├── aes_cmac_proto_serialization.h │ ├── aes_cmac_proto_serialization_test.cc │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── failing_mac.cc │ ├── failing_mac.h │ ├── failing_mac_test.cc │ ├── hmac_key.cc │ ├── hmac_key.h │ ├── hmac_key_manager.cc │ ├── hmac_key_manager.h │ ├── hmac_key_manager_test.cc │ ├── hmac_key_test.cc │ ├── hmac_parameters.cc │ ├── hmac_parameters.h │ ├── hmac_parameters_test.cc │ ├── hmac_proto_serialization.h │ ├── hmac_proto_serialization_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── aes_cmac_proto_serialization_impl.cc │ │ ├── aes_cmac_proto_serialization_impl.h │ │ ├── aes_cmac_proto_serialization_impl_test.cc │ │ ├── chunked_mac_impl.cc │ │ ├── chunked_mac_impl.h │ │ ├── chunked_mac_impl_test.cc │ │ ├── chunked_mac_test.cc │ │ ├── chunked_mac_wrapper.cc │ │ ├── chunked_mac_wrapper.h │ │ ├── chunked_mac_wrapper_test.cc │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── hmac_proto_serialization_impl.cc │ │ ├── hmac_proto_serialization_impl.h │ │ ├── hmac_proto_serialization_impl_test.cc │ │ ├── hmac_proto_structs.h │ │ ├── hmac_proto_structs_test.cc │ │ ├── key_gen_config_v0.cc │ │ ├── key_gen_config_v0.h │ │ ├── stateful_cmac_boringssl.cc │ │ ├── stateful_cmac_boringssl.h │ │ ├── stateful_cmac_boringssl_test.cc │ │ ├── stateful_hmac_boringssl.cc │ │ ├── stateful_hmac_boringssl.h │ │ ├── stateful_hmac_boringssl_test.cc │ │ └── stateful_mac.h │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ ├── mac_config.cc │ ├── mac_config.h │ ├── mac_config_test.cc │ ├── mac_factory.cc │ ├── mac_factory.h │ ├── mac_factory_test.cc │ ├── mac_key.h │ ├── mac_key_templates.cc │ ├── mac_key_templates.h │ ├── mac_key_templates_test.cc │ ├── mac_parameters.h │ ├── mac_wrapper.cc │ ├── mac_wrapper.h │ ├── mac_wrapper_test.cc │ └── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt ├── mac_config.h ├── mac_factory.h ├── mac_key_templates.h ├── output_stream.h ├── output_stream_with_result.h ├── parameters.h ├── partial_key_access.h ├── partial_key_access_token.h ├── prf │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aes_cmac_prf_key.cc │ ├── aes_cmac_prf_key.h │ ├── aes_cmac_prf_key_manager.h │ ├── aes_cmac_prf_key_manager_test.cc │ ├── aes_cmac_prf_key_test.cc │ ├── aes_cmac_prf_parameters.cc │ ├── aes_cmac_prf_parameters.h │ ├── aes_cmac_prf_parameters_test.cc │ ├── aes_cmac_prf_proto_serialization.h │ ├── aes_cmac_prf_proto_serialization_test.cc │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── failing_prfset.cc │ ├── failing_prfset.h │ ├── failing_prfset_test.cc │ ├── hkdf_prf_key.cc │ ├── hkdf_prf_key.h │ ├── hkdf_prf_key_manager.h │ ├── hkdf_prf_key_manager_test.cc │ ├── hkdf_prf_key_test.cc │ ├── hkdf_prf_parameters.cc │ ├── hkdf_prf_parameters.h │ ├── hkdf_prf_parameters_test.cc │ ├── hkdf_prf_proto_serialization.h │ ├── hkdf_prf_proto_serialization_test.cc │ ├── hmac_prf_key.cc │ ├── hmac_prf_key.h │ ├── hmac_prf_key_manager.cc │ ├── hmac_prf_key_manager.h │ ├── hmac_prf_key_manager_test.cc │ ├── hmac_prf_key_test.cc │ ├── hmac_prf_parameters.cc │ ├── hmac_prf_parameters.h │ ├── hmac_prf_parameters_test.cc │ ├── hmac_prf_proto_serialization.h │ ├── hmac_prf_proto_serialization_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── aes_cmac_prf_proto_serialization_impl.cc │ │ ├── aes_cmac_prf_proto_serialization_impl.h │ │ ├── aes_cmac_prf_proto_serialization_impl_test.cc │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── hkdf_prf_proto_serialization_impl.cc │ │ ├── hkdf_prf_proto_serialization_impl.h │ │ ├── hkdf_prf_proto_serialization_impl_test.cc │ │ ├── hmac_prf_proto_serialization_impl.cc │ │ ├── hmac_prf_proto_serialization_impl.h │ │ ├── hmac_prf_proto_serialization_impl_test.cc │ │ ├── key_gen_config_v0.cc │ │ └── key_gen_config_v0.h │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ ├── prf_config.cc │ ├── prf_config.h │ ├── prf_config_test.cc │ ├── prf_key.h │ ├── prf_key_templates.cc │ ├── prf_key_templates.h │ ├── prf_key_templates_test.cc │ ├── prf_parameters.h │ ├── prf_set.cc │ ├── prf_set.h │ ├── prf_set_test.cc │ ├── prf_set_wrapper.cc │ ├── prf_set_wrapper.h │ ├── prf_set_wrapper_test.cc │ └── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt ├── primitive_set.h ├── primitive_wrapper.h ├── private_key.h ├── proto_keyset_format.h ├── proto_parameters_format.h ├── public_key_sign.h ├── public_key_sign_factory.h ├── public_key_verify.h ├── public_key_verify_factory.h ├── random_access_stream.h ├── registry.h ├── restricted_big_integer.h ├── restricted_data.h ├── secret_data.h ├── secret_data_test.cc ├── secret_key_access.h ├── secret_key_access_token.h ├── signature │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── ecdsa_parameters.cc │ ├── ecdsa_parameters.h │ ├── ecdsa_parameters_test.cc │ ├── ecdsa_private_key.cc │ ├── ecdsa_private_key.h │ ├── ecdsa_private_key_test.cc │ ├── ecdsa_proto_serialization.h │ ├── ecdsa_proto_serialization_test.cc │ ├── ecdsa_public_key.cc │ ├── ecdsa_public_key.h │ ├── ecdsa_public_key_test.cc │ ├── ecdsa_sign_key_manager.cc │ ├── ecdsa_sign_key_manager.h │ ├── ecdsa_sign_key_manager_test.cc │ ├── ecdsa_verify_key_manager.cc │ ├── ecdsa_verify_key_manager.h │ ├── ecdsa_verify_key_manager_test.cc │ ├── ed25519_parameters.cc │ ├── ed25519_parameters.h │ ├── ed25519_parameters_test.cc │ ├── ed25519_private_key.cc │ ├── ed25519_private_key.h │ ├── ed25519_private_key_test.cc │ ├── ed25519_proto_serialization.h │ ├── ed25519_proto_serialization_test.cc │ ├── ed25519_public_key.cc │ ├── ed25519_public_key.h │ ├── ed25519_public_key_test.cc │ ├── ed25519_sign_key_manager.cc │ ├── ed25519_sign_key_manager.h │ ├── ed25519_sign_key_manager_test.cc │ ├── ed25519_verify_key_manager.cc │ ├── ed25519_verify_key_manager.h │ ├── ed25519_verify_key_manager_test.cc │ ├── failing_signature.cc │ ├── failing_signature.h │ ├── failing_signature_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── config_fips_140_2.cc │ │ ├── config_fips_140_2.h │ │ ├── config_fips_140_2_test.cc │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── ecdsa_proto_serialization_impl.cc │ │ ├── ecdsa_proto_serialization_impl.h │ │ ├── ecdsa_proto_serialization_impl_test.cc │ │ ├── ecdsa_raw_sign_boringssl.cc │ │ ├── ecdsa_raw_sign_boringssl.h │ │ ├── ecdsa_raw_sign_boringssl_test.cc │ │ ├── ed25519_proto_serialization_impl.cc │ │ ├── ed25519_proto_serialization_impl.h │ │ ├── ed25519_proto_serialization_impl_test.cc │ │ ├── key_creators.cc │ │ ├── key_creators.h │ │ ├── key_creators_test.cc │ │ ├── key_gen_config_v0.cc │ │ ├── key_gen_config_v0.h │ │ ├── key_gen_config_v0_test.cc │ │ ├── ml_dsa_proto_serialization.cc │ │ ├── ml_dsa_proto_serialization.h │ │ ├── ml_dsa_proto_serialization_test.cc │ │ ├── ml_dsa_sign_boringssl.cc │ │ ├── ml_dsa_sign_boringssl.h │ │ ├── ml_dsa_sign_boringssl_test.cc │ │ ├── ml_dsa_verify_boringssl.cc │ │ ├── ml_dsa_verify_boringssl.h │ │ ├── ml_dsa_verify_boringssl_test.cc │ │ ├── slh_dsa_proto_serialization.cc │ │ ├── slh_dsa_proto_serialization.h │ │ ├── slh_dsa_proto_serialization_test.cc │ │ ├── slh_dsa_sign_boringssl.cc │ │ ├── slh_dsa_sign_boringssl.h │ │ ├── slh_dsa_sign_boringssl_test.cc │ │ ├── slh_dsa_verify_boringssl.cc │ │ ├── slh_dsa_verify_boringssl.h │ │ ├── slh_dsa_verify_boringssl_test.cc │ │ └── testing │ │ │ ├── BUILD.bazel │ │ │ ├── CMakeLists.txt │ │ │ ├── ecdsa_test_vectors.cc │ │ │ ├── ecdsa_test_vectors.h │ │ │ ├── ed25519_test_vectors.cc │ │ │ ├── ed25519_test_vectors.h │ │ │ ├── ml_dsa_test_vectors.cc │ │ │ ├── ml_dsa_test_vectors.h │ │ │ ├── rsa_ssa_pkcs1_test_vectors.cc │ │ │ ├── rsa_ssa_pkcs1_test_vectors.h │ │ │ ├── rsa_ssa_pss_test_vectors.cc │ │ │ ├── rsa_ssa_pss_test_vectors.h │ │ │ └── signature_test_vector.h │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ ├── ml_dsa_parameters.cc │ ├── ml_dsa_parameters.h │ ├── ml_dsa_parameters_test.cc │ ├── ml_dsa_private_key.cc │ ├── ml_dsa_private_key.h │ ├── ml_dsa_private_key_test.cc │ ├── ml_dsa_public_key.cc │ ├── ml_dsa_public_key.h │ ├── ml_dsa_public_key_test.cc │ ├── public_key_sign_factory.cc │ ├── public_key_sign_factory.h │ ├── public_key_sign_factory_test.cc │ ├── public_key_sign_wrapper.cc │ ├── public_key_sign_wrapper.h │ ├── public_key_sign_wrapper_test.cc │ ├── public_key_verify_factory.cc │ ├── public_key_verify_factory.h │ ├── public_key_verify_factory_test.cc │ ├── public_key_verify_wrapper.cc │ ├── public_key_verify_wrapper.h │ ├── public_key_verify_wrapper_test.cc │ ├── rsa_ssa_pkcs1_parameters.cc │ ├── rsa_ssa_pkcs1_parameters.h │ ├── rsa_ssa_pkcs1_parameters_test.cc │ ├── rsa_ssa_pkcs1_private_key.cc │ ├── rsa_ssa_pkcs1_private_key.h │ ├── rsa_ssa_pkcs1_private_key_test.cc │ ├── rsa_ssa_pkcs1_proto_serialization.cc │ ├── rsa_ssa_pkcs1_proto_serialization.h │ ├── rsa_ssa_pkcs1_proto_serialization_test.cc │ ├── rsa_ssa_pkcs1_public_key.cc │ ├── rsa_ssa_pkcs1_public_key.h │ ├── rsa_ssa_pkcs1_public_key_test.cc │ ├── rsa_ssa_pkcs1_sign_key_manager.cc │ ├── rsa_ssa_pkcs1_sign_key_manager.h │ ├── rsa_ssa_pkcs1_sign_key_manager_test.cc │ ├── rsa_ssa_pkcs1_verify_key_manager.cc │ ├── rsa_ssa_pkcs1_verify_key_manager.h │ ├── rsa_ssa_pkcs1_verify_key_manager_test.cc │ ├── rsa_ssa_pss_parameters.cc │ ├── rsa_ssa_pss_parameters.h │ ├── rsa_ssa_pss_parameters_test.cc │ ├── rsa_ssa_pss_private_key.cc │ ├── rsa_ssa_pss_private_key.h │ ├── rsa_ssa_pss_private_key_test.cc │ ├── rsa_ssa_pss_proto_serialization.cc │ ├── rsa_ssa_pss_proto_serialization.h │ ├── rsa_ssa_pss_proto_serialization_test.cc │ ├── rsa_ssa_pss_public_key.cc │ ├── rsa_ssa_pss_public_key.h │ ├── rsa_ssa_pss_public_key_test.cc │ ├── rsa_ssa_pss_sign_key_manager.cc │ ├── rsa_ssa_pss_sign_key_manager.h │ ├── rsa_ssa_pss_sign_key_manager_test.cc │ ├── rsa_ssa_pss_verify_key_manager.cc │ ├── rsa_ssa_pss_verify_key_manager.h │ ├── rsa_ssa_pss_verify_key_manager_test.cc │ ├── sig_util.cc │ ├── sig_util.h │ ├── signature_config.cc │ ├── signature_config.h │ ├── signature_config_test.cc │ ├── signature_key_templates.cc │ ├── signature_key_templates.h │ ├── signature_key_templates_test.cc │ ├── signature_parameters.h │ ├── signature_pem_keyset_reader.cc │ ├── signature_pem_keyset_reader.h │ ├── signature_pem_keyset_reader_test.cc │ ├── signature_private_key.h │ ├── signature_public_key.h │ ├── slh_dsa_parameters.cc │ ├── slh_dsa_parameters.h │ ├── slh_dsa_parameters_test.cc │ ├── slh_dsa_private_key.cc │ ├── slh_dsa_private_key.h │ ├── slh_dsa_private_key_test.cc │ ├── slh_dsa_public_key.cc │ ├── slh_dsa_public_key.h │ ├── slh_dsa_public_key_test.cc │ └── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt ├── signature_config.h ├── signature_key_templates.h ├── streaming_aead.h ├── streaming_aead_config.h ├── streaming_aead_key_templates.h ├── streaming_mac.h ├── streamingaead │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aes_ctr_hmac_streaming_key.cc │ ├── aes_ctr_hmac_streaming_key.h │ ├── aes_ctr_hmac_streaming_key_manager.cc │ ├── aes_ctr_hmac_streaming_key_manager.h │ ├── aes_ctr_hmac_streaming_key_manager_test.cc │ ├── aes_ctr_hmac_streaming_key_test.cc │ ├── aes_ctr_hmac_streaming_parameters.cc │ ├── aes_ctr_hmac_streaming_parameters.h │ ├── aes_ctr_hmac_streaming_parameters_test.cc │ ├── aes_ctr_hmac_streaming_proto_serialization.cc │ ├── aes_ctr_hmac_streaming_proto_serialization.h │ ├── aes_ctr_hmac_streaming_proto_serialization_test.cc │ ├── aes_gcm_hkdf_streaming_key.cc │ ├── aes_gcm_hkdf_streaming_key.h │ ├── aes_gcm_hkdf_streaming_key_manager.cc │ ├── aes_gcm_hkdf_streaming_key_manager.h │ ├── aes_gcm_hkdf_streaming_key_manager_test.cc │ ├── aes_gcm_hkdf_streaming_key_test.cc │ ├── aes_gcm_hkdf_streaming_parameters.cc │ ├── aes_gcm_hkdf_streaming_parameters.h │ ├── aes_gcm_hkdf_streaming_parameters_test.cc │ ├── aes_gcm_hkdf_streaming_proto_serialization.h │ ├── aes_gcm_hkdf_streaming_proto_serialization_test.cc │ ├── buffered_input_stream.cc │ ├── buffered_input_stream.h │ ├── buffered_input_stream_test.cc │ ├── config_v0.cc │ ├── config_v0.h │ ├── config_v0_test.cc │ ├── decrypting_input_stream.cc │ ├── decrypting_input_stream.h │ ├── decrypting_input_stream_test.cc │ ├── decrypting_random_access_stream.cc │ ├── decrypting_random_access_stream.h │ ├── decrypting_random_access_stream_test.cc │ ├── internal │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── aes_gcm_hkdf_streaming_proto_serialization_impl.cc │ │ ├── aes_gcm_hkdf_streaming_proto_serialization_impl.h │ │ ├── aes_gcm_hkdf_streaming_proto_serialization_impl_test.cc │ │ ├── config_v0.cc │ │ ├── config_v0.h │ │ ├── config_v0_test.cc │ │ ├── key_gen_config_v0.cc │ │ ├── key_gen_config_v0.h │ │ └── testing │ │ │ ├── BUILD.bazel │ │ │ ├── CMakeLists.txt │ │ │ ├── aes_ctr_hmac_streaming_test_vectors.cc │ │ │ ├── aes_ctr_hmac_streaming_test_vectors.h │ │ │ ├── aes_gcm_hkdf_streaming_test_vectors.cc │ │ │ ├── aes_gcm_hkdf_streaming_test_vectors.h │ │ │ └── streamingaead_test_vector.h │ ├── key_gen_config_v0.cc │ ├── key_gen_config_v0.h │ ├── shared_input_stream.h │ ├── shared_input_stream_test.cc │ ├── shared_random_access_stream.h │ ├── shared_random_access_stream_test.cc │ ├── streaming_aead_config.cc │ ├── streaming_aead_config.h │ ├── streaming_aead_config_test.cc │ ├── streaming_aead_key.h │ ├── streaming_aead_key_templates.cc │ ├── streaming_aead_key_templates.h │ ├── streaming_aead_key_templates_test.cc │ ├── streaming_aead_parameters.h │ ├── streaming_aead_wrapper.cc │ ├── streaming_aead_wrapper.h │ ├── streaming_aead_wrapper_test.cc │ └── subtle │ │ ├── BUILD.bazel │ │ └── CMakeLists.txt ├── subtle │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── aead_test_util.cc │ ├── aead_test_util.h │ ├── aead_test_util_test.cc │ ├── aes_cmac_boringssl.cc │ ├── aes_cmac_boringssl.h │ ├── aes_cmac_boringssl_test.cc │ ├── aes_ctr_boringssl.cc │ ├── aes_ctr_boringssl.h │ ├── aes_ctr_boringssl_test.cc │ ├── aes_ctr_hmac_streaming.cc │ ├── aes_ctr_hmac_streaming.h │ ├── aes_ctr_hmac_streaming_test.cc │ ├── aes_eax_boringssl.cc │ ├── aes_eax_boringssl.h │ ├── aes_eax_boringssl_test.cc │ ├── aes_gcm_boringssl.cc │ ├── aes_gcm_boringssl.h │ ├── aes_gcm_boringssl_test.cc │ ├── aes_gcm_hkdf_stream_segment_decrypter.cc │ ├── aes_gcm_hkdf_stream_segment_decrypter.h │ ├── aes_gcm_hkdf_stream_segment_decrypter_test.cc │ ├── aes_gcm_hkdf_stream_segment_encrypter.cc │ ├── aes_gcm_hkdf_stream_segment_encrypter.h │ ├── aes_gcm_hkdf_stream_segment_encrypter_test.cc │ ├── aes_gcm_hkdf_streaming.cc │ ├── aes_gcm_hkdf_streaming.h │ ├── aes_gcm_hkdf_streaming_test.cc │ ├── aes_gcm_siv_boringssl.cc │ ├── aes_gcm_siv_boringssl.h │ ├── aes_gcm_siv_boringssl_test.cc │ ├── aes_siv_boringssl.cc │ ├── aes_siv_boringssl.h │ ├── aes_siv_boringssl_test.cc │ ├── common_enums.cc │ ├── common_enums.h │ ├── common_enums_test.cc │ ├── decrypting_random_access_stream.cc │ ├── decrypting_random_access_stream.h │ ├── decrypting_random_access_stream_test.cc │ ├── ec_util.h │ ├── ecdsa_sign_boringssl.cc │ ├── ecdsa_sign_boringssl.h │ ├── ecdsa_sign_boringssl_test.cc │ ├── ecdsa_verify_boringssl.cc │ ├── ecdsa_verify_boringssl.h │ ├── ecdsa_verify_boringssl_test.cc │ ├── ecies_hkdf_recipient_kem_boringssl.cc │ ├── ecies_hkdf_recipient_kem_boringssl.h │ ├── ecies_hkdf_recipient_kem_boringssl_test.cc │ ├── ecies_hkdf_sender_kem_boringssl.cc │ ├── ecies_hkdf_sender_kem_boringssl.h │ ├── ecies_hkdf_sender_kem_boringssl_test.cc │ ├── ed25519_sign_boringssl.cc │ ├── ed25519_sign_boringssl.h │ ├── ed25519_sign_boringssl_test.cc │ ├── ed25519_verify_boringssl.cc │ ├── ed25519_verify_boringssl.h │ ├── ed25519_verify_boringssl_test.cc │ ├── encrypt_then_authenticate.cc │ ├── encrypt_then_authenticate.h │ ├── encrypt_then_authenticate_test.cc │ ├── hkdf.cc │ ├── hkdf.h │ ├── hkdf_test.cc │ ├── hmac_boringssl.cc │ ├── hmac_boringssl.h │ ├── hmac_boringssl_test.cc │ ├── hybrid_test_util.cc │ ├── hybrid_test_util.h │ ├── hybrid_test_util_test.cc │ ├── ind_cpa_cipher.h │ ├── nonce_based_streaming_aead.cc │ ├── nonce_based_streaming_aead.h │ ├── pem_parser_boringssl.cc │ ├── pem_parser_boringssl.h │ ├── pem_parser_boringssl_test.cc │ ├── prf │ │ ├── BUILD.bazel │ │ ├── CMakeLists.txt │ │ ├── hkdf_streaming_prf.cc │ │ ├── hkdf_streaming_prf.h │ │ ├── hkdf_streaming_prf_test.cc │ │ ├── prf_set_util.cc │ │ ├── prf_set_util.h │ │ ├── prf_set_util_test.cc │ │ ├── streaming_prf.h │ │ ├── streaming_prf_wrapper.cc │ │ ├── streaming_prf_wrapper.h │ │ └── streaming_prf_wrapper_test.cc │ ├── random.cc │ ├── random.h │ ├── random_test.cc │ ├── rsa_ssa_pkcs1_sign_boringssl.cc │ ├── rsa_ssa_pkcs1_sign_boringssl.h │ ├── rsa_ssa_pkcs1_sign_boringssl_test.cc │ ├── rsa_ssa_pkcs1_verify_boringssl.cc │ ├── rsa_ssa_pkcs1_verify_boringssl.h │ ├── rsa_ssa_pkcs1_verify_boringssl_test.cc │ ├── rsa_ssa_pss_sign_boringssl.cc │ ├── rsa_ssa_pss_sign_boringssl.h │ ├── rsa_ssa_pss_sign_boringssl_test.cc │ ├── rsa_ssa_pss_verify_boringssl.cc │ ├── rsa_ssa_pss_verify_boringssl.h │ ├── rsa_ssa_pss_verify_boringssl_test.cc │ ├── stream_segment_decrypter.h │ ├── stream_segment_encrypter.h │ ├── streaming_aead_decrypting_stream.cc │ ├── streaming_aead_decrypting_stream.h │ ├── streaming_aead_decrypting_stream_test.cc │ ├── streaming_aead_encrypting_stream.cc │ ├── streaming_aead_encrypting_stream.h │ ├── streaming_aead_encrypting_stream_test.cc │ ├── streaming_aead_test_util.cc │ ├── streaming_aead_test_util.h │ ├── streaming_aead_test_util_test.cc │ ├── streaming_mac_impl.cc │ ├── streaming_mac_impl.h │ ├── streaming_mac_impl_test.cc │ ├── subtle_util.cc │ ├── subtle_util.h │ ├── subtle_util_boringssl.h │ ├── subtle_util_test.cc │ ├── test_util.cc │ ├── test_util.h │ ├── xchacha20_poly1305_boringssl.cc │ ├── xchacha20_poly1305_boringssl.h │ └── xchacha20_poly1305_boringssl_test.cc ├── tink_config.h ├── util │ ├── BUILD.bazel │ ├── CMakeLists.txt │ ├── buffer.cc │ ├── buffer.h │ ├── buffer_test.cc │ ├── constants.cc │ ├── constants.h │ ├── enums.cc │ ├── enums.h │ ├── enums_test.cc │ ├── errors.h │ ├── errors_test.cc │ ├── fake_kms_client.cc │ ├── fake_kms_client.h │ ├── fake_kms_client_test.cc │ ├── file_input_stream.cc │ ├── file_input_stream.h │ ├── file_input_stream_test.cc │ ├── file_output_stream.cc │ ├── file_output_stream.h │ ├── file_output_stream_test.cc │ ├── file_random_access_stream.cc │ ├── file_random_access_stream.h │ ├── file_random_access_stream_test.cc │ ├── input_stream_util.cc │ ├── input_stream_util.h │ ├── input_stream_util_test.cc │ ├── istream_input_stream.cc │ ├── istream_input_stream.h │ ├── istream_input_stream_test.cc │ ├── keyset_util.cc │ ├── keyset_util.h │ ├── ostream_output_stream.cc │ ├── ostream_output_stream.h │ ├── ostream_output_stream_test.cc │ ├── protobuf_helper.h │ ├── secret_data.h │ ├── secret_data_internal_class.h │ ├── secret_data_internal_class_test.cc │ ├── secret_data_test.cc │ ├── secret_proto.h │ ├── secret_proto_test.cc │ ├── status.h │ ├── statusor.h │ ├── test_keyset_handle.cc │ ├── test_keyset_handle.h │ ├── test_matchers.h │ ├── test_matchers_test.cc │ ├── test_util.cc │ ├── test_util.h │ ├── test_util_test.cc │ ├── validation.cc │ ├── validation.h │ └── validation_test.cc ├── version.h.templ └── version_script.lds ├── tink_cc_deps.bzl ├── tink_cc_deps_init.bzl ├── tools ├── BUILD.bazel ├── update_build_files_for_tink_2_0_bazel.sh └── update_build_files_for_tink_2_0_bazel_test.sh └── version.bzl /.bazelignore: -------------------------------------------------------------------------------- 1 | examples 2 | -------------------------------------------------------------------------------- /.bazelrc: -------------------------------------------------------------------------------- 1 | # Enables automatic per-platform configs. 2 | common --enable_platform_specific_config 3 | 4 | # By defaullt use the WORKSPACE. 5 | common --noenable_bzlmod 6 | 7 | # Minumum C++ version. Override it building this project with 8 | # `bazel build --cxxopt='-std=c++' --host_cxxopt='c++' ...` 9 | # (Both -std and --host_cxxopt must be set to force the desired version.) 10 | build:linux --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 11 | build:macos --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 12 | 13 | # See https://github.com/bazelbuild/bazel/issues/10472 14 | build:macos --copt=-isystem/usr/local/include 15 | build:windows --cxxopt='/std:c++17' --host_cxxopt='/std:c++17' 16 | 17 | # Silence all C/C++ warnings in external code. 18 | # 19 | # Note that this will not silence warnings from external headers included 20 | # in project code. 21 | build --per_file_copt=external/.*@-w 22 | build --host_per_file_copt=external/.*@-w 23 | -------------------------------------------------------------------------------- /.bazelversion: -------------------------------------------------------------------------------- 1 | 7.1.2 2 | -------------------------------------------------------------------------------- /.bcr/README.md: -------------------------------------------------------------------------------- 1 | # Bazel Central Registry 2 | 3 | When tink-cc is released, we want it to be published to the Bazel Central 4 | Registry automatically: 5 | 6 | This folder contains configuration files to automate the publish step. See 7 | 8 | for authoritative documentation about these files. 9 | -------------------------------------------------------------------------------- /.bcr/metadata.template.json: -------------------------------------------------------------------------------- 1 | { 2 | "homepage": "https://github.com/tink-crypto/tink-cc", 3 | "maintainers": [ 4 | { 5 | "email": "ambrosin@google.com", 6 | "github": "morambro", 7 | "name": "Moreno Ambrosin", 8 | "github_user_id": 1968379 9 | }, 10 | { 11 | "email": "wconner@google.com", 12 | "github": "willinois", 13 | "name": "William Conner", 14 | "github_user_id": 22015340 15 | }, 16 | { 17 | "email": "tholenst@google.com", 18 | "github": "tholenst", 19 | "name": "Thomas Holenstein", 20 | "github_user_id": 4568264 21 | }, 22 | { 23 | "email": "juerg@google.com", 24 | "github": "juergw", 25 | "name": "Juerg Wullschleger", 26 | "github_user_id": 52660988 27 | } 28 | ], 29 | "repository": ["github:tink-crypto/tink-cc"], 30 | "versions": [], 31 | "yanked_versions": {} 32 | } 33 | -------------------------------------------------------------------------------- /.bcr/presubmit.yml: -------------------------------------------------------------------------------- 1 | tasks: 2 | verify_targets_ubuntu: 3 | name: Verify tink-cc build targets (ubuntu2004) 4 | platform: ubuntu2004 5 | bazel: 7.x 6 | build_flags: 7 | - '--cxxopt=-std=c++14' 8 | build_targets: 9 | - '@tink_cc//tink:tink_cc' 10 | verify_targets_windows: 11 | name: Verify tink-cc build targets (windows) 12 | platform: windows 13 | bazel: 7.x 14 | build_flags: 15 | - '--cxxopt=/std:c++14' 16 | - '--features=compiler_param_file' 17 | build_targets: 18 | - '@tink_cc//tink:tink_cc' 19 | verify_targets_macos: 20 | name: Verify tink-cc build targets (macOS) 21 | platform: macos_arm64 22 | bazel: 7.x 23 | build_flags: 24 | - '--cxxopt=-std=c++14' 25 | build_targets: 26 | - '@tink_cc//tink:tink_cc' 27 | -------------------------------------------------------------------------------- /.bcr/source.template.json: -------------------------------------------------------------------------------- 1 | { 2 | "integrity": "**leave this alone**", 3 | "strip_prefix": "{REPO}-{VERSION}", 4 | "url": "https://github.com/{OWNER}/{REPO}/releases/download/{TAG}/{REPO}-{VERSION}.zip" 5 | } 6 | -------------------------------------------------------------------------------- /BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/BUILD.bazel -------------------------------------------------------------------------------- /WORKSPACE: -------------------------------------------------------------------------------- 1 | # NOTE: This WORKSPACE file for Tink C++ is deprecated in favor of MODULE.bazel. 2 | 3 | workspace(name = "tink_cc") 4 | 5 | # Use this repository if you want to build the FIPS module for BoringSSL 6 | # local_repository( 7 | # name = "boringssl", 8 | # path = "third_party/boringssl_fips/", 9 | # ) 10 | 11 | load("@tink_cc//:tink_cc_deps.bzl", "tink_cc_deps", "tink_cc_testonly_deps") 12 | 13 | tink_cc_deps() 14 | 15 | tink_cc_testonly_deps() 16 | 17 | load("@tink_cc//:tink_cc_deps_init.bzl", "tink_cc_deps_init") 18 | 19 | tink_cc_deps_init() 20 | -------------------------------------------------------------------------------- /WORKSPACE.bzlmod: -------------------------------------------------------------------------------- 1 | # This replaces the content of the WORKSPACE file when using --enable_bzlmod. 2 | -------------------------------------------------------------------------------- /docs/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | Please see the 4 | [developer documentation](https://developers.google.com/tink/contributing) on 5 | how to contribute to Tink. 6 | -------------------------------------------------------------------------------- /docs/SECURITY.md: -------------------------------------------------------------------------------- 1 | To report a security issue, please use http://g.co/vulnz. We use 2 | http://g.co/vulnz for our intake and coordination, and disclose vulnerabilities 3 | using GitHub Security Advisory. The Google Security Team will 4 | respond within 5 working days of your report on g.co/vulnz. 5 | -------------------------------------------------------------------------------- /examples/.bazelrc: -------------------------------------------------------------------------------- 1 | # Enables automatic per-platform configs. 2 | common --enable_platform_specific_config 3 | 4 | # By defaullt use the WORKSPACE. 5 | common --noenable_bzlmod 6 | 7 | # Minumum C++ version. Override it building this project with 8 | # `bazel build --cxxopt='-std=c++' --host_cxxopt='c++' ...` 9 | # (Both -std and --host_cxxopt must be set to force the desired version.) 10 | build:linux --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 11 | build:macos --cxxopt='-std=c++17' --host_cxxopt='-std=c++17' 12 | 13 | # See https://github.com/bazelbuild/bazel/issues/10472 14 | build:macos --copt=-isystem/usr/local/include 15 | build:windows --cxxopt='/std:c++17' --host_cxxopt='/std:c++17' 16 | 17 | # Silence all C/C++ warnings in external code. 18 | # 19 | # Note that this will not silence warnings from external headers included 20 | # in project code. 21 | build --per_file_copt=external/.*@-w 22 | build --host_per_file_copt=external/.*@-w 23 | -------------------------------------------------------------------------------- /examples/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.1.2 2 | -------------------------------------------------------------------------------- /examples/MODULE.bazel: -------------------------------------------------------------------------------- 1 | """Module definition for Tink C++ Examples.""" 2 | 3 | # Omitting `version` because this is not meant to be depended on by other modules. 4 | module(name = "tink_cc_examples") 5 | 6 | # Use local tink_cc. 7 | bazel_dep( 8 | name = "tink_cc", 9 | version = "", 10 | ) 11 | 12 | local_path_override( 13 | module_name = "tink_cc", 14 | path = "../", 15 | ) 16 | 17 | bazel_dep( 18 | name = "googletest", 19 | version = "1.16.0", 20 | repo_name = "com_google_googletest", 21 | ) 22 | 23 | bazel_dep( 24 | name = "abseil-cpp", 25 | version = "20250127.0", 26 | repo_name = "com_google_absl", 27 | ) 28 | -------------------------------------------------------------------------------- /examples/WORKSPACE: -------------------------------------------------------------------------------- 1 | workspace(name = "tink_cc_examples") 2 | 3 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 4 | load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe") 5 | 6 | local_repository( 7 | name = "tink_cc", 8 | path = "..", 9 | ) 10 | 11 | # Release from 2024-04-08. 12 | maybe( 13 | http_archive, 14 | name = "com_google_absl", 15 | sha256 = "f50e5ac311a81382da7fa75b97310e4b9006474f9560ac46f54a9967f07d4ae3", 16 | strip_prefix = "abseil-cpp-20240722.0", 17 | urls = [ 18 | "https://github.com/abseil/abseil-cpp/releases/download/20240722.0/abseil-cpp-20240722.0.tar.gz", 19 | ], 20 | ) 21 | 22 | # Release from 2024-07-31. 23 | maybe( 24 | http_archive, 25 | name = "com_google_googletest", 26 | sha256 = "7b42b4d6ed48810c5362c265a17faebe90dc2373c885e5216439d37927f02926", 27 | strip_prefix = "googletest-1.15.2", 28 | url = "https://github.com/google/googletest/releases/download/v1.15.2/googletest-1.15.2.tar.gz", 29 | ) 30 | 31 | # Load Tink dependencies. 32 | 33 | load("@tink_cc//:tink_cc_deps.bzl", "tink_cc_deps") 34 | 35 | tink_cc_deps() 36 | 37 | load("@tink_cc//:tink_cc_deps_init.bzl", "tink_cc_deps_init") 38 | 39 | tink_cc_deps_init() 40 | -------------------------------------------------------------------------------- /examples/WORKSPACE.bzlmod: -------------------------------------------------------------------------------- 1 | # This replaces the content of the WORKSPACE file when using --enable_bzlmod. 2 | -------------------------------------------------------------------------------- /examples/aead/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "aead_test_keyset", 7 | srcs = ["aead_test_keyset.json"], 8 | ) 9 | 10 | cc_binary( 11 | name = "aead_cli", 12 | srcs = ["aead_cli.cc"], 13 | deps = [ 14 | "//util", 15 | "@com_google_absl//absl/flags:flag", 16 | "@com_google_absl//absl/flags:parse", 17 | "@com_google_absl//absl/log:check", 18 | "@com_google_absl//absl/status", 19 | "@com_google_absl//absl/status:statusor", 20 | "@com_google_absl//absl/strings", 21 | "@tink_cc//tink:aead", 22 | "@tink_cc//tink:keyset_handle", 23 | "@tink_cc//tink:keyset_reader", 24 | "@tink_cc//tink/aead:aead_config", 25 | "@tink_cc//tink/config:tink_config", 26 | ], 27 | ) 28 | 29 | sh_test( 30 | name = "aead_cli_test", 31 | size = "small", 32 | srcs = ["aead_cli_test.sh"], 33 | args = [ 34 | "$(rootpath :aead_cli)", 35 | "$(rootpath :aead_test_keyset)", 36 | ], 37 | data = [ 38 | ":aead_cli", 39 | ":aead_test_keyset", 40 | ], 41 | ) 42 | -------------------------------------------------------------------------------- /examples/aead/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(aead_cli aead_cli.cc) 2 | target_include_directories(aead_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(aead_cli 6 | tink::static 7 | absl::check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME aead_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/aead_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/aead_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/aead_test_keyset.json") 17 | -------------------------------------------------------------------------------- /examples/aead/aead_test_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "key": [ 3 | { 4 | "keyData": { 5 | "keyMaterialType": "SYMMETRIC", 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey", 7 | "value": "GiBWyUfGgYk3RTRhj/LIUzSudIWlyjCftCOypTr0jCNSLg==" 8 | }, 9 | "keyId": 294406504, 10 | "outputPrefixType": "TINK", 11 | "status": "ENABLED" 12 | } 13 | ], 14 | "primaryKeyId": 294406504 15 | } 16 | -------------------------------------------------------------------------------- /examples/daead/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "deterministic_aead_test_keyset", 7 | srcs = ["deterministic_aead_test_keyset.json"], 8 | ) 9 | 10 | cc_binary( 11 | name = "deterministic_aead_cli", 12 | srcs = ["deterministic_aead_cli.cc"], 13 | deps = [ 14 | "//util", 15 | "@com_google_absl//absl/flags:flag", 16 | "@com_google_absl//absl/flags:parse", 17 | "@com_google_absl//absl/log:check", 18 | "@com_google_absl//absl/strings", 19 | "@tink_cc//tink:deterministic_aead", 20 | "@tink_cc//tink:keyset_handle", 21 | "@tink_cc//tink:keyset_reader", 22 | "@tink_cc//tink/config:tink_config", 23 | "@tink_cc//tink/daead:deterministic_aead_config", 24 | "@tink_cc//tink/util:status", 25 | ], 26 | ) 27 | 28 | sh_test( 29 | name = "deterministic_aead_cli_test", 30 | size = "small", 31 | srcs = ["deterministic_aead_cli_test.sh"], 32 | args = [ 33 | "$(rootpath :deterministic_aead_cli)", 34 | "$(rootpath :deterministic_aead_test_keyset)", 35 | ], 36 | data = [ 37 | ":deterministic_aead_cli", 38 | ":deterministic_aead_test_keyset", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /examples/daead/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(deterministic_aead_cli deterministic_aead_cli.cc) 2 | target_include_directories(deterministic_aead_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(deterministic_aead_cli 6 | tink::static 7 | absl::check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME deterministic_aead_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/deterministic_aead_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/deterministic_aead_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/deterministic_aead_test_keyset.json") 17 | -------------------------------------------------------------------------------- /examples/daead/deterministic_aead_test_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1184417862, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.AesSivKey", 7 | "value": "EkAbqs8wuMAXvuqU9FVOW9VvG9kE9P3aI5qjnkGvNTeRh/Cxoh06kosU5R9jRCHCkdMgnOSHMtfIKkQj5exuhesH", 8 | "keyMaterialType": "SYMMETRIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1184417862, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/digital_signatures/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "digital_signature_keyset", 7 | srcs = [ 8 | "digital_signature_private_keyset.json", 9 | "digital_signature_public_keyset.json", 10 | ], 11 | ) 12 | 13 | cc_binary( 14 | name = "digital_signatures_cli", 15 | srcs = ["digital_signatures_cli.cc"], 16 | deps = [ 17 | "//util", 18 | "@com_google_absl//absl/flags:flag", 19 | "@com_google_absl//absl/flags:parse", 20 | "@com_google_absl//absl/log:check", 21 | "@com_google_absl//absl/status", 22 | "@com_google_absl//absl/status:statusor", 23 | "@tink_cc//tink:keyset_handle", 24 | "@tink_cc//tink:public_key_sign", 25 | "@tink_cc//tink:public_key_verify", 26 | "@tink_cc//tink/signature:signature_config", 27 | ], 28 | ) 29 | 30 | sh_test( 31 | name = "digital_signatures_cli_test", 32 | size = "small", 33 | srcs = ["digital_signatures_cli_test.sh"], 34 | args = [ 35 | "$(rootpath :digital_signatures_cli)", 36 | "$(rootpaths :digital_signature_keyset)", 37 | ], 38 | data = [ 39 | ":digital_signature_keyset", 40 | ":digital_signatures_cli", 41 | ], 42 | ) 43 | -------------------------------------------------------------------------------- /examples/digital_signatures/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(digital_signatures_cli digital_signatures_cli.cc) 2 | target_include_directories(digital_signatures_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(digital_signatures_cli 6 | tink::static 7 | absl::check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME digital_signatures_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/digital_signatures_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/digital_signatures_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/digital_signature_private_keyset.json" 17 | "${CMAKE_CURRENT_SOURCE_DIR}/digital_signature_public_keyset.json") 18 | -------------------------------------------------------------------------------- /examples/digital_signatures/digital_signature_private_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1487078030, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey", 7 | "value": "Ek0SBggDEAIYAhohANUKuRXZHBD8rPcB5M6+pmgVSjk3gLSD/htdVvbrfbnPIiAXepWekQPRS74qUTMEwN6nXeizXucBxDk0SoKoeqShOBogbJEwIZASdx42tIitAe8UoBxWyi11Mq+HnWNtcQWkG18=", 8 | "keyMaterialType": "ASYMMETRIC_PRIVATE" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1487078030, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/digital_signatures/digital_signature_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1487078030, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPublicKey", 7 | "value": "EgYIAxACGAIaIQDVCrkV2RwQ/Kz3AeTOvqZoFUo5N4C0g/4bXVb26325zyIgF3qVnpED0Uu+KlEzBMDep13os17nAcQ5NEqCqHqkoTg=", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1487078030, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_binary( 6 | name = "hybrid_cli", 7 | srcs = ["hybrid_cli.cc"], 8 | deps = [ 9 | "//util", 10 | "@com_google_absl//absl/flags:flag", 11 | "@com_google_absl//absl/flags:parse", 12 | "@com_google_absl//absl/log:check", 13 | "@com_google_absl//absl/status", 14 | "@com_google_absl//absl/status:statusor", 15 | "@com_google_absl//absl/strings", 16 | "@tink_cc//tink:hybrid_decrypt", 17 | "@tink_cc//tink:hybrid_encrypt", 18 | "@tink_cc//tink:keyset_handle", 19 | "@tink_cc//tink/hybrid:hpke_config", 20 | "@tink_cc//tink/hybrid:hybrid_config", 21 | ], 22 | ) 23 | 24 | sh_test( 25 | name = "hybrid_cli_test", 26 | size = "small", 27 | srcs = ["hybrid_cli_test.sh"], 28 | args = [ 29 | "$(rootpath :hybrid_cli)", 30 | "$(rootpaths //hybrid_encryption/testdata:hpke_test_keyset)", 31 | ], 32 | data = [ 33 | ":hybrid_cli", 34 | "//hybrid_encryption/testdata:hpke_test_keyset", 35 | ], 36 | ) 37 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(hybrid_cli hybrid_cli.cc) 2 | target_include_directories(hybrid_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(hybrid_cli 6 | tink::static 7 | absl::check 8 | absl::flags_parse 9 | util) 10 | # Tink CMake's configuration doesn't expose tink::core::hpke_config. Remove 11 | # HPKE from this example when building with CMake. 12 | target_compile_definitions(hybrid_cli PRIVATE TINK_EXAMPLES_EXCLUDE_HPKE) 13 | 14 | add_test( 15 | NAME hybrid_cli_test 16 | COMMAND "${BASH_PROGRAM}" 17 | "${CMAKE_CURRENT_SOURCE_DIR}/hybrid_cli_test.sh" 18 | "${CMAKE_CURRENT_BINARY_DIR}/hybrid_cli" 19 | "${CMAKE_CURRENT_SOURCE_DIR}/testdata/hybrid_test_private_keyset.json" 20 | "${CMAKE_CURRENT_SOURCE_DIR}/testdata/hybrid_test_public_keyset.json") 21 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "hpke_test_keyset", 7 | srcs = [ 8 | "hpke_test_private_keyset.json", 9 | "hpke_test_public_keyset.json", 10 | ], 11 | ) 12 | 13 | filegroup( 14 | name = "hybrid_test_keyset", 15 | srcs = [ 16 | "hybrid_test_private_keyset.json", 17 | "hybrid_test_public_keyset.json", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hpke_test_private_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 958452012, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.HpkePrivateKey", 7 | "value": "EioSBggBEAEYAhogVWQpmQoz74jcAp5WOD36KiBQ71MVCpn2iWfOzWLtKV4aINfn8qlMbyijNJcCzrafjsgJ493ZZGN256KTfKw0WN+p", 8 | "keyMaterialType": "ASYMMETRIC_PRIVATE" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 958452012, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hpke_test_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 958452012, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.HpkePublicKey", 7 | "value": "EgYIARABGAIaIFVkKZkKM++I3AKeVjg9+iogUO9TFQqZ9olnzs1i7Sle", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 958452012, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hybrid_test_private_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 548859458, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey", 7 | "value": "EowBEkQKBAgCEAMSOhI4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAEYARohAKjjAxgGmD9j90UyzNunoC04kWqaWiXGFRhOYfLS7Z2tIiEAhqqb+D0Din92zHwGQefzui0hma5khIZQCWyWHHVgNpsaIBQrEEuEn3hClVKM+4bsvmaUOqFYMbl7E6lNFJzbr+lp", 8 | "keyMaterialType": "ASYMMETRIC_PRIVATE" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 548859458, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/hybrid_encryption/testdata/hybrid_test_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 548859458, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey", 7 | "value": "EkQKBAgCEAMSOhI4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAEYARohAKjjAxgGmD9j90UyzNunoC04kWqaWiXGFRhOYfLS7Z2tIiEAhqqb+D0Din92zHwGQefzui0hma5khIZQCWyWHHVgNps=", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 548859458, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/jwt/jwt_signature_public_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 185188009, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PublicKey", 7 | "value": "EAEagQIAs9iifvWObNLbP+x7zupVIYTdHKba4VFgJEnnGtIII21R+KGddTdvNGAokd4GPrFk1GDPitHrAAoW1+NWrafsEUi2J9Sy3uwEyarsKDggewoBCNg2fcWAiZXplPjUyTlhrLvTuyrcL/mGPy+ib7bdmov+D2EP+rKUH6/ydtQGiyHRR3uurTUWfrMD1/6WaBVfngpy5Pxs2nuHXRmBHQKWmPfvErgr4abdjhKDaWIuxzSise1CSAbiWTNcxpIuFYZgPjgQzpqeh93LUXIX9YJds/bhHtXqRdxk6yTisloHOZETItK/rHCCE25dLkkaJ2Li7AtnJdBc6tEUNiuFj2JCjSIDAQAB", 8 | "keyMaterialType": "ASYMMETRIC_PUBLIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 185188009, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/key_derivation/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_binary( 6 | name = "key_derivation_cli", 7 | srcs = ["key_derivation_cli.cc"], 8 | deps = [ 9 | "//util", 10 | "@com_google_absl//absl/flags:flag", 11 | "@com_google_absl//absl/flags:parse", 12 | "@com_google_absl//absl/log:check", 13 | "@com_google_absl//absl/status", 14 | "@com_google_absl//absl/status:statusor", 15 | "@tink_cc//tink:aead", 16 | "@tink_cc//tink:keyset_handle", 17 | "@tink_cc//tink/aead:aead_config", 18 | "@tink_cc//tink/keyderivation:key_derivation_config", 19 | "@tink_cc//tink/keyderivation:keyset_deriver", 20 | ], 21 | ) 22 | 23 | sh_test( 24 | name = "key_derivation_cli_test", 25 | size = "small", 26 | srcs = ["key_derivation_cli_test.sh"], 27 | args = [ 28 | "$(rootpath :key_derivation_cli)", 29 | "$(rootpaths :keyset.json)", 30 | ], 31 | data = [ 32 | ":key_derivation_cli", 33 | ":keyset.json", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /examples/key_derivation/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(key_derivation_cli key_derivation_cli.cc) 2 | target_include_directories(key_derivation_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(key_derivation_cli 6 | tink::static 7 | absl::check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME key_derivation_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/key_derivation_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/key_derivation_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/keyset.json" 17 | -------------------------------------------------------------------------------- /examples/key_derivation/keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 1746379508, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.PrfBasedDeriverKey", 7 | "value": "El0KMXR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmNyeXB0by50aW5rLkhrZGZQcmZLZXkSJhICCAMaIHq3492RGOyzGsJTQh6Xi6noTDSrPQxULHuBqB10zMUCGAEaOgo4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAE=", 8 | "keyMaterialType": "SYMMETRIC" 9 | }, 10 | "status": "ENABLED", 11 | "keyId": 1746379508, 12 | "outputPrefixType": "TINK" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/mac/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | filegroup( 6 | name = "mac_test_keyset", 7 | srcs = ["mac_test_keyset.json"], 8 | ) 9 | 10 | cc_binary( 11 | name = "mac_cli", 12 | srcs = ["mac_cli.cc"], 13 | deps = [ 14 | "//util", 15 | "@com_google_absl//absl/flags:flag", 16 | "@com_google_absl//absl/flags:parse", 17 | "@com_google_absl//absl/log:check", 18 | "@com_google_absl//absl/status", 19 | "@com_google_absl//absl/status:statusor", 20 | "@com_google_absl//absl/strings", 21 | "@tink_cc//tink:cleartext_keyset_handle", 22 | "@tink_cc//tink:keyset_handle", 23 | "@tink_cc//tink:mac", 24 | "@tink_cc//tink/mac:mac_config", 25 | ], 26 | ) 27 | 28 | sh_test( 29 | name = "mac_cli_test", 30 | size = "small", 31 | srcs = ["mac_cli_test.sh"], 32 | args = [ 33 | "$(rootpath :mac_cli)", 34 | "$(rootpath :mac_test_keyset)", 35 | ], 36 | data = [ 37 | ":mac_cli", 38 | ":mac_test_keyset", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /examples/mac/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(mac_cli mac_cli.cc) 2 | target_include_directories(mac_cli PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(mac_cli 6 | tink::static 7 | absl::check 8 | absl::flags_parse 9 | util) 10 | 11 | add_test( 12 | NAME mac_cli_test 13 | COMMAND "${BASH_PROGRAM}" 14 | "${CMAKE_CURRENT_SOURCE_DIR}/mac_cli_test.sh" 15 | "${CMAKE_CURRENT_BINARY_DIR}/mac_cli" 16 | "${CMAKE_CURRENT_SOURCE_DIR}/mac_test_keyset.json") 17 | -------------------------------------------------------------------------------- /examples/mac/mac_test_keyset.json: -------------------------------------------------------------------------------- 1 | { 2 | "primaryKeyId": 691856985, 3 | "key": [ 4 | { 5 | "keyData": { 6 | "typeUrl": "type.googleapis.com/google.crypto.tink.HmacKey", 7 | "keyMaterialType": "SYMMETRIC", 8 | "value": "EgQIAxAgGiDZsmkTufMG/XlKlk9m7bqxustjUPT2YULEVm8mOp2mSA==" 9 | }, 10 | "outputPrefixType": "TINK", 11 | "keyId": 691856985, 12 | "status": "ENABLED" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /examples/util/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "util", 7 | srcs = ["util.cc"], 8 | hdrs = ["util.h"], 9 | deps = [ 10 | "@com_google_absl//absl/memory", 11 | "@com_google_absl//absl/status", 12 | "@com_google_absl//absl/status:statusor", 13 | "@tink_cc//tink:cleartext_keyset_handle", 14 | "@tink_cc//tink:json_keyset_reader", 15 | "@tink_cc//tink:json_keyset_writer", 16 | "@tink_cc//tink:keyset_handle", 17 | "@tink_cc//tink:keyset_reader", 18 | "@tink_cc//tink:keyset_writer", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /examples/util/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_library(util util.cc util.h) 2 | target_include_directories(util PUBLIC 3 | "${CMAKE_CURRENT_SOURCE_DIR}" 4 | "${TINK_EXAMPLES_INCLUDE_PATH}") 5 | target_link_libraries(util tink::static) 6 | -------------------------------------------------------------------------------- /examples/walkthrough/create_keyset.