Skip to content

Comments

[keymanager] Generate Rust FFI headers with cbindgen#655

Merged
atulpatildbz merged 4 commits intogoogle:mainfrom
atulpatildbz:cbindgen-ffi-headers
Feb 19, 2026
Merged

[keymanager] Generate Rust FFI headers with cbindgen#655
atulpatildbz merged 4 commits intogoogle:mainfrom
atulpatildbz:cbindgen-ffi-headers

Conversation

@atulpatildbz
Copy link
Collaborator

@atulpatildbz atulpatildbz commented Feb 10, 2026

This PR adds C header for the key custody FFI layer and fixes abi mismatch to ensure safe interoperability with C/Go.

Changes

  1. Automated FFI Header Generation:

    • Added keymanager/generate_ffi_headers.sh to generate C headers for all key custody components using cbindgen.
    • Added cbindgen.toml configurations for kps_key_custody_core, ws_key_custody_core, and km_common.
    • Exposed km_common::ffi with stable C-ABI structs and constants to ensure compatibility.
  2. FFI ABI Fix:

    • Previous FFI functions (key_manager_generate_kem_keypair, key_manager_generate_binding_keypair) accepted HpkeAlgorithm by value. HpkeAlgorithm is a Protobuf-generated struct which is #[repr(Rust)] by default. Passing it by value across FFI caused undefined behavior because C callers expected a standard C struct layout, but Rust used its own internal layout.
    • Updated FFI signatures to accept KmHpkeAlgorithm, a dedicated #[repr(C)] struct.
    • Implemented safe conversion (impl From<KmHpkeAlgorithm> for HpkeAlgorithm) to bridge the FFI boundary safely.
    • Added FFI-specific tests covering KmHpkeAlgorithm usage.

List of manual changes:

  • keymanager/generate_ffi_headers.sh: New script to automate header generation.
  • */cbindgen.toml: New configuration files for cbindgen.
  • keymanager/km_common/src/ffi.rs: New file defining stable #[repr(C)] structs (like KmHpkeAlgorithm).
  • keymanager/*/src/lib.rs: Modified FFI functions to use the safe KmHpkeAlgorithm struct and perform conversion.

Auto-Generated changes:

  • keymanager/km_common/include/km_algorithms.h: Generated C header for common algorithms.
  • keymanager/key_protection_service/key_custody_core/include/kps_key_custody_core.h: Generated C header for KPS.
  • keymanager/workload_service/key_custody_core/include/ws_key_custody_core.h: Generated C header for WS.

Verification

  • Tests: Verified that cargo test passes in keymanager/. Added new test cases to kps_key_custody_core and ws_key_custody_core that invoke the FFI functions with the correct KmHpkeAlgorithm struct.
  • Headers: Verified that generate_ffi_headers.sh produces headers where the C struct definition matches the Rust FFI signature.

@atulpatildbz atulpatildbz marked this pull request as ready for review February 13, 2026 17:20
@atulpatildbz atulpatildbz force-pushed the cbindgen-ffi-headers branch 3 times, most recently from 75b3280 to 47ac3cf Compare February 14, 2026 10:49
This change introduces automated C header generation using binding and fixes a critical ABI mismatch in the key custody FFI layer.

Changes:

1. FFI Header Generation:
   - Added keymanager/generate_ffi_headers.sh script to generate C headers for all key custody components.
   - Added cbindgen.toml configurations for km_common, kps_key_custody_core, and ws_key_custody_core.
   - Exposed km_common::ffi with stable C-ABI structs and constants to ensure compatibility.

2. FFI ABI Safety Fix:
   - Problem: Previous FFI functions accepted HpkeAlgorithm (Protobuf-generated repr(Rust) struct) by value. This caused undefined behavior as C callers expected a C-compatible layout.
   - Fix: Updated key_manager_generate_kem_keypair and key_manager_generate_binding_keypair to accept KmHpkeAlgorithm, a dedicated repr(C) struct.
   - Mechanism: Implemented safe conversion (impl From<KmHpkeAlgorithm> for HpkeAlgorithm) to bridge the FFI boundary safely.
   - Verification: Added FFI-specific tests covering KmHpkeAlgorithm usage.
Copy link
Collaborator

@NilanjanDaw NilanjanDaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! A few initial comments.

- Replaced KmHpkeAlgorithm struct with serialized HpkeAlgorithm protobuf bytes in FFI.
- Added prost dependency to kps and ws crates for decoding.
- Removed keymanager/km_common/src/ffi.rs and include/km_algorithms.h to avoid duplication.
- Regenerated C headers for kps and ws components.
- Verified with cargo test.
Copy link
Collaborator

@NilanjanDaw NilanjanDaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor nits.

@atulpatildbz
Copy link
Collaborator Author

/gcbrun

@atulpatildbz atulpatildbz merged commit 3c3b695 into google:main Feb 19, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants