pq_crypto 0.1.0

data/lib/pq_crypto.rb

@@ -0,0 +1,177 @@
+# frozen_string_literal: true
+
+require "rbconfig"
+require_relative "pq_crypto/version"
+require_relative "pq_crypto/errors"
+
+begin
+  require "pqcrypto/pqcrypto_secure"
+rescue LoadError => original_error
+  ext_dir = File.expand_path("pqcrypto", __dir__)
+  extensions = [".#{RbConfig::CONFIG.fetch('DLEXT')}", ".bundle", ".so"].uniq
+  search_dirs = [ext_dir, File.join(ext_dir, "pqcrypto")].uniq
+  candidates = search_dirs.flat_map do |dir|
+    extensions.map { |ext| File.join(dir, "pqcrypto_secure#{ext}") }
+  end
+  existing = candidates.select { |path| File.exist?(path) }
+
+  raise LoadError,
+        "Could not find compiled PQCrypto extension. Run: bundle exec rake compile" if existing.empty?
+
+  loaded = existing.any? do |path|
+    begin
+      require path
+      true
+    rescue LoadError
+      false
+    end
+  end
+
+  raise original_error unless loaded
+end
+
+require_relative "pq_crypto/serialization"
+
+module PQCrypto
+  SUITES = {
+    kem: [:ml_kem_768].freeze,
+    hybrid_kem: [:ml_kem_768_x25519_hkdf_sha256].freeze,
+    signature: [:ml_dsa_65].freeze,
+  }.freeze
+
+  NATIVE_EXTENSION_LOADED = true unless const_defined?(:NATIVE_EXTENSION_LOADED)
+
+  class << self
+    unless private_method_defined?(:native_ml_kem_keypair)
+      alias_method :native_ml_kem_keypair, :ml_kem_keypair
+      alias_method :native_ml_kem_encapsulate, :ml_kem_encapsulate
+      alias_method :native_ml_kem_decapsulate, :ml_kem_decapsulate
+      alias_method :native_hybrid_kem_keypair, :hybrid_kem_keypair
+      alias_method :native_hybrid_kem_encapsulate, :hybrid_kem_encapsulate
+      alias_method :native_hybrid_kem_decapsulate, :hybrid_kem_decapsulate
+      alias_method :native_sign_keypair, :sign_keypair
+      alias_method :native_sign, :sign
+      alias_method :native_verify, :verify
+      alias_method :native_secure_wipe, :secure_wipe
+      alias_method :native_version, :version
+      alias_method :native_public_key_to_pqc_container_der, :public_key_to_pqc_container_der
+      alias_method :native_public_key_to_pqc_container_pem, :public_key_to_pqc_container_pem
+      alias_method :native_secret_key_to_pqc_container_der, :secret_key_to_pqc_container_der
+      alias_method :native_secret_key_to_pqc_container_pem, :secret_key_to_pqc_container_pem
+      alias_method :native_public_key_from_pqc_container_der, :public_key_from_pqc_container_der
+      alias_method :native_public_key_from_pqc_container_pem, :public_key_from_pqc_container_pem
+      alias_method :native_secret_key_from_pqc_container_der, :secret_key_from_pqc_container_der
+      alias_method :native_secret_key_from_pqc_container_pem, :secret_key_from_pqc_container_pem
+      alias_method :native_test_ml_kem_keypair_from_seed, :__test_ml_kem_keypair_from_seed
+      alias_method :native_test_ml_kem_encapsulate_from_seed, :__test_ml_kem_encapsulate_from_seed
+      alias_method :native_test_sign_keypair_from_seed, :__test_sign_keypair_from_seed
+      alias_method :native_test_sign_from_seed, :__test_sign_from_seed
+
+      private :native_ml_kem_keypair,
+              :native_ml_kem_encapsulate,
+              :native_ml_kem_decapsulate,
+              :native_hybrid_kem_keypair,
+              :native_hybrid_kem_encapsulate,
+              :native_hybrid_kem_decapsulate,
+              :native_sign_keypair,
+              :native_sign,
+              :native_verify,
+              :native_secure_wipe,
+              :native_version,
+              :native_public_key_to_pqc_container_der,
+              :native_public_key_to_pqc_container_pem,
+              :native_secret_key_to_pqc_container_der,
+              :native_secret_key_to_pqc_container_pem,
+              :native_public_key_from_pqc_container_der,
