feat: add Pki Environment API by fewerner · Pull Request #1752 · wireapp/core-crypto

fewerner · 2026-01-16T12:21:35Z

What's new in this PR

This PR adds a new PkiEnvironment to the API and decouples some pki related things from the mls session.

PR Submission Checklist for internal contributors

The PR Title
- conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
- contains a reference JIRA issue number like SQPIT-764
- answers the question: If merged, this PR will: ... ³

https://sparkbox.com/foundry/semantic_commit_messages
https://github.com/wireapp/.github#usage
E.g. feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.

github-actions · 2026-01-16T12:26:19Z

Bencher Report

Branch	felix/feat/pki-environment
Testbed	ubuntu-latest

⚠️ WARNING: No Threshold found!
Without a Threshold, no Alerts will ever be generated.
Latency (nanoseconds (ns))
Click here to create a new Threshold
For more information, see the Threshold documentation.
To only post results if a Threshold exists, set the --ci-only-thresholds flag.

Click to view all benchmark results

Benchmark	Latency	microseconds (µs)
Commit add f(group size)/cs1/mem/1002	📈 view plot ⚠️ NO THRESHOLD	14,473.00 µs
Commit add f(group size)/cs1/mem/2	📈 view plot ⚠️ NO THRESHOLD	687.55 µs
Commit add f(group size)/cs1/mem/202	📈 view plot ⚠️ NO THRESHOLD	3,750.80 µs
Commit add f(group size)/cs1/mem/402	📈 view plot ⚠️ NO THRESHOLD	6,384.70 µs
Commit add f(group size)/cs1/mem/602	📈 view plot ⚠️ NO THRESHOLD	9,890.00 µs
Commit add f(group size)/cs1/mem/802	📈 view plot ⚠️ NO THRESHOLD	12,158.00 µs
Commit add f(number clients)/cs1/mem/1002	📈 view plot ⚠️ NO THRESHOLD	786,410.00 µs
Commit add f(number clients)/cs1/mem/2	📈 view plot ⚠️ NO THRESHOLD	706.95 µs
Commit add f(number clients)/cs1/mem/202	📈 view plot ⚠️ NO THRESHOLD	66,278.00 µs
Commit add f(number clients)/cs1/mem/402	📈 view plot ⚠️ NO THRESHOLD	173,490.00 µs
Commit add f(number clients)/cs1/mem/602	📈 view plot ⚠️ NO THRESHOLD	338,530.00 µs
Commit add f(number clients)/cs1/mem/802	📈 view plot ⚠️ NO THRESHOLD	543,840.00 µs
Commit pending proposals f(group size)/cs1/mem/1002	📈 view plot ⚠️ NO THRESHOLD	88,997.00 µs
Commit pending proposals f(group size)/cs1/mem/2	📈 view plot ⚠️ NO THRESHOLD	18,646.00 µs
Commit pending proposals f(group size)/cs1/mem/202	📈 view plot ⚠️ NO THRESHOLD	32,900.00 µs
Commit pending proposals f(group size)/cs1/mem/402	📈 view plot ⚠️ NO THRESHOLD	44,530.00 µs
Commit pending proposals f(group size)/cs1/mem/602	📈 view plot ⚠️ NO THRESHOLD	59,126.00 µs
Commit pending proposals f(group size)/cs1/mem/802	📈 view plot ⚠️ NO THRESHOLD	71,630.00 µs
Commit pending proposals f(pending size)/cs1/mem/1	📈 view plot ⚠️ NO THRESHOLD	13,685.00 µs
Commit pending proposals f(pending size)/cs1/mem/101	📈 view plot ⚠️ NO THRESHOLD	88,782.00 µs
Commit pending proposals f(pending size)/cs1/mem/21	📈 view plot ⚠️ NO THRESHOLD	26,861.00 µs
Commit pending proposals f(pending size)/cs1/mem/41	📈 view plot ⚠️ NO THRESHOLD	44,194.00 µs
Commit pending proposals f(pending size)/cs1/mem/61	📈 view plot ⚠️ NO THRESHOLD	58,231.00 µs
Commit pending proposals f(pending size)/cs1/mem/81	📈 view plot ⚠️ NO THRESHOLD	74,050.00 µs
Commit remove f(group size)/cs1/mem/1002	📈 view plot ⚠️ NO THRESHOLD	8,603.10 µs
Commit remove f(group size)/cs1/mem/2	📈 view plot ⚠️ NO THRESHOLD	504.10 µs
Commit remove f(group size)/cs1/mem/202	📈 view plot ⚠️ NO THRESHOLD	1,838.10 µs
Commit remove f(group size)/cs1/mem/402	📈 view plot ⚠️ NO THRESHOLD	3,209.40 µs
Commit remove f(group size)/cs1/mem/602	📈 view plot ⚠️ NO THRESHOLD	5,425.20 µs
Commit remove f(group size)/cs1/mem/802	📈 view plot ⚠️ NO THRESHOLD	6,224.80 µs
Commit remove f(number clients)/cs1/mem/1002	📈 view plot ⚠️ NO THRESHOLD	11,075.00 µs
Commit remove f(number clients)/cs1/mem/2	📈 view plot ⚠️ NO THRESHOLD	115,830.00 µs
Commit remove f(number clients)/cs1/mem/202	📈 view plot ⚠️ NO THRESHOLD	95,651.00 µs
Commit remove f(number clients)/cs1/mem/402	📈 view plot ⚠️ NO THRESHOLD	73,946.00 µs
Commit remove f(number clients)/cs1/mem/602	📈 view plot ⚠️ NO THRESHOLD	53,165.00 µs
Commit remove f(number clients)/cs1/mem/802	📈 view plot ⚠️ NO THRESHOLD	32,140.00 µs
Commit update f(group size)/cs1/mem/1002	📈 view plot ⚠️ NO THRESHOLD	115,770.00 µs
Commit update f(group size)/cs1/mem/2	📈 view plot ⚠️ NO THRESHOLD	645.73 µs
Commit update f(group size)/cs1/mem/202	📈 view plot ⚠️ NO THRESHOLD	23,821.00 µs
Commit update f(group size)/cs1/mem/402	📈 view plot ⚠️ NO THRESHOLD	50,916.00 µs
Commit update f(group size)/cs1/mem/602	📈 view plot ⚠️ NO THRESHOLD	70,765.00 µs
Commit update f(group size)/cs1/mem/802	📈 view plot ⚠️ NO THRESHOLD	92,956.00 µs

