Expand description
FFI bindings to expose core functionality to other languages (Swift, Kotlin, C, etc.).
Provides functions for key management (import, rotate, export), cryptographic operations, and agent-based signing.
§Safety
Functions returning pointers (*mut c_char, *mut u8) allocate memory
using libc::malloc. The caller is responsible for freeing this memory
using the corresponding ffi_free_* function (ffi_free_str, ffi_free_bytes).
Input C string pointers (*const c_char) must be valid, null-terminated UTF-8 strings.
Input byte pointers (*const u8/*const c_uchar) must be valid for the specified length.
Output length pointers (*mut usize) must be valid pointers.
Operations involving raw pointers or calling C functions are wrapped in unsafe blocks.
Constants§
- FFI_
ERR_ AGENT_ NOT_ INITIALIZED - Agent not initialized (call ffi_init_agent first)
- FFI_
ERR_ INVALID_ UTF8 - Invalid UTF-8 in C string input
- FFI_
ERR_ PANIC - Internal panic occurred
- FFI_OK
- Successful operation
Functions§
- c_
str_ ⚠to_ str Deprecated - Converts a C string pointer to a Rust
&str. Returns an empty string if the pointer is null. Panics if the C string is not valid UTF-8. - c_
str_ ⚠to_ str_ safe - Safely converts a C string pointer to a Rust
&str. ReturnsOk("")if the pointer is null. ReturnsErr(FFI_ERR_INVALID_UTF8)if the C string is not valid UTF-8. - ffi_
agent_ ⚠sign - Signs a message using a key loaded into the FFI agent.
- ffi_
decrypt_ ⚠data - Decrypts data using the given passphrase.
- ffi_
encrypt_ ⚠data - Encrypts data using the given passphrase.
- ffi_
export_ ⚠encrypted_ key - Exports the raw encrypted private key bytes associated with the alias. This function does not require a passphrase.
- ffi_
export_ ⚠private_ key_ openssh - Exports the decrypted private key in OpenSSH PEM format. Requires the correct passphrase to decrypt the key.
- ffi_
export_ ⚠private_ key_ with_ passphrase - Verifies a passphrase against the stored encrypted key for the given alias. If the passphrase is correct, returns a copy of the encrypted key data.
- ffi_
export_ ⚠public_ key_ openssh - Exports the public key in OpenSSH
.pubformat. Requires the correct passphrase to decrypt the associated private key first. - ffi_
free_ ⚠bytes - Frees a byte buffer (
unsigned char */uint8_t *) previously returned by an FFI function in this library (which allocated it usinglibc::malloc). Does nothing ifptris null. Thelenargument is ignored but kept for potential C-side compatibility if callers expect it. - ffi_
free_ ⚠str - Frees a C string (
char *) previously returned by an FFI function in this library (which allocated it usingCString::into_raw). Does nothing ifptris null. - ffi_
import_ ⚠key - Imports a private key (provided as raw PKCS#8 bytes), encrypts it with the given passphrase, and stores it in the secure storage under the specified local alias, associated with the given controller DID.
- ffi_
init_ ⚠agent - Initializes the FFI agent with the specified socket path.
- ffi_
key_ ⚠exists - Checks if a key with the given alias exists in the secure storage.
- ffi_
rotate_ ⚠key - Rotates the keypair for a given local alias. Generates a new key, encrypts it with the new passphrase, and replaces the existing key in secure storage, keeping the association with the original Controller DID.
- ffi_
set_ ⚠encryption_ algorithm - Sets the global encryption algorithm level used by
encrypt_keypair. (1 = AES-GCM-256, 2 = ChaCha20Poly1305). Defaults to AES if level is unknown. - ffi_
shutdown_ ⚠agent - Shuts down the FFI agent, clearing all keys from memory.
- malloc_
and_ ⚠copy_ bytes - Helper to allocate memory via malloc, copy Rust slice data into it, set the out_len pointer, and return the raw pointer. Returns null pointer on allocation failure.
- result_
to_ ⚠c_ int - Converts a Rust
Result<T, E: Display>to a C-style integer error code. Logs the error on failure. Returns 0 on Ok, 1 on Err (general error). Consider more specific error codes in the future.