+              :native_public_key_from_pqc_container_pem,
+              :native_secret_key_from_pqc_container_der,
+              :native_secret_key_from_pqc_container_pem,
+              :native_test_ml_kem_keypair_from_seed,
+              :native_test_ml_kem_encapsulate_from_seed,
+              :native_test_sign_keypair_from_seed,
+              :native_test_sign_from_seed,
+              :ml_kem_keypair,
+              :ml_kem_encapsulate,
+              :ml_kem_decapsulate,
+              :hybrid_kem_keypair,
+              :hybrid_kem_encapsulate,
+              :hybrid_kem_decapsulate,
+              :sign_keypair,
+              :sign,
+              :verify,
+              :public_key_to_pqc_container_der,
+              :public_key_to_pqc_container_pem,
+              :secret_key_to_pqc_container_der,
+              :secret_key_to_pqc_container_pem,
+              :public_key_from_pqc_container_der,
+              :public_key_from_pqc_container_pem,
+              :secret_key_from_pqc_container_der,
+              :secret_key_from_pqc_container_pem,
+              :__test_ml_kem_keypair_from_seed,
+              :__test_ml_kem_encapsulate_from_seed,
+              :__test_sign_keypair_from_seed,
+              :__test_sign_from_seed
+    end
+
+    def version
+      native_version
+    end
+
+    def backend
+      :native_pqclean
+    end
+
+    def native_extension_loaded?
+      true
+    end
+
+    def supported_kems
+      SUITES.fetch(:kem).dup
+    end
+
+    def supported_hybrid_kems
+      SUITES.fetch(:hybrid_kem).dup
+    end
+
+    def supported_signatures
+      SUITES.fetch(:signature).dup
+    end
+
+    def secure_wipe(string)
+      string = String(string)
+      raise ArgumentError, "secure_wipe requires a mutable String" if string.frozen?
+
+      native_secure_wipe(string)
+    end
+  end
+
+  module Testing
+    def self.ml_kem_keypair_from_seed(seed)
+      PQCrypto.__send__(:native_test_ml_kem_keypair_from_seed, String(seed).b)
+    rescue ArgumentError => e
+      raise InvalidKeyError, e.message
+    end
+
+    def self.ml_kem_encapsulate_from_seed(public_key, seed)
+      PQCrypto.__send__(:native_test_ml_kem_encapsulate_from_seed, String(public_key).b, String(seed).b)
+    rescue ArgumentError => e
+      raise InvalidKeyError, e.message
+    end
+
+    def self.ml_dsa_keypair_from_seed(seed)
+      PQCrypto.__send__(:native_test_sign_keypair_from_seed, String(seed).b)
+    rescue ArgumentError => e
+      raise InvalidKeyError, e.message
+    end
+
+    def self.ml_dsa_sign_from_seed(message, secret_key, seed)
+      PQCrypto.__send__(:native_test_sign_from_seed, String(message).b, String(secret_key).b, String(seed).b)
+    rescue ArgumentError => e
+      raise InvalidKeyError, e.message
+    end
+  end
+end
+
+require_relative "pq_crypto/kem"
+require_relative "pq_crypto/hybrid_kem"
+require_relative "pq_crypto/signature"

data/lib/pqcrypto.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative "pq_crypto"

data/script/vendor_libs.rb

@@ -0,0 +1,199 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "digest"
+require "fileutils"
+require "open-uri"
+require "rubygems/package"
+require "tmpdir"
+require "zlib"
+
+VENDOR_DIR = File.expand_path("../ext/pqcrypto/vendor", __dir__)
+MANIFEST_PATH = File.join(VENDOR_DIR, ".vendored")
+
+DEFAULT_PQCLEAN = {
+  version: "2cc64716044832eea747234ddbffc06746ab815d",
+  url: "https://github.com/PQClean/PQClean/archive/2cc64716044832eea747234ddbffc06746ab815d.tar.gz",
+  strip: "PQClean-2cc64716044832eea747234ddbffc06746ab815d",
+  sha256: "0e92076a79082a8d220e27227f37b280fb2ce050af412babd2bc755ab37b871a"
+}.freeze
+
+KEEP_DIRS = %w[
+  crypto_kem/ml-kem-768/clean
+  crypto_sign/ml-dsa-65/clean
+  common
+].freeze
+
+WARNING = <<~TEXT.freeze
+  WARNING: this script is a manual vendor refresh tool.
+
+  pq_crypto relies on the vendored PQClean snapshot committed to the repository.
+  Running this script will replace ext/pqcrypto/vendor with a fresh upstream copy.
+  Use the pinned defaults unless you are intentionally updating the upstream snapshot.
+TEXT
+
+def load_manifest(path)
+  return {} unless File.exist?(path)
+
+  File.readlines(path, chomp: true).each_with_object({}) do |line, acc|
+    next if line.strip.empty? || line.lstrip.start_with?("#")
+    key, value = line.split("=", 2)
+    next if key.nil? || value.nil?
+
+    acc[key] = value
+  end
+end
+
+def manifest_value(manifest, key)
+  value = manifest[key]
+  return nil if value.nil? || value.strip.empty? || value == "unrecorded"
+
+  value
+end
+
+def commit_archive_url?(url)
+  url.match?(%r{\Ahttps://(?:github\.com|codeload\.github\.com)/PQClean/PQClean/(?:archive|tar\.gz)/[0-9a-f]{40}(?:\.tar\.gz)?\z}i) ||
+    url.match?(%r{\Ahttps://github\.com/PQClean/PQClean/archive/[0-9a-f]{40}\.tar\.gz\z}i)
+end
+
+def build_vendor_config
+  manifest = load_manifest(MANIFEST_PATH)
+
+  version = ENV["PQCLEAN_VERSION"] || manifest_value(manifest, "pqclean_version") || DEFAULT_PQCLEAN[:version]
+  url = ENV["PQCLEAN_URL"] || manifest_value(manifest, "pqclean_url") || DEFAULT_PQCLEAN[:url]
+  sha256 = ENV["PQCLEAN_SHA256"] || manifest_value(manifest, "pqclean_archive_sha256") || DEFAULT_PQCLEAN[:sha256]
+  strip = ENV["PQCLEAN_STRIP"] || manifest_value(manifest, "pqclean_strip") || DEFAULT_PQCLEAN[:strip]
+
+  {
+    version: version,
+    url: url,
+    sha256: sha256,
+    strip: strip,
+    keep: KEEP_DIRS
+  }.freeze
+end
+
+def validate_vendor_config!(config)
+  required = %i[version url strip]
+  missing = required.select { |key| config[key].to_s.strip.empty? }
+  return if missing.empty?
+
+  abort <<~MSG
+    Missing required vendoring configuration: #{missing.join(", ")}
+
+    Example:
+      PQCLEAN_VERSION=<full-git-commit> \
+      PQCLEAN_URL=https://github.com/PQClean/PQClean/archive/<full-git-commit>.tar.gz \
+      PQCLEAN_STRIP=PQClean-<full-git-commit> \
+      PQCLEAN_SHA256=<archive-sha256> \
+      bundle exec ruby script/vendor_libs.rb
+  MSG
+end
+
+def validate_pinning!(config)
+  if config[:sha256].to_s.strip.empty?
+    abort <<~MSG
+      Refusing to vendor without PQCLEAN_SHA256.
