[KeyManager] Fix compilation and lint errors

atulpatildbz · atulpatildbz · commit 6c2d6d7bc2ea · 2026-03-16T12:27:26.000Z
diff --git a/keymanager/key_protection_service/key_custody_core/kps_key_custody_core_cgo.go b/keymanager/key_protection_service/key_custody_core/kps_key_custody_core_cgo.go
@@ -17,17 +17,13 @@ import "C"
 import (
 	"fmt"
 	"unsafe"
-	"errors"
 
 	"github.com/google/uuid"
 	"google.golang.org/protobuf/proto"
 
 	keymanager "github.com/google/go-tpm-tools/keymanager/km_common/proto"
 )
 
-// ErrKeyNotFound is returned when a key is not found in the KPS core.
-var ErrKeyNotFound = errors.New("key not found in KPS")
-
 const (
 	uuidSize      = 16
 	kemPubKeySize = 32
diff --git a/keymanager/key_protection_service/key_custody_core/types.go b/keymanager/key_protection_service/key_custody_core/types.go
@@ -1,10 +1,15 @@
 package kpskcc
 
 import (
+	"errors"
+
 	keymanager "github.com/google/go-tpm-tools/keymanager/km_common/proto"
 	"github.com/google/uuid"
 )
 
+// ErrKeyNotFound is returned when a key is not found in the KPS core.
+var ErrKeyNotFound = errors.New("key not found in KPS")
+
 // KEMKeyInfo holds metadata for a single KEM key returned by EnumerateKEMKeys.
 type KEMKeyInfo struct {
 	ID                    uuid.UUID
diff --git a/keymanager/workload_service/server.go b/keymanager/workload_service/server.go
@@ -335,8 +335,8 @@ func (s *Server) LookupBindingUUID(kemUUID uuid.UUID) (uuid.UUID, bool) {
 	return info.bindingUUID, ok
 }
 
-// GetBindingInfo returns the binding information associated with the given KEM UUID.
-func (s *Server) GetBindingInfo(kemUUID uuid.UUID) (bindingInfo, bool) {
+// getBindingInfo returns the binding information associated with the given KEM UUID.
+func (s *Server) getBindingInfo(kemUUID uuid.UUID) (bindingInfo, bool) {
 	s.mu.RLock()
 	info, ok := s.kemToBindingMap[kemUUID]
 	s.mu.RUnlock()
@@ -382,7 +382,7 @@ func (s *Server) handleDecaps(w http.ResponseWriter, r *http.Request) {
 	aad := decapsAADContext(kemUUID, req.Ciphertext.Algorithm)
 
 	// Look up the binding information for this KEM key.
-	info, ok := s.GetBindingInfo(kemUUID)
+	info, ok := s.getBindingInfo(kemUUID)
 	if !ok {
 		http.Error(w, fmt.Sprintf("KEM key handle not found: %s", kemUUID), http.StatusNotFound)
 		return
@@ -629,7 +629,7 @@ func (s *Server) handleDestroy(w http.ResponseWriter, r *http.Request) {
 // handleGetBindingKeyClaims returns the claims for a binding key identified by its KEM UUID.
 func (s *Server) handleGetBindingKeyClaims(id uuid.UUID) (*keymanager.KeyClaims, error) {
 	// Look up the binding information for this KEM key.
-	info, ok := s.GetBindingInfo(id)
+	info, ok := s.getBindingInfo(id)
 	if !ok {
 		return nil, fmt.Errorf("binding key ID not found for key handle: %s", id)
 	}
@@ -672,7 +672,7 @@ func (s *Server) handleGetBindingKeyClaims(id uuid.UUID) (*keymanager.KeyClaims,
 // handleGetKEMKeyClaims returns the claims for a KEM key identified by its UUID.
 func (s *Server) handleGetKEMKeyClaims(id uuid.UUID) (*keymanager.KeyClaims, error) {
 	// Look up the binding information for this KEM key.
-	info, ok := s.GetBindingInfo(id)
+	info, ok := s.getBindingInfo(id)
 	if !ok {
 		return nil, fmt.Errorf("KEM key handle not found: %s", id)
 	}
diff --git a/keymanager/workload_service/server_test.go b/keymanager/workload_service/server_test.go
@@ -810,7 +810,7 @@ func TestProcessClaims(t *testing.T) {
 		// Let's create a new server with a mock that returns error.
 		wsErr := &mockWorkloadService{err: fmt.Errorf("not found")}
 		srvErr := newTestServer(t, kps, wsErr)
-		
+
 		// Populate map so WL service is called.
 		srvErr.kemToBindingMap[notFoundUUID] = bindingInfo{
 			bindingUUID: uuid.New(),
@@ -841,7 +841,7 @@ func TestProcessClaims(t *testing.T) {
 