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_EXAMPLES_WALKTHROUGH_CREATE_KEYSET_H_ 17 | #define TINK_EXAMPLES_WALKTHROUGH_CREATE_KEYSET_H_ 18 | 19 | #include 20 | 21 | #include "tink/keyset_handle.h" 22 | #include "tink/util/statusor.h" 23 | 24 | namespace tink_walkthrough { 25 | 26 | // Creates a keyset with a single AES128-GCM key and return a handle to it. 27 | absl::StatusOr> 28 | CreateAead128GcmKeyset(); 29 | 30 | } // namespace tink_walkthrough 31 | 32 | #endif // TINK_EXAMPLES_WALKTHROUGH_CREATE_KEYSET_H_ 33 | -------------------------------------------------------------------------------- /extensions.bzl: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Tink C++ Bazel Module extensions.""" 16 | 17 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 18 | 19 | def _wycheproof_impl(_ctx): 20 | # Commit from 2019-12-17. 21 | http_archive( 22 | name = "wycheproof", 23 | strip_prefix = "wycheproof-d8ed1ba95ac4c551db67f410c06131c3bc00a97c", 24 | url = "https://github.com/google/wycheproof/archive/d8ed1ba95ac4c551db67f410c06131c3bc00a97c.zip", 25 | sha256 = "eb1d558071acf1aa6d677d7f1cabec2328d1cf8381496c17185bd92b52ce7545", 26 | ) 27 | 28 | wycheproof_extension = module_extension( 29 | implementation = _wycheproof_impl, 30 | ) 31 | -------------------------------------------------------------------------------- /kokoro/macos_external/cmake/run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2022 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | ################################################################################ 16 | 17 | set -euo pipefail 18 | 19 | if [[ -n "${KOKORO_ROOT:-}" ]]; then 20 | TINK_BASE_DIR="$(echo "${KOKORO_ARTIFACTS_DIR}"/git*)" 21 | cd "${TINK_BASE_DIR}/tink_cc" 22 | fi 23 | 24 | ./kokoro/testutils/run_cmake_tests.sh . 25 | ./kokoro/testutils/run_cmake_tests.sh "examples" -DTINK_BUILD_TESTS=OFF 26 | -------------------------------------------------------------------------------- /kokoro/macos_external/cmake_openssl/run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2022 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | ################################################################################ 16 | 17 | set -euo pipefail 18 | 19 | if [[ -n "${KOKORO_ROOT:-}" ]]; then 20 | TINK_BASE_DIR="$(echo "${KOKORO_ARTIFACTS_DIR}"/git*)" 21 | cd "${TINK_BASE_DIR}/tink_cc" 22 | fi 23 | 24 | # Sourcing is needed to update the caller environment. 25 | source ./kokoro/testutils/install_openssl.sh 26 | ./kokoro/testutils/run_cmake_tests.sh . -DTINK_USE_SYSTEM_OPENSSL=ON 27 | ./kokoro/testutils/run_cmake_tests.sh "examples" -DTINK_BUILD_TESTS=OFF \ 28 | -DTINK_USE_SYSTEM_OPENSSL=ON 29 | -------------------------------------------------------------------------------- /kokoro/testutils/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | sh_binary( 6 | name = "test_utils", 7 | srcs = ["test_utils.sh"], 8 | ) 9 | 10 | sh_binary( 11 | name = "github_release_util", 12 | srcs = ["github_release_util.sh"], 13 | ) 14 | 15 | sh_test( 16 | name = "github_release_util_test", 17 | size = "small", 18 | srcs = ["github_release_util_test.sh"], 19 | args = [ 20 | "$(rlocationpath :github_release_util.sh)", 21 | "$(rlocationpath :test_utils)", 22 | ], 23 | data = [ 24 | ":github_release_util.sh", 25 | ":test_utils", 26 | ], 27 | target_compatible_with = select({ 28 | "@platforms//os:windows": ["@platforms//:incompatible"], 29 | "//conditions:default": [], 30 | }), 31 | ) 32 | -------------------------------------------------------------------------------- /proto/aes_cmac_prf.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/aes_cmac_prf_go_proto"; 24 | 25 | // key_type: type.googleapis.com/google.crypto.tink.AesCmacPrfKey 26 | message AesCmacPrfKey { 27 | uint32 version = 1; 28 | bytes key_value = 2; // Placeholder for ctype and debug_redact. 29 | } 30 | 31 | message AesCmacPrfKeyFormat { 32 | uint32 version = 2; 33 | uint32 key_size = 1; 34 | } 35 | -------------------------------------------------------------------------------- /proto/empty.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/empty_go_proto"; 24 | 25 | message Empty {} 26 | -------------------------------------------------------------------------------- /proto/experimental/pqcrypto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | # ---------------------------------------- 6 | # proto_library rules. 7 | # ---------------------------------------- 8 | 9 | proto_library( 10 | name = "cecpq2_aead_hkdf_proto", 11 | srcs = [ 12 | "cecpq2_aead_hkdf.proto", 13 | ], 14 | visibility = ["//visibility:public"], 15 | deps = [ 16 | "//proto:common_proto", 17 | "//proto:tink_proto", 18 | ], 19 | ) 20 | 21 | proto_library( 22 | name = "ml_kem_proto", 23 | srcs = [ 24 | "ml_kem.proto", 25 | ], 26 | visibility = ["//visibility:public"], 27 | deps = [ 28 | "//proto:common_proto", 29 | "//proto:tink_proto", 30 | ], 31 | ) 32 | 33 | # ---------------------------------------- 34 | # cc_proto_library rules. 35 | # ---------------------------------------- 36 | 37 | cc_proto_library( 38 | name = "cecpq2_aead_hkdf_cc_proto", 39 | visibility = ["//visibility:public"], 40 | deps = [":cecpq2_aead_hkdf_proto"], 41 | ) 42 | 43 | cc_proto_library( 44 | name = "ml_kem_cc_proto", 45 | visibility = ["//visibility:public"], 46 | deps = [":ml_kem_proto"], 47 | ) 48 | -------------------------------------------------------------------------------- /proto/experimental/pqcrypto/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_cc_proto( 2 | NAME cecpq2_aead_hkdf_cc_proto 3 | SRCS cecpq2_aead_hkdf.proto 4 | DEPS 5 | tink::proto::common_cc_proto 6 | tink::proto::tink_cc_proto 7 | ) 8 | 9 | tink_cc_proto( 10 | NAME ml_kem_cc_proto 11 | SRCS ml_kem.proto 12 | DEPS 13 | tink::proto::common_cc_proto 14 | tink::proto::tink_cc_proto 15 | ) 16 | -------------------------------------------------------------------------------- /proto/test_proto.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | syntax = "proto3"; 17 | 18 | package google.crypto.tink; 19 | 20 | option java_package = "com.google.crypto.tink.proto"; 21 | option java_multiple_files = true; 22 | 23 | message TestProto { 24 | uint64 num = 1; 25 | bytes str = 2; // Placeholder for ctype. 26 | } 27 | 28 | message NestedTestProto { 29 | TestProto a = 1; 30 | TestProto b = 2; 31 | uint64 num = 3; 32 | bytes str = 4; // Placeholder for ctype. 33 | } 34 | 35 | message TestProtoWithoutCtype { 36 | bytes str = 1; 37 | } 38 | -------------------------------------------------------------------------------- /proto/xchacha20_poly1305.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | syntax = "proto3"; 18 | 19 | package google.crypto.tink; 20 | 21 | option java_package = "com.google.crypto.tink.proto"; 22 | option java_multiple_files = true; 23 | option go_package = "github.com/tink-crypto/tink-go/v2/proto/xchacha20_poly1305_go_proto"; 24 | 25 | message XChaCha20Poly1305KeyFormat { 26 | uint32 version = 1; 27 | } 28 | 29 | // key_type: type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key 30 | message XChaCha20Poly1305Key { 31 | uint32 version = 1; 32 | bytes key_value = 3; // Placeholder for ctype and debug_redact. 33 | } 34 | -------------------------------------------------------------------------------- /third_party/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | -------------------------------------------------------------------------------- /third_party/boringssl_fips/README.md: -------------------------------------------------------------------------------- 1 | # BoringSSL FIPS 2 | 3 | This WORKSPACE facilitates building BoringSSL with the FIPS validated module 4 | [BoringCrypto](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3678), 5 | which can then be used in Tink. Note that this gives no guarantee that you use 6 | BoringSSL in a FIPS compliant manner when used. It is strongly recommended to read 7 | the official 8 | [security policy](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf) 9 | for BoringCrypto. 10 | 11 | To use the BoringCrypto module with Tink, you must update the Tink [WORKSPACE 12 | file](https://github.com/tink-crypto/tink-cc/blob/main/WORKSPACE) to use the 13 | BoringSSL targets in this WORKSPACE. Tink then offers a [FIPS-only 14 | mode](https://developers.google.com/tink/FIPS) which will restrict the usage to 15 | algorithms which are FIPS approved *and* utilize the BoringCrypto module. 16 | -------------------------------------------------------------------------------- /third_party/boringssl_fips/WORKSPACE: -------------------------------------------------------------------------------- 1 | workspace(name = "boringssl") 2 | -------------------------------------------------------------------------------- /tink/aead/aead_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_AEAD_PARAMETERS_H_ 18 | #define TINK_AEAD_AEAD_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes an `AeadKey` (e.g., key attributes), excluding the randomly chosen 26 | // key material. 27 | class AeadParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_AEAD_AEAD_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/aead/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/aead/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/aead/internal/config_v0.h" 21 | #include "tink/configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigAeadV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddAeadV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/aead/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_CONFIG_V0_H_ 18 | #define TINK_AEAD_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate AEAD primitives with recommended key managers. 26 | const Configuration& ConfigAeadV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_AEAD_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/aead/failing_aead.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_AEAD_FAILING_AEAD_H_ 17 | #define TINK_AEAD_FAILING_AEAD_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "absl/strings/string_view.h" 23 | #include "tink/aead.h" 24 | 25 | namespace crypto { 26 | namespace tink { 27 | 28 | // Returns an AEAD that always returns an error when calling Encrypt or Decrypt. 29 | // The error message will contain `message`. 30 | std::unique_ptr CreateAlwaysFailingAead(absl::string_view message = ""); 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_AEAD_FAILING_AEAD_H_ 36 | -------------------------------------------------------------------------------- /tink/aead/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_AEAD_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended AEAD primitive wrappers and key managers to `config`, used to 28 | // generate primitives. 29 | absl::Status AddAeadV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_AEAD_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/aead/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_AEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended AEAD key managers to `config`, used to generate keys. 28 | absl::Status AddAeadKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_AEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/aead/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/aead/key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/aead/internal/key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigAeadV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(internal::AddAeadKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/aead/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_AEAD_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate AEAD keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigAeadV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_AEAD_KEY_GEN_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/aead/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/aead/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/aead/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/aead_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_CONFIG_H_ 18 | #define TINK_AEAD_CONFIG_H_ 19 | 20 | #include "tink/aead/aead_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_AEAD_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/aead_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_FACTORY_H_ 18 | #define TINK_AEAD_FACTORY_H_ 19 | 20 | #include "tink/aead/aead_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_AEAD_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/aead_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_AEAD_KEY_TEMPLATES_H_ 18 | #define TINK_AEAD_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/aead/aead_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_AEAD_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/config/config_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_CONFIG_UTIL_H_ 18 | #define TINK_CONFIG_CONFIG_UTIL_H_ 19 | 20 | #include 21 | 22 | #include "proto/config.pb.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | 27 | google::crypto::tink::KeyTypeEntry CreateTinkKeyTypeEntry( 28 | const std::string& catalogue_name, const std::string& primitive_name, 29 | const std::string& key_proto_name, int key_manager_version, 30 | bool new_key_allowed); 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_CONFIG_CONFIG_UTIL_H_ 36 | -------------------------------------------------------------------------------- /tink/config/fips_140_2.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_FIPS_140_2_H_ 18 | #define TINK_CONFIG_FIPS_140_2_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate primitives for key types that are compliant 26 | // with FIPS 140-2, https://csrc.nist.gov/pubs/fips/140-2/upd2/final. 27 | // Importing this Configuration restricts Tink to FIPS globally and 28 | // requires BoringSSL to be built with the BoringCrypto module. 29 | const Configuration& ConfigFips140_2(); 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_CONFIG_FIPS_140_2_H_ 35 | -------------------------------------------------------------------------------- /tink/config/global_registry.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_GLOBAL_REGISTRY_H_ 18 | #define TINK_CONFIG_GLOBAL_REGISTRY_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Used to generate primitives and keys using the global crypto::tink::Registry. 27 | const crypto::tink::Configuration& ConfigGlobalRegistry(); 28 | const crypto::tink::KeyGenConfiguration& KeyGenConfigGlobalRegistry(); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_CONFIG_GLOBAL_REGISTRY_H_ 34 | -------------------------------------------------------------------------------- /tink/config/internal/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | -------------------------------------------------------------------------------- /tink/config/internal/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_module(config::internal) 2 | -------------------------------------------------------------------------------- /tink/config/key_gen_fips_140_2.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_KEY_GEN_FIPS_140_2_H_ 18 | #define TINK_CONFIG_KEY_GEN_FIPS_140_2_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate keys using FIPS 140-2-compliant key 26 | // types. Importing this KeyGenConfiguration restricts Tink to FIPS globally and 27 | // requires BoringSSL to be built with the BoringCrypto module. 28 | const KeyGenConfiguration& KeyGenConfigFips140_2(); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_CONFIG_KEY_GEN_FIPS_140_2_H_ 34 | -------------------------------------------------------------------------------- /tink/config/key_gen_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_KEY_GEN_V0_H_ 18 | #define TINK_CONFIG_KEY_GEN_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_CONFIG_KEY_GEN_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/config/tink_fips.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #include "tink/config/tink_fips.h" 17 | 18 | #include "tink/internal/fips_utils.h" 19 | #include "tink/internal/registry_impl.h" 20 | #include "tink/util/status.h" 21 | 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | bool IsFipsModeEnabled() { 27 | return internal::IsFipsModeEnabled(); 28 | } 29 | 30 | absl::Status RestrictToFips() { 31 | return internal::RegistryImpl::GlobalInstance().RestrictToFipsIfEmpty(); 32 | } 33 | 34 | } // namespace tink 35 | } // namespace crypto 36 | -------------------------------------------------------------------------------- /tink/config/v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_CONFIG_V0_H_ 18 | #define TINK_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate recommended primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/core/restricted_data.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/restricted_data.h" 18 | 19 | #include 20 | 21 | #include "absl/log/check.h" 22 | #include "tink/subtle/random.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | 27 | RestrictedData::RestrictedData(int64_t num_random_bytes) { 28 | CHECK_GE(num_random_bytes, 0) 29 | << "Cannot generate a negative number of random bytes.\n"; 30 | secret_ = subtle::Random::GetRandomKeyBytes(num_random_bytes); 31 | } 32 | 33 | } // namespace tink 34 | } // namespace crypto 35 | -------------------------------------------------------------------------------- /tink/core/version.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/version.h" 18 | 19 | namespace crypto { 20 | namespace tink { 21 | 22 | constexpr char Version::kTinkVersion[]; 23 | 24 | } // namespace tink 25 | } // namespace crypto 26 | -------------------------------------------------------------------------------- /tink/daead/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/daead/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/daead/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigDeterministicAeadV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddDeterministicAeadV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/daead/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_CONFIG_V0_H_ 18 | #define TINK_DAEAD_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Deterministic AEAD primitives with recommended 26 | // key managers. 27 | const Configuration& ConfigDeterministicAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_DAEAD_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/deterministic_aead_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_DETERMINISTIC_AEAD_PARAMETERS_H_ 18 | #define TINK_DAEAD_DETERMINISTIC_AEAD_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a `DeterministicAeadKey` (e.g., key attributes), excluding the 26 | // randomly chosen key material. 27 | class DeterministicAeadParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_DAEAD_DETERMINISTIC_AEAD_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_DAEAD_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Deterministic AEAD primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddDeterministicAeadV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_DAEAD_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/daead/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_DAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Deterministic AEAD key managers to `config`, used to generate 28 | // keys. 29 | absl::Status AddDeterministicAeadKeyGenV0(KeyGenConfiguration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_DAEAD_INTERNAL_KEY_GEN_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/daead/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/daead/key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/daead/internal/key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigDeterministicAeadV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(internal::AddDeterministicAeadKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/daead/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DAEAD_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_DAEAD_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Deterministic AEAD keys with recommended 26 | // key managers. 27 | const KeyGenConfiguration& KeyGenConfigDeterministicAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_DAEAD_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/daead/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "aead_or_daead", 7 | srcs = ["aead_or_daead.cc"], 8 | hdrs = ["aead_or_daead.h"], 9 | include_prefix = "tink/daead/subtle", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//tink:aead", 13 | "//tink:deterministic_aead", 14 | "//tink/util:statusor", 15 | "@com_google_absl//absl/functional:bind_front", 16 | "@com_google_absl//absl/strings:string_view", 17 | "@com_google_absl//absl/types:variant", 18 | ], 19 | ) 20 | 21 | cc_test( 22 | name = "aead_or_daead_test", 23 | size = "small", 24 | srcs = ["aead_or_daead_test.cc"], 25 | deps = [ 26 | ":aead_or_daead", 27 | "//tink:aead", 28 | "//tink:deterministic_aead", 29 | "//tink/util:test_matchers", 30 | "//tink/util:test_util", 31 | "@com_google_absl//absl/memory", 32 | "@com_google_absl//absl/status", 33 | "@com_google_absl//absl/status:statusor", 34 | "@com_google_absl//absl/strings:string_view", 35 | "@com_google_googletest//:gtest_main", 36 | ], 37 | ) 38 | -------------------------------------------------------------------------------- /tink/daead/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_module(daead::subtle) 2 | 3 | tink_cc_library( 4 | NAME aead_or_daead 5 | SRCS 6 | aead_or_daead.cc 7 | aead_or_daead.h 8 | DEPS 9 | absl::bind_front 10 | absl::string_view 11 | absl::variant 12 | tink::core::aead 13 | tink::core::deterministic_aead 14 | tink::util::statusor 15 | ) 16 | 17 | tink_cc_test( 18 | NAME aead_or_daead_test 19 | SRCS 20 | aead_or_daead_test.cc 21 | DEPS 22 | tink::daead::subtle::aead_or_daead 23 | gmock 24 | absl::memory 25 | absl::status 26 | absl::statusor 27 | absl::string_view 28 | tink::core::aead 29 | tink::core::deterministic_aead 30 | tink::util::test_matchers 31 | tink::util::test_util 32 | ) 33 | -------------------------------------------------------------------------------- /tink/deterministic_aead_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DETERMINISTIC_AEAD_CONFIG_H_ 18 | #define TINK_DETERMINISTIC_AEAD_CONFIG_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/daead/deterministic_aead_config.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_DETERMINISTIC_AEAD_CONFIG_H_ 25 | -------------------------------------------------------------------------------- /tink/deterministic_aead_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DETERMINISTIC_AEAD_FACTORY_H_ 18 | #define TINK_DETERMINISTIC_AEAD_FACTORY_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/daead/deterministic_aead_factory.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_DETERMINISTIC_AEAD_FACTORY_H_ 25 | -------------------------------------------------------------------------------- /tink/deterministic_aead_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_DETERMINISTIC_AEAD_KEY_TEMPLATES_H_ 18 | #define TINK_DETERMINISTIC_AEAD_KEY_TEMPLATES_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/daead/deterministic_aead_key_templates.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_DETERMINISTIC_AEAD_KEY_TEMPLATES_H_ 25 | -------------------------------------------------------------------------------- /tink/experimental/kem/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "kem_parameters", 7 | hdrs = ["kem_parameters.h"], 8 | include_prefix = "tink/experimental/kem", 9 | deps = ["//tink:parameters"], 10 | ) 11 | 12 | cc_library( 13 | name = "kem_private_key", 14 | hdrs = ["kem_private_key.h"], 15 | include_prefix = "tink/experimental/kem", 16 | deps = [ 17 | ":kem_parameters", 18 | ":kem_public_key", 19 | "//tink:key", 20 | "//tink:private_key", 21 | "@com_google_absl//absl/strings:string_view", 22 | "@com_google_absl//absl/types:optional", 23 | ], 24 | ) 25 | 26 | cc_library( 27 | name = "kem_public_key", 28 | hdrs = ["kem_public_key.h"], 29 | include_prefix = "tink/experimental/kem", 30 | deps = [ 31 | ":kem_parameters", 32 | "//tink:key", 33 | "@com_google_absl//absl/strings:string_view", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /tink/experimental/kem/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_cc_library( 2 | NAME kem_parameters 3 | SRCS 4 | kem_parameters.h 5 | DEPS 6 | tink::core::parameters 7 | ) 8 | 9 | tink_cc_library( 10 | NAME kem_private_key 11 | SRCS 12 | kem_private_key.h 13 | DEPS 14 | tink::experimental::kem::kem_parameters 15 | tink::experimental::kem::kem_public_key 16 | absl::string_view 17 | absl::optional 18 | tink::core::key 19 | tink::core::private_key 20 | ) 21 | 22 | tink_cc_library( 23 | NAME kem_public_key 24 | SRCS 25 | kem_public_key.h 26 | DEPS 27 | tink::experimental::kem::kem_parameters 28 | absl::string_view 29 | tink::core::key 30 | ) 31 | -------------------------------------------------------------------------------- /tink/experimental/kem/kem_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_EXPERIMENTAL_KEM_KEM_PARAMETERS_H_ 18 | #define TINK_EXPERIMENTAL_KEM_KEM_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a key encapsulation mechanism key pair (e.g. key attributes), 26 | // excluding the randomly chosen key material. 27 | class KemParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_EXPERIMENTAL_KEM_KEM_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/README.md: -------------------------------------------------------------------------------- 1 | This folder contains experimental implementations of post-quantum cryptographic 2 | primitives. 3 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/kem/ml_kem_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_EXPERIMENTAL_PQCRYPTO_KEM_ML_KEM_PROTO_SERIALIZATION_H_ 18 | #define TINK_EXPERIMENTAL_PQCRYPTO_KEM_ML_KEM_PROTO_SERIALIZATION_H_ 19 | 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for ML-KEM parameters and keys. 26 | absl::Status RegisterMlKemProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_EXPERIMENTAL_PQCRYPTO_KEM_ML_KEM_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/experimental/pqcrypto/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Package containing C++ protos for experimental PQC primitives. 2 | package(default_visibility = ["//:__subpackages__"]) 3 | 4 | licenses(["notice"]) 5 | 6 | # ---------------------------------------- 7 | # cc_proto_library rules. 8 | # ---------------------------------------- 9 | 10 | cc_proto_library( 11 | name = "cecpq2_aead_hkdf_cc_proto", 12 | visibility = ["//visibility:public"], 13 | deps = ["//proto/experimental/pqcrypto:cecpq2_aead_hkdf_proto"], 14 | ) 15 | 16 | cc_proto_library( 17 | name = "ml_kem_cc_proto", 18 | visibility = ["//visibility:public"], 19 | deps = ["//proto/experimental/pqcrypto:ml_kem_proto"], 20 | ) 21 | -------------------------------------------------------------------------------- /tink/exported_symbols.lds: -------------------------------------------------------------------------------- 1 | *tink* 2 | *absl* 3 | -------------------------------------------------------------------------------- /tink/hybrid/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/hybrid/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/hybrid/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigHybridV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddHybridV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/hybrid/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_CONFIG_V0_H_ 18 | #define TINK_HYBRID_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Hybrid Encryption primitives with recommended 26 | // key managers. 27 | const Configuration& ConfigHybridV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/hybrid/ecies_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_ECIES_PROTO_SERIALIZATION_H_ 18 | #define TINK_HYBRID_ECIES_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for ECIES parameters and keys. 26 | absl::Status RegisterEciesProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_HYBRID_ECIES_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/hybrid/hpke_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_HPKE_CONFIG_H_ 18 | #define TINK_HYBRID_HPKE_CONFIG_H_ 19 | 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers HybridEncrypt and HybridDecrypt primitive wrappers, and key 26 | // managers for HPKE Encrypt and HPKE Decrypt from the current Tink release. 27 | absl::Status RegisterHpke(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_HPKE_CONFIG_H_ 33 | -------------------------------------------------------------------------------- /tink/hybrid/hpke_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_HPKE_PROTO_SERIALIZATION_H_ 18 | #define TINK_HYBRID_HPKE_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for HPKE parameters and keys. 26 | absl::Status RegisterHpkeProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_HYBRID_HPKE_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/hybrid/hybrid_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_HYBRID_PARAMETERS_H_ 18 | #define TINK_HYBRID_HYBRID_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a hybrid encryption key pair (e.g., key attributes), excluding the 26 | // randomly chosen key material. 