tink-crypto
diff --git a/‎aead/aesctrhmac/aesctrhmac.go‎
Lines changed: 1 addition & 2 deletions b/‎aead/aesctrhmac/aesctrhmac.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎aead/aesgcm/aesgcm.go‎
Lines changed: 1 addition & 2 deletions b/‎aead/aesgcm/aesgcm.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎aead/aesgcmsiv/aesgcmsiv.go‎
Lines changed: 1 addition & 2 deletions b/‎aead/aesgcmsiv/aesgcmsiv.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎aead/chacha20poly1305/chacha20poly1305.go‎
Lines changed: 1 addition & 2 deletions b/‎aead/chacha20poly1305/chacha20poly1305.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎aead/xaesgcm/xaesgcm.go‎
Lines changed: 1 addition & 2 deletions b/‎aead/xaesgcm/xaesgcm.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎aead/xchacha20poly1305/xchacha20poly1305.go‎
Lines changed: 1 addition & 2 deletions b/‎aead/xchacha20poly1305/xchacha20poly1305.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎daead/aessiv/aessiv.go‎
Lines changed: 1 addition & 2 deletions b/‎daead/aessiv/aessiv.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎hybrid/ecies/ecies.go‎
Lines changed: 2 additions & 3 deletions b/‎hybrid/ecies/ecies.go‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎hybrid/hpke/hpke.go‎
Lines changed: 2 additions & 3 deletions b/‎hybrid/hpke/hpke.go‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎internal/legacykeymanager/legacykeymanager.go‎
Lines changed: 15 additions & 42 deletions b/‎internal/legacykeymanager/legacykeymanager.go‎
Lines changed: 15 additions & 42 deletions
@@ -27,13 +27,12 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	aesctrhmacpb "github.com/tink-crypto/tink-go/v2/proto/aes_ctr_hmac_aead_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
 
 func newKeyManager() registry.KeyManager {
-	return legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	return legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &aesctrhmacpb.AesCtrHmacAeadKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -27,13 +27,12 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	aesgcmpb "github.com/tink-crypto/tink-go/v2/proto/aes_gcm_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
 
 func newKeyManager() registry.KeyManager {
-	return legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	return legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &aesgcmpb.AesGcmKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -29,13 +29,12 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	aesgcmsivpb "github.com/tink-crypto/tink-go/v2/proto/aes_gcm_siv_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
 
 func newKeyManager() registry.KeyManager {
-	return legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	return legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &aesgcmsivpb.AesGcmSivKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -26,13 +26,12 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	chacha20poly1305pb "github.com/tink-crypto/tink-go/v2/proto/chacha20_poly1305_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
 
 func newKeyManager() registry.KeyManager {
-	return legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	return legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &chacha20poly1305pb.ChaCha20Poly1305Key{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -25,13 +25,12 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 	xaesgcmpb "github.com/tink-crypto/tink-go/v2/proto/x_aes_gcm_go_proto"
 )
 
 func newKeyManager() registry.KeyManager {
-	return legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	return legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &xaesgcmpb.XAesGcmKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -28,13 +28,12 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 	xchacha20poly1305pb "github.com/tink-crypto/tink-go/v2/proto/xchacha20_poly1305_go_proto"
 )
 
 func newKeyManager() registry.KeyManager {
-	return legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	return legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &xchacha20poly1305pb.XChaCha20Poly1305Key{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -27,7 +27,6 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	aessivpb "github.com/tink-crypto/tink-go/v2/proto/aes_siv_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
@@ -62,7 +61,7 @@ func init() {
 	if err := keygenregistry.RegisterKeyCreator[*Parameters](createKey); err != nil {
 		panic(fmt.Sprintf("aessiv.init() failed: %v", err))
 	}
-	if err := registry.RegisterKeyManager(legacykeymanager.New(typeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
+	if err := registry.RegisterKeyManager(legacykeymanager.New(typeURL, primitiveConstructor, tinkpb.KeyData_SYMMETRIC, func(b []byte) (proto.Message, error) {
 		protoKey := &aessivpb.AesSivKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -41,7 +41,6 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	eciespb "github.com/tink-crypto/tink-go/v2/proto/ecies_aead_hkdf_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
@@ -74,7 +73,7 @@ func init() {
 	if err := keygenregistry.RegisterKeyCreator[*Parameters](createPrivateKey); err != nil {
 		panic(fmt.Sprintf("ecies.init() failed: %v", err))
 	}
-	if err := registry.RegisterKeyManager(legacykeymanager.NewPrivateKeyManager(privateKeyTypeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_ASYMMETRIC_PRIVATE, func(b []byte) (proto.Message, error) {
+	if err := registry.RegisterKeyManager(legacykeymanager.NewPrivateKeyManager(privateKeyTypeURL, hybridDecryptConstructor, tinkpb.KeyData_ASYMMETRIC_PRIVATE, func(b []byte) (proto.Message, error) {
 		protoKey := &eciespb.EciesAeadHkdfPrivateKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
@@ -83,7 +82,7 @@ func init() {
 	})); err != nil {
 		panic(fmt.Sprintf("ecies.init() failed: %v", err))
 	}
-	if err := registry.RegisterKeyManager(legacykeymanager.New(publicKeyTypeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_ASYMMETRIC_PUBLIC, func(b []byte) (proto.Message, error) {
+	if err := registry.RegisterKeyManager(legacykeymanager.New(publicKeyTypeURL, hybridEncryptConstructor, tinkpb.KeyData_ASYMMETRIC_PUBLIC, func(b []byte) (proto.Message, error) {
 		protoKey := &eciespb.EciesAeadHkdfPublicKey{}
 		if err := proto.Unmarshal(b, protoKey); err != nil {
 			return nil, err
 
@@ -27,7 +27,6 @@ import (
 	"github.com/tink-crypto/tink-go/v2/internal/legacykeymanager"
 	"github.com/tink-crypto/tink-go/v2/internal/primitiveregistry"
 	"github.com/tink-crypto/tink-go/v2/internal/protoserialization"
-	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
 	hpkepb "github.com/tink-crypto/tink-go/v2/proto/hpke_go_proto"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
@@ -76,12 +75,12 @@ func init() {
 	if err := keygenregistry.RegisterKeyCreator[*Parameters](createPrivateKey); err != nil {
 		panic(fmt.Sprintf("hpke.init() failed: %v", err))
 	}
-	if err := registry.RegisterKeyManager(legacykeymanager.NewPrivateKeyManager(privateKeyTypeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_ASYMMETRIC_PRIVATE, func(b []byte) (proto.Message, error) {
+	if err := registry.RegisterKeyManager(legacykeymanager.NewPrivateKeyManager(privateKeyTypeURL, hybridDecryptConstructor, tinkpb.KeyData_ASYMMETRIC_PRIVATE, func(b []byte) (proto.Message, error) {
 		return unmarshalHpkePrivateKey(b)
 	})); err != nil {
 		panic(fmt.Sprintf("hpke.init() failed: %v", err))
 	}
-	if err := registry.RegisterKeyManager(legacykeymanager.New(publicKeyTypeURL, &registryconfig.RegistryConfig{}, tinkpb.KeyData_ASYMMETRIC_PUBLIC, func(b []byte) (proto.Message, error) {
+	if err := registry.RegisterKeyManager(legacykeymanager.New(publicKeyTypeURL, hybridEncryptConstructor, tinkpb.KeyData_ASYMMETRIC_PUBLIC, func(b []byte) (proto.Message, error) {
 		return unmarshalHpkePublicKey(b)
 	})); err != nil {
 		panic(fmt.Sprintf("hpke.init() failed: %v", err))
 
@@ -34,47 +34,32 @@ type config interface {
 	PrimitiveFromKey(key key.Key, _ internalapi.Token) (any, error)
 }
 
-type primitiveFunc func(serializedKey []byte) (any, error)
+type primitiveConstructor func(key key.Key) (any, error)
 
 // KeyManager implements the [registry.KeyManager] interface.
 type KeyManager struct {
-	typeURL             string
-	config              config
-	protoKeyUnmashaller func([]byte) (proto.Message, error)
-	keyMaterialType     tinkpb.KeyData_KeyMaterialType
-	primitiveFunc       primitiveFunc
+	typeURL              string
+	protoKeyUnmashaller  func([]byte) (proto.Message, error)
+	keyMaterialType      tinkpb.KeyData_KeyMaterialType
+	primitiveConstructor primitiveConstructor
 }
 
 var _ registry.KeyManager = (*KeyManager)(nil)
 
