Skip to content

Port AKV, MST, and AAS extension packs with zero-copy adaptation#188

Merged
JeromySt merged 7 commits intousers/jstatia/native_ports_finalfrom
native_azure_key_vault
Apr 3, 2026
Merged

Port AKV, MST, and AAS extension packs with zero-copy adaptation#188
JeromySt merged 7 commits intousers/jstatia/native_ports_finalfrom
native_azure_key_vault

Conversation

@JeromySt
Copy link
Copy Markdown
Member

@JeromySt JeromySt commented Apr 3, 2026
edited
Loading

Summary

Ports the remaining 3 extension packs from native_ports to native_ports_final with zero-copy API adaptation:

Phase 5: Azure Key Vault (AKV)

  • 2 crates (core + FFI), 25 files
  • Zero-copy fixes: ArcSlice/ArcStr .into() conversions, payload()/signature() methods
  • Mutex .unwrap() → .map_err() error propagation
  • SAFETY docs on all 28 FFI unsafe blocks
  • C header Doxygen fixes
  • 119 tests passing

Phase 6: Microsoft Signing Transparency (MST)

  • 3 crates (core + client + FFI), 56 files
  • 15 zero-copy compilation fixes (LazyHeaderMap, ArcSlice, method accessors)
  • 499 tests passing

Phase 7: Azure Artifact Signing (AAS)

  • 3 crates (core + client + FFI), 67 files
  • Clippy fixes: too_many_arguments, collapsible if-let, manual Default
  • Built clean with zero-copy API (no source changes needed)
  • All tests passing

Total workspace: 7,800+ tests, 0 failures (excluding pre-existing flaky temp dir test)

@Jstatia
feat(native): Azure Key Vault extension pack with zero-copy adaptation
4a7a21d 
Port cose_sign1_azure_key_vault and cose_sign1_azure_key_vault_ffi from
native_ports branch, adapted for zero-copy architecture:

- CoseHeaderValue::Bytes/Text use ArcSlice/ArcStr (.into() conversions)
- CoseSign1Message field access via methods (.payload()/.signature())
- Clippy fix: remove redundant struct update syntax
- FFI Cargo.toml: workspace edition/license, description, test = false
- C/C++ headers: azure_key_vault.h and azure_key_vault.hpp
- rustfmt applied to all source and test files

119 AKV tests pass, 6805 workspace total, 0 failures.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Jstatia and others added 2 commits April 2, 2026 21:48
@Jstatia
chore: A+ quality fixes for Azure Key Vault extension pack
fd087cb 
- Replace Mutex .unwrap() with proper error propagation in akv_signing_key.rs
- Add // SAFETY: comments to all 28 unsafe blocks in FFI crate
- Add description field to main Cargo.toml
- Normalize FFI Cargo.toml to brace notation for workspace fields
- Add @param/@return Doxygen to 4 trust policy builder C header functions

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Jstatia
feat(native): MST transparency extension pack with zero-copy adaptation
5241388 
Port cose_sign1_transparent_mst, code_transparency_client, and
cose_sign1_transparent_mst_ffi from native_ports, adapted for zero-copy:

- LazyHeaderMap: .headers()?.alg()/.kid() instead of direct field access
- CoseSign1Message: .payload()/.signature() method access
- CoseHeaderValue::Bytes/Text use ArcSlice/ArcStr (.into() conversions)
- Removed unstable str_as_str feature usage
- C/C++ headers: mst.h and mst.hpp projections

3 crates added, 56 files, 499 MST tests pass, 7395 workspace total.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@JeromySt JeromySt changed the title feat(native): Azure Key Vault extension pack with zero-copy adaptation feat(native): Azure Key Vault + MST extension packs with zero-copy adaptation Apr 3, 2026
@Jstatia
Port Azure Artifact Signing extension pack with clippy fixes
ad3c88b 
- Port AAS crate, client sub-crate, and FFI crate from native_ports
- Fix clippy: too_many_arguments, collapsible if-let, manual Default impl
- Standardize all 3 Cargo.toml files (workspace edition/license, descriptions)
- Add C/C++ projection headers
- All AAS tests passing

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@JeromySt JeromySt changed the title feat(native): Azure Key Vault + MST extension packs with zero-copy adaptation Port AKV, MST, and AAS extension packs with zero-copy adaptation Apr 3, 2026
Jstatia and others added 3 commits April 2, 2026 22:25
@Jstatia
A+ quality fixes for MST and AAS extension packs
eb2628c 
- Add SAFETY comments to all unsafe blocks in MST and AAS FFI crates
- Replace .unwrap() with .expect() in non-test code (verify.rs, pack.rs, signing_service.rs)
- Add @param/@return Doxygen tags to 14 MST trust policy builder functions in mst.h

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Jstatia
Fix rustfmt formatting in verify.rs
d416a43 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Jstatia
Fix CI: add PqcJwk import and time to dependency allowlist
54e1c55 
- Gate PqcJwk import with #[cfg(feature = 'pqc')] in jwk_verifier.rs
- Add time crate to [crate.client] in allowed-dependencies.toml

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@JeromySt JeromySt force-pushed the native_azure_key_vault branch from ff8d6f9 to 54e1c55 Compare April 3, 2026 05:44
@JeromySt JeromySt marked this pull request as ready for review April 3, 2026 14:09
@JeromySt JeromySt merged commit 347d8ee into users/jstatia/native_ports_final Apr 3, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JeromySt JeromySt

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JeromySt @Jstatia