Skip to content

wip#1891

Draft
istankovic wants to merge 26 commits intomainfrom
ivan/x509-part-5
Draft

wip#1891
istankovic wants to merge 26 commits intomainfrom
ivan/x509-part-5

Conversation

@istankovic
Copy link
Member

🚧

@istankovic istankovic force-pushed the ivan/x509-part-5 branch 4 times, most recently from 91ed66b to 7bbc86c Compare February 26, 2026 09:35
One problem was that we were creating two connections to the same
database, one via the `ccInit` helper and another via a direct call
to `openDatabase`, which meant that `teardown` waited a long time for
the connections to drop (it would time out on CI).

This has been worked around by using an new, unrelated database for
the PKI environment.

Another problem was usage patterns of the form `expect(expr == value)`
rather than `expect(expr).toBe(value)`, which was causing checks to
not do what they were supposed to do. So fix that too.
They were only used for E2EI things, which has now been moved.
Also make ed25519-dalek non-optional.
The function calls RustCrypto::normalize_p521_secret_key and RustCrypto::normalize_ed25519_key
and the RustCrypto provider is not easily accessible from e2e-identity.
…:new

PkiKeypair::new is supposed to be called immediately after having
created a new signing key via signature_key_gen, and only with the
private portion of the key pair. So instead of calling normalize, just
make sure that the provided key has the right length. This also
avoids the pointless copying.
Because MLS provider is defined in the crypto crate and we cannot depend
on that crate in e2e-identity.
We're hitting the orphan rule here: Ciphersuite is defined in openmls,
and JwsAlgorithm is defined in rusty-jwt-tools.
We're keeping E2eiConversationState for the time being.
It has been moved from crypto to e2e-identity.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant