pq_crypto 0.3.0 → 0.3.2

data/ext/pqcrypto/pqcrypto_secure.c

@@ -99,6 +99,32 @@ cleanup:
     return ret;
 }
 
+static int x25519_public_from_private(uint8_t *pk, const uint8_t *sk) {
+    EVP_PKEY *pkey = NULL;
+    size_t pklen = X25519_PUBLICKEYBYTES;
+    int ret = PQ_ERROR_KEYPAIR;
+
+    if (!pk || !sk) {
+        return PQ_ERROR_BUFFER;
+    }
+
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL, sk, X25519_SECRETKEYBYTES);
+    if (!pkey)
+        goto cleanup;
+
+    if (EVP_PKEY_get_raw_public_key(pkey, pk, &pklen) <= 0)
+        goto cleanup;
+    if (pklen != X25519_PUBLICKEYBYTES)
+        goto cleanup;
+
+    ret = PQ_SUCCESS;
+
+cleanup:
+    if (pkey)
+        EVP_PKEY_free(pkey);
+    return ret;
+}
+
 static int x25519_shared_secret(uint8_t *shared, const uint8_t *their_pk, const uint8_t *my_sk) {
     EVP_PKEY_CTX *ctx = NULL;
     EVP_PKEY *pkey = NULL;
@@ -159,8 +185,6 @@ static int xwing_combiner(uint8_t shared_secret[HYBRID_SHAREDSECRETBYTES],
 
     if (EVP_DigestInit_ex(ctx, EVP_sha3_256(), NULL) != 1)
         goto cleanup;
-    if (EVP_DigestUpdate(ctx, XWING_LABEL, sizeof(XWING_LABEL)) != 1)
-        goto cleanup;
     if (EVP_DigestUpdate(ctx, ss_M, MLKEM_SHAREDSECRETBYTES) != 1)
         goto cleanup;
     if (EVP_DigestUpdate(ctx, ss_X, X25519_SHAREDSECRETBYTES) != 1)
@@ -169,6 +193,8 @@ static int xwing_combiner(uint8_t shared_secret[HYBRID_SHAREDSECRETBYTES],
         goto cleanup;
     if (EVP_DigestUpdate(ctx, pk_X, X25519_PUBLICKEYBYTES) != 1)
         goto cleanup;
+    if (EVP_DigestUpdate(ctx, XWING_LABEL, sizeof(XWING_LABEL)) != 1)
+        goto cleanup;
     if (EVP_DigestFinal_ex(ctx, shared_secret, &out_len) != 1)
         goto cleanup;
     if (out_len != HYBRID_SHAREDSECRETBYTES)
@@ -181,6 +207,55 @@ cleanup:
     return ret;
 }
 
+static int xwing_expand_secret_key(hybrid_expanded_secret_key_t *expanded_key,
+                                   const uint8_t seed[HYBRID_SECRETKEYBYTES]) {
+    EVP_MD_CTX *ctx = NULL;
+    uint8_t expanded[XWING_EXPANDEDBYTES];
+    int ret = PQ_ERROR_OPENSSL;
+
+    if (!expanded_key || !seed) {
+        return PQ_ERROR_BUFFER;
+    }
+
+    memset(expanded_key, 0, sizeof(*expanded_key));
+    memset(expanded, 0, sizeof(expanded));
+
+    ctx = EVP_MD_CTX_new();
+    if (!ctx)
+        goto cleanup;
+
+    if (EVP_DigestInit_ex(ctx, EVP_shake256(), NULL) != 1)
+        goto cleanup;
+    if (EVP_DigestUpdate(ctx, seed, HYBRID_SECRETKEYBYTES) != 1)
+        goto cleanup;
+    if (EVP_DigestFinalXOF(ctx, expanded, sizeof(expanded)) != 1)
+        goto cleanup;
+
+    ret = PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(expanded_key->mlkem_pk,
+                                                           expanded_key->mlkem_sk, expanded);
+    if (ret != 0) {
+        ret = PQ_ERROR_KEYPAIR;
+        goto cleanup;
+    }
+
+    memcpy(expanded_key->x25519_sk, expanded + 64, X25519_SECRETKEYBYTES);
+    ret = x25519_public_from_private(expanded_key->x25519_pk, expanded_key->x25519_sk);
+    if (ret != PQ_SUCCESS) {
+        goto cleanup;
+    }
+
+    ret = PQ_SUCCESS;
+
+cleanup:
+    if (ctx)
+        EVP_MD_CTX_free(ctx);
+    pq_secure_wipe(expanded, sizeof(expanded));
+    if (ret != PQ_SUCCESS && expanded_key) {
+        pq_secure_wipe(expanded_key, sizeof(*expanded_key));
+    }
+    return ret;
+}
+
 int pq_mlkem_keypair(uint8_t *pk, uint8_t *sk) {
     return PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair(pk, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
 }
@@ -278,35 +353,36 @@ int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
 
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key) {
     hybrid_public_key_t pk;
-    hybrid_secret_key_t sk;
-    int ret;
+    hybrid_expanded_secret_key_t expanded;
+    uint8_t seed[HYBRID_SECRETKEYBYTES];
+    int ret = PQ_SUCCESS;
 
     if (!public_key || !secret_key) {
         return PQ_ERROR_BUFFER;
     }
 
     memset(&pk, 0, sizeof(pk));
-    memset(&sk, 0, sizeof(sk));
+    memset(&expanded, 0, sizeof(expanded));
+    memset(seed, 0, sizeof(seed));
 
-    ret = PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair(pk.mlkem_pk, sk.mlkem_sk) == 0
-              ? PQ_SUCCESS
-              : PQ_ERROR_KEYPAIR;
-    if (ret != PQ_SUCCESS) {
+    if (RAND_bytes(seed, sizeof(seed)) != 1) {
+        ret = PQ_ERROR_RANDOM;
         goto cleanup;
     }
 
-    ret = x25519_keypair(pk.x25519_pk, sk.x25519_sk);
+    ret = xwing_expand_secret_key(&expanded, seed);
     if (ret != PQ_SUCCESS) {
         goto cleanup;
     }
 
+    memcpy(pk.mlkem_pk, expanded.mlkem_pk, MLKEM_PUBLICKEYBYTES);
+    memcpy(pk.x25519_pk, expanded.x25519_pk, X25519_PUBLICKEYBYTES);
     memcpy(public_key, &pk, HYBRID_PUBLICKEYBYTES);
-    memcpy(secret_key, &sk, HYBRID_SECRETKEYBYTES);
+    memcpy(secret_key, seed, HYBRID_SECRETKEYBYTES);
 
 cleanup:
-    pq_secure_wipe(&sk, sizeof(sk));
-
-    pq_secure_wipe(&pk, sizeof(pk));
+    pq_secure_wipe(seed, sizeof(seed));
+    pq_secure_wipe(&expanded, sizeof(expanded));
     return ret;
 }
 
@@ -357,20 +433,15 @@ cleanup:
     pq_secure_wipe(mlkem_ss, sizeof(mlkem_ss));
     pq_secure_wipe(x25519_ss, sizeof(x25519_ss));
     pq_secure_wipe(x25519_ephemeral_sk, sizeof(x25519_ephemeral_sk));
-    pq_secure_wipe(&pk, sizeof(pk));
-    pq_secure_wipe(&ct, sizeof(ct));
     return ret;
 }
 
 int pq_hybrid_kem_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
                               const uint8_t *secret_key) {
     hybrid_ciphertext_t ct;
-    hybrid_secret_key_t sk;
-    uint8_t recipient_x25519_pk[X25519_PUBLICKEYBYTES];
+    hybrid_expanded_secret_key_t expanded;
     uint8_t mlkem_ss[MLKEM_SHAREDSECRETBYTES];
     uint8_t x25519_ss[X25519_SHAREDSECRETBYTES];
-    EVP_PKEY *pkey = NULL;
-    size_t pklen = X25519_PUBLICKEYBYTES;
     int ret = PQ_SUCCESS;
 
     if (!shared_secret || !ciphertext || !secret_key) {
@@ -378,44 +449,34 @@ int pq_hybrid_kem_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
     }
 
     memcpy(&ct, ciphertext, HYBRID_CIPHERTEXTBYTES);
-    memcpy(&sk, secret_key, HYBRID_SECRETKEYBYTES);
-    memset(recipient_x25519_pk, 0, sizeof(recipient_x25519_pk));
+    memset(&expanded, 0, sizeof(expanded));
     memset(mlkem_ss, 0, sizeof(mlkem_ss));
     memset(x25519_ss, 0, sizeof(x25519_ss));
 
-    if (PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(mlkem_ss, ct.mlkem_ct, sk.mlkem_sk) != 0) {
-        ret = PQ_ERROR_DECAPSULATE;
-        goto cleanup;
-    }
-
-    ret = x25519_shared_secret(x25519_ss, ct.x25519_ephemeral, sk.x25519_sk);
+    ret = xwing_expand_secret_key(&expanded, secret_key);
     if (ret != PQ_SUCCESS) {
         ret = PQ_ERROR_DECAPSULATE;
         goto cleanup;
     }
 
-    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL, sk.x25519_sk, X25519_SECRETKEYBYTES);
-    if (!pkey) {
+    if (PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(mlkem_ss, ct.mlkem_ct, expanded.mlkem_sk) != 0) {
         ret = PQ_ERROR_DECAPSULATE;
         goto cleanup;
     }
-    if (EVP_PKEY_get_raw_public_key(pkey, recipient_x25519_pk, &pklen) <= 0 ||
-        pklen != X25519_PUBLICKEYBYTES) {
+
+    ret = x25519_shared_secret(x25519_ss, ct.x25519_ephemeral, expanded.x25519_sk);
+    if (ret != PQ_SUCCESS) {
         ret = PQ_ERROR_DECAPSULATE;
         goto cleanup;
     }
 
-    ret = xwing_combiner(shared_secret, mlkem_ss, x25519_ss, ct.x25519_ephemeral,
-                         recipient_x25519_pk);
+    ret =
+        xwing_combiner(shared_secret, mlkem_ss, x25519_ss, ct.x25519_ephemeral, expanded.x25519_pk);
 
 cleanup:
-    if (pkey)
-        EVP_PKEY_free(pkey);
-    pq_secure_wipe(recipient_x25519_pk, sizeof(recipient_x25519_pk));
     pq_secure_wipe(mlkem_ss, sizeof(mlkem_ss));
     pq_secure_wipe(x25519_ss, sizeof(x25519_ss));
-    pq_secure_wipe(&ct, sizeof(ct));
-    pq_secure_wipe(&sk, sizeof(sk));
+    pq_secure_wipe(&expanded, sizeof(expanded));
     return ret;
 }
 
@@ -429,8 +490,7 @@ cleanup:
 
 static const char PQC_OID_ML_KEM_768[] = "2.25.186599352125448088867056807454444238446";
 
-static const char PQC_OID_ML_KEM_768_X25519_XWING[] =
-    "2.25.318532651283923671095712569430174917109";
+static const char PQC_OID_ML_KEM_768_X25519_XWING[] = "1.3.6.1.4.1.62253.25722";
 static const char PQC_OID_ML_DSA_65[] = "2.25.305232938483772195555080795650659207792";
 static const char PQC_PUBLIC_KEY_PEM_LABEL[] = "PQC PUBLIC KEY CONTAINER";
 static const char PQC_PRIVATE_KEY_PEM_LABEL[] = "PQC PRIVATE KEY CONTAINER";
@@ -899,5 +959,5 @@ int pq_secret_key_from_pqc_container_pem(char **algorithm_out, uint8_t **key_out
 }
 
 const char *pq_version(void) {
-    return "0.3.0";
+    return "0.3.2";
 }

data/ext/pqcrypto/pqcrypto_secure.h

@@ -23,9 +23,11 @@
 #define X25519_PUBLICKEYBYTES    32
 #define X25519_SECRETKEYBYTES    32
 #define X25519_SHAREDSECRETBYTES 32
+#define XWING_SEEDBYTES          32
+#define XWING_EXPANDEDBYTES      96
 
 #define HYBRID_PUBLICKEYBYTES    (MLKEM_PUBLICKEYBYTES + X25519_PUBLICKEYBYTES)
-#define HYBRID_SECRETKEYBYTES    (MLKEM_SECRETKEYBYTES + X25519_SECRETKEYBYTES)
+#define HYBRID_SECRETKEYBYTES    XWING_SEEDBYTES
 #define HYBRID_CIPHERTEXTBYTES   (MLKEM_CIPHERTEXTBYTES + X25519_PUBLICKEYBYTES)
 #define HYBRID_SHAREDSECRETBYTES 32
 
@@ -48,10 +50,16 @@ typedef struct {
     uint8_t x25519_pk[X25519_PUBLICKEYBYTES];
 } hybrid_public_key_t;
 