+
+      Use the built-in pinned defaults, or provide all of:
+        PQCLEAN_VERSION
+        PQCLEAN_URL
+        PQCLEAN_STRIP
+        PQCLEAN_SHA256
+    MSG
+  end
+
+  return if commit_archive_url?(config[:url])
+
+  abort <<~MSG
+    Refusing to vendor from a non-commit archive URL.
+
+    Use a content-addressed full commit archive URL from the PQClean repository.
+  MSG
+end
+
+def download(url, destination)
+  puts "Downloading #{url}"
+  URI.open(url) { |remote| File.binwrite(destination, remote.read) }
+end
+
+def verify_checksum!(archive, expected_sha256)
+  actual = Digest::SHA256.file(archive).hexdigest
+  abort "SHA256 mismatch: expected #{expected_sha256}, got #{actual}" unless actual == expected_sha256
+
+  actual
+end
+
+def extract_subset(archive, destination, strip_prefix:, keep_dirs:)
+  prefix_re = /\A#{Regexp.escape(strip_prefix)}\//
+
+  Gem::Package::TarReader.new(Zlib::GzipReader.open(archive)) do |tar|
+    tar.each do |entry|
+      relative_path = entry.full_name.sub(prefix_re, "")
+      next if relative_path.empty? || relative_path == entry.full_name
+      next unless keep_dirs.any? { |dir| relative_path.start_with?(dir) }
+
+      target = File.join(destination, relative_path)
+
+      if entry.directory?
+        FileUtils.mkdir_p(target)
+      elsif entry.file?
+        FileUtils.mkdir_p(File.dirname(target))
+        File.binwrite(target, entry.read)
+      end
+    end
+  end
+end
+
+def write_manifest!(config:, archive_sha256:, tree_sha256:)
+  File.write(
+    MANIFEST_PATH,
+    <<~TEXT
+      pqclean_version=#{config[:version]}
+      pqclean_url=#{config[:url]}
+      pqclean_archive_sha256=#{archive_sha256}
+      pqclean_strip=#{config[:strip]}
+      pqclean_tree_sha256=#{tree_sha256}
+    TEXT
+  )
+end
+
+def tree_sha256_for(directory)
+  entries = Dir.glob(File.join(directory, "**", "*"), File::FNM_DOTMATCH)
+               .reject { |path| File.directory?(path) }
+               .sort
+
+  digest = Digest::SHA256.new
+  entries.each do |path|
+    relative = path.delete_prefix("#{directory}/")
+    digest << relative << "\0"
+    digest << File.binread(path)
+    digest << "\0"
+  end
+  digest.hexdigest
+end
+
+config = build_vendor_config
+validate_vendor_config!(config)
+validate_pinning!(config)
+
+puts WARNING
+puts "Vendoring PQClean into #{VENDOR_DIR}"
+puts "Pinned ref: #{config[:version]}"
+puts "Archive checksum: #{config[:sha256]}"
+
+FileUtils.rm_rf(VENDOR_DIR)
+FileUtils.mkdir_p(VENDOR_DIR)
+
+Dir.mktmpdir("pq_crypto-vendor") do |tmpdir|
+  archive = File.join(tmpdir, "pqclean.tar.gz")
+  destination = File.join(VENDOR_DIR, "pqclean")
+
+  download(config[:url], archive)
+  archive_sha256 = verify_checksum!(archive, config[:sha256])
+  extract_subset(archive, destination, strip_prefix: config[:strip], keep_dirs: config[:keep])
+  write_manifest!(config: config, archive_sha256: archive_sha256, tree_sha256: tree_sha256_for(destination))
+end
+
+puts "Done. PQClean sources are now available in ext/pqcrypto/vendor/."
+puts "Next step: review vendor diffs, then bundle exec rake compile"

metadata

@@ -0,0 +1,195 @@
+--- !ruby/object:Gem::Specification
+name: pq_crypto
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Roman Haydarov
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2026-04-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+description: Native Ruby wrapper around ML-KEM-768, ML-DSA-65, and an optional hybrid
+  ML-KEM-768+X25519 KEM, backed by PQClean and OpenSSL.
