feat: add ed25519Sign/Verify FFI bindings

Author: JOHN

generated-kotlin/uniffi/pubky_noise/pubky_noise.kt

@@ -1685,6 +1685,102 @@ public func deriveDeviceKey(seed: Data, deviceId: Data, epoch: UInt32)throws  ->
     )
 })
 }
+/**
+ * Derive a full X25519 keypair from seed, device ID, and epoch.
+ *
+ * This is a convenience function that combines `derive_device_key` and
+ * `public_key_from_secret` to return both the secret and public keys.
+ *
+ * # Errors
+ *
+ * Returns `FfiNoiseError::Ring` if seed is less than 32 bytes.
+ * Returns `FfiNoiseError::Other` if key derivation fails.
+ */
+public func deriveDeviceKeypair(seed: Data, deviceId: Data, epoch: UInt32)throws  -> FfiX25519Keypair  {
+    return try  FfiConverterTypeFfiX25519Keypair_lift(try rustCallWithError(FfiConverterTypeFfiNoiseError_lift) {
+    uniffi_pubky_noise_fn_func_derive_device_keypair(
+        FfiConverterData.lower(seed),
+        FfiConverterData.lower(deviceId),
+        FfiConverterUInt32.lower(epoch),$0
+    )
+})
+}
+/**
+ * Derive noise seed from Ed25519 secret key using HKDF-SHA256.
+ *
+ * This is used to derive future X25519 epoch keys locally without
+ * needing to call Ring again. The seed is domain-separated and
+ * cannot be used for signing.
+ *
+ * HKDF parameters:
+ * - salt: "paykit-noise-seed-v1"
+ * - ikm: Ed25519 secret key (32 bytes)
+ * - info: device ID
+ * - output: 32 bytes
+ *
+ * # Arguments
+ *
+ * * `ed25519_secret_hex` - Ed25519 secret key as 64-char hex string (32 bytes)
+ * * `device_id_hex` - Device ID as hex string
+ *
+ * # Returns
+ *
+ * 64-character hex string of the 32-byte noise seed.
+ *
+ * # Errors
+ *
+ * Returns `FfiNoiseError::Ring` if input is invalid.
+ */
+public func deriveNoiseSeed(ed25519SecretHex: String, deviceIdHex: String)throws  -> String  {
+    return try  FfiConverterString.lift(try rustCallWithError(FfiConverterTypeFfiNoiseError_lift) {
+    uniffi_pubky_noise_fn_func_derive_noise_seed(
+        FfiConverterString.lower(ed25519SecretHex),
+        FfiConverterString.lower(deviceIdHex),$0
+    )
+})
+}
+/**
+ * Sign an arbitrary message with an Ed25519 secret key.
+ *
+ * # Arguments
+ *
+ * * `ed25519_secret_hex` - 64-character hex string of the 32-byte Ed25519 secret key
+ * * `message_hex` - Hex-encoded message bytes to sign
+ *
+ * # Returns
+ *
+ * 128-character hex string of the 64-byte Ed25519 signature.
+ */
+public func ed25519Sign(ed25519SecretHex: String, messageHex: String)throws  -> String  {
+    return try  FfiConverterString.lift(try rustCallWithError(FfiConverterTypeFfiNoiseError_lift) {
+    uniffi_pubky_noise_fn_func_ed25519_sign(
+        FfiConverterString.lower(ed25519SecretHex),
+        FfiConverterString.lower(messageHex),$0
+    )
+})
+}
+/**
+ * Verify an Ed25519 signature.
+ *
+ * # Arguments
+ *
+ * * `ed25519_public_hex` - 64-character hex string of the 32-byte Ed25519 public key
+ * * `message_hex` - Hex-encoded message bytes that were signed
+ * * `signature_hex` - 128-character hex string of the 64-byte signature
+ *
+ * # Returns
+ *
+ * `true` if the signature is valid, `false` otherwise.
+ */
+public func ed25519Verify(ed25519PublicHex: String, messageHex: String, signatureHex: String)throws  -> Bool  {
+    return try  FfiConverterBool.lift(try rustCallWithError(FfiConverterTypeFfiNoiseError_lift) {
+    uniffi_pubky_noise_fn_func_ed25519_verify(
+        FfiConverterString.lower(ed25519PublicHex),
+        FfiConverterString.lower(messageHex),
+        FfiConverterString.lower(signatureHex),$0
+    )
+})
+}
 /**
  * Check if a JSON string looks like a sealed blob envelope.
  *
@@ -1824,6 +1920,18 @@ private let initializationResult: InitializationResult = {
     if (uniffi_pubky_noise_checksum_func_derive_device_key() != 53176) {
         return InitializationResult.apiChecksumMismatch
     }
+    if (uniffi_pubky_noise_checksum_func_derive_device_keypair() != 18334) {
+        return InitializationResult.apiChecksumMismatch
+    }
+    if (uniffi_pubky_noise_checksum_func_derive_noise_seed() != 52084) {
+        return InitializationResult.apiChecksumMismatch
+    }
+    if (uniffi_pubky_noise_checksum_func_ed25519_sign() != 64498) {
+        return InitializationResult.apiChecksumMismatch
+    }
+    if (uniffi_pubky_noise_checksum_func_ed25519_verify() != 14993) {
+        return InitializationResult.apiChecksumMismatch
+    }
     if (uniffi_pubky_noise_checksum_func_is_sealed_blob() != 59485) {
         return InitializationResult.apiChecksumMismatch
     }