+typedef struct {
+    uint8_t seed[XWING_SEEDBYTES];
+} hybrid_secret_key_t;
+
 typedef struct {
     uint8_t mlkem_sk[MLKEM_SECRETKEYBYTES];
     uint8_t x25519_sk[X25519_SECRETKEYBYTES];
-} hybrid_secret_key_t;
+    uint8_t mlkem_pk[MLKEM_PUBLICKEYBYTES];
+    uint8_t x25519_pk[X25519_PUBLICKEYBYTES];
+} hybrid_expanded_secret_key_t;
 
 typedef struct {
     uint8_t mlkem_ct[MLKEM_CIPHERTEXTBYTES];
@@ -136,6 +144,22 @@ const char *pq_version(void);
 #define PQ_MLDSA_PUBLICKEYBYTES MLDSA_PUBLICKEYBYTES
 #define PQ_MLDSA_SECRETKEYBYTES MLDSA_SECRETKEYBYTES
 #define PQ_MLDSA_BYTES          MLDSA_BYTES
+#define PQ_MLDSA_MUBYTES        64
+#define PQ_MLDSA_TRBYTES        64
+
+int pq_mldsa_extract_tr_from_secret_key(uint8_t *tr_out, const uint8_t *secret_key);
+int pq_mldsa_compute_tr_from_public_key(uint8_t *tr_out, const uint8_t *public_key);
+
+int pq_sign_mu(uint8_t *signature, size_t *signature_len,
+               const uint8_t *mu, const uint8_t *secret_key);
+int pq_verify_mu(const uint8_t *signature, size_t signature_len,
+                 const uint8_t *mu, const uint8_t *public_key);
+void *pq_mu_builder_new(void);
+int pq_mu_builder_init(void *state, const uint8_t *tr,
+                       const uint8_t *ctx, size_t ctxlen);
+int pq_mu_builder_absorb(void *state, const uint8_t *chunk, size_t chunk_len);
+int pq_mu_builder_finalize(void *state, uint8_t *mu_out);
+void pq_mu_builder_release(void *state);
 
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key);
 int pq_hybrid_kem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile

@@ -0,0 +1,8 @@
+KeccakP-1600-times4-SIMD256.o: KeccakP-1600-times4-SIMD256.c \
+  align.h brg_endian.h KeccakP-1600-times4-SnP.h \
+  KeccakP-1600-unrolling.macros SIMD256-config.h
+	$(CC) -O3 -mavx2 -c $< -o $@
+
+.PHONY: clean
+clean:
+	$(RM) KeccakP-1600-times4-SIMD256.o

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile

@@ -0,0 +1,19 @@
+# This Makefile can be used with GNU Make or BSD Make
+
+LIB=libml-kem-768_clean.a
+HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric.h verify.h 
+OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-shake.o verify.o 
+
+CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
+
+all: $(LIB)
+
+%.o: %.c $(HEADERS)
+	$(CC) $(CFLAGS) -c -o $@ $<
+
+$(LIB): $(OBJECTS)
+	$(AR) -r $@ $(OBJECTS)
+
+clean:
+	$(RM) $(OBJECTS)
+	$(RM) $(LIB)

data/ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile

@@ -0,0 +1,19 @@
+# This Makefile can be used with GNU Make or BSD Make
+
+LIB=libml-dsa-65_clean.a
+HEADERS=api.h ntt.h packing.h params.h poly.h polyvec.h reduce.h rounding.h sign.h symmetric.h 
+OBJECTS=ntt.o packing.o poly.o polyvec.o reduce.o rounding.o sign.o symmetric-shake.o 
+
+CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
+
+all: $(LIB)
+
+%.o: %.c $(HEADERS)
+	$(CC) $(CFLAGS) -c -o $@ $<
+
+$(LIB): $(OBJECTS)
+	$(AR) -r $@ $(OBJECTS)
+
+clean:
+	$(RM) $(OBJECTS)
+	$(RM) $(LIB)

data/lib/pq_crypto/kem.rb

@@ -184,11 +184,11 @@ module PQCrypto
       alias eql? ==
 
       def hash
-        fingerprint.hash
+        object_id.hash
       end
 
-      def fingerprint
-        Digest::SHA256.digest(@bytes)
+      def inspect
+        "#<#{self.class}:0x#{object_id.to_s(16)} algorithm=#{algorithm.inspect}>"
       end
 
       private
@@ -206,6 +206,10 @@ module PQCrypto
         @ciphertext = String(ciphertext).b
         @shared_secret = String(shared_secret).b
       end
+
+      def inspect
+        "#<#{self.class}:0x#{object_id.to_s(16)} ciphertext_bytes=#{@ciphertext.bytesize} shared_secret_bytes=#{@shared_secret.bytesize}>"
+      end
     end
   end
 end

data/lib/pq_crypto/serialization.rb

@@ -9,7 +9,7 @@ module PQCrypto
       }.freeze,
       ml_kem_768_x25519_xwing: {
         family: :ml_kem_hybrid,
-        oid: "2.25.318532651283923671095712569430174917109",
+        oid: "1.3.6.1.4.1.62253.25722",
       }.freeze,
       ml_dsa_65: {
         family: :ml_dsa,

data/lib/pq_crypto/signature.rb

@@ -74,6 +74,95 @@ module PQCrypto
 
         raise UnsupportedAlgorithmError, "Unsupported signature algorithm: #{algorithm.inspect}"
       end
+
+      def _streaming_sign(secret_key, io, chunk_size, context)
+        validate_chunk_size!(chunk_size)
+        validate_context!(context)
+        validate_io!(io)
+
+        sk_bytes = secret_key.__send__(:bytes_for_native)
+        begin
+          tr = PQCrypto.__send__(:_native_mldsa_extract_tr, sk_bytes)
+        rescue ArgumentError => e
+          raise InvalidKeyError, e.message
+        end
+
+        builder = PQCrypto.__send__(:_native_mldsa_mu_builder_new, tr, context.b)
+        builder_consumed = false
+        mu = nil
+        begin
+          _drain_io_into_builder(io, builder, chunk_size)
+          mu = PQCrypto.__send__(:_native_mldsa_mu_builder_finalize, builder)
+          builder_consumed = true
+          PQCrypto.__send__(:_native_mldsa_sign_mu, mu, sk_bytes)
+        ensure
+          PQCrypto.__send__(:_native_mldsa_mu_builder_release, builder) unless builder_consumed
+          PQCrypto.secure_wipe(tr) if tr && !tr.frozen?
+          PQCrypto.secure_wipe(mu) if mu && !mu.frozen?
+        end
+      end
+
+      def _streaming_verify(public_key, io, signature, chunk_size, context)
+        validate_chunk_size!(chunk_size)
+        validate_context!(context)
+        validate_io!(io)
+
+        pk_bytes = public_key.__send__(:bytes_for_native)
+        begin
+          tr = PQCrypto.__send__(:_native_mldsa_compute_tr, pk_bytes)
+        rescue ArgumentError => e
+          raise InvalidKeyError, e.message
+        end
+
+        builder = PQCrypto.__send__(:_native_mldsa_mu_builder_new, tr, context.b)
+        builder_consumed = false
+        mu = nil
+        sig_bytes = String(signature).b
+        begin
+          _drain_io_into_builder(io, builder, chunk_size)
+          mu = PQCrypto.__send__(:_native_mldsa_mu_builder_finalize, builder)
+          builder_consumed = true
+          PQCrypto.__send__(:_native_mldsa_verify_mu, mu, sig_bytes, pk_bytes)
+        ensure
+          PQCrypto.__send__(:_native_mldsa_mu_builder_release, builder) unless builder_consumed
+
+          PQCrypto.secure_wipe(tr) if tr && !tr.frozen?
+          PQCrypto.secure_wipe(mu) if mu && !mu.frozen?
+        end
+      end
+
+      def _drain_io_into_builder(io, builder, chunk_size)
+        buffer = String.new(capacity: chunk_size).b
+        loop do
+          result = io.read(chunk_size, buffer)
+          break if result.nil?
+
+          chunk = result.equal?(buffer) ? buffer : result
+          chunk_bytes = chunk.encoding == Encoding::BINARY ? chunk : chunk.b
+          break if chunk_bytes.bytesize.zero?
+
+          PQCrypto.__send__(:_native_mldsa_mu_builder_update, builder, chunk_bytes)
+        end
+      end
+
+      def validate_io!(io)
+        unless io.respond_to?(:read)
+          raise ArgumentError, "io must respond to #read"
+        end
+      end
+
+      def validate_chunk_size!(chunk_size)
+        unless chunk_size.is_a?(Integer) && chunk_size > 0
+          raise ArgumentError, "chunk_size must be a positive Integer"
+        end
+      end
+
+      def validate_context!(context)
+        ctx = String(context).b
+        if ctx.bytesize > 255
+          raise ArgumentError, "context must be at most 255 bytes (FIPS 204)"
+        end
+      end
     end
 
     class Keypair
@@ -125,6 +214,17 @@ module PQCrypto
         true
       end
 
+      def verify_io(io, signature, chunk_size: 1 << 20, context: "".b)
+        Signature.send(:_streaming_verify, self, io, signature, chunk_size, context)
+      end
+
+      def verify_io!(io, signature, chunk_size: 1 << 20, context: "".b)
+        unless verify_io(io, signature, chunk_size: chunk_size, context: context)
+          raise PQCrypto::VerificationError, "Verification failed"
+        end
+        true
+      end
+
       def ==(other)
         return false unless other.is_a?(PublicKey) && other.algorithm == algorithm
         PQCrypto.__send__(:native_ct_equals, other.to_bytes, @bytes)
@@ -142,6 +242,10 @@ module PQCrypto
 
       private
 
+      def bytes_for_native
+        @bytes
+      end
+
       def validate_length!
         expected = Signature.details(@algorithm).fetch(:public_key_bytes)
         raise InvalidKeyError, "Invalid signature public key length" unless @bytes.bytesize == expected
@@ -175,6 +279,10 @@ module PQCrypto
         raise InvalidKeyError, e.message
       end
 
+      def sign_io(io, chunk_size: 1 << 20, context: "".b)
+        Signature.send(:_streaming_sign, self, io, chunk_size, context)
+      end
+
       def wipe!
         PQCrypto.secure_wipe(@bytes)
         self
@@ -188,15 +296,19 @@ module PQCrypto
       alias eql? ==
 
       def hash
-        fingerprint.hash
+        object_id.hash
       end
 
-      def fingerprint
-        Digest::SHA256.digest(@bytes)
+      def inspect
+        "#<#{self.class}:0x#{object_id.to_s(16)} algorithm=#{algorithm.inspect}>"
       end
 
       private
 
+      def bytes_for_native
+        @bytes
+      end
+
       def validate_length!
         expected = Signature.details(@algorithm).fetch(:secret_key_bytes)
         raise InvalidKeyError, "Invalid signature secret key length" unless @bytes.bytesize == expected

data/lib/pq_crypto/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PQCrypto
-  VERSION = "0.3.0"
+  VERSION = "0.3.2"
 end

data/lib/pq_crypto.rb

@@ -69,6 +69,17 @@ module PQCrypto
       __test_sign_from_seed
     ].freeze
 
+    EXTERNAL_MU_METHODS = %i[
+      _native_mldsa_extract_tr
+      _native_mldsa_compute_tr
+      _native_mldsa_mu_builder_new
+      _native_mldsa_mu_builder_update
+      _native_mldsa_mu_builder_finalize
+      _native_mldsa_mu_builder_release
+      _native_mldsa_sign_mu
+      _native_mldsa_verify_mu
+    ].freeze
+
     class << PQCrypto
       NativeBindings::NATIVE_METHODS.each do |name|
         alias_name = :"native_#{name.to_s.sub(/\A__/, '')}"
@@ -78,6 +89,7 @@ module PQCrypto
 
       private(*NativeBindings::NATIVE_METHODS)
       private(*NativeBindings::NATIVE_METHODS.map { |n| :"native_#{n.to_s.sub(/\A__/, '')}" })
+      private(*NativeBindings::EXTERNAL_MU_METHODS)
     end
   end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: pq_crypto
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.2
 platform: ruby
 authors:
 - Roman Haydarov
 bindir: exe
 cert_chain: []
-date: 2026-04-24 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -69,6 +69,7 @@ files:
 - ext/pqcrypto/extconf.rb
 - ext/pqcrypto/mldsa_api.h
 - ext/pqcrypto/mlkem_api.h
+- ext/pqcrypto/pq_externalmu.c
 - ext/pqcrypto/pq_randombytes.c
 - ext/pqcrypto/pqcrypto_ruby_secure.c
 - ext/pqcrypto/pqcrypto_secure.c
@@ -86,6 +87,7 @@ files:
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SIMD256.c
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SnP.h
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-unrolling.macros
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile.Microsoft_nmake
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/SIMD256-config.h
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/align.h
@@ -99,6 +101,7 @@ files:
 - ext/pqcrypto/vendor/pqclean/common/sp800-185.c
 - ext/pqcrypto/vendor/pqclean/common/sp800-185.h
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/LICENSE
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile.Microsoft_nmake
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/api.h
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/cbd.c
@@ -121,6 +124,7 @@ files:
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/verify.c
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/verify.h
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/LICENSE
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile.Microsoft_nmake
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/api.h
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/ntt.c
@@ -163,14 +167,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.4.0.a
+      version: 3.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Primitive-first post-quantum cryptography for Ruby
 test_files: []