| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
GC unused security-tools
|
| | |
|
| |
| |
| |
| |
| | |
`tensor-short-form` -> `shorttensors` to be in line with existing
option formatting.
|
| | |
|
|/
|
|
|
|
| |
Specified with `--tensor-short-form`. No single-char option alias,
as short form output will be the default on Vespa 9 and we're running
out of usable option characters for this tool anyway.
|
| |
|
|
|
|
| |
common jar file.
|
| |
|
| |
|
| |
|
|
|
|
| |
are explicitly excluded by container-dev
|
|
|
|
| |
excludes...
|
|
|
|
| |
com.yahoo.search.query.profile.DumpTool:wq.
|
| |
|
| |
|
|
|
|
|
|
| |
Useful when the script is run in a context where `VESPA_HOME` is not
set. Should work both if the script is invoked directly or through a
symbolic link.
|
|
|
|
|
|
| |
Avoids having to use a file indirection for inputting a private key.
Only available when the JVM is running under an interactive console
and none of the input/output files use standard streams.
|
|
|
|
|
|
|
|
| |
Lets a user specify a private key directory either with a command
line argument or via an environment variable. If a directory is
provided, the private key to use will be attempted auto-resolved
based on the key ID stored in the token. This only applies if the
key ID is comprised of exclusively path-safe characters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This resolves two issues:
* `javax.crypto.OutputCipherStream` swallows MAC tag mismatch exceptions
when the stream is closed, which means that corruptions (intentional
or not) are not caught. This is documented behavior, but still very
surprising and a rather questionable default. BC's interchangeable
`CipherOutputStream` throws as expected. To avoid regressions, add an
explicit test that both ciphertext and MAC tag corruptions are propagated.
* The default-provided `AES/GCM/NoPadding` `Cipher` instance will not emit
decrypted plaintext per `update()` chunk, but buffer everything until
`doFinal()` is invoked when the stream is closed. This means that decrypting
very large ciphertexts can blow up memory usage since internal output
buffers are reallocated and increased per iteration...! Instead use an
explicit BC `GCMBlockCipher` which has the expected behavior (and actually
lets cipher streams, well, _stream_). Add an `AeadCipher` abstraction to
avoid leaking BC APIs outside the security module.
|
|
|
|
|
|
|
|
|
| |
Adds underlying support--and tooling--for resealing a token for
another recipient. This allows for delegating decryption to another
party without having to reveal the private key of the original
recipient (or having to send the raw underlying secret key over a
potentially insecure channel). Key ID can/should change as part of
this operation.
|
| |
|
|
|
|
|
|
|
|
| |
* Base62 minimizes extra size overhead relative to Base64.
* Base58 removes ambiguous characters from key encodings.
Common for both bases is that they do not emit any characters that
interfer with easily selecting them on web pages or in the CLI.
|
|
|
|
|
|
|
|
| |
Currently supports converting from and to any combination of
base {16, 58, 62, 64}. Input is read from STDIN and is intentionally
limited in length due to the algorithmic complexity of base
conversions that are not a power of two. Converted value is
written to STDOUT.
|
|
|
|
| |
Enforces invariants and avoids having to pass raw byte arrays around.
|
|
|
|
| |
Dumps key version, ID and HPKE components
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes key IDs vastly more expressive. Max size is 255 bytes,
and UTF-8 form is enforced by checking that the byte sequence can be
identity-transformed to and from a string with UTF-8 encoding.
In addition, we now protect the integrity of the key ID by supplying
it as the AAD parameter to the key sealing and opening operations.
Reduce v1 token max length of `enc` part to 255, since this is always
an X25519 public key, which is never bigger than 32 bytes (but may
be _less_ if the random `BigInteger` is small enough, so we still have
to encode the length).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Useful for avoiding the need for intermediate files, such as when
piping the output of decryption to a Zstd decompressor.
Adds stdio support to:
* Encryption input
* Decryption input
* Decryption output
Specified by substituting the file name with a single `-` character.
|
|
|
|
|
|
|
| |
Adds support for:
* X25519 key pair generation
* HPKE stream encryption with public key and token generation
* HPKE stream decryption with private key
|
|
|
|
|
| |
* remove now-duplicated code
* prefer using ${VESPA_HOME} environment variable
|
| |
|
| |
|
|
|
|
| |
magic conversions.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Streaming search still uses this to ensure low latencies, and
we don't have a replacement for priorities for this use case yet.
|
|
|
|
| |
Add dependency on 'jetty-http' with scope test instead of adding false dependencies with 'container-test'.
|
|
|
|
| |
Also remove deprecated and unsupported header-only visitor parameter
|
| |
|
|
|
|
|
|
|
| |
Load types have not been properly supported for some time, so remove
the remaining API surfaces exposing them. Since load type config was
the last remaining use of <clients> in services.xml, remove that one
as well.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
- From maven-shade-plugin 3.3.0 (needed for JDK 17), the DRP
is installed and used instead of the ordinary pom.xml, causing
transitive dependencies to disappear for dependent modules.
|
|
|
|
|
|
|
|
|
|
|
| |
Load types have not been used in practice for years, and supporting
them in backend metrics etc. has long since been lacking. Prepare for
removing these on Vespa 8.
Most callsites are unchanged, aside from presumed safe changes such
as constructors used by dependency injection. Have added new overloads
without load types where these did not already exist to allow for
an orderly transition.
|
|
|
|
|
| |
This is functionality that made more sense when we had spinning drives
and no async write scheduling in the backend. Going away on Vespa 8.
|
|
|
|
|
|
| |
* should have same behavior in Java and C++
* extend unit tests to verify
* note various places where we want to change the default on Vespa 8 branch
|
|
|
|
| |
- Removes 223 build warnings (out of 562 for building non-test code)
|
| |
|