🐰 View full continuous benchmarking report in Bencher

fewerner · 2026-01-16T15:46:54Z

Except for vergen making problems with building, this is now only missing the swift test and support for the pki environment constructor in swift.

For that we want to add a db.getLocation() function to the public api, then remove the swift database wrapper.

coriolinus

Lots of comments, but most of them are nits. Great work!

I do think we should discuss whether the database instances can actually be independent or not. If they can't--as I now kind of think--then we might not need to keep track of a separate PKI DB after all. But if they can, then we might need more work in that case also:

a migrate_pki_data_to_new_database to be called once ever to move existing data from the old DB to the new
separate migrations for the new DB

coriolinus · 2026-01-20T09:32:09Z

+            "Getting PKI environment from transaction context",
+        ))?;
+
+        let database = pki_environment.database();


I think that even though we've documented that the PKI environment database is theoretically independent of the CC database, it's not, because OpenMLS is still doing PKI things with the CC database. Which means that if we start doing updates to some independent PKI database while OpenMLS is still looking at the CC databse for PKI stuff, everything seems likely to explode.

The simplest resolution to all this is to just remove the documentation that the PKI environment can be an independent database.

istankovic · 2026-01-22T10:45:25Z

Commit 6557504 says:

feat: add pki environment to transaction context

When initializing the mls session we need to know if a pki environment
is set.  [...]

Why do we need to know if the PKI env is set during MLS session init?

fewerner · 2026-01-22T11:31:59Z

Commit 6557504 says:
feat: add pki environment to transaction context

When initializing the mls session we need to know if a pki environment
is set.  [...]
Why do we need to know if the PKI env is set during MLS session init?

OpenMls requires us to have a PkiEnvironmentProvider as part of the MlsProvider held by the session. For that reason, we share this provider between the new PkiEnvironment type and the sessions MlsProvider so that they both point to the same instance. This sharing happens during construction of the PkiEnvironment or Session, depending on which has been initialized first.

If a mls session is initalized after a PKI environment was set then we need to get the PkiEnvironmentProvider's reference into the MlsCryptoProvider. If the PKi environment was not set before we will take a default and update it whenever the PKI is set through CC.

Interactions with the pki happen in a transaction context. We need these getters and the update function to alter the pki environment from the transaction context.

This getter allows us to get the pki environment from the inner transaction context assuming it was set before.

Idb doesn't close the database on drop. Since the pki database can be different from the cc database we close it explicitly on cc close. In case it is the same database this call is idempotent.

We still can't fix these without further refactoring. See WPB-22861

This allows us to translate the callback trait between ffi and core similar to mls transport.

If it was possible to include them, we'd like to, but the generated typescript module doesn't export them.

fewerner force-pushed the felix/feat/pki-environment branch from e9881d2 to 0e441d8 Compare January 16, 2026 14:26

fewerner changed the title ~~Felix/feat/pki environment~~ feat: add Pki Environment API Jan 16, 2026

fewerner force-pushed the felix/feat/pki-environment branch from 0e441d8 to a10d72d Compare January 16, 2026 15:05

fewerner force-pushed the felix/feat/pki-environment branch 4 times, most recently from a1eae2c to 1e65cdf Compare January 19, 2026 17:19

fewerner marked this pull request as ready for review January 19, 2026 17:49

fewerner requested a review from a team January 19, 2026 17:49

coriolinus reviewed Jan 20, 2026

View reviewed changes

fewerner force-pushed the felix/feat/pki-environment branch 4 times, most recently from 3427fc5 to 7eaa100 Compare January 21, 2026 11:31

coriolinus reviewed Jan 22, 2026

View reviewed changes

Comment thread crypto/src/e2e_identity/pki_env.rs Outdated

fewerner force-pushed the felix/feat/pki-environment branch 2 times, most recently from 1c5757e to fc0e6fc Compare January 22, 2026 09:40