commit 3bbfc4539dfe2f17b63eb6d0ef127c4fa8f3bbb2
author global-integration-roller <global-integration-roller@fuchsia.infra.roller.fuchsia-infra.iam.gserviceaccount.com> Thu Aug 24 22:07:59 2023 +0000
committer Copybara-Service <copybara-worker@google.com> Thu Aug 24 15:09:40 2023 -0700
tree 2a9096a31091346c15c33c4d097358348bd76e41
parent 16e6c3d928b890dac81a2137c57936b4427d954f

[roll] Roll fuchsia [superproject] Roll third_party/tink aac829b..e8c4284 (100 commits)

e8c4284:https://fuchsia-review.googlesource.com/c/third_party/tink/+/907185 [cobalt]Merge changes from  branch 'upstream/1.5'
ca85275 Enable GitHub CodeQL scanning.
7371ced Add size checks.
1683213 Build and distribute a single Tinkey binary for Linux, macOS and Windows.
56963ab Wrap up 1.5.0 release.
074c730 Add Tink user agent to Cloud KMS requests.
94a66dc Update Go examples.
81989a4 Add some comments to the AEAD consistency cross language tests.
cfec841 Merge pull request #434 from gfontenot:master
b766714 Add cross-language test to verify that AEAD ciphertexts with bitflips are rejected.
1f36e39 Update Obj-C CHANGELOG.
0879600 Retry when KeyStore.containsAlias threw NullPointerException.
8c65486 Correct Java deps in Maven artifacts.
018a375 Fix Python distribution scripts.
abd2419 Fix objc nullability issues
6550e79 Bump version to 1.5.0 and clean up README.
57e821a Improve random.cc documentation
5e48d06 Remove old StreamingAEAD cross-language test.
93d839a Fixing ciphertext malleability issue in Java caused by storing the ciphertext prefix in a hashmap keyed by UTF8 encoded strings, instead of byte arrays, leading to the ability to retrieve keys with IDs that happen to be invalid Unicode strings with a changed ID.
ac94479 Add some tests to validation_test
824629e Replace fake keys and primitives with real ones in primitive set test.
e67c1de Remove Fake{Input,Output}StreamAdapter from streaming aead tests.
ce0e625 Migrate GetOutputPrefix to use as input a KeyInfo instead of two elements from KeyInfo.
33de788 Define an AeadOrDaead helper class in Java. This will be used to support AES_SIV as the DEM for Hybrid encryption.
4ce4358 Ship Tink as a single monolithic module, as recommended by Golang's team.
98f33c7 Split GCP and AWS KMS integrations into their own Go modules.
d61cefe Merge pull request #397 from Boehrsi:master
4048769 Split GCP and AWS KMS integrations into their own Go modules.
50d36bb Use a single set of Go dependencies.
f89c53b Remove fake streaming aead.
0f82f86 Remove streaming_aead.key_manager_from_cc_registry.
d4c6528 Refactor some streaming_aead tests.
815e5c3 Migrate PrimitiveSet::AddPrimitive to take a KeyInfo instead of a Key.
4323440 Make PRF the input parameter of the prf_set wrapper.
8d81ae2 Update some comments and type annotations for streaming aead.
7d0c94a C++: mitigate the AWS KMS security issues disclosed in https://github.com/google/security-research/security/advisories/GHSA-wqgp-vphw-hphf.
27c315b Merge pull request #430 from thomasdarimont:fix/avoid-use-of-deprecated-api-in-java-howto
267c498 Fix #396: Make AES-GCM (partially) work on Android KitKat (API 19).
b6666e9 Remove redundant function calls and tests.
ce9d83b Merge pull request #386 from canoeist2018:master
e23acf0 Merge pull request #354 from 0xflotus:patch-2
5edaf0b Merge pull request #382 from howardtw:patch-1
d2cc28e Merge pull request #363 from MariusVolkhart:patch-1
24aaea1 Merge pull request #384 from hazaelsan:master
2b355b8 Merge pull request #420 from chanced:patch-1
da4e989 Merge pull request #398 from ozeranskiy:patch-1
854f21c Define JsonOject to encapsulate json functions.
9e98747 Internal change
393620f Fix #431: add aead.NewKMSEnvelopeAEAD2 which takes a pointer to a KeyTemplate proto, instead of a value.
