Remove AeadKeyTemplates.createKmsAeadKeyTemplate.

This is function has a bug, it uses TINK prefix instead of RAW. It is therefore not usable, as the KeysetHandle created are incompatible with each other. We think it is unused and it is better to directly remove it than to fix it. And fix some lint errors. PiperOrigin-RevId: 557892641 Change-Id: Ia88a1536fce5421f24ea1cabf0fceb28d8ac03fc
tink-crypto · Aug 17, 2023 · ae3260d · ae3260d
1 parent 314cd0e
commit ae3260d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 40 deletions.
diff --git a/src/main/java/com/google/crypto/tink/aead/AeadKeyTemplates.java b/src/main/java/com/google/crypto/tink/aead/AeadKeyTemplates.java
@@ -26,7 +26,6 @@
 import com.google.crypto.tink.proto.HmacKeyFormat;
 import com.google.crypto.tink.proto.HmacParams;
 import com.google.crypto.tink.proto.KeyTemplate;
-import com.google.crypto.tink.proto.KmsAeadKeyFormat;
 import com.google.crypto.tink.proto.KmsEnvelopeAeadKeyFormat;
 import com.google.crypto.tink.proto.OutputPrefixType;
 
@@ -223,28 +222,12 @@ public static KeyTemplate createAesCtrHmacAeadKeyTemplate(
   }
 
   /**
-   * @return a new {@link KeyTemplate} that can generate a {@link KmsAeadKey} pointing to {@code
-   *     keyUri}.
-   */
-  public static KeyTemplate createKmsAeadKeyTemplate(String keyUri) {
-    KmsAeadKeyFormat format = KmsAeadKeyFormat.newBuilder()
-        .setKeyUri(keyUri)
-        .build();
-    return KeyTemplate.newBuilder()
-        .setValue(format.toByteString())
-        .setTypeUrl(new KmsAeadKeyManager().getKeyType())
-        .setOutputPrefixType(OutputPrefixType.TINK)
-        .build();
-  }
-
-  /**
-   * @return a new {@link KeyTemplate} that can generate a {@link
-   *     com.google.crypto.tink.proto.KmsEnvelopeAeadKey} whose key encrypting key (KEK) is pointing
-   *     to {@code kekUri} and DEK template is {@code dekTemplate}. Keys generated by this key
-   *     template uses RAW output prefix to make them compatible with the remote KMS'
-   *     encrypt/decrypt operations. Unlike other templates, when you generate new keys with this
-   *     template, Tink does not generate new key material, but only creates a reference to the
-   *     remote KEK.
+   * Returns a new {@link KeyTemplate} that can generate a {@link
+   * com.google.crypto.tink.proto.KmsEnvelopeAeadKey} whose key encrypting key (KEK) is pointing to
+   * {@code kekUri} and DEK template is {@code dekTemplate}. Keys generated by this key template
+   * uses RAW output prefix to make them compatible with the remote KMS' encrypt/decrypt operations.
+   * Unlike other templates, when you generate new keys with this template, Tink does not generate
+   * new key material, but only creates a reference to the remote KEK.
    */
   public static KeyTemplate createKmsEnvelopeAeadKeyTemplate(
       String kekUri, KeyTemplate dekTemplate) {

diff --git a/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java b/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
@@ -26,7 +26,6 @@
 import com.google.crypto.tink.proto.AesGcmKeyFormat;
 import com.google.crypto.tink.proto.HashType;
 import com.google.crypto.tink.proto.KeyTemplate;
-import com.google.crypto.tink.proto.KmsAeadKeyFormat;
 import com.google.crypto.tink.proto.KmsEnvelopeAeadKeyFormat;
 import com.google.crypto.tink.proto.OutputPrefixType;
 import com.google.protobuf.ExtensionRegistryLite;
@@ -209,20 +208,6 @@ public void xchacha20Poly1305() throws Exception {
     assertTrue(template.getValue().isEmpty()); // Empty format.
   }
 
-  @Test
-  public void testCreateKmsAeadKeyTemplate() throws Exception {
-    // Intentionally using "weird" or invalid values for parameters,
-    // to test that the function correctly puts them in the resulting template.
-    String keyUri = "some example URI";
-    KeyTemplate template = AeadKeyTemplates.createKmsAeadKeyTemplate(keyUri);
-    assertEquals(new KmsAeadKeyManager().getKeyType(), template.getTypeUrl());
-    assertEquals(OutputPrefixType.TINK, template.getOutputPrefixType());
-
-    KmsAeadKeyFormat format =
-        KmsAeadKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
-    assertEquals(keyUri, format.getKeyUri());
-  }
-
   @Test
   public void testCreateKmsEnvelopeAeadKeyTemplate() throws Exception {
     // Intentionally using "weird" or invalid values for parameters,

diff --git a/src/test/java/com/google/crypto/tink/aead/KmsAeadKeyManagerTest.java b/src/test/java/com/google/crypto/tink/aead/KmsAeadKeyManagerTest.java
@@ -44,10 +44,10 @@ public void setUp() throws Exception {
   }
 
   @Test
-  public void testKmsAeadWithBoundedClient_success() throws Exception {
+  public void testKmsAead_success() throws Exception {
     String keyUri = FakeKmsClient.createFakeKeyUri();
     KeysetHandle keysetHandle =
-        KeysetHandle.generateNew(AeadKeyTemplates.createKmsAeadKeyTemplate(keyUri));
+        KeysetHandle.generateNew(KmsAeadKeyManager.createKeyTemplate(keyUri));
     TestUtil.runBasicAeadTests(keysetHandle.getPrimitive(Aead.class));
   }