Remove Tink (project-oak#4054)

This PR: - Removes Tink crypto library from the WORKSPACE - Adds Protobuf dependencies which were implicitly used from Tink dependencies
tiziano88 · Jun 22, 2023 · b07e02a · b07e02a
1 parent 15e80a2
commit b07e02a
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 121 deletions.
diff --git a/WORKSPACE b/WORKSPACE
@@ -30,6 +30,10 @@ http_archive(
     ],
 )
 
+load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
+
+protobuf_deps()
+
 # Google Abseil.
 # https://github.com/abseil/abseil-cpp
 http_archive(
@@ -66,40 +70,6 @@ http_archive(
     ],
 )
 
-http_archive(
-    name = "tink_base",
-    sha256 = "536a4ceb3e9e7e35bf52f7cc99838679de8463ab2a1a12b90121c00ee25fe252",
-    strip_prefix = "tink-33accb5bcdff71f34d7551a669831ec9a52674aa/",
-    urls = [
-        # Head commit on 2021-03-02.
-        "https://github.com/google/tink/archive/33accb5bcdff71f34d7551a669831ec9a52674aa.zip",
-    ],
-)
-
-load("@tink_base//:tink_base_deps.bzl", "tink_base_deps")
-
-tink_base_deps()
-
-load("@tink_base//:tink_base_deps_init.bzl", "tink_base_deps_init")
-
-tink_base_deps_init()
-
-# Tink crypto library for Java.
-http_archive(
-    name = "tink_java",
-    patches = [
-        # This patch removes Android dependencies from Tink Java libraries.
-        # https://github.com/google/tink/issues/507
-        "//third_party/google/tink:Remove-android-from-java.patch",
-    ],
-    sha256 = "5856b0207ffb2cf28dd5c421789ffca3cfeea0680055f455e14bec2f335b1765",
-    strip_prefix = "tink-58be99b3c4d09154d12643327f293cc45b2a6a7b/java_src",
-    # Commit from 2021-05-19
-    urls = [
-        "https://github.com/google/tink/archive/58be99b3c4d09154d12643327f293cc45b2a6a7b.tar.gz",
-    ],
-)
-
 # Java gRPC support for Android examples.
 # https://github.com/grpc/grpc-java
 http_archive(

diff --git a/docs/remote-attestation.md b/docs/remote-attestation.md
@@ -106,10 +106,9 @@ across invocations, or it may be generated for each invocation).
 For each invocation (consisting of a request followed by a response) the client
 generates a fresh symmetric key for the response, then it concatenates this key
 with the request body, and encrypts the resulting blob with the enclave public
-key using [Hybrid Encryption](https://developers.google.com/tink/hybrid). The
+key using [Hybrid Encryption](https://www.rfc-editor.org/rfc/rfc9180.html). The
 client may also authenticate additional data, which is not encrypted, but is
-bound to the ciphertext via
-[context info](https://developers.google.com/tink/hybrid#context_info_parameter).
+bound to the ciphertext.
 
 It then sends the encrypted message to the server, which forwards it to the
 appropriate trusted enclave which generated the enclave public key. Only this

diff --git a/java/src/main/java/com/google/oak/remote_attestation/SignatureVerifier.java b/java/src/main/java/com/google/oak/remote_attestation/SignatureVerifier.java
diff --git a/third_party/google/tink/BUILD b/third_party/google/tink/BUILD
diff --git a/third_party/google/tink/Remove-android-from-java.patch b/third_party/google/tink/Remove-android-from-java.patch