 // New creates a new [LegacyKeyManager].
 //
 // Assumes parameters are not nil.
-func New(typeURL string, config config, keyMaterialType tinkpb.KeyData_KeyMaterialType, protoKeyUnmashaller func([]byte) (proto.Message, error)) *KeyManager {
-	km := &KeyManager{
-		typeURL:             typeURL,
-		config:              config,
-		protoKeyUnmashaller: protoKeyUnmashaller,
-		keyMaterialType:     keyMaterialType,
-	}
-	km.primitiveFunc = km.defaultPrimitiveFunc
-	return km
-}
-
-// NewWithCustomPrimitive creates a new [LegacyKeyManager] with a custom primitive function.
-//
-// Assumes parameters are not nil.
-func NewWithCustomPrimitive(typeURL string, config config, keyMaterialType tinkpb.KeyData_KeyMaterialType, protoKeyUnmashaller func([]byte) (proto.Message, error), pf primitiveFunc) *KeyManager {
+func New(typeURL string, primitiveConstructor primitiveConstructor, keyMaterialType tinkpb.KeyData_KeyMaterialType, protoKeyUnmashaller func([]byte) (proto.Message, error)) *KeyManager {
 	return &KeyManager{
-		typeURL:             typeURL,
-		config:              config,
-		protoKeyUnmashaller: protoKeyUnmashaller,
-		keyMaterialType:     keyMaterialType,
-		primitiveFunc:       pf,
+		typeURL:              typeURL,
+		protoKeyUnmashaller:  protoKeyUnmashaller,
+		keyMaterialType:      keyMaterialType,
+		primitiveConstructor: primitiveConstructor,
 	}
 }
 
-func (m *KeyManager) defaultPrimitiveFunc(serializedKey []byte) (any, error) {
+// Primitive creates a primitive from the given serialized key.
+func (m *KeyManager) Primitive(serializedKey []byte) (any, error) {
 	keySerialization, err := protoserialization.NewKeySerialization(&tinkpb.KeyData{
 		TypeUrl:         m.typeURL,
 		Value:           serializedKey,
@@ -87,12 +72,7 @@ func (m *KeyManager) defaultPrimitiveFunc(serializedKey []byte) (any, error) {
 	if err != nil {
 		return nil, err
 	}
-	return m.config.PrimitiveFromKey(key, internalapi.Token{})
-}
-
-// Primitive creates a primitive from the given serialized key.
-func (m *KeyManager) Primitive(serializedKey []byte) (any, error) {
-	return m.primitiveFunc(serializedKey)
+	return m.primitiveConstructor(key)
 }
 
 // NewKey creates a new key from the given serialized key format.
@@ -150,16 +130,9 @@ type PrivateKeyManager struct {
 var _ registry.PrivateKeyManager = (*PrivateKeyManager)(nil)
 
 // NewPrivateKeyManager creates a new [PrivateKeyManager].
-func NewPrivateKeyManager(typeURL string, config config, keyMaterialType tinkpb.KeyData_KeyMaterialType, protoKeyUnmashaller func([]byte) (proto.Message, error)) *PrivateKeyManager {
-	return &PrivateKeyManager{
-		KeyManager: *New(typeURL, config, keyMaterialType, protoKeyUnmashaller),
-	}
-}
-
-// NewPrivateKeyManagerWithCustomPrimitive creates a new [PrivateKeyManager] with a custom primitive function.
-func NewPrivateKeyManagerWithCustomPrimitive(typeURL string, config config, keyMaterialType tinkpb.KeyData_KeyMaterialType, protoKeyUnmashaller func([]byte) (proto.Message, error), pf primitiveFunc) *PrivateKeyManager {
+func NewPrivateKeyManager(typeURL string, primitiveConstructor primitiveConstructor, keyMaterialType tinkpb.KeyData_KeyMaterialType, protoKeyUnmashaller func([]byte) (proto.Message, error)) *PrivateKeyManager {
 	return &PrivateKeyManager{
-		KeyManager: *NewWithCustomPrimitive(typeURL, config, keyMaterialType, protoKeyUnmashaller, pf),
+		KeyManager: *New(typeURL, primitiveConstructor, keyMaterialType, protoKeyUnmashaller),
 	}
 }