 		kpsErr := &mockKeyProtectionService{err: fmt.Errorf("not found")}
 		srvErr := newTestServer(t, kpsErr, ws)
-		
+
 		// Populate map so KPS is called.
 		srvErr.kemToBindingMap[kemUUID] = bindingInfo{
 			bindingUUID: bindingUUID,
@@ -1115,36 +1115,36 @@ func TestHandleDecap_ExpiredKey(t *testing.T) {
 	encKey := []byte("test-encapsulated-key-32-bytes!!")
 
 	tests := []struct {
-		name                 string
-		mapExpiresAt        time.Time
-		kpsErr              error
-		expectStatus        int
-		expectKPSCalled     bool
-		expectMapRemoved    bool
+		name             string
+		mapExpiresAt     time.Time
+		kpsErr           error
+		expectStatus     int
+		expectKPSCalled  bool
+		expectMapRemoved bool
 	}{
 		{
-			name:              "Expired in map",
+			name:             "Expired in map",
 			mapExpiresAt:     time.Now().Add(-1 * time.Hour),
 			kpsErr:           nil,
 			expectStatus:     http.StatusGone,
-			expectKPSCalled:    false,
-			expectMapRemoved:   true,
+			expectKPSCalled:  false,
+			expectMapRemoved: true,
 		},
 		{
-			name:              "No map entry",
+			name:             "No map entry",
 			mapExpiresAt:     time.Time{}, // Not added to map
 			kpsErr:           nil,
 			expectStatus:     http.StatusNotFound,
-			expectKPSCalled:    false,
-			expectMapRemoved:   false,
+			expectKPSCalled:  false,
+			expectMapRemoved: false,
 		},
 		{
-			name:              "Expired in KPS",
+			name:             "Expired in KPS",
 			mapExpiresAt:     time.Now().Add(1 * time.Hour),
 			kpsErr:           kpskcc.ErrKeyNotFound,
 			expectStatus:     http.StatusGone,
-			expectKPSCalled:    true,
-			expectMapRemoved:   true,
+			expectKPSCalled:  true,
+			expectMapRemoved: true,
 		},
 	}
 
@@ -1349,67 +1349,67 @@ func TestGetKeyClaims_ExpiredKey(t *testing.T) {
 	bindingUUID := uuid.New()
 
 	tests := []struct {
-		name                 string
-		keyType              keymanager.KeyType
-		mapExpiresAt        time.Time
-		kpsErr              error
-		expectErr            error
-		expectKPSCalled     bool
-		expectMapRemoved    bool
+		name             string
+		keyType          keymanager.KeyType
+		mapExpiresAt     time.Time
+		kpsErr           error
+		expectErr        error
+		expectKPSCalled  bool
+		expectMapRemoved bool
 	}{
 		{
-			name:              "KEM key expired in map",
-			keyType:           keymanager.KeyType_KEY_TYPE_VM_PROTECTION_KEY,
+			name:             "KEM key expired in map",
+			keyType:          keymanager.KeyType_KEY_TYPE_VM_PROTECTION_KEY,
 			mapExpiresAt:     time.Now().Add(-1 * time.Hour),
 			kpsErr:           nil,
 			expectErr:        kpskcc.ErrKeyNotFound,
-			expectKPSCalled:    false,
-			expectMapRemoved:   true,
+			expectKPSCalled:  false,
+			expectMapRemoved: true,
 		},
 		{
-			name:              "Binding key expired in map",
-			keyType:           keymanager.KeyType_KEY_TYPE_VM_PROTECTION_BINDING,
+			name:             "Binding key expired in map",
+			keyType:          keymanager.KeyType_KEY_TYPE_VM_PROTECTION_BINDING,
 			mapExpiresAt:     time.Now().Add(-1 * time.Hour),
 			kpsErr:           nil,
 			expectErr:        kpskcc.ErrKeyNotFound,
-			expectKPSCalled:    false,
-			expectMapRemoved:   true,
+			expectKPSCalled:  false,
+			expectMapRemoved: true,
 		},
 		{
-			name:              "KEM key no map entry",
-			keyType:           keymanager.KeyType_KEY_TYPE_VM_PROTECTION_KEY,
+			name:             "KEM key no map entry",
+			keyType:          keymanager.KeyType_KEY_TYPE_VM_PROTECTION_KEY,
 			mapExpiresAt:     time.Time{}, // Not added to map
 			kpsErr:           nil,
 			expectErr:        errors.New("KEM key handle not found"),
-			expectKPSCalled:    false,
-			expectMapRemoved:   false,
+			expectKPSCalled:  false,
+			expectMapRemoved: false,
 		},
 		{
-			name:              "Binding key no map entry",
-			keyType:           keymanager.KeyType_KEY_TYPE_VM_PROTECTION_BINDING,
+			name:             "Binding key no map entry",
+			keyType:          keymanager.KeyType_KEY_TYPE_VM_PROTECTION_BINDING,
 			mapExpiresAt:     time.Time{}, // Not added to map
 			kpsErr:           nil,
 			expectErr:        errors.New("binding key ID not found"),
-			expectKPSCalled:    false,
-			expectMapRemoved:   false,
+			expectKPSCalled:  false,
+			expectMapRemoved: false,
 		},
 		{
-			name:              "KEM key expired in KPS",
-			keyType:           keymanager.KeyType_KEY_TYPE_VM_PROTECTION_KEY,
+			name:             "KEM key expired in KPS",
+			keyType:          keymanager.KeyType_KEY_TYPE_VM_PROTECTION_KEY,
 			mapExpiresAt:     time.Now().Add(1 * time.Hour),
 			kpsErr:           kpskcc.ErrKeyNotFound,
 			expectErr:        kpskcc.ErrKeyNotFound,
-			expectKPSCalled:    true,
-			expectMapRemoved:   true,
+			expectKPSCalled:  true,
+			expectMapRemoved: true,
 		},
 		{
-			name:              "Binding key expired in WL",
-			keyType:           keymanager.KeyType_KEY_TYPE_VM_PROTECTION_BINDING,
+			name:             "Binding key expired in WL",
+			keyType:          keymanager.KeyType_KEY_TYPE_VM_PROTECTION_BINDING,
 			mapExpiresAt:     time.Now().Add(1 * time.Hour),
 			kpsErr:           kpskcc.ErrKeyNotFound,
 			expectErr:        kpskcc.ErrKeyNotFound,
-			expectKPSCalled:    true,
-			expectMapRemoved:   true,
+			expectKPSCalled:  true,
+			expectMapRemoved: true,
 		},
 	}
 
@@ -1432,7 +1432,7 @@ func TestGetKeyClaims_ExpiredKey(t *testing.T) {
 			if err == nil {
 				t.Fatalf("expected error, got nil")
 			}
-			
+
 			if tc.expectErr == kpskcc.ErrKeyNotFound {
 				if !errors.Is(err, kpskcc.ErrKeyNotFound) {
 					t.Errorf("expected ErrKeyNotFound, got %v", err)
