IGNORE: combination PR for merge testing

.codecov.yml

@@ -20,7 +20,7 @@ ignore:
   - "examples/"
   - "rinkey/"
   - "testing/"
-  - "testutil/"
+  - "tests/"
   - "**/build.rs"
   - "**/benches/"
   - "**/tests/"

Cargo.toml

@@ -5,18 +5,20 @@ members = [
   "examples/aead",
   "examples/daead",
   "examples/keygen",
+  "examples/keymgr",
   "examples/kms",
   "examples/mac",
   "examples/signature",
   "examples/streaming",
   "integration/awskms",
   "mac",
   "prf",
+  "proto",
   "rinkey",
   "signature",
   "streaming",
+  "tests",
   "testing",
-  "testutil",
   "tink",
 ]
 
@@ -29,7 +31,8 @@ tink-awskms = { path = "integration/awskms" }
 tink-daead = { path = "daead" }
 tink-mac = { path = "mac" }
 tink-prf = { path = "prf" }
+tink-proto = { path = "proto" }
 tink-signature = { path = "signature" }
 tink-streaming-aead = { path = "streaming" }
+tink-tests = { path = "tests" }
 tink-testing-server = { path = "testing" }
-tink-testutil = { path = "testutil" }

README.md

@@ -35,14 +35,14 @@ very little cryptographic functionality.
 Individual cryptographic primitives are implemented in `tink-<primitive>` crates, which depend on:
 
 - the `tink` crate for common types and helpers
+- the `tink-proto` crate for protobuf-derived `struct`s
 - the RustCrypto crates to provide underlying cryptographic implementations.
 
 For example, the `tink-aead` crate provides code that performs authenticated encryption with additional data (AEAD),
 implementing the `tink::Aead` trait.
 
-(However, integration tests can and do include `dev-dependencies` on both core `tink` and particular primitive crates.  For
-example, `tink` tests depend on `tink-mac` and `tink-testutil`, the latter of which depends on the `insecure` feature
-of `tink` itself.)
+All of the tests for the Tink crates are integration tests (i.e. only use public APIs) and reside in a separate
+`tink-tests` crate.
 
 ## Rust Port Design
 
@@ -81,7 +81,8 @@ A `KeyManager` is an object that handles the translation from a `Key` instance t
 `Key` for its key material. Tink has a **global** registry of `KeyManager` instances, each indexed by a **type URL**
 that identifies the kind of keys it supports.
 
-This registry allows an arbitrary `Key` to be converted to a `Primitive` of the relevant type:
+This registry allows an arbitrary `Key` to be converted to a `Primitive` of the relevant type, and similarly allows
+a `Keyset` to be converted to a `PrimitiveSet`.
 
 - In Go, primitives are of type `interface {}`, and the user of the registry uses [type
   assertions](https://tour.golang.org/methods/15) to convert a general primitive to a more specific object that
@@ -96,7 +97,9 @@ This registry allows an arbitrary `Key` to be converted to a `Primitive` of the
   recovered via `static_cast` (modulo a check that the `type_info` is sensible).
     - The global registry has to be manually populated by calling `<Primitive>Config::Register()` methods before use.
 - In Rust, the `Primitive` type is an enum that encompasses all primitive types, and the user of the registry
-  checks that the relevant enum variant is returned.
+  checks that the relevant enum variant is returned.  If all of the `Primitive`s in a `PrimitiveSet` are known to be
+  of a specific primitive type, the `PrimitiveSet` can be converted to a `TypedPrimitiveSet<T>` for the relevant
+  primitive type `T`.
     - The global registry has to be manually populated by calling `tink_<primitive>::init()` methods before use.
 
 ### Error Handling
@@ -220,7 +223,7 @@ This section describes the mapping between the upstream Go packages and the equi
 | `tink::primitiveset` | `core/primitiveset` |
 | `tink::registry`     | `core/registry` |
 | `tink`               | `tink` |
-| `tink::proto`        | `*_go_proto` |
+| `tink-proto`        | `*_go_proto` |
 
 #### Common Crypto
 
@@ -249,7 +252,7 @@ This section describes the mapping between the upstream Go packages and the equi
 | `tink::keyset::insecure` | `insecurecleartextkeyset` | Gated on (non-default) `insecure` feature |
 | `tink::keyset::insecure` | `internal` | Gated on (non-default) `insecure` feature |
 | `tink::keyset::insecure` | `testkeyset` | Gated on (non-default) `insecure` feature |
-| `tink-testutil`          | `testutil` | Depends on `insecure` feature of `tink` crate |
+| `tink-tests`          | `testutil` | Depends on `insecure` feature of `tink` crate |
 | `tink-testing`           | `services` (`/testing/go/`) |
 | `tink-testing::proto`    | `testing_api_go_grpc` (`/proto/testing/`) |
 |                          | `main` (`/tools/testing/go/`) |

aead/Cargo.toml

@@ -4,6 +4,10 @@ version = "0.1.0"
 authors = ["David Drysdale <[email protected]>"]
 edition = "2018"
 license = "Apache-2.0"
+description = "AEAD functionality for Rust port of Google's Tink cryptography library"
+repository = "https://github.com/project-oak/tink-rust"
+keywords = ["cryptography", "tink", "aead"]
+categories = ["cryptography"]
 
 [dependencies]
 # Need the `std` feature for Error type conversion
@@ -17,12 +21,4 @@ prost = "^0.6.1"
 rand = "^0.7"
 tink = "^0.1"
 tink-mac = "^0.1"
-
-[dev-dependencies]
-base64 = "^0.12"
-hex = "^0.4.2"
-serde = { version = "^1.0.118", features = ["derive"] }
-serde_json = "^1.0.60"
-tink-awskms = "^0.1"
-tink-signature = "^0.1"
-tink-testutil = "^0.1"
+tink-proto = "^0.1"

aead/benches/benchmark.rs

@@ -20,7 +20,7 @@ use test::Bencher;
 const MSG: &[u8] = b"this data needs to be encrypted";
 const AAD: &[u8] = b"this data needs to be authenticated, but not encrypted";
 
-fn setup(kt: tink::proto::KeyTemplate) -> (Box<dyn tink::Aead>, Vec<u8>) {
+fn setup(kt: tink_proto::KeyTemplate) -> (Box<dyn tink::Aead>, Vec<u8>) {
     tink_aead::init();
     let kh = tink::keyset::Handle::new(&kt).unwrap();
     let a = tink_aead::new(&kh).unwrap();