+email:
+- romanhajdarov@gmail.com
+executables: []
+extensions:
+- ext/pqcrypto/extconf.rb
+extra_rdoc_files: []
+files:
+- ".github/workflows/ci.yml"
+- CHANGELOG.md
+- GET_STARTED.md
+- LICENSE.txt
+- README.md
+- SECURITY.md
+- ext/pqcrypto/extconf.rb
+- ext/pqcrypto/mldsa_api.h
+- ext/pqcrypto/mlkem_api.h
+- ext/pqcrypto/pqcrypto_ruby_secure.c
+- ext/pqcrypto/pqcrypto_secure.c
+- ext/pqcrypto/pqcrypto_secure.h
+- ext/pqcrypto/vendor/.vendored
+- ext/pqcrypto/vendor/pqclean/common/aes.c
+- ext/pqcrypto/vendor/pqclean/common/aes.h
+- ext/pqcrypto/vendor/pqclean/common/compat.h
+- ext/pqcrypto/vendor/pqclean/common/crypto_declassify.h
+- ext/pqcrypto/vendor/pqclean/common/fips202.c
+- ext/pqcrypto/vendor/pqclean/common/fips202.h
+- ext/pqcrypto/vendor/pqclean/common/keccak2x/feat.S
+- ext/pqcrypto/vendor/pqclean/common/keccak2x/fips202x2.c
+- ext/pqcrypto/vendor/pqclean/common/keccak2x/fips202x2.h
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SIMD256.c
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SnP.h
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-unrolling.macros
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile.Microsoft_nmake
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/SIMD256-config.h
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/align.h
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/brg_endian.h
+- ext/pqcrypto/vendor/pqclean/common/nistseedexpander.c
+- ext/pqcrypto/vendor/pqclean/common/nistseedexpander.h
+- ext/pqcrypto/vendor/pqclean/common/randombytes.c
+- ext/pqcrypto/vendor/pqclean/common/randombytes.h
+- ext/pqcrypto/vendor/pqclean/common/sha2.c
+- ext/pqcrypto/vendor/pqclean/common/sha2.h
+- ext/pqcrypto/vendor/pqclean/common/sp800-185.c
+- ext/pqcrypto/vendor/pqclean/common/sp800-185.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/LICENSE
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile.Microsoft_nmake
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/api.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/cbd.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/cbd.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/indcpa.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/indcpa.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/kem.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/kem.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/ntt.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/ntt.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/params.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/poly.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/poly.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/polyvec.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/polyvec.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/reduce.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/reduce.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/symmetric-shake.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/symmetric.h
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/verify.c
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/verify.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/LICENSE
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile.Microsoft_nmake
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/api.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/ntt.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/ntt.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/packing.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/packing.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/params.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/poly.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/poly.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/polyvec.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/polyvec.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/reduce.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/reduce.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/rounding.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/rounding.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/sign.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/sign.h
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/symmetric-shake.c
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/symmetric.h
+- lib/pq_crypto.rb
+- lib/pq_crypto/errors.rb
+- lib/pq_crypto/hybrid_kem.rb
+- lib/pq_crypto/kem.rb
+- lib/pq_crypto/serialization.rb
+- lib/pq_crypto/signature.rb
+- lib/pq_crypto/version.rb
+- lib/pqcrypto.rb
+- script/vendor_libs.rb
+homepage: https://github.com/roman-haidarov/pq_crypto
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/roman-haidarov/pq_crypto
+  source_code_uri: https://github.com/roman-haidarov/pq_crypto
+  changelog_uri: https://github.com/roman-haidarov/pq_crypto/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.27
+signing_key:
+specification_version: 4
+summary: Primitive-first post-quantum cryptography for Ruby
+test_files: []