Remove PrimitiveFromKeyData from keyset.Config and config.Config

This is ~a noop. In the future we want to allow configs solely operating on `key.Key`s, so this CL cleans up the interface. For now we keep `PrimitiveFromKeyData` in a separate unexported interface `configWithLegacyFallback` to continue supporting `registry.KeyManager`s through the global registry.

PiperOrigin-RevId: 832271484
Change-Id: I9f344f30c9bb28613ad84b3dcc73c9134ad1d06d

Author: morambro

daead/daead_factory_test.go

@@ -886,17 +886,11 @@ func TestNewWithConfig(t *testing.T) {
 		t.Fatalf("protoserialization.RegisterKeySerializer() err = %v, want nil", err)
 	}
 
-	builderWithFullPrimitive := config.NewBuilder()
-	if err := builderWithFullPrimitive.RegisterPrimitiveConstructor(reflect.TypeFor[*stubKey](), func(key key.Key) (any, error) { return &stubFullDEAD{}, nil }, internalapi.Token{}); err != nil {
-		t.Fatalf("builderWithFullPrimitive.RegisterPrimitiveConstructor() err = %v, want nil", err)
+	configBuilder := config.NewBuilder()
+	if err := configBuilder.RegisterPrimitiveConstructor(reflect.TypeFor[*stubKey](), func(key key.Key) (any, error) { return &stubFullDEAD{}, nil }, internalapi.Token{}); err != nil {
+		t.Fatalf("configBuilder.RegisterPrimitiveConstructor() err = %v, want nil", err)
 	}
-	configWithFullPrimitive := builderWithFullPrimitive.Build()
-
-	builderWithLegacyPrimitive := config.NewBuilder()
-	if err := builderWithLegacyPrimitive.RegisterKeyManager(stubKeyURL, &stubKeyManager{}, internalapi.Token{}); err != nil {
-		t.Fatalf("builderWithLegacyPrimitive.RegisterKeyManager() err = %v, want nil", err)
-	}
-	configWithLegacyPrimitive := builderWithLegacyPrimitive.Build()
+	config := configBuilder.Build()
 
 	km := keyset.NewManager()
 	keyID, err := km.AddKey(&stubKey{
@@ -914,43 +908,22 @@ func TestNewWithConfig(t *testing.T) {
 		t.Fatalf("km.Handle() err = %v, want nil", err)
 	}
 
-	for _, tc := range []struct {
-		name       string
-		kh         *keyset.Handle
-		config     keyset.Config
-		wantPrefix []byte
-	}{
-		{
-			name:       "full primitive",
-			config:     &configWithFullPrimitive,
-			kh:         handle,
-			wantPrefix: slices.Concat([]byte(fullDAEADPrefix)),
-		},
-		{
-			name:       "legacy primitive",
-			config:     &configWithLegacyPrimitive,
-			kh:         handle,
-			wantPrefix: slices.Concat([]byte{cryptofmt.TinkStartByte, 0x01, 0x02, 0x03, 0x04}, []byte(legacyDAEADPrefix)),
-		},
-	} {
-		t.Run(tc.name, func(t *testing.T) {
-			defer internalregistry.ClearMonitoringClient()
-			client := fakemonitoring.NewClient("fake-client")
-			if err := internalregistry.RegisterMonitoringClient(client); err != nil {
-				t.Fatalf("internalregistry.RegisterMonitoringClient() err = %v, want nil", err)
-			}
-			encrypter, err := daead.NewWithConfig(tc.kh, tc.config)
-			if err != nil {
-				t.Fatalf("daead.NewWithConfig(tc.kh, config) err = %v, want nil", err)
-			}
+	defer internalregistry.ClearMonitoringClient()
+	client := fakemonitoring.NewClient("fake-client")
+	if err := internalregistry.RegisterMonitoringClient(client); err != nil {
+		t.Fatalf("internalregistry.RegisterMonitoringClient() err = %v, want nil", err)
+	}
+	encrypter, err := daead.NewWithConfig(handle, &config)
+	if err != nil {
+		t.Fatalf("daead.NewWithConfig() err = %v, want nil", err)
+	}
 
-			m, err := encrypter.EncryptDeterministically([]byte("message"), nil)
-			if err != nil {
-				t.Fatalf("encrypter.EncryptDeterministically() err = %v, want nil", err)
-			}
-			if !bytes.HasPrefix(m, tc.wantPrefix) {
-				t.Errorf("m = %q, want prefix: %q", m, tc.wantPrefix)
-			}
-		})
+	m, err := encrypter.EncryptDeterministically([]byte("message"), nil)
+	if err != nil {
+		t.Fatalf("encrypter.EncryptDeterministically() err = %v, want nil", err)
+	}
+	wantPrefix := slices.Concat([]byte(fullDAEADPrefix))
+	if !bytes.HasPrefix(m, wantPrefix) {
+		t.Errorf("m = %q, want prefix: %q", m, wantPrefix)
 	}
 }

hybrid/hybrid_factory_test.go

@@ -1116,23 +1116,14 @@ func TestNewWithConfig(t *testing.T) {
 		t.Fatalf("protoserialization.RegisterKeySerializer() err = %v, want nil", err)
 	}
 
-	builderWithFullPrimitive := config.NewBuilder()
-	if err := builderWithFullPrimitive.RegisterPrimitiveConstructor(reflect.TypeFor[*stubPublicKey](), func(key key.Key) (any, error) { return &stubFullHybridEncrypt{}, nil }, internalapi.Token{}); err != nil {
-		t.Fatalf("builderWithFullPrimitive.RegisterPrimitiveConstructor() err = %v, want nil", err)
+	configBuilder := config.NewBuilder()
+	if err := configBuilder.RegisterPrimitiveConstructor(reflect.TypeFor[*stubPublicKey](), func(key key.Key) (any, error) { return &stubFullHybridEncrypt{}, nil }, internalapi.Token{}); err != nil {
+		t.Fatalf("configBuilder.RegisterPrimitiveConstructor() err = %v, want nil", err)
 	}
-	if err := builderWithFullPrimitive.RegisterPrimitiveConstructor(reflect.TypeFor[*stubPrivateKey](), func(key key.Key) (any, error) { return &stubFullHybridDecrypt{}, nil }, internalapi.Token{}); err != nil {
-		t.Fatalf("builderWithFullPrimitive.RegisterPrimitiveConstructor() err = %v, want nil", err)
+	if err := configBuilder.RegisterPrimitiveConstructor(reflect.TypeFor[*stubPrivateKey](), func(key key.Key) (any, error) { return &stubFullHybridDecrypt{}, nil }, internalapi.Token{}); err != nil {
+		t.Fatalf("configBuilder.RegisterPrimitiveConstructor() err = %v, want nil", err)
 	}
-	configWithFullPrimitive := builderWithFullPrimitive.Build()
-
-	builderWithLegacyPrimitive := config.NewBuilder()
-	if err := builderWithLegacyPrimitive.RegisterKeyManager(stubPublicKeyURL, &stubPublicKeyManager{}, internalapi.Token{}); err != nil {
-		t.Fatalf("builderWithLegacyPrimitive.RegisterKeyManager() err = %v, want nil", err)
-	}
-	if err := builderWithLegacyPrimitive.RegisterKeyManager(stubPrivateKeyURL, &stubPrivateKeyManager{}, internalapi.Token{}); err != nil {
-		t.Fatalf("builderWithLegacyPrimitive.RegisterKeyManager() err = %v, want nil", err)
-	}
-	configWithLegacyPrimitive := builderWithLegacyPrimitive.Build()
+	config := configBuilder.Build()
 
 	km := keyset.NewManager()
 	privateKey := &stubPrivateKey{
@@ -1149,54 +1140,32 @@ func TestNewWithConfig(t *testing.T) {
 		t.Fatalf("km.Handle() err = %v, want nil", err)
 	}
 
-	for _, tc := range []struct {
-		name       string
-		kh         *keyset.Handle
-		config     keyset.Config
-		wantPrefix []byte
-	}{
-		{
-			name:       "full primitive",
-			config:     &configWithFullPrimitive,
-			kh:         handle,
-			wantPrefix: slices.Concat(stubPrefix, []byte("full_primitive")),
-		},
-		{
-			name:       "legacy primitive",
-			config:     &configWithLegacyPrimitive,
-			kh:         handle,
-			wantPrefix: slices.Concat(stubPrefix, []byte("legacy_primitive")),
-		},
-	} {
-		t.Run(tc.name, func(t *testing.T) {
-			publicHandle, err := tc.kh.Public()
-			if err != nil {
-				t.Fatalf("handle.Public() err = %v, want nil", err)
-			}
-
-			encrypter, err := hybrid.NewHybridEncryptWithConfig(publicHandle, tc.config)
-			if err != nil {
-				t.Fatalf("hybrid.NewHybridEncryptWithConfig(tc.kh, config) err = %v, want nil", err)
-			}
-			decrypter, err := hybrid.NewHybridDecryptWithConfig(tc.kh, tc.config)
-			if err != nil {
-				t.Fatalf("hybrid.NewHybridDecryptWithConfig(tc.kh, config) err = %v, want nil", err)
-			}
+	publicHandle, err := handle.Public()
+	if err != nil {
+		t.Fatalf("handle.Public() err = %v, want nil", err)
+	}
+	encrypter, err := hybrid.NewHybridEncryptWithConfig(publicHandle, &config)
+	if err != nil {
+		t.Fatalf("hybrid.NewHybridEncryptWithConfig() err = %v, want nil", err)
+	}
+	decrypter, err := hybrid.NewHybridDecryptWithConfig(handle, &config)
+	if err != nil {
+		t.Fatalf("hybrid.NewHybridDecryptWithConfig() err = %v, want nil", err)
+	}
 
-			ct, err := encrypter.Encrypt([]byte("message"), nil)
-			if err != nil {
-				t.Fatalf("encrypter.Encrypt() err = %v, want nil", err)
-			}
-			if !bytes.HasPrefix(ct, tc.wantPrefix) {
-				t.Errorf("m = %q, want prefix: %q", ct, tc.wantPrefix)
-			}
-			pt, err := decrypter.Decrypt(ct, nil)
-			if err != nil {
-				t.Fatalf("decrypter.Decrypt() err = %v, want nil", err)
-			}
-			if !bytes.Equal(pt, []byte("message")) {
-				t.Errorf("pt = %q, want: %q", pt, []byte("message"))
-			}
-		})
+	ct, err := encrypter.Encrypt([]byte("message"), nil)
+	if err != nil {
+		t.Fatalf("encrypter.Encrypt() err = %v, want nil", err)
+	}
+	wantPrefix := slices.Concat(stubPrefix, []byte("full_primitive"))
+	if !bytes.HasPrefix(ct, wantPrefix) {
+		t.Errorf("m = %q, want prefix: %q", ct, wantPrefix)
+	}
+	pt, err := decrypter.Decrypt(ct, nil)
+	if err != nil {
+		t.Fatalf("decrypter.Decrypt() err = %v, want nil", err)
+	}
+	if !bytes.Equal(pt, []byte("message")) {
+		t.Errorf("pt = %q, want: %q", pt, []byte("message"))
 	}
 }

internal/config/aeadconfig/v0_test.go

@@ -205,11 +205,6 @@ func TestConfigV0AEAD(t *testing.T) {
 		},
 	} {
 		t.Run(test.name, func(t *testing.T) {
-			// No key manager for this key type.
-			if _, err := configV0.PrimitiveFromKeyData(test.keyData, internalapi.Token{}); err == nil {
-				t.Fatalf("configV0.PrimitiveFromKeyData() err=nil, want error")
-			}
-
 			aead, err := configV0.PrimitiveFromKey(test.key, internalapi.Token{})
 			if err != nil {
 				t.Fatalf("configV0.PrimitiveFromKey() err=%v, want nil", err)

internal/config/config.go

@@ -23,35 +23,19 @@ import (
 	"github.com/tink-crypto/tink-go/v2/core/registry"
 	"github.com/tink-crypto/tink-go/v2/internal/internalapi"
 	"github.com/tink-crypto/tink-go/v2/key"
-	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
 
 // Config keeps a collection of functions that create a primitive from
 // [key.Key].
-//
-// This is an internal API.
 type Config struct {
 	primitiveConstructors map[reflect.Type]func(key key.Key) (any, error)
 	keysetManagers        map[string]registry.KeyManager
 }
 
-// PrimitiveFromKeyData creates a primitive from the given [tinkpb.KeyData].
-// Returns an error if there is no key manager registered for the given key
-// type URL.
-//
-// This is an internal API.
-func (c *Config) PrimitiveFromKeyData(kd *tinkpb.KeyData, _ internalapi.Token) (any, error) {
-	km, ok := c.keysetManagers[kd.GetTypeUrl()]
-	if !ok {
-		return nil, fmt.Errorf("PrimitiveFromKeyData: no key manager for key URL %v", kd.GetTypeUrl())
-	}
-	return km.Primitive(kd.GetValue())
-}
-
 // PrimitiveFromKey creates a primitive from the given [key.Key]. Returns an
 // error if there is no primitiveConstructor registered for the given key.
 //
-// This is an internal API.
+// This implements [keyset.Config].
 func (c *Config) PrimitiveFromKey(k key.Key, _ internalapi.Token) (any, error) {
 	keyType := reflect.TypeOf(k)
 	creator, ok := c.primitiveConstructors[keyType]
@@ -74,8 +58,6 @@ type Builder struct {
 // registered (no matter whether it's the same object or different, since
 // constructors are of type [Func] and they are never considered equal in Go
 // unless they are nil).
-//
-// This is an internal API.
 func (b *Builder) RegisterPrimitiveConstructor(keyType reflect.Type, constructor func(key key.Key) (any, error), _ internalapi.Token) error {
 	if _, ok := b.config.primitiveConstructors[keyType]; ok {
 		return fmt.Errorf("RegisterPrimitiveConstructor: attempt to register a different primitive constructor for the same key type %v", keyType)
@@ -84,19 +66,6 @@ func (b *Builder) RegisterPrimitiveConstructor(keyType reflect.Type, constructor
 	return nil
 }
 
-// RegisterKeyManager registers a key manager for a key type URL.
-//
-// Not thread-safe.
-//
-// This is an internal API.
-func (b *Builder) RegisterKeyManager(keyTypeURL string, km registry.KeyManager, _ internalapi.Token) error {
-	if _, ok := b.config.keysetManagers[keyTypeURL]; ok {
-		return fmt.Errorf("RegisterKeyManager: attempt to register a different key manager for %v", keyTypeURL)
-	}
-	b.config.keysetManagers[keyTypeURL] = km
-	return nil
-}
-
 // Build creates a [Config] from the [Builder].
 func (b *Builder) Build() Config {
 	c := Config{