feat: add unified keystore connection [WPB-23773]#1933
Merged
coriolinus merged 26 commits intomainfrom Mar 17, 2026
Merged
Conversation
coriolinus
force-pushed
the
prgn/feat/23773-unified-keystore-connection
branch
2 times, most recently
from
8045494 to
c25589b
Compare
istankovic
reviewed
Mar 17, 2026
keystore/src/entities/mls.rs
Outdated
| fn save(&self, tx: &rusqlite::Transaction) -> crate::CryptoKeystoreResult<()> { | ||
| let hash = crate::Sha256Hash::hash_from(&self.pk); | ||
| let mut stmt = | ||
| tx.prepare_cached("INSERT OR REPLACE INTO mls_hpke_private_keys (pk_sha256, pk, sk) VALUES (?, ?, ?)")?; |
Member
There was a problem hiding this comment.
optional: wanna use named parameters here, just to make it more robust against errors when refactoring?
keystore/src/entities/mls.rs
Outdated
| fn save(&self, tx: &rusqlite::Transaction) -> crate::CryptoKeystoreResult<()> { | ||
| let hash = crate::Sha256Hash::hash_from(&self.pk); | ||
| let mut stmt = tx | ||
| .prepare_cached("INSERT OR REPLACE INTO mls_encryption_keypairs (pk_sha256, pk, sk) VALUES (?, ?, ?)")?; |
Member
There was a problem hiding this comment.
optional: wanna use named parameters here, just to make it more robust against errors when refactoring?
keystore/src/entities/mls.rs
Outdated
| fn save(&self, tx: &rusqlite::Transaction) -> crate::CryptoKeystoreResult<()> { | ||
| let hash = crate::Sha256Hash::hash_from(&self.psk_id); | ||
| let mut stmt = | ||
| tx.prepare_cached("INSERT OR REPLACE INTO mls_psk_bundles (id_sha256, psk_id, psk) VALUES (?, ?, ?)")?; |
Member
There was a problem hiding this comment.
optional: wanna use named parameters here, just to make it more robust against errors when refactoring?
keystore/src/entities/proteus.rs
Outdated
| type AutoGeneratedFields = (); | ||
|
|
||
| fn save(&self, tx: &rusqlite::Transaction) -> crate::CryptoKeystoreResult<()> { | ||
| let mut stmt = tx.prepare_cached("INSERT INTO proteus_prekeys (id, key) VALUES (?, ?)")?; |
Member
There was a problem hiding this comment.
optional: wanna use named parameters here, just to make it more robust against errors when refactoring?
keystore/src/entities/proteus.rs
Outdated
| type AutoGeneratedFields = (); | ||
|
|
||
| fn save(&self, tx: &rusqlite::Transaction) -> crate::CryptoKeystoreResult<()> { | ||
| let mut stmt = tx.prepare_cached("INSERT INTO proteus_identities (sk, pk) VALUES (?, ?)")?; |
Member
There was a problem hiding this comment.
optional: wanna use named parameters here, just to make it more robust against errors when refactoring?
SimonThormeyer
approved these changes
Mar 17, 2026
Member
SimonThormeyer
left a comment
SimonThormeyer
left a comment
There was a problem hiding this comment.
Just a few comments/questions, nothing blocking.
Great work! Looking forward to what's coming next.
Contributor
Author
|
I'm going to skip the named parameters suggestions for now, for two reasons:
|
This isn't really part of the connection anyway.
This type wraps a bare rusqlite `Connection` when in memory or running locally, and one with a IDB VFS when on `target_os = "unknown"`. It also refactors the initialization a bit to minimize code duplication. The `ConnectionWrapper` and `RusqliteConnection` items aren't really final; they work for the moment, but I don't love them. Need to put a bit more thought into how precisely I want this all to work.
…ction This may not be the optimal placement for these; I want to revisit the project layout again after we have deleted the old connection code. For now, they're all in place at least.
We need to have some kind of abstraction in the unified database, because we want to support operations like "wipe" which involve simply deleting the database. But there's no particular reason that abstraction needs to include the actual connection, so we separate that part out. This turns out to simplify everything.
…atabase We can't fully support this yet without adjusting certain intefaces in `KeystoreTransaction`, but we can get it started.
Like it or not, we still need this capability at least on known-os platforms, so here it is.
This means we don't have to mess with the `FetchFromDatabase` trait or any writeable entity methods; people can just use the relevant `UnifiedEntity` traits directly. We probably want to change this up in the future. This approach means that I save a lot of work right now messing with traits which are in flux, but it also means that it's possible to bypass the CC transaction entirely and just do writes directly to the database. See WPB-24064. In the meantime, this is worth it just because it means we don't have to write _any_ entity-specific code on the `Database` for now.
Major changes: 1. everything is sync because sqlite is not async 2. connection, transaction are specified explicitly instead of as associated types 3. eliminated `EntityBase`
These act like the old generic helpers, but tuned for the new unified entity traits.
It's much easier to work on a bunch of individual focused files than a few massive files containing a ton of entities each.
These files only contain the one entity, so name them appropriately.
Somehow I'd configured out an essential trait import also...
Turns out that refinery is very strict about migration files, hashing the file itself to determine what the migration looks like. So adding a trailing newline there breaks our ability to ever migrate from pre-v9 databases, because the migration hash differs. So we need to retain the old migrations byte-for-byte.
coriolinus
force-pushed
the
prgn/feat/23773-unified-keystore-connection
branch
from
dd20fe5 to
acb13f0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's new in this PR
Create a rusqlite connection for the keystore that's usable both in native and wasm compilation environments.
PR Submission Checklist for internal contributors
SQPIT-764feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.