Tink C++ 2.3.0
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
To get started, see the setup guide.
CMake
You can import Tink C++ as an in-tree dependency.
cmake_minimum_required(VERSION 3.13)
project(Example CXX)
set(CMAKE_CXX_STANDARD 14)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_BUILD_TYPE Release)
# Import Tink as an in-tree dependency.
# Option 1: tink-cc is in third_party.
add_subdirectory(third_party/tink-cc tink)
# Option 2: Use FetchContent
# include(FetchContent)
#
# FetchContent_Declare(
# tink
# URL https://github.com/tink-crypto/tink-cc/archive/refs/tags/v2.3.0.zip
# URL_HASH SHA256="363ce671ab5ce0b24f279d3647185597a25f407c3608db007315f79f151f436b"
# )
# FetchContent_GetProperties(tink)
# if(NOT googletest_POPULATED)
# FetchContent_Populate(tink)
# add_subdirectory(${tink_SOURCE_DIR} ${tink_BINARY_DIR} EXCLUDE_FROM_ALL)
# endif()
add_executable(example_app example_app.cc)
target_link_libraries(example_app tink::static)
Bazel
workspace(name = "example")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "com_github_tink_crypto_tink_cc",
urls = ["https://github.com/tink-crypto/tink-cc/archive/refs/tags/v2.3.0.zip"],
strip_prefix = "tink-cc-2.3.0",
sha256 = "363ce671ab5ce0b24f279d3647185597a25f407c3608db007315f79f151f436b",
)
# Load Tink dependencies.
load("@com_github_tink_crypto_tink_cc//:tink_cc_deps.bzl", "tink_cc_deps")
tink_cc_deps()
load("@com_github_tink_crypto_tink_cc//:tink_cc_deps_init.bzl", "tink_cc_deps_init")
tink_cc_deps_init()
# ... Your dependencies here ...
What's new
The complete list of changes since 2.2.0 can be found here.
Additions
- DHKEM P-256 HKDF-SHA256 added to HPKE.
- Key Encapsulation Mechanism API.
- APIs for parsing and serializing encrypted keysets and parameters.
- Support for parsing ECDSA keys to SignaturePemKeysetReader.
- Support for converting Ed25519 public keys to JWKs.
- APIs to create a
KeysetHandleusing key generation configs viaKeysetHandleBuilderand theKeysetHandle::generateNewFromParametersfunction. - APIs to import and export keys for the following key types:
- AES-CMAC-PRF
- AES-CTR-HMAC Streaming
- AES-GCM-HKDF Streaming
- ChaCha20-Poly1305
- HKDF-PRF
- HMAC-PRF
- JWT-RSA-SSA-PKCS1
- JWT-RSA-SSA-PSS
- Made SignaturePemKeysetReader public.
- Made PartialKeyAccess and PartialKeyAccessToken public.
- Made SignaturePublicKey public.
Modifications
- Fixed bug in JsonKeysetReader parsing.
- Fixed issue with MSVC and C++17 where comparison of different
std::string_views caused an assertion failure (#6). - Fixed bug in RSA-SSA-PSS parameters parsing, which now fails if the hashes have different types.
- Switched key id type from int to int32_t.
- Combined
keyset_handle_builderandkeyset_handletargets into one.
Removals
- StatefulMac interface in subtle.
- The implementation DummyStatefulMac in test_util.
- StatefulHmacBoringSslFactory and the implementation StatefulHmacBoringSsl of StatefulMac in subtle.
- StatefulCmacBoringSslFactory and the implementation StatefulCmacBoringSsl of StatefulMac in subtle.
- These were never intended to be public APIs. If this affects you, please file an issue in github.com/tink-crypto/tink-cc so we better understand the usage. We recommend reimplementing removed interfaces and implementations in your code. Public users are recommended to use ChunkedMac.
- EciesAeadHkdfDemHelper from the crypto::tink namespace. This was never intended to be public APIs. If this affects you, please file an issue in github.com/tink-crypto/tink-cc so we better understand your usage.
Dependencies
- Upgrades
- Bazel (7.1.2)
- Bzlmod deps
- abseil-cpp (20240722.0)
- bazel_skylib (1.7.1)
- boringssl (0.20240930.0)
- googletest (1.15.2)
- platforms (0.0.10)
- rules_proto (6.0.2)
- WORKSPACE deps
- abseil-cpp (20240722.0)
- bazel_skylib (1.7.1)
- boringssl (0.20240930.0)
- googletest (1.15.2)
- New
- Bzlmod deps
- rules_license (1.0.0)
- Bzlmod deps
Future
To see what we're working towards, check our project roadmap.