27 | class HybridParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_HYBRID_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/hybrid/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_HYBRID_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Hybrid Encryption primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddHybridV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_HYBRID_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/hybrid/internal/hpke_public_key_manager.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/hybrid/internal/hpke_public_key_manager.h" 18 | 19 | #include "tink/hybrid/internal/hpke_key_manager_util.h" 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace internal { 25 | 26 | using HpkePublicKeyProto = ::google::crypto::tink::HpkePublicKey; 27 | 28 | absl::Status HpkePublicKeyManager::ValidateKey( 29 | const HpkePublicKeyProto& key) const { 30 | return ValidateKeyAndVersion(key, get_version()); 31 | } 32 | 33 | } // namespace internal 34 | } // namespace tink 35 | } // namespace crypto 36 | -------------------------------------------------------------------------------- /tink/hybrid/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_HYBRID_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Hybrid Encryption key managers to `config`, used to generate 28 | // keys. 29 | absl::Status AddHybridKeyGenV0(KeyGenConfiguration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_HYBRID_INTERNAL_KEY_GEN_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/hybrid/internal/testing/ecies_aead_hkdf_test_vectors.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_INTERNAL_TESTING_ECIES_AEAD_HKDF_TEST_VECTORS_H_ 18 | #define TINK_HYBRID_INTERNAL_TESTING_ECIES_AEAD_HKDF_TEST_VECTORS_H_ 19 | 20 | #include 21 | 22 | #include "tink/hybrid/internal/testing/hybrid_test_vectors.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | std::vector CreateEciesTestVectors(); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_HYBRID_INTERNAL_TESTING_ECIES_AEAD_HKDF_TEST_VECTORS_H_ 35 | -------------------------------------------------------------------------------- /tink/hybrid/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/hybrid/key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/hybrid/internal/key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigHybridV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(internal::AddHybridKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/hybrid/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_HYBRID_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Hybrid Encryption keys with recommended 26 | // key managers. 27 | const KeyGenConfiguration& KeyGenConfigHybridV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_HYBRID_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/hybrid/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/hybrid/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/hybrid/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/hybrid_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_CONFIG_H_ 18 | #define TINK_HYBRID_CONFIG_H_ 19 | 20 | #include "tink/hybrid/hybrid_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_decrypt_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_DECRYPT_FACTORY_H_ 18 | #define TINK_HYBRID_DECRYPT_FACTORY_H_ 19 | 20 | #include "tink/hybrid/hybrid_decrypt_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_DECRYPT_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_encrypt_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_ENCRYPT_FACTORY_H_ 18 | #define TINK_HYBRID_ENCRYPT_FACTORY_H_ 19 | 20 | #include "tink/hybrid/hybrid_encrypt_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_ENCRYPT_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/hybrid_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_HYBRID_KEY_TEMPLATES_H_ 18 | #define TINK_HYBRID_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/hybrid/hybrid_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_HYBRID_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/internal/err_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #include "tink/internal/err_util.h" 17 | 18 | #include 19 | 20 | #include 21 | 22 | #include "openssl/err.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | std::string GetSslErrors() { 29 | std::string ret; 30 | ERR_print_errors_cb( 31 | [](const char *str, size_t len, void *ctx) -> int { 32 | static_cast(ctx)->append(str, len); 33 | return 1; 34 | }, 35 | &ret); 36 | return ret; 37 | } 38 | 39 | } // namespace internal 40 | } // namespace tink 41 | } // namespace crypto 42 | -------------------------------------------------------------------------------- /tink/internal/err_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_INTERNAL_ERR_UTIL_H_ 17 | #define TINK_INTERNAL_ERR_UTIL_H_ 18 | 19 | #include 20 | 21 | namespace crypto { 22 | namespace tink { 23 | namespace internal { 24 | 25 | // Returns OpenSSL error strings accumulated in the error queue, thus emptying 26 | // the queue. 27 | std::string GetSslErrors(); 28 | 29 | } // namespace internal 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_INTERNAL_ERR_UTIL_H_ 34 | -------------------------------------------------------------------------------- /tink/internal/global_serialization_registry.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_ 18 | #define TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_ 19 | 20 | #include "tink/internal/serialization_registry.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace internal { 25 | 26 | // Returns the global immutable serialization registry. 27 | const SerializationRegistry& GlobalSerializationRegistry(); 28 | 29 | } // namespace internal 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_ 34 | -------------------------------------------------------------------------------- /tink/internal/internal_insecure_secret_key_access.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/internal/internal_insecure_secret_key_access.h" 18 | #include "tink/insecure_secret_key_access.h" 19 | #include "tink/secret_key_access_token.h" 20 | 21 | namespace crypto { 22 | namespace tink { 23 | namespace internal { 24 | 25 | SecretKeyAccessToken GetInsecureSecretKeyAccessInternal() { 26 | return crypto::tink::InsecureSecretKeyAccess::Get(); 27 | } 28 | 29 | } // namespace internal 30 | } // namespace tink 31 | } // namespace crypto 32 | -------------------------------------------------------------------------------- /tink/internal/key_info.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_INTERNAL_KEY_INFO_H_ 17 | #define TINK_INTERNAL_KEY_INFO_H_ 18 | 19 | #include "proto/tink.pb.h" 20 | 21 | namespace crypto { 22 | namespace tink { 23 | 24 | google::crypto::tink::KeysetInfo::KeyInfo KeyInfoFromKey( 25 | const google::crypto::tink::Keyset::Key& key); 26 | 27 | google::crypto::tink::KeysetInfo KeysetInfoFromKeyset( 28 | const google::crypto::tink::Keyset& keyset); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_INTERNAL_KEY_INFO_H_ 34 | -------------------------------------------------------------------------------- /tink/internal/proto_parser_options.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_INTERNAL_PROTO_PARSER_OPTIONS_H_ 18 | #define TINK_INTERNAL_PROTO_PARSER_OPTIONS_H_ 19 | 20 | namespace crypto { 21 | namespace tink { 22 | namespace internal { 23 | 24 | enum class ProtoFieldOptions { 25 | // Do not serialize in case the value of the field is the default. 26 | kNone = 0, 27 | // Always write the field: this is useful in case proto treats the field as 28 | // required. 29 | kAlwaysSerialize = 1, 30 | }; 31 | 32 | } // namespace internal 33 | } // namespace tink 34 | } // namespace crypto 35 | 36 | #endif // TINK_INTERNAL_PROTO_PARSER_OPTIONS_H_ 37 | -------------------------------------------------------------------------------- /tink/internal/test_file_util_cmake.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/internal/test_file_util.h" 18 | 19 | #include 20 | 21 | #include "absl/strings/str_cat.h" 22 | #include "absl/strings/string_view.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | namespace internal { 27 | 28 | std::string RunfilesPath(absl::string_view path) { 29 | return absl::StrCat("./", path); 30 | } 31 | 32 | } // namespace internal 33 | } // namespace tink 34 | } // namespace crypto 35 | -------------------------------------------------------------------------------- /tink/json/internal/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "tink_type_resolver", 7 | srcs = ["tink_type_resolver.cc"], 8 | hdrs = ["tink_type_resolver.h"], 9 | include_prefix = "tink/json/internal", 10 | deps = [ 11 | "@com_google_absl//absl/log:check", 12 | "@com_google_absl//absl/strings", 13 | "@com_google_absl//absl/strings:string_view", 14 | "@com_google_protobuf//:cc_wkt_protos", 15 | "@com_google_protobuf//:protobuf", 16 | ], 17 | ) 18 | 19 | cc_test( 20 | name = "tink_type_resolver_test", 21 | srcs = ["tink_type_resolver_test.cc"], 22 | deps = [ 23 | ":tink_type_resolver", 24 | "//proto:tink_cc_proto", 25 | "//tink/util:test_matchers", 26 | "@com_google_googletest//:gtest_main", 27 | "@com_google_protobuf//:protobuf", 28 | ], 29 | ) 30 | -------------------------------------------------------------------------------- /tink/json/internal/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_module(json::internal) 2 | 3 | tink_cc_library( 4 | NAME tink_type_resolver 5 | SRCS 6 | tink_type_resolver.cc 7 | tink_type_resolver.h 8 | DEPS 9 | protobuf::libprotobuf 10 | absl::check 11 | absl::strings 12 | absl::string_view 13 | ) 14 | 15 | tink_cc_test( 16 | NAME tink_type_resolver_test 17 | SRCS 18 | tink_type_resolver_test.cc 19 | DEPS 20 | tink::json::internal::tink_type_resolver 21 | gmock 22 | protobuf::libprotobuf 23 | tink::util::test_matchers 24 | tink::proto::tink_cc_proto 25 | ) 26 | -------------------------------------------------------------------------------- /tink/json/internal/tink_type_resolver.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JSON_INTERNAL_TINK_TYPE_RESOLVER_H_ 18 | #define TINK_JSON_INTERNAL_TINK_TYPE_RESOLVER_H_ 19 | 20 | #include "google/protobuf/util/type_resolver.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | namespace internal { 25 | 26 | // Returns a TypeResolver for all protobuf types defined in tink.proto. 27 | // This is needed to be able to use protobuf JSON parser with proto lite. 28 | ::google::protobuf::util::TypeResolver* GetTinkTypeResolver(); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JSON_INTERNAL_TINK_TYPE_RESOLVER_H_ 35 | -------------------------------------------------------------------------------- /tink/json_keyset_reader.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JSON_KEYSET_READER_H_ 18 | #define TINK_JSON_KEYSET_READER_H_ 19 | 20 | #include "tink/json/json_keyset_reader.h" 21 | 22 | #endif // TINK_JSON_KEYSET_READER_H_ 23 | -------------------------------------------------------------------------------- /tink/json_keyset_writer.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JSON_KEYSET_WRITER_H_ 18 | #define TINK_JSON_KEYSET_WRITER_H_ 19 | 20 | #include "tink/json/json_keyset_writer.h" 21 | 22 | #endif // TINK_JSON_KEYSET_WRITER_H_ 23 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_mac_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_MAC_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_MAC_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT MAC primitive wrappers and key managers to `config`, used 28 | // to generate primitives. 29 | absl::Status AddJwtMacV0(Configuration& config); 30 | 31 | } // namespace jwt_internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_JWT_INTERNAL_JWT_MAC_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_mac_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT MAC key managers to `config`, used to generate keys. 28 | absl::Status AddJwtMacKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace jwt_internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JWT_INTERNAL_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/jwt/internal/jwt_signature_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_INTERNAL_JWT_SIGNATURE_CONFIG_V0_H_ 18 | #define TINK_JWT_INTERNAL_JWT_SIGNATURE_CONFIG_V0_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "tink/configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace jwt_internal { 26 | 27 | // Add recommended JWT Signature primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddJwtSignatureV0(Configuration& config); 30 | 31 | } // namespace jwt_internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_JWT_INTERNAL_JWT_SIGNATURE_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/jwt/jwt_ecdsa_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_ECDSA_PROTO_SERIALIZATION_H_ 18 | #define TINK_JWT_JWT_ECDSA_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for JWT ECDSA parameters and keys. 26 | absl::Status RegisterJwtEcdsaProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_JWT_JWT_ECDSA_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/jwt/jwt_hmac_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_HMAC_PROTO_SERIALIZATION_H_ 18 | #define TINK_JWT_JWT_HMAC_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for JWT HMAC parameters and keys. 26 | absl::Status RegisterJwtHmacProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_JWT_JWT_HMAC_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_CONFIG_H_ 18 | #define TINK_JWT_JWT_MAC_CONFIG_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "proto/config.pb.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Registers JwtMac primitive wrapper and key managers for all JwtMac key 27 | // types from the current Tink release. 28 | absl::Status JwtMacRegister(); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_JWT_JWT_MAC_CONFIG_H_ 34 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/jwt/jwt_mac_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/jwt/internal/jwt_mac_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigJwtMacV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(jwt_internal::AddJwtMacV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_MAC_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate JWT MAC primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigJwtMacV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_MAC_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/jwt/jwt_mac_key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/jwt/internal/jwt_mac_key_gen_config_v0.h" 21 | #include "tink/key_gen_configuration.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigJwtMacV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(jwt_internal::AddJwtMacKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate JWT MAC keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigJwtMacV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_MAC_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_mac_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_MAC_PARAMETERS_H_ 18 | #define TINK_JWT_JWT_MAC_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // `JwtMacKey` description without the randomly chosen key material. 