Ivan Petrov

`clang-tidy` wants me to use `reinterpret_cast` here: https://github.com/project-oak/oak/blob/1ef0a9d292ed8fa600932c83dd09aca1b75368e2/cc/crypto/hpke/jni/context_jni.cc#L36-L37 But then says ``` error: integer to pointer cast pessimizes optimization opportunities [performance-no-int-to-ptr,-warnings-as-errors] ``` And we have to cast `jlong` into a...

Currently had to add `-performance-no-int-to-ptr` to https://github.com/project-oak/oak/blob/main/.clang-tidy

Also about the `error: consider replacing 'long' with 'int64' [google-runtime-int,-warnings-as-errors]`. I'm not sure whether it's fine to do on Android JNI (needs additional double-checking). https://github.com/project-oak/oak/blob/1a9582119e4458667d794914f6f41ebb93090098/cc/crypto/hpke/jni/hpke_jni.cc#L53-L55 cc @conradgrobler @k-naliuka

cc @tiziano88 @conradgrobler

As an addition, we should probably also use [`OPENSSL_cleanse`](https://www.openssl.org/docs/man3.2/man3/OPENSSL_cleanse.html) for our C++ (with Java) code on the client side.

@pmcgrath17 @tiziano88

cc @tiziano88 @conradgrobler @sidtelang

Also the `default-features` include `x25519-dalek`, which we would want to remove from our codebase: https://github.com/rozbb/rust-hpke/blob/b53f23ca707efe78051dec5330dd18e6007e2384/Cargo.toml#L17-L18 We probably need to split `p256` into a separate feature, so we won't have to...

Another contribution that we could make is to allow serialization for the Context objects. We cannot share private keys with the enclave application and only want to share session keys/contexts....

> to avoid an additional round trip, the server may send this alongside the server identity message The `server_identity` message is not encrypted, since it's a part of the initial...