118a8f6 Decrypt with newer keys first because they more likely are the correct one.
ba3563e Golang: mitigate the AWS KMS security issues disclosed in https://github.com/google/security-research/security/advisories/GHSA-wqgp-vphw-hphf.
344dbdc Fix #378: use kmsiface.KMSAPI interface in aws integration instead of kms.KMS.
a056e3d Retry one more time when cannot encrypt or decrypt with a KeyStore key.
035ca84 Mitigate the AWS KMS security issues disclosed in https://github.com/google/security-research/security/advisories/GHSA-wqgp-vphw-hphf.
44808be Add internal methods KeyInfoForKey and KeysetInfoForKeyset.
d7f9534 Internal change
7a659ba Update legacy mac tests in go.
77afecf Add UNAUTHENTICATED status to C++ util::Status to mirror absl::Status
975c143 Change get_output_prefix(key) to GetOutputPrefix(key_id, output_prefix_type).
ff850e6 Tink throws IOException, not InvalidKeyException, when it can't decrypt a keyset.
fd7e060 Fix #271: disable key ID check when the key ID is not a full key ARN.
864f782 Fix broken source links in Java How-To
1dcc1e1 Revise Java How-To to avoid usage of deprecated API
3ba9b80 Removing deprecated Registry.getPrimitives(KeySetHandle, KeyManager) in Java.
8dda984 Removing deprecated Registry.getPrimitives(KeysetHandle) function in java.
c9dbe5e Add KeyAccess and SecretKeyAccess classes.
8442a30 Add a Python CLI example for decryption using hybrid encryption.
c88f262 Define a HybridEncryption key template using a Deterministic AEAD.
0faf845 Temporarily disable GCP Python tests.
18f1422 Basic integration of the post-quantum NTRU-HRSS KEM implementation from BoringSSL.
d0999f3 Temporarily disable GCP tests.
2b910c3 Add public methods to (de)serialize KeyTemplates in Java.
b26fc66 Add a KeysetWrapper interface and an implementation of it based on TransformingPrimitiveWrapper.
1fc5077 Temporarily disable GCP Java tests.
702f18f This change removes TypeScript code that cannot be reached.
6a0c028 Add TinkKey interface.
dee5a45 Add Registry.newKeyData(com.google.crypto.tink.KeyTemplate) function in java.
2a229eb Add Java tests for Registry.newKeyData
2f8a347 Add a Python CLI example for encrypting using hybrid encryption.
0ef6535 Update to the code example in GOLANG-HOWTO README
2203fb8 Remove keyset_builder from cross-language util.
d9f8697 Use new keyset_builder in streaming_aead and prf_set crosslanguage tests.
7d800b3 Remove unused C++ *_factory dependencies.
dcfd2ea Set default value of enable_compute_old_legacy_mac to false.
ca9e70f Remove unused dependency.
c5a963e Add flag to disable computation of LEGACY MACs in Go. By default, computation is enabled.
a9760db Add derivation support to AES-CTR-HMAC
1d45e28 Add key rotation tests to signature cross-language tests.
6f0bde0 Add tests for Legacy MACs in Go.
662965c Add key rotation tests to hybrid encryption cross-language tests.
a791e00 Remove extraneous protected functions.
8ebffe1 Migrate Prf keymanagers to use Prfs instead of PrfSets.
9b10c7c Apply every available autofix for TypeScript lint errors
906b808 Let aead and daead crosslanguage tests use new keyset_builder, and add tests for raw keys.
9cc3a01 Remove fake streaming AEADs from the wrapper test.
e5160c6 Remove tests that check key_manager.new_key_data.
7c2b6c4 Change the primitive wrapper such that it can wrap a primitive of type A into a primitive of type B.
45a68a7 Support parsing an AES_SIV key as the Data Encapsulation mechanism for hybrid encryption.
e409805 Also cover legacy keys in MAC cross language tests.
2de37bd Change get_primitives interface to use absl::string_view instead of const string&.
GitOrigin-RevId: c96318a0ca4fa8782721122719c7fa3f4fb21548
Roller-URL: https://ci.chromium.org/b/8771844003738601473
CQ-Do-Not-Cancel-Tryjobs: true
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/907470
Original-Revision: 1ac9636ec9f5ff70d0abb6963df4005c1d0b1c20
Change-Id: I726e1371d0ae55c830b53cab54203718f89bb367