26 | class JwtMacParameters : public Parameters { 27 | // Returns true if verification is allowed for tokens without a `kid` header. 28 | virtual bool AllowKidAbsent() const = 0; 29 | }; 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JWT_JWT_MAC_PARAMETERS_H_ 35 | -------------------------------------------------------------------------------- /tink/jwt/jwt_rsa_ssa_pkcs1_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_RSA_SSA_PKCS1_PROTO_SERIALIZATION_H_ 18 | #define TINK_JWT_JWT_RSA_SSA_PKCS1_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for JWT RSASSA-PKCS1 parameters and 26 | // keys. 27 | absl::Status RegisterJwtRsaSsaPkcs1ProtoSerialization(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_RSA_SSA_PKCS1_PROTO_SERIALIZATION_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_rsa_ssa_pss_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_RSA_SSA_PSS_PROTO_SERIALIZATION_H_ 18 | #define TINK_JWT_JWT_RSA_SSA_PSS_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for JWT RSASSA-PSS parameters and 26 | // keys. 27 | absl::Status RegisterJwtRsaSsaPssProtoSerialization(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_RSA_SSA_PSS_PROTO_SERIALIZATION_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_CONFIG_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_CONFIG_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "proto/config.pb.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | // Registers JwtPublicKeySign and JwtPublicKeyVerify primitive wrapper and key 27 | // managers for all JwtPublicKeySign and JwtPublicKeyVerify key types from the 28 | // current Tink release. 29 | absl::Status JwtSignatureRegister(); 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_JWT_JWT_SIGNATURE_CONFIG_H_ 35 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/jwt/jwt_signature_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/jwt/internal/jwt_signature_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigJwtSignatureV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(jwt_internal::AddJwtSignatureV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate JWT Signature primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigJwtSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_SIGNATURE_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate JWT Signature keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigJwtSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_JWT_JWT_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/jwt/jwt_signature_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_JWT_JWT_SIGNATURE_PARAMETERS_H_ 18 | #define TINK_JWT_JWT_SIGNATURE_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a JWT signature key pair without the randomly chosen key material. 26 | class JwtSignatureParameters : public Parameters { 27 | // Returns true if verification is allowed for tokens without a `kid` header. 28 | virtual bool AllowKidAbsent() const = 0; 29 | }; 30 | 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | 35 | #endif // TINK_JWT_JWT_SIGNATURE_PARAMETERS_H_ 36 | -------------------------------------------------------------------------------- /tink/kem/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//:__subpackages__"]) 2 | 3 | licenses(["notice"]) 4 | 5 | cc_library( 6 | name = "kem_decapsulate", 7 | hdrs = ["kem_decapsulate.h"], 8 | include_prefix = "tink/kem", 9 | visibility = ["//visibility:public"], 10 | deps = [ 11 | "//tink:keyset_handle", 12 | "//tink/util:statusor", 13 | "@com_google_absl//absl/strings", 14 | ], 15 | ) 16 | 17 | cc_library( 18 | name = "kem_encapsulate", 19 | hdrs = ["kem_encapsulate.h"], 20 | include_prefix = "tink/kem", 21 | visibility = ["//visibility:public"], 22 | deps = [ 23 | "//tink:keyset_handle", 24 | "//tink/util:statusor", 25 | ], 26 | ) 27 | -------------------------------------------------------------------------------- /tink/kem/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | tink_cc_library( 2 | NAME kem_decapsulate 3 | SRCS 4 | kem_decapsulate.h 5 | DEPS 6 | absl::strings 7 | tink::core::keyset_handle 8 | tink::util::statusor 9 | ) 10 | 11 | tink_cc_library( 12 | NAME kem_encapsulate 13 | SRCS 14 | kem_encapsulate.h 15 | DEPS 16 | tink::core::keyset_handle 17 | tink::util::statusor 18 | ) 19 | -------------------------------------------------------------------------------- /tink/keyderivation/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/keyderivation/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/keyderivation/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/keyset_handle_builder.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_KEYSET_HANDLE_BUILDER_H_ 18 | #define TINK_KEYSET_HANDLE_BUILDER_H_ 19 | 20 | #include "tink/keyset_handle.h" 21 | 22 | #endif // TINK_KEYSET_HANDLE_BUILDER_H_ 23 | -------------------------------------------------------------------------------- /tink/mac/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/mac/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/mac/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigMacV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddMacV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/mac/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_CONFIG_V0_H_ 18 | #define TINK_MAC_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate MAC primitives with recommended key managers. 26 | const Configuration& ConfigMacV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_MAC_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/mac/failing_mac.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_MAC_FAILING_MAC_H_ 17 | #define TINK_MAC_FAILING_MAC_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "absl/strings/string_view.h" 23 | #include "tink/mac.h" 24 | 25 | namespace crypto { 26 | namespace tink { 27 | 28 | // Returns a MAC that always returns an error when calling ComputeMac or 29 | // VerifyMac. The error message will contain `message`. 30 | std::unique_ptr CreateAlwaysFailingMac(std::string message = ""); 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_MAC_FAILING_MAC_H_ 36 | -------------------------------------------------------------------------------- /tink/mac/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_MAC_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended MAC primitive wrappers and key managers to `config`, used to 28 | // generate primitives. 29 | absl::Status AddMacV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_MAC_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/mac/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_MAC_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended MAC key managers to `config`, used to generate keys. 28 | absl::Status AddMacKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_MAC_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/mac/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/mac/key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/mac/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigMacV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(internal::AddMacKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/mac/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_MAC_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate MAC keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigMacV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_MAC_KEY_GEN_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/mac/mac_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_MAC_PARAMETERS_H_ 18 | #define TINK_MAC_MAC_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // `MacKey` description without the randomly chosen key material. 26 | class MacParameters : public Parameters {}; 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_MAC_MAC_PARAMETERS_H_ 32 | -------------------------------------------------------------------------------- /tink/mac/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/mac/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/mac/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/mac_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_CONFIG_H_ 18 | #define TINK_MAC_CONFIG_H_ 19 | 20 | #include "tink/mac/mac_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_MAC_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/mac_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_FACTORY_H_ 18 | #define TINK_MAC_FACTORY_H_ 19 | 20 | #include "tink/mac/mac_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_MAC_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/mac_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_MAC_KEY_TEMPLATES_H_ 18 | #define TINK_MAC_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/mac/mac_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_MAC_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/prf/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/prf/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/prf/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigPrfV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddPrfV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/prf/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_CONFIG_V0_H_ 18 | #define TINK_PRF_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate PRF primitives with recommended key managers. 26 | const Configuration& ConfigPrfV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_PRF_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/prf/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_PRF_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended PRF primitive wrappers and key managers to `config`, used to 28 | // generate primitives. 29 | absl::Status AddPrfV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_PRF_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/prf/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_PRF_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended PRF key managers to `config`, used to generate keys. 28 | absl::Status AddPrfKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_PRF_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/prf/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/prf/key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/prf/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigPrfV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(internal::AddPrfKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/prf/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_PRF_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate PRF keys with recommended key managers. 26 | const KeyGenConfiguration& KeyGenConfigPrfV0(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_PRF_KEY_GEN_CONFIG_V0_H_ 32 | -------------------------------------------------------------------------------- /tink/prf/prf_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRF_PRF_PARAMETERS_H_ 18 | #define TINK_PRF_PRF_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a PRF key (e.g., key attributes), excluding the randomly chosen key 26 | // material. 27 | class PrfParameters : public Parameters { 28 | public: 29 | bool HasIdRequirement() const final { return false; } 30 | }; 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_PRF_PRF_PARAMETERS_H_ 36 | -------------------------------------------------------------------------------- /tink/prf/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/prf/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/prf/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/private_key.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PRIVATE_KEY_H_ 18 | #define TINK_PRIVATE_KEY_H_ 19 | 20 | #include "tink/key.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Represents a private key. Note that private keys in Tink always include the 26 | // corresponding public key. 27 | class PrivateKey : public Key { 28 | public: 29 | virtual const Key& GetPublicKey() const = 0; 30 | }; 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_PRIVATE_KEY_H_ 36 | -------------------------------------------------------------------------------- /tink/public_key_sign_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PUBLIC_KEY_SIGN_FACTORY_H_ 18 | #define TINK_PUBLIC_KEY_SIGN_FACTORY_H_ 19 | 20 | #include "tink/signature/public_key_sign_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_PUBLIC_KEY_SIGN_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/public_key_verify_factory.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_PUBLIC_KEY_VERIFY_FACTORY_H_ 18 | #define TINK_PUBLIC_KEY_VERIFY_FACTORY_H_ 19 | 20 | #include "tink/signature/public_key_verify_factory.h" // IWYU pragma: export 21 | 22 | #endif // TINK_PUBLIC_KEY_VERIFY_FACTORY_H_ 23 | -------------------------------------------------------------------------------- /tink/secret_key_access.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SECRET_KEY_ACCESS_H_ 18 | #define TINK_SECRET_KEY_ACCESS_H_ 19 | 20 | #include "tink/key_access.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | class SecretKeyAccess { 26 | public: 27 | static KeyAccess SecretAccess() { return KeyAccess(true); } 28 | }; 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_SECRET_KEY_ACCESS_H_ 34 | -------------------------------------------------------------------------------- /tink/signature/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/signature/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/signature/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigSignatureV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddSignatureV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/signature/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Signature primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/signature/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Signature primitive wrappers and key managers to `config`, 28 | // used to generate primitives. 29 | absl::Status AddSignatureV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_SIGNATURE_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/signature/internal/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_INTERNAL_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Signature key managers to `config`, used to generate keys. 28 | absl::Status AddSignatureKeyGenV0(KeyGenConfiguration& config); 29 | 30 | } // namespace internal 31 | } // namespace tink 32 | } // namespace crypto 33 | 34 | #endif // TINK_SIGNATURE_INTERNAL_KEY_GEN_CONFIG_V0_H_ 35 | -------------------------------------------------------------------------------- /tink/signature/internal/ml_dsa_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_ML_DSA_PROTO_SERIALIZATION_H_ 18 | #define TINK_SIGNATURE_INTERNAL_ML_DSA_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for ML-DSA parameters and keys. 26 | absl::Status RegisterMlDsaProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_SIGNATURE_INTERNAL_ML_DSA_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/signature/internal/slh_dsa_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_INTERNAL_SLH_DSA_PROTO_SERIALIZATION_H_ 18 | #define TINK_SIGNATURE_INTERNAL_SLH_DSA_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for SLH-DSA parameters and keys. 26 | absl::Status RegisterSlhDsaProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_SIGNATURE_INTERNAL_SLH_DSA_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/signature/key_gen_config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/signature/key_gen_config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/key_gen_configuration.h" 21 | #include "tink/signature/internal/key_gen_config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const KeyGenConfiguration& KeyGenConfigSignatureV0() { 27 | static const KeyGenConfiguration* instance = [] { 28 | static KeyGenConfiguration* config = new KeyGenConfiguration(); 29 | CHECK_OK(internal::AddSignatureKeyGenV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/signature/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Signature keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigSignatureV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/signature/rsa_ssa_pkcs1_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_RSA_SSA_PKCS1_PROTO_SERIALIZATION_H_ 18 | #define TINK_SIGNATURE_RSA_SSA_PKCS1_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for RsaSsaPkcs1 parameters and keys. 26 | absl::Status RegisterRsaSsaPkcs1ProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_SIGNATURE_RSA_SSA_PKCS1_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/signature/rsa_ssa_pss_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_RSA_SSA_PSS_PROTO_SERIALIZATION_H_ 18 | #define TINK_SIGNATURE_RSA_SSA_PSS_PROTO_SERIALIZATION_H_ 19 | 20 | #include "absl/status/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for RsaSsaPss parameters and keys. 26 | absl::Status RegisterRsaSsaPssProtoSerialization(); 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_SIGNATURE_RSA_SSA_PSS_PROTO_SERIALIZATION_H_ 32 | -------------------------------------------------------------------------------- /tink/signature/sig_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_SIGNATURE_SIG_UTIL_H_ 17 | #define TINK_SIGNATURE_SIG_UTIL_H_ 18 | 19 | #include "tink/public_key_sign.h" 20 | #include "tink/public_key_verify.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | absl::Status SignAndVerify(const PublicKeySign* signer, 27 | const PublicKeyVerify* verifier); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_SIG_UTIL_H_ 33 | -------------------------------------------------------------------------------- /tink/signature/signature_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_SIGNATURE_PARAMETERS_H_ 18 | #define TINK_SIGNATURE_SIGNATURE_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a digital signature key pair (e.g., key attributes), excluding the 26 | // randomly chosen key material. 27 | class SignatureParameters : public Parameters {}; 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_SIGNATURE_SIGNATURE_PARAMETERS_H_ 33 | -------------------------------------------------------------------------------- /tink/signature/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/signature/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/signature/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/signature_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_CONFIG_H_ 18 | #define TINK_SIGNATURE_CONFIG_H_ 19 | 20 | #include "tink/signature/signature_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_SIGNATURE_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/signature_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_SIGNATURE_KEY_TEMPLATES_H_ 18 | #define TINK_SIGNATURE_KEY_TEMPLATES_H_ 19 | 20 | #include "tink/signature/signature_key_templates.h" // IWYU pragma: export 21 | 22 | #endif // TINK_SIGNATURE_KEY_TEMPLATES_H_ 23 | -------------------------------------------------------------------------------- /tink/streaming_aead_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMING_AEAD_CONFIG_H_ 18 | #define TINK_STREAMING_AEAD_CONFIG_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/streamingaead/streaming_aead_config.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_STREAMING_AEAD_CONFIG_H_ 25 | -------------------------------------------------------------------------------- /tink/streaming_aead_key_templates.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMING_AEAD_KEY_TEMPLATES_H_ 18 | #define TINK_STREAMING_AEAD_KEY_TEMPLATES_H_ 19 | 20 | // IWYU pragma: begin_exports 21 | #include "tink/streamingaead/streaming_aead_key_templates.h" 22 | // IWYU pragma: end_exports 23 | 24 | #endif // TINK_STREAMING_AEAD_KEY_TEMPLATES_H_ 25 | -------------------------------------------------------------------------------- /tink/streamingaead/aes_ctr_hmac_streaming_proto_serialization.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_AES_CTR_HMAC_STREAMING_PROTO_SERIALIZATION_H_ 18 | #define TINK_STREAMINGAEAD_AES_CTR_HMAC_STREAMING_PROTO_SERIALIZATION_H_ 19 | 20 | #include "tink/util/status.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Registers proto parsers and serializers for AES-CTR-HMAC Streaming parameters 26 | // and keys. 27 | absl::Status RegisterAesCtrHmacStreamingProtoSerialization(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_STREAMINGAEAD_AES_CTR_HMAC_STREAMING_PROTO_SERIALIZATION_H_ 33 | -------------------------------------------------------------------------------- /tink/streamingaead/config_v0.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #include "tink/streamingaead/config_v0.h" 18 | 19 | #include "absl/log/check.h" 20 | #include "tink/configuration.h" 21 | #include "tink/streamingaead/internal/config_v0.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | 26 | const Configuration& ConfigStreamingAeadV0() { 27 | static const Configuration* instance = [] { 28 | static Configuration* config = new Configuration(); 29 | CHECK_OK(internal::AddStreamingAeadV0(*config)); 30 | return config; 31 | }(); 32 | return *instance; 33 | } 34 | 35 | } // namespace tink 36 | } // namespace crypto 37 | -------------------------------------------------------------------------------- /tink/streamingaead/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Configuration used to generate Streaming AEAD primitives with recommended key 26 | // managers. 27 | const Configuration& ConfigStreamingAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_STREAMINGAEAD_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/streamingaead/internal/config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_INTERNAL_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_INTERNAL_CONFIG_V0_H_ 19 | 20 | #include "tink/configuration.h" 21 | #include "tink/util/status.h" 22 | 23 | namespace crypto { 24 | namespace tink { 25 | namespace internal { 26 | 27 | // Add recommended Streaming AEAD primitive wrappers and key managers to 28 | // `config`, used to generate primitives. 29 | absl::Status AddStreamingAeadV0(Configuration& config); 30 | 31 | } // namespace internal 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_STREAMINGAEAD_INTERNAL_CONFIG_V0_H_ 36 | -------------------------------------------------------------------------------- /tink/streamingaead/key_gen_config_v0.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_KEY_GEN_CONFIG_V0_H_ 18 | #define TINK_STREAMINGAEAD_KEY_GEN_CONFIG_V0_H_ 19 | 20 | #include "tink/key_gen_configuration.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // KeyGenConfiguration used to generate Streaming AEAD keys with recommended key 26 | // managers. 27 | const KeyGenConfiguration& KeyGenConfigStreamingAeadV0(); 28 | 29 | } // namespace tink 30 | } // namespace crypto 31 | 32 | #endif // TINK_STREAMINGAEAD_KEY_GEN_CONFIG_V0_H_ 33 | -------------------------------------------------------------------------------- /tink/streamingaead/streaming_aead_parameters.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | //////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_STREAMINGAEAD_STREAMING_AEAD_PARAMETERS_H_ 18 | #define TINK_STREAMINGAEAD_STREAMING_AEAD_PARAMETERS_H_ 19 | 20 | #include "tink/parameters.h" 21 | 22 | namespace crypto { 23 | namespace tink { 24 | 25 | // Describes a Streaming AEAD key (e.g., key attributes), excluding the randomly 26 | // chosen key material. 27 | class StreamingAeadParameters : public Parameters { 28 | public: 29 | bool HasIdRequirement() const override { return false; } 30 | }; 31 | 32 | } // namespace tink 33 | } // namespace crypto 34 | 35 | #endif // TINK_STREAMINGAEAD_STREAMING_AEAD_PARAMETERS_H_ 36 | -------------------------------------------------------------------------------- /tink/streamingaead/subtle/BUILD.bazel: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | -------------------------------------------------------------------------------- /tink/streamingaead/subtle/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tink-crypto/tink-cc/aad0a328e270cd98cb71c4e0805629236b7606ac/tink/streamingaead/subtle/CMakeLists.txt -------------------------------------------------------------------------------- /tink/tink_config.h: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_TINK_CONFIG_H_ 18 | #define TINK_TINK_CONFIG_H_ 19 | 20 | #include "tink/config/tink_config.h" // IWYU pragma: export 21 | 22 | #endif // TINK_TINK_CONFIG_H_ 23 | -------------------------------------------------------------------------------- /tink/util/constants.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #include "tink/util/constants.h" 17 | 18 | #include "absl/base/attributes.h" 19 | 20 | namespace crypto { 21 | namespace tink { 22 | 23 | ABSL_CONST_INIT const char kTypeGoogleapisCom[] = "type.googleapis.com/"; 24 | 25 | } // namespace tink 26 | } // namespace crypto 27 | -------------------------------------------------------------------------------- /tink/util/constants.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | #ifndef TINK_UTIL_CONSTANTS_H_ 17 | #define TINK_UTIL_CONSTANTS_H_ 18 | 19 | namespace crypto { 20 | namespace tink { 21 | 22 | extern const char kTypeGoogleapisCom[]; 23 | 24 | } // namespace tink 25 | } // namespace crypto 26 | 27 | 28 | #endif // TINK_UTIL_CONSTANTS_H_ 29 | -------------------------------------------------------------------------------- /tink/util/keyset_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_UTIL_KEYSET_UTIL_H_ 18 | #define TINK_UTIL_KEYSET_UTIL_H_ 19 | 20 | #include 21 | 22 | #include "proto/tink.pb.h" 23 | 24 | namespace crypto { 25 | namespace tink { 26 | 27 | // Generate a new random key ID not previously used in `keyset`. 28 | uint32_t GenerateUnusedKeyId(const google::crypto::tink::Keyset& keyset); 29 | 30 | } // namespace tink 31 | } // namespace crypto 32 | 33 | #endif // TINK_UTIL_KEYSET_UTIL_H_ 34 | -------------------------------------------------------------------------------- /tink/util/protobuf_helper.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_UTIL_PROTOBUF_HELPER_H_ 18 | #define TINK_UTIL_PROTOBUF_HELPER_H_ 19 | 20 | #include "google/protobuf/message_lite.h" // IWYU pragma: export 21 | 22 | // NOLINTNEXTLINE(misc-unused-alias-decls) 23 | namespace portable_proto = ::google::protobuf; 24 | 25 | #endif // TINK_UTIL_PROTOBUF_HELPER_H_ 26 | -------------------------------------------------------------------------------- /tink/util/statusor.h: -------------------------------------------------------------------------------- 1 | // Copyright 2013 Google LLC. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_UTIL_STATUSOR_H_ 18 | #define TINK_UTIL_STATUSOR_H_ 19 | 20 | #include "absl/status/statusor.h" 21 | #include "tink/util/status.h" 22 | 23 | #define TINK_USE_ABSL_STATUSOR 24 | 25 | namespace crypto { 26 | namespace tink { 27 | namespace util { 28 | 29 | // A legacy alias for absl::StatusOr. StatusOr can be inlined to make user 30 | // code cleaner. We currently do not plan to remove it. 31 | template 32 | using StatusOr = absl::StatusOr; 33 | 34 | } // namespace util 35 | } // namespace tink 36 | } // namespace crypto 37 | 38 | #endif // TINK_UTIL_STATUSOR_H_ 39 | -------------------------------------------------------------------------------- /tink/version.h.templ: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | /////////////////////////////////////////////////////////////////////////////// 16 | 17 | #ifndef TINK_VERSION_H_ 18 | #define TINK_VERSION_H_ 19 | 20 | namespace crypto { 21 | namespace tink { 22 | 23 | class Version { 24 | public: 25 | static constexpr char kTinkVersion[] = "@TINK_VERSION_LABEL@"; 26 | }; 27 | 28 | } // namespace tink 29 | } // namespace crypto 30 | 31 | #endif // TINK_VERSION_H_ 32 | -------------------------------------------------------------------------------- /tink/version_script.lds: -------------------------------------------------------------------------------- 1 | VERS_2.4.0 { 2 | global: 3 | *tink*; 4 | *absl*; 5 | local: 6 | *; 7 | }; 8 | -------------------------------------------------------------------------------- /tink_cc_deps_init.bzl: -------------------------------------------------------------------------------- 1 | """Initialization of dependencies of C++ Tink.""" 2 | 3 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 4 | load("@rules_python//python:repositories.bzl", "py_repositories") 5 | 6 | def tink_cc_deps_init(): 7 | """Initializes dependencies of C++ Tink.""" 8 | 9 | # Needed to avoid https://github.com/bazelbuild/rules_python/issues/1560. See also 10 | # https://github.com/bazelbuild/rules_python/blob/main/CHANGELOG.md#changed-6. 11 | py_repositories() 12 | 13 | # Initialize Protobuf dependencies. 14 | protobuf_deps() 15 | -------------------------------------------------------------------------------- /tools/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Bazel rules for tools. 2 | 3 | sh_binary( 4 | name = "update_build_files_for_tink_2_0_bazel", 5 | srcs = ["update_build_files_for_tink_2_0_bazel.sh"], 6 | ) 7 | 8 | sh_test( 9 | name = "update_build_files_for_tink_2_0_bazel_test", 10 | size = "small", 11 | srcs = ["update_build_files_for_tink_2_0_bazel_test.sh"], 12 | args = [ 13 | "$(rlocationpath :update_build_files_for_tink_2_0_bazel.sh)", 14 | "$(rlocationpath //kokoro/testutils:test_utils)", 15 | ], 16 | data = [ 17 | ":update_build_files_for_tink_2_0_bazel.sh", 18 | "//kokoro/testutils:test_utils", 19 | ], 20 | target_compatible_with = select({ 21 | "@platforms//os:windows": ["@platforms//:incompatible"], 22 | "//conditions:default": [], 23 | }), 24 | ) 25 | -------------------------------------------------------------------------------- /version.bzl: -------------------------------------------------------------------------------- 1 | """Version of the current release of Tink C++.""" 2 | TINK_VERSION_LABEL = "2.4.0" 3 | --------------------------------------------------------------------------------