generated-swift/pubky_noise.swift

@@ -348,6 +348,26 @@ RustBuffer uniffi_pubky_noise_fn_func_default_config(RustCallStatus *_Nonnull ou
 RustBuffer uniffi_pubky_noise_fn_func_derive_device_key(RustBuffer seed, RustBuffer device_id, uint32_t epoch, RustCallStatus *_Nonnull out_status
 );
 #endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_DERIVE_DEVICE_KEYPAIR
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_DERIVE_DEVICE_KEYPAIR
+RustBuffer uniffi_pubky_noise_fn_func_derive_device_keypair(RustBuffer seed, RustBuffer device_id, uint32_t epoch, RustCallStatus *_Nonnull out_status
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_DERIVE_NOISE_SEED
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_DERIVE_NOISE_SEED
+RustBuffer uniffi_pubky_noise_fn_func_derive_noise_seed(RustBuffer ed25519_secret_hex, RustBuffer device_id_hex, RustCallStatus *_Nonnull out_status
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_ED25519_SIGN
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_ED25519_SIGN
+RustBuffer uniffi_pubky_noise_fn_func_ed25519_sign(RustBuffer ed25519_secret_hex, RustBuffer message_hex, RustCallStatus *_Nonnull out_status
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_ED25519_VERIFY
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_ED25519_VERIFY
+int8_t uniffi_pubky_noise_fn_func_ed25519_verify(RustBuffer ed25519_public_hex, RustBuffer message_hex, RustBuffer signature_hex, RustCallStatus *_Nonnull out_status
+);
+#endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_IS_SEALED_BLOB
 #define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_FN_FUNC_IS_SEALED_BLOB
 int8_t uniffi_pubky_noise_fn_func_is_sealed_blob(RustBuffer json, RustCallStatus *_Nonnull out_status
@@ -681,6 +701,30 @@ uint16_t uniffi_pubky_noise_checksum_func_default_config(void
 #define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_DERIVE_DEVICE_KEY
 uint16_t uniffi_pubky_noise_checksum_func_derive_device_key(void
 
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_DERIVE_DEVICE_KEYPAIR
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_DERIVE_DEVICE_KEYPAIR
+uint16_t uniffi_pubky_noise_checksum_func_derive_device_keypair(void
+    
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_DERIVE_NOISE_SEED
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_DERIVE_NOISE_SEED
+uint16_t uniffi_pubky_noise_checksum_func_derive_noise_seed(void
+    
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_ED25519_SIGN
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_ED25519_SIGN
+uint16_t uniffi_pubky_noise_checksum_func_ed25519_sign(void
+    
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_ED25519_VERIFY
+#define UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_ED25519_VERIFY
+uint16_t uniffi_pubky_noise_checksum_func_ed25519_verify(void
+    
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PUBKY_NOISE_CHECKSUM_FUNC_IS_SEALED_BLOB

generated-swift/pubky_noiseFFI.h

@@ -759,6 +759,10 @@ internal interface UniffiForeignFutureCompleteVoid : com.sun.jna.Callback {
 
 
 
+
+
+
+
 
 
 
@@ -787,6 +791,10 @@ fun uniffi_pubky_noise_checksum_func_derive_device_key(
 ): Short
 fun uniffi_pubky_noise_checksum_func_derive_device_keypair(
 ): Short
+fun uniffi_pubky_noise_checksum_func_ed25519_sign(
+): Short
+fun uniffi_pubky_noise_checksum_func_ed25519_verify(
+): Short
 fun uniffi_pubky_noise_checksum_func_is_sealed_blob(
 ): Short
 fun uniffi_pubky_noise_checksum_func_performance_config(
@@ -918,6 +926,10 @@ fun uniffi_pubky_noise_fn_func_derive_device_key(`seed`: RustBuffer.ByValue,`dev
 ): RustBuffer.ByValue
 fun uniffi_pubky_noise_fn_func_derive_device_keypair(`seed`: RustBuffer.ByValue,`deviceId`: RustBuffer.ByValue,`epoch`: Int,uniffi_out_err: UniffiRustCallStatus, 
 ): RustBuffer.ByValue
+fun uniffi_pubky_noise_fn_func_ed25519_sign(`ed25519SecretHex`: RustBuffer.ByValue,`messageHex`: RustBuffer.ByValue,uniffi_out_err: UniffiRustCallStatus, 
+): RustBuffer.ByValue
+fun uniffi_pubky_noise_fn_func_ed25519_verify(`ed25519PublicHex`: RustBuffer.ByValue,`messageHex`: RustBuffer.ByValue,`signatureHex`: RustBuffer.ByValue,uniffi_out_err: UniffiRustCallStatus, 
+): Byte
 fun uniffi_pubky_noise_fn_func_is_sealed_blob(`json`: RustBuffer.ByValue,uniffi_out_err: UniffiRustCallStatus, 
 ): Byte
 fun uniffi_pubky_noise_fn_func_performance_config(uniffi_out_err: UniffiRustCallStatus, 
@@ -1070,6 +1082,12 @@ private fun uniffiCheckApiChecksums(lib: IntegrityCheckingUniffiLib) {
     if (lib.uniffi_pubky_noise_checksum_func_derive_device_keypair() != 18334.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
+    if (lib.uniffi_pubky_noise_checksum_func_ed25519_sign() != 64498.toShort()) {
+        throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
+    }
+    if (lib.uniffi_pubky_noise_checksum_func_ed25519_verify() != 14993.toShort()) {
+        throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
+    }
     if (lib.uniffi_pubky_noise_checksum_func_is_sealed_blob() != 59485.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
@@ -2692,6 +2710,51 @@ public object FfiConverterSequenceString: FfiConverterRustBuffer<List<kotlin.Str
     }
 
 
+        /**
+         * Sign an arbitrary message with an Ed25519 secret key.
+         *
+         * # Arguments
+         *
+         * * `ed25519_secret_hex` - 64-character hex string of the 32-byte Ed25519 secret key
+         * * `message_hex` - Hex-encoded message bytes to sign
+         *
+         * # Returns
+         *
+         * 128-character hex string of the 64-byte Ed25519 signature.
+         */
+    @Throws(FfiNoiseException::class) fun `ed25519Sign`(`ed25519SecretHex`: kotlin.String, `messageHex`: kotlin.String): kotlin.String {
+            return FfiConverterString.lift(
+    uniffiRustCallWithError(FfiNoiseException) { _status ->
+    UniffiLib.INSTANCE.uniffi_pubky_noise_fn_func_ed25519_sign(
+        FfiConverterString.lower(`ed25519SecretHex`),FfiConverterString.lower(`messageHex`),_status)
+}
+    )
+    }
+    
+
+        /**
+         * Verify an Ed25519 signature.
+         *
+         * # Arguments
+         *
+         * * `ed25519_public_hex` - 64-character hex string of the 32-byte Ed25519 public key
+         * * `message_hex` - Hex-encoded message bytes that were signed
+         * * `signature_hex` - 128-character hex string of the 64-byte signature
+         *
+         * # Returns
+         *
+         * `true` if the signature is valid, `false` otherwise.
+         */
+    @Throws(FfiNoiseException::class) fun `ed25519Verify`(`ed25519PublicHex`: kotlin.String, `messageHex`: kotlin.String, `signatureHex`: kotlin.String): kotlin.Boolean {
+            return FfiConverterBoolean.lift(
+    uniffiRustCallWithError(FfiNoiseException) { _status ->
+    UniffiLib.INSTANCE.uniffi_pubky_noise_fn_func_ed25519_verify(
+        FfiConverterString.lower(`ed25519PublicHex`),FfiConverterString.lower(`messageHex`),FfiConverterString.lower(`signatureHex`),_status)
+}
+    )
+    }
+    
+
         /**
          * Check if a JSON string looks like a sealed blob envelope.
          *