[KeyManager] Add key destruction FFI and background reaper#647
Merged
NilanjanDaw merged 6 commits intogoogle:mainfrom Feb 18, 2026
Merged
[KeyManager] Add key destruction FFI and background reaper#647NilanjanDaw merged 6 commits intogoogle:mainfrom
NilanjanDaw merged 6 commits intogoogle:mainfrom
Conversation
NilanjanDaw
force-pushed
the
add-destroy-key-ffi
branch
3 times, most recently
from
e329e13 to
14590eb
Compare
NilanjanDaw
force-pushed
the
add-destroy-key-ffi
branch
from
dd8604c to
9236663
Compare
Collaborator
|
This PR has lots of files that are already being reviewed in separate PRs. Will hold off on reviewing until this PR just has new files that are relevant to the reaper functionality. |
NilanjanDaw
force-pushed
the
add-destroy-key-ffi
branch
from
9236663 to
eb7a436
Compare
background reaper Enhances key lifecycle management by introducing FFI functions for manual key destruction and a background reaper for automatic expiration. Key Changes: - FFI Destruction: Added `key_manager_destroy_kem_key` (KPS) and `key_manager_destroy_binding_key` (WS) to allow external callers to explicitly remove keys from the registry. - Background Reaper: Implemented a background thread in `KeyRegistry` that periodically scans for and purges expired KEM keys. - Registry initialization: Updated KPS `KEY_REGISTRY` initialization to automatically start the reaper thread. - Testing: Added unit tests for manual destruction (success, not found, null ptr) and verified reaper functionality.
NilanjanDaw
force-pushed
the
add-destroy-key-ffi
branch
from
eb7a436 to
c844049
Compare
atulpatildbz
approved these changes
Feb 15, 2026
Collaborator
atulpatildbz
left a comment
atulpatildbz
left a comment
There was a problem hiding this comment.
Minor comments. Thanks
| let handle = registry.start_reaper(stop_signal.clone()); | ||
|
|
||
| // Wait for < expiry (1s) - key should still be there | ||
| std::thread::sleep(Duration::from_secs(1)); |
Collaborator
There was a problem hiding this comment.
is it possible to figure out a way use a channel to notify the test when the reaper completes a cycle?
Or expose a trigger_reaper_scan() private method just for tests? WDYT?
Collaborator
Author
There was a problem hiding this comment.
It might not be that straight forward since these are separate threads. But I have increased the buffer time between the events to tackle any timing issues. Let me know if you think we should introduce a channel.
NilanjanDaw
force-pushed
the
add-destroy-key-ffi
branch
from
14fd590 to
10de7a1
Compare
clundin25
reviewed
Feb 17, 2026
clundin25
reviewed
Feb 17, 2026
clundin25
approved these changes
Feb 17, 2026
Collaborator
Author
|
/gcbrun |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enhances key lifecycle management by introducing FFI functions for manual key destruction and a background reaper for automatic expiration.
Key Changes:
key_manager_destroy_kem_key(KPS) andkey_manager_destroy_binding_key(WS) to allow external callers to explicitly remove keys from the registry.KeyRegistrythat periodically scans for and purges expired KEM keys.KEY_REGISTRYinitialization to automatically start the reaper thread.This PR is built on top of #645 [KeyManager] Implement FFI for KEM and binding key generation
Please review commit #025520d onwards