Skip to content

Port AKV, MST, and AAS extension packs with zero-copy adaptation#188

Merged
JeromySt merged 7 commits intousers/jstatia/native_ports_finalfrom
native_azure_key_vault
Apr 3, 2026
Merged

Port AKV, MST, and AAS extension packs with zero-copy adaptation#188
JeromySt merged 7 commits intousers/jstatia/native_ports_finalfrom
native_azure_key_vault

Conversation

@JeromySt
Copy link
Copy Markdown
Member

@JeromySt JeromySt commented Apr 3, 2026

Summary

Ports the remaining 3 extension packs from native_ports to native_ports_final with zero-copy API adaptation:

Phase 5: Azure Key Vault (AKV)

  • 2 crates (core + FFI), 25 files
  • Zero-copy fixes: ArcSlice/ArcStr .into() conversions, payload()/signature() methods
  • Mutex .unwrap() → .map_err() error propagation
  • SAFETY docs on all 28 FFI unsafe blocks
  • C header Doxygen fixes
  • 119 tests passing

Phase 6: Microsoft Signing Transparency (MST)

  • 3 crates (core + client + FFI), 56 files
  • 15 zero-copy compilation fixes (LazyHeaderMap, ArcSlice, method accessors)
  • 499 tests passing

Phase 7: Azure Artifact Signing (AAS)

  • 3 crates (core + client + FFI), 67 files
  • Clippy fixes: too_many_arguments, collapsible if-let, manual Default
  • Built clean with zero-copy API (no source changes needed)
  • All tests passing

Total workspace: 7,800+ tests, 0 failures (excluding pre-existing flaky temp dir test)

Port cose_sign1_azure_key_vault and cose_sign1_azure_key_vault_ffi from
native_ports branch, adapted for zero-copy architecture:

- CoseHeaderValue::Bytes/Text use ArcSlice/ArcStr (.into() conversions)
- CoseSign1Message field access via methods (.payload()/.signature())
- Clippy fix: remove redundant struct update syntax
- FFI Cargo.toml: workspace edition/license, description, test = false
- C/C++ headers: azure_key_vault.h and azure_key_vault.hpp
- rustfmt applied to all source and test files

119 AKV tests pass, 6805 workspace total, 0 failures.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Jstatia and others added 2 commits April 2, 2026 21:48
- Replace Mutex .unwrap() with proper error propagation in akv_signing_key.rs
- Add // SAFETY: comments to all 28 unsafe blocks in FFI crate
- Add description field to main Cargo.toml
- Normalize FFI Cargo.toml to brace notation for workspace fields
- Add @param/@return Doxygen to 4 trust policy builder C header functions

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Port cose_sign1_transparent_mst, code_transparency_client, and
cose_sign1_transparent_mst_ffi from native_ports, adapted for zero-copy:

- LazyHeaderMap: .headers()?.alg()/.kid() instead of direct field access
- CoseSign1Message: .payload()/.signature() method access
- CoseHeaderValue::Bytes/Text use ArcSlice/ArcStr (.into() conversions)
- Removed unstable str_as_str feature usage
- C/C++ headers: mst.h and mst.hpp projections

3 crates added, 56 files, 499 MST tests pass, 7395 workspace total.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@JeromySt JeromySt changed the title feat(native): Azure Key Vault extension pack with zero-copy adaptation feat(native): Azure Key Vault + MST extension packs with zero-copy adaptation Apr 3, 2026
- Port AAS crate, client sub-crate, and FFI crate from native_ports
- Fix clippy: too_many_arguments, collapsible if-let, manual Default impl
- Standardize all 3 Cargo.toml files (workspace edition/license, descriptions)
- Add C/C++ projection headers
- All AAS tests passing

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@JeromySt JeromySt changed the title feat(native): Azure Key Vault + MST extension packs with zero-copy adaptation Port AKV, MST, and AAS extension packs with zero-copy adaptation Apr 3, 2026
Jstatia and others added 3 commits April 2, 2026 22:25
- Add SAFETY comments to all unsafe blocks in MST and AAS FFI crates
- Replace .unwrap() with .expect() in non-test code (verify.rs, pack.rs, signing_service.rs)
- Add @param/@return Doxygen tags to 14 MST trust policy builder functions in mst.h

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Gate PqcJwk import with #[cfg(feature = 'pqc')] in jwk_verifier.rs
- Add time crate to [crate.client] in allowed-dependencies.toml

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@JeromySt JeromySt force-pushed the native_azure_key_vault branch from ff8d6f9 to 54e1c55 Compare April 3, 2026 05:44
@JeromySt JeromySt marked this pull request as ready for review April 3, 2026 14:09
@JeromySt JeromySt merged commit 347d8ee into users/jstatia/native_ports_final Apr 3, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants