[keymanager] Generate Rust FFI headers with cbindgen#655
Merged
atulpatildbz merged 4 commits intogoogle:mainfrom Feb 19, 2026
Merged
[keymanager] Generate Rust FFI headers with cbindgen#655atulpatildbz merged 4 commits intogoogle:mainfrom
atulpatildbz merged 4 commits intogoogle:mainfrom
Conversation
e374155 to
08ce164
Compare
75b3280 to
47ac3cf
Compare
This change introduces automated C header generation using binding and fixes a critical ABI mismatch in the key custody FFI layer. Changes: 1. FFI Header Generation: - Added keymanager/generate_ffi_headers.sh script to generate C headers for all key custody components. - Added cbindgen.toml configurations for km_common, kps_key_custody_core, and ws_key_custody_core. - Exposed km_common::ffi with stable C-ABI structs and constants to ensure compatibility. 2. FFI ABI Safety Fix: - Problem: Previous FFI functions accepted HpkeAlgorithm (Protobuf-generated repr(Rust) struct) by value. This caused undefined behavior as C callers expected a C-compatible layout. - Fix: Updated key_manager_generate_kem_keypair and key_manager_generate_binding_keypair to accept KmHpkeAlgorithm, a dedicated repr(C) struct. - Mechanism: Implemented safe conversion (impl From<KmHpkeAlgorithm> for HpkeAlgorithm) to bridge the FFI boundary safely. - Verification: Added FFI-specific tests covering KmHpkeAlgorithm usage.
47ac3cf to
516248a
Compare
NilanjanDaw
reviewed
Feb 16, 2026
Collaborator
NilanjanDaw
left a comment
There was a problem hiding this comment.
Thanks for working on this! A few initial comments.
- Replaced KmHpkeAlgorithm struct with serialized HpkeAlgorithm protobuf bytes in FFI. - Added prost dependency to kps and ws crates for decoding. - Removed keymanager/km_common/src/ffi.rs and include/km_algorithms.h to avoid duplication. - Regenerated C headers for kps and ws components. - Verified with cargo test.
Collaborator
Author
|
/gcbrun |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds C header for the key custody FFI layer and fixes abi mismatch to ensure safe interoperability with C/Go.
Changes
Automated FFI Header Generation:
keymanager/generate_ffi_headers.shto generate C headers for all key custody components usingcbindgen.cbindgen.tomlconfigurations forkps_key_custody_core,ws_key_custody_core, andkm_common.km_common::ffiwith stable C-ABI structs and constants to ensure compatibility.FFI ABI Fix:
key_manager_generate_kem_keypair,key_manager_generate_binding_keypair) acceptedHpkeAlgorithmby value.HpkeAlgorithmis a Protobuf-generated struct which is#[repr(Rust)]by default. Passing it by value across FFI caused undefined behavior because C callers expected a standard C struct layout, but Rust used its own internal layout.KmHpkeAlgorithm, a dedicated#[repr(C)]struct.impl From<KmHpkeAlgorithm> for HpkeAlgorithm) to bridge the FFI boundary safely.KmHpkeAlgorithmusage.List of manual changes:
keymanager/generate_ffi_headers.sh: New script to automate header generation.*/cbindgen.toml: New configuration files forcbindgen.keymanager/km_common/src/ffi.rs: New file defining stable#[repr(C)]structs (likeKmHpkeAlgorithm).keymanager/*/src/lib.rs: Modified FFI functions to use the safeKmHpkeAlgorithmstruct and perform conversion.Auto-Generated changes:
keymanager/km_common/include/km_algorithms.h: Generated C header for common algorithms.keymanager/key_protection_service/key_custody_core/include/kps_key_custody_core.h: Generated C header for KPS.keymanager/workload_service/key_custody_core/include/ws_key_custody_core.h: Generated C header for WS.Verification
cargo testpasses inkeymanager/. Added new test cases tokps_key_custody_coreandws_key_custody_corethat invoke the FFI functions with the correctKmHpkeAlgorithmstruct.generate_ffi_headers.shproduces headers where the C struct definition matches the Rust FFI signature.