RubyGems - pq_crypto - Versions diffs - 0.3.1 → 0.3.2 - Mend

pq_crypto 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +13 -0
data/GET_STARTED.md +23 -0
data/README.md +47 -0
data/ext/pqcrypto/extconf.rb +46 -3
data/ext/pqcrypto/pq_externalmu.c +297 -0
data/ext/pqcrypto/pqcrypto_ruby_secure.c +305 -9
data/ext/pqcrypto/pqcrypto_secure.c +1 -1
data/ext/pqcrypto/pqcrypto_secure.h +16 -0
data/ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile +8 -0
data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile +19 -0
data/ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile +19 -0
data/lib/pq_crypto/signature.rb +112 -0
data/lib/pq_crypto/version.rb +1 -1
data/lib/pq_crypto.rb +12 -0
metadata +5 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 534c420f62323e9ddb49b48acdfa7af869731e3273bda56637d6bfee753de8d7
-  data.tar.gz: f003494b4d33702a1b718dc6ded7a9f0612b315e41f0d739a5b2fe3ebba9d1d1
+  metadata.gz: 8cd88ab6ebe3042111e60711895a9563a1510057a321ac9dab510496634656b8
+  data.tar.gz: 684f469f8be7912780e00d368989418499aae00bb530d7fc32f8b6c6d5576593
 SHA512:
-  metadata.gz: 1a039325a13cf8c074741fb70edc1e66f4e4939727b4c1369665794bc6ed71ef1ed2ef50d9debd9064d850e4856fac166f325889a9df4bfd3d8849a2d7a918e9
-  data.tar.gz: 304888656181149eed84eca063e24eeb6c862819f6c54022e77b287ca4030b8602e9f61eb17809ad86ca0eea84796c6275a2afa12018ffdeaafc489c15c8f24a
+  metadata.gz: 54c1f3b0b8a2f7141d3ec4c8649c003793a3469f212fed94b0dc7ef0e2b0ff3ddba510383a0b62813d9ee98700bf266547be1900693c9ad465fb36deec91ab7b
+  data.tar.gz: 41c0bdea2d91bbd2a2e8884ee2b2a328c4c06d410fba8d92c9c1a9470b9d5597d0b8f5233b0ba87225535a80c9055033518ef1dd82e90101a9f5ffcd606b81a6

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,18 @@
 # Changelog
+## [0.3.2] — 2026-04-25
+### Added — streaming ML-DSA for large inputs
+- Added `PQCrypto::Signature::SecretKey#sign_io(io, chunk_size: 1 << 20, context: "".b)`.
+- Added `PQCrypto::Signature::PublicKey#verify_io(io, signature, chunk_size: 1 << 20, context: "".b)` and `verify_io!`.
+- Implemented streaming pure ML-DSA through an internal FIPS 204 ExternalMu path. Existing one-shot `sign` / `verify` semantics are unchanged; no public `sign_mu` / `verify_mu` API is exposed.
+### Notes
+- Streaming is primarily for large IO inputs and lower peak memory pressure. It is not a HashML-DSA/prehash speed mode; CPU cost is still dominated by SHAKE/Keccak.
+- Default empty-context streaming signatures interoperate with the existing one-shot `verify(message, signature)` API. Non-empty `context:` must be supplied again during `verify_io`.
 ## [0.3.1] — 2026-04-24
 ### Fixed — X-Wing draft-10 compatibility

data/GET_STARTED.md CHANGED Viewed

@@ -35,6 +35,29 @@ sig.public_key.verify("message", signature)
 sig.public_key.verify!("message", signature)
 ```
+For large files, use streaming ML-DSA:
+```ruby
+signature = File.open("document.bin", "rb") do |io|
+  sig.secret_key.sign_io(io, chunk_size: 1 << 20)
+end
+ok = File.open("document.bin", "rb") do |io|
+  sig.public_key.verify_io(io, signature, chunk_size: 1 << 20)
+end
+```
+With an optional context:
+```ruby
+ctx = "document-v1".b
+signature = File.open("document.bin", "rb") { |io| sig.secret_key.sign_io(io, context: ctx) }
+ok = File.open("document.bin", "rb") { |io| sig.public_key.verify_io(io, signature, context: ctx) }
+```
+`sign_io` / `verify_io` are pure ML-DSA streaming helpers, not prehash
+shortcuts. `verify_io!` raises on mismatch.
 ## 6. Hybrid KEM (X-Wing)
 ```ruby

data/README.md CHANGED Viewed

@@ -20,6 +20,7 @@ roll-your-own where a library primitive exists.
 - primitive-first API only
 - no protocol/session helpers in the public surface
+- streaming ML-DSA signing/verification is available for large IO inputs
 - serialization uses pq_crypto-specific `pqc_container_*` wrappers
 - not audited
 - not yet positioned as production-ready
@@ -44,6 +45,20 @@ bundle exec rake compile
 - a C toolchain with C11 support (for `_Static_assert` / `_Thread_local`)
 - OpenSSL **3.0 or later** with SHA3-256 and SHAKE256 available (default provider)
+### Build-time Keccak backend
+The default build uses PQClean's scalar `common/fips202.c` backend:
+```bash
+PQCRYPTO_KECCAK_BACKEND=clean bundle exec rake compile
+```
+`PQCRYPTO_KECCAK_BACKEND=xkcp` is reserved for a separately vendored,
+reviewed, `fips202.h`-compatible XKCP adapter. If requested without that
+adapter, the build aborts instead of silently falling back to `clean`.
+This avoids mixing OpenSSL EVP SHAKE state with PQClean SHAKE state and
+keeps output-byte compatibility explicit.
 ## Async / Fiber scheduler support
 `pq_crypto` does not require any gem-specific Async configuration. On
@@ -100,6 +115,8 @@ shared_secret = keypair.secret_key.decapsulate(result.ciphertext)
 ### ML-DSA-65
+One-shot signing keeps the existing API:
 ```ruby
 keypair = PQCrypto::Signature.generate(:ml_dsa_65)
 signature = keypair.secret_key.sign("hello")
@@ -108,6 +125,36 @@ keypair.public_key.verify("hello", signature)    # => true / false
 keypair.public_key.verify!("hello", signature)   # raises on mismatch
 ```
+For large inputs, use streaming IO so the message does not need to be
+materialized as one Ruby string:
+```ruby
+signature = File.open("document.bin", "rb") do |io|
+  keypair.secret_key.sign_io(io, chunk_size: 1 << 20)
+end
+ok = File.open("document.bin", "rb") do |io|
+  keypair.public_key.verify_io(io, signature, chunk_size: 1 << 20)
+end
+```
+`sign_io` / `verify_io` use pure ML-DSA with an internal FIPS 204
+ExternalMu flow. They are not HashML-DSA/prehash shortcuts and do not
+expose public `sign_mu` / `verify_mu` APIs. With the default empty
+context, streaming signatures verify with `verify(message, signature)`
+and one-shot signatures verify with `verify_io(io, signature)`.
+Optional context is supported and must match on verify:
+```ruby
+ctx = "invoice-v1".b
+signature = File.open("document.bin", "rb") { |io| keypair.secret_key.sign_io(io, context: ctx) }
+ok = File.open("document.bin", "rb") { |io| keypair.public_key.verify_io(io, signature, context: ctx) }
+```
+`chunk_size` must be positive. `context` is limited to 255 bytes by
+FIPS 204. `verify_io!` raises `PQCrypto::VerificationError` on mismatch.
 Note: `verify` returns a plain boolean for normal outcomes. `verify!`
 raises `PQCrypto::VerificationError` when the signature does not
 match.

data/ext/pqcrypto/extconf.rb CHANGED Viewed

@@ -11,6 +11,9 @@ $LDFLAGS << " -Wl,-no_warn_duplicate_libraries" if RbConfig::CONFIG["host_os"] =
 USE_SYSTEM = arg_config("--use-system-libraries") || ENV["PQCRYPTO_USE_SYSTEM_LIBRARIES"]
+KECCAK_BACKEND = (ENV["PQCRYPTO_KECCAK_BACKEND"] || "clean").strip.downcase
+SUPPORTED_KECCAK_BACKENDS = %w[clean xkcp].freeze
 SANITIZE = ENV["PQCRYPTO_SANITIZE"]
 if SANITIZE && !SANITIZE.strip.empty?
@@ -85,6 +88,41 @@ def configure_openssl!
   $CFLAGS << " -DHAVE_OPENSSL_EVP_H -DHAVE_OPENSSL_RAND_H"
 end
+def configure_keccak_backend(vendor_dir, common_dir)
+  abort "Unsupported PQCRYPTO_KECCAK_BACKEND=#{KECCAK_BACKEND.inspect}. Supported: #{SUPPORTED_KECCAK_BACKENDS.join(", ")}" unless SUPPORTED_KECCAK_BACKENDS.include?(KECCAK_BACKEND)
+  case KECCAK_BACKEND
+  when "clean"
+    {
+      name: "clean",
+      include_dirs: [],
+      source_group: ["pqclean_common", [File.join(common_dir, "fips202.c")]]
+    }
+  when "xkcp"
+    # The optimized backend must provide the same fips202.h-compatible API as
+    # PQClean's common/fips202.c. Do not substitute OpenSSL EVP SHAKE here: the
+    # PQClean SHAKE state layout is part of the ML-KEM/ML-DSA call graph.
+    xkcp_dir = File.join(vendor_dir, "xkcp")
+    adapter_source = File.join(xkcp_dir, "pqclean_fips202_xkcp.c")
+    abort <<~MSG unless File.exist?(adapter_source)
+      PQCRYPTO_KECCAK_BACKEND=xkcp was requested, but no reviewed XKCP adapter was found.
+      Expected:
+        #{adapter_source}
+      Refusing to fall back silently to the clean backend. Vendor a fips202.h-compatible
+      XKCP adapter first, then run the full SHAKE-dependent KAT/regression test matrix.
+    MSG
+    {
+      name: "xkcp",
+      include_dirs: [xkcp_dir],
+      source_group: ["xkcp_keccak", [adapter_source]]
+    }
+  end
+end
 def configure_pqclean(vendor_dir)
   return nil unless vendor_dir
@@ -95,17 +133,20 @@ def configure_pqclean(vendor_dir)
   mldsa_dir = File.join(pqclean_dir, "crypto_sign", "ml-dsa-65", "clean")
   common_dir = File.join(pqclean_dir, "common")
-  include_dirs = [mlkem_dir, mldsa_dir, common_dir]
+  keccak_config = configure_keccak_backend(vendor_dir, common_dir)
+  include_dirs = [mlkem_dir, mldsa_dir, common_dir, *keccak_config[:include_dirs]]
   return nil unless include_dirs.all? { |dir| Dir.exist?(dir) }
   mlkem_sources = Dir.glob(File.join(mlkem_dir, "*.c")).sort
   mldsa_sources = Dir.glob(File.join(mldsa_dir, "*.c")).sort
-  common_sources = %w[fips202.c sha2.c sp800-185.c].map { |name| File.join(common_dir, name) }
+  common_sources = %w[sha2.c sp800-185.c].map { |name| File.join(common_dir, name) }
   source_groups = [
     ["pqclean_mlkem", mlkem_sources],
     ["pqclean_mldsa", mldsa_sources],
-    ["pqclean_common", common_sources]
+    ["pqclean_common", common_sources],
+    keccak_config[:source_group]
   ]
   return nil unless source_groups.all? { |_, sources| sources.all? { |path| File.exist?(path) } }
@@ -115,6 +156,7 @@ def configure_pqclean(vendor_dir)
   {
     include_dirs: include_dirs,
+    keccak_backend: keccak_config[:name],
     source_groups: source_groups
   }
 end
@@ -165,6 +207,7 @@ pqclean_config = configure_pqclean(vendor_dir)
 puts "OpenSSL: system"
 abort "PQClean vendored sources are required. Run: bundle exec rake vendor" unless pqclean_config
 puts "PQClean: vendored (randombytes overridden by pq_randombytes.c)"
+puts "Keccak backend: #{pqclean_config[:keccak_backend]}"
 puts "Output: pqcrypto/pqcrypto_secure"
 puts "===================================="

data/ext/pqcrypto/pq_externalmu.c ADDED Viewed

@@ -0,0 +1,297 @@
+#include "pqcrypto_secure.h"
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include "vendor/pqclean/crypto_sign/ml-dsa-65/clean/params.h"
+#include "vendor/pqclean/crypto_sign/ml-dsa-65/clean/packing.h"
+#include "vendor/pqclean/crypto_sign/ml-dsa-65/clean/polyvec.h"
+#include "vendor/pqclean/crypto_sign/ml-dsa-65/clean/poly.h"
+#include "vendor/pqclean/crypto_sign/ml-dsa-65/clean/symmetric.h"
+#include "fips202.h"
+#include "randombytes.h"
+#if CRHBYTES != PQ_MLDSA_MUBYTES
+#error "PQ_MLDSA_MUBYTES must match PQClean's CRHBYTES"
+#endif
+#if TRBYTES != PQ_MLDSA_TRBYTES
+#error "PQ_MLDSA_TRBYTES must match PQClean's TRBYTES"
+#endif
+int pq_mldsa_extract_tr_from_secret_key(uint8_t *tr_out, const uint8_t *secret_key) {
+    if (tr_out == NULL || secret_key == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    uint8_t rho[SEEDBYTES];
+    uint8_t key[SEEDBYTES];
+    polyveck t0;
+    polyvecl s1;
+    polyveck s2;
+    PQCLEAN_MLDSA65_CLEAN_unpack_sk(rho, tr_out, key, &t0, &s1, &s2, secret_key);
+    pq_secure_wipe(rho, sizeof(rho));
+    pq_secure_wipe(key, sizeof(key));
+    pq_secure_wipe(&t0, sizeof(t0));
+    pq_secure_wipe(&s1, sizeof(s1));
+    pq_secure_wipe(&s2, sizeof(s2));
+    return PQ_SUCCESS;
+}
+int pq_mldsa_compute_tr_from_public_key(uint8_t *tr_out, const uint8_t *public_key) {
+    if (tr_out == NULL || public_key == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    shake256(tr_out, TRBYTES, public_key, PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES);
+    return PQ_SUCCESS;
+}
+int pq_sign_mu(uint8_t *signature, size_t *signature_len, const uint8_t *mu,
+               const uint8_t *secret_key) {
+    if (signature == NULL || signature_len == NULL || mu == NULL || secret_key == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    unsigned int n;
+    uint8_t rho[SEEDBYTES];
+    uint8_t tr_unused[TRBYTES];
+    uint8_t key[SEEDBYTES];
+    uint8_t rnd[RNDBYTES];
+    uint8_t mu_local[CRHBYTES];
+    uint8_t rhoprime[CRHBYTES];
+    uint16_t nonce = 0;
+    polyvecl mat[K], s1, y, z;
+    polyveck t0, s2, w1, w0, h;
+    poly cp;
+    shake256incctx state;
+    PQCLEAN_MLDSA65_CLEAN_unpack_sk(rho, tr_unused, key, &t0, &s1, &s2, secret_key);
+    pq_secure_wipe(tr_unused, sizeof(tr_unused));
+    memcpy(mu_local, mu, CRHBYTES);
+    randombytes(rnd, RNDBYTES);
+    {
+        uint8_t kr[SEEDBYTES + RNDBYTES + CRHBYTES];
+        memcpy(kr, key, SEEDBYTES);
+        memcpy(kr + SEEDBYTES, rnd, RNDBYTES);
+        memcpy(kr + SEEDBYTES + RNDBYTES, mu_local, CRHBYTES);
+        shake256(rhoprime, CRHBYTES, kr, sizeof(kr));
+        pq_secure_wipe(kr, sizeof(kr));
+    }
+    PQCLEAN_MLDSA65_CLEAN_polyvec_matrix_expand(mat, rho);
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_ntt(&s1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_ntt(&s2);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_ntt(&t0);
+rej:
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_uniform_gamma1(&y, rhoprime, nonce++);
+    z = y;
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_ntt(&z);
+    PQCLEAN_MLDSA65_CLEAN_polyvec_matrix_pointwise_montgomery(&w1, mat, &z);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_reduce(&w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_invntt_tomont(&w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_caddq(&w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_decompose(&w1, &w0, &w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_pack_w1(signature, &w1);
+    shake256_inc_init(&state);
+    shake256_inc_absorb(&state, mu_local, CRHBYTES);
+    shake256_inc_absorb(&state, signature, K * POLYW1_PACKEDBYTES);
+    shake256_inc_finalize(&state);
+    shake256_inc_squeeze(signature, CTILDEBYTES, &state);
+    shake256_inc_ctx_release(&state);
+    PQCLEAN_MLDSA65_CLEAN_poly_challenge(&cp, signature);
+    PQCLEAN_MLDSA65_CLEAN_poly_ntt(&cp);
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_pointwise_poly_montgomery(&z, &cp, &s1);
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_invntt_tomont(&z);
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_add(&z, &z, &y);
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_reduce(&z);
+    if (PQCLEAN_MLDSA65_CLEAN_polyvecl_chknorm(&z, GAMMA1 - BETA)) {
+        goto rej;
+    }
+    PQCLEAN_MLDSA65_CLEAN_polyveck_pointwise_poly_montgomery(&h, &cp, &s2);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_invntt_tomont(&h);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_sub(&w0, &w0, &h);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_reduce(&w0);
+    if (PQCLEAN_MLDSA65_CLEAN_polyveck_chknorm(&w0, GAMMA2 - BETA)) {
+        goto rej;
+    }
+    PQCLEAN_MLDSA65_CLEAN_polyveck_pointwise_poly_montgomery(&h, &cp, &t0);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_invntt_tomont(&h);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_reduce(&h);
+    if (PQCLEAN_MLDSA65_CLEAN_polyveck_chknorm(&h, GAMMA2)) {
+        goto rej;
+    }
+    PQCLEAN_MLDSA65_CLEAN_polyveck_add(&w0, &w0, &h);
+    n = PQCLEAN_MLDSA65_CLEAN_polyveck_make_hint(&h, &w0, &w1);
+    if (n > OMEGA) {
+        goto rej;
+    }
+    PQCLEAN_MLDSA65_CLEAN_pack_sig(signature, signature, &z, &h);
+    *signature_len = PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES;
+    pq_secure_wipe(rho, sizeof(rho));
+    pq_secure_wipe(key, sizeof(key));
+    pq_secure_wipe(rnd, sizeof(rnd));
+    pq_secure_wipe(mu_local, sizeof(mu_local));
+    pq_secure_wipe(rhoprime, sizeof(rhoprime));
+    pq_secure_wipe(&s1, sizeof(s1));
+    pq_secure_wipe(&s2, sizeof(s2));
+    pq_secure_wipe(&t0, sizeof(t0));
+    pq_secure_wipe(&y, sizeof(y));
+    pq_secure_wipe(&z, sizeof(z));
+    pq_secure_wipe(&w0, sizeof(w0));
+    pq_secure_wipe(&cp, sizeof(cp));
+    return PQ_SUCCESS;
+}
+int pq_verify_mu(const uint8_t *signature, size_t signature_len, const uint8_t *mu,
+                 const uint8_t *public_key) {
+    if (signature == NULL || mu == NULL || public_key == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    if (signature_len != PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES) {
+        return PQ_ERROR_VERIFY;
+    }
+    unsigned int i;
+    uint8_t buf[K * POLYW1_PACKEDBYTES];
+    uint8_t rho[SEEDBYTES];
+    uint8_t c[CTILDEBYTES];
+    uint8_t c2[CTILDEBYTES];
+    poly cp;
+    polyvecl mat[K], z;
+    polyveck t1, w1, h;
+    shake256incctx state;
+    PQCLEAN_MLDSA65_CLEAN_unpack_pk(rho, &t1, public_key);
+    if (PQCLEAN_MLDSA65_CLEAN_unpack_sig(c, &z, &h, signature)) {
+        return PQ_ERROR_VERIFY;
+    }
+    if (PQCLEAN_MLDSA65_CLEAN_polyvecl_chknorm(&z, GAMMA1 - BETA)) {
+        return PQ_ERROR_VERIFY;
+    }
+    PQCLEAN_MLDSA65_CLEAN_poly_challenge(&cp, c);
+    PQCLEAN_MLDSA65_CLEAN_polyvec_matrix_expand(mat, rho);
+    PQCLEAN_MLDSA65_CLEAN_polyvecl_ntt(&z);
+    PQCLEAN_MLDSA65_CLEAN_polyvec_matrix_pointwise_montgomery(&w1, mat, &z);
+    PQCLEAN_MLDSA65_CLEAN_poly_ntt(&cp);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_shiftl(&t1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_ntt(&t1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_pointwise_poly_montgomery(&t1, &cp, &t1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_sub(&w1, &w1, &t1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_reduce(&w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_invntt_tomont(&w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_caddq(&w1);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_use_hint(&w1, &w1, &h);
+    PQCLEAN_MLDSA65_CLEAN_polyveck_pack_w1(buf, &w1);
+    shake256_inc_init(&state);
+    shake256_inc_absorb(&state, mu, CRHBYTES);
+    shake256_inc_absorb(&state, buf, K * POLYW1_PACKEDBYTES);
+    shake256_inc_finalize(&state);
+    shake256_inc_squeeze(c2, CTILDEBYTES, &state);
+    shake256_inc_ctx_release(&state);
+    for (i = 0; i < CTILDEBYTES; ++i) {
+        if (c[i] != c2[i]) {
+            return PQ_ERROR_VERIFY;
+        }
+    }
+    return PQ_SUCCESS;
+}
+void *pq_mu_builder_new(void) {
+    shake256incctx *state = (shake256incctx *)malloc(sizeof(shake256incctx));
+    if (state == NULL) {
+        return NULL;
+    }
+    shake256_inc_init(state);
+    return state;
+}
+int pq_mu_builder_init(void *state_ptr, const uint8_t *tr, const uint8_t *ctx, size_t ctxlen) {
+    if (state_ptr == NULL || tr == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    if (ctxlen > 255) {
+        return PQ_ERROR_BUFFER;
+    }
+    if (ctxlen > 0 && ctx == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    shake256incctx *state = (shake256incctx *)state_ptr;
+    uint8_t prefix[2];
+    prefix[0] = 0x00;
+    prefix[1] = (uint8_t)ctxlen;
+    shake256_inc_absorb(state, tr, TRBYTES);
+    shake256_inc_absorb(state, prefix, sizeof(prefix));
+    if (ctxlen > 0) {
+        shake256_inc_absorb(state, ctx, ctxlen);
+    }
+    return PQ_SUCCESS;
+}
+int pq_mu_builder_absorb(void *state_ptr, const uint8_t *chunk, size_t chunk_len) {
+    if (state_ptr == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    if (chunk_len == 0) {
+        return PQ_SUCCESS;
+    }
+    if (chunk == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    shake256incctx *state = (shake256incctx *)state_ptr;
+    shake256_inc_absorb(state, chunk, chunk_len);
+    return PQ_SUCCESS;
+}
+int pq_mu_builder_finalize(void *state_ptr, uint8_t *mu_out) {
+    if (state_ptr == NULL || mu_out == NULL) {
+        return PQ_ERROR_BUFFER;
+    }
+    shake256incctx *state = (shake256incctx *)state_ptr;
+    shake256_inc_finalize(state);
+    shake256_inc_squeeze(mu_out, CRHBYTES, state);
+    shake256_inc_ctx_release(state);
+    free(state);
+    return PQ_SUCCESS;
+}
+void pq_mu_builder_release(void *state_ptr) {
+    if (state_ptr == NULL) {
+        return;
+    }
+    shake256incctx *state = (shake256incctx *)state_ptr;
+    shake256_inc_ctx_release(state);
+    free(state);
+}

data/ext/pqcrypto/pqcrypto_ruby_secure.c CHANGED Viewed

@@ -223,6 +223,10 @@ static void pq_wipe_and_free(uint8_t *buffer, size_t len) {
     }
 }
+static void pq_free_buffer(uint8_t *buffer) {
+    free(buffer);
+}
 static void pq_validate_bytes_argument(VALUE value, size_t expected_len, const char *what) {
     StringValue(value);
     if ((size_t)RSTRING_LEN(value) != expected_len) {
@@ -628,17 +632,17 @@ static VALUE pqcrypto__test_sign_from_seed(VALUE self, VALUE message, VALUE secr
     rb_thread_call_without_gvl(pq_testing_sign_nogvl, &call, NULL, NULL);
-    pq_wipe_and_free(call.message, call.message_len);
+    pq_free_buffer(call.message);
     pq_wipe_and_free((uint8_t *)call.secret_key, secret_key_len);
     pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);
     if (call.result != PQ_SUCCESS) {
-        pq_wipe_and_free(call.signature, PQ_MLDSA_BYTES);
+        pq_free_buffer(call.signature);
         pq_raise_general_error(call.result);
     }
     VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
-    pq_wipe_and_free(call.signature, PQ_MLDSA_BYTES);
+    pq_free_buffer(call.signature);
     return result;
 }
@@ -661,16 +665,16 @@ static VALUE pqcrypto_sign(VALUE self, VALUE message, VALUE secret_key) {
     rb_nogvl(pq_sign_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
-    pq_wipe_and_free(call.message, call.message_len);
+    pq_free_buffer(call.message);
     pq_wipe_and_free((uint8_t *)call.secret_key, secret_key_len);
     if (call.result != PQ_SUCCESS) {
-        pq_wipe_and_free(call.signature, PQ_MLDSA_BYTES);
+        pq_free_buffer(call.signature);
         pq_raise_general_error(call.result);
     }
     VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
-    free(call.signature);
+    pq_free_buffer(call.signature);
     return result;
 }
@@ -689,9 +693,9 @@ static VALUE pqcrypto_verify(VALUE self, VALUE message, VALUE signature, VALUE p
     rb_nogvl(pq_verify_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
-    pq_wipe_and_free(call.message, call.message_len);
-    pq_wipe_and_free((uint8_t *)call.public_key, public_key_len);
-    pq_wipe_and_free((uint8_t *)call.signature, signature_len);
+    pq_free_buffer(call.message);
+    pq_free_buffer((uint8_t *)call.public_key);
+    pq_free_buffer((uint8_t *)call.signature);
     if (call.result == PQ_SUCCESS) {
         return Qtrue;
@@ -731,6 +735,282 @@ static VALUE pqcrypto_version(VALUE self) {
     return rb_str_new_cstr(pq_version());
 }
+typedef struct {
+    void *builder;
+} mu_builder_wrapper_t;
+typedef struct {
+    int result;
+    void *builder;
+    const uint8_t *chunk;
+    size_t chunk_len;
+} mu_absorb_call_t;
+typedef struct {
+    int result;
+    void *builder;
+    uint8_t *mu_out;
+} mu_finalize_call_t;
+typedef struct {
+    int result;
+    uint8_t *signature;
+    size_t signature_len;
+    const uint8_t *mu;
+    const uint8_t *secret_key;
+} sign_mu_call_t;
+typedef struct {
+    int result;
+    const uint8_t *signature;
+    size_t signature_len;
+    const uint8_t *mu;
+    const uint8_t *public_key;
+} verify_mu_call_t;
+static void mu_builder_wrapper_free(void *ptr) {
+    mu_builder_wrapper_t *wrapper = (mu_builder_wrapper_t *)ptr;
+    if (wrapper == NULL) {
+        return;
+    }
+    if (wrapper->builder != NULL) {
+        pq_mu_builder_release(wrapper->builder);
+        wrapper->builder = NULL;
+    }
+    xfree(wrapper);
+}
+static size_t mu_builder_wrapper_size(const void *ptr) {
+    (void)ptr;
+    return sizeof(mu_builder_wrapper_t);
+}
+static const rb_data_type_t mu_builder_data_type = {
+    "PQCrypto::MLDSA::MuBuilder",
+    {NULL, mu_builder_wrapper_free, mu_builder_wrapper_size},
+    NULL,
+    NULL,
+    RUBY_TYPED_FREE_IMMEDIATELY};
+static mu_builder_wrapper_t *mu_builder_unwrap(VALUE obj) {
+    mu_builder_wrapper_t *wrapper;
+    TypedData_Get_Struct(obj, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
+    if (wrapper == NULL || wrapper->builder == NULL) {
+        rb_raise(ePQCryptoError, "mu builder used after release");
+    }
+    return wrapper;
+}
+static VALUE pqcrypto__native_mldsa_extract_tr(VALUE self, VALUE secret_key) {
+    (void)self;
+    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
+    uint8_t tr[PQ_MLDSA_TRBYTES];
+    int rc = pq_mldsa_extract_tr_from_secret_key(tr, (const uint8_t *)RSTRING_PTR(secret_key));
+    if (rc != PQ_SUCCESS) {
+        pq_secure_wipe(tr, sizeof(tr));
+        pq_raise_general_error(rc);
+    }
+    VALUE result = pq_string_from_buffer(tr, sizeof(tr));
+    pq_secure_wipe(tr, sizeof(tr));
+    return result;
+}
+static VALUE pqcrypto__native_mldsa_compute_tr(VALUE self, VALUE public_key) {
+    (void)self;
+    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");
+    uint8_t tr[PQ_MLDSA_TRBYTES];
+    int rc = pq_mldsa_compute_tr_from_public_key(tr, (const uint8_t *)RSTRING_PTR(public_key));
+    if (rc != PQ_SUCCESS) {
+        pq_raise_general_error(rc);
+    }
+    return pq_string_from_buffer(tr, sizeof(tr));
+}
+static VALUE pqcrypto__native_mldsa_mu_builder_new(VALUE self, VALUE tr, VALUE ctx) {
+    (void)self;
+    pq_validate_bytes_argument(tr, PQ_MLDSA_TRBYTES, "tr");
+    StringValue(ctx);
+    size_t ctxlen = (size_t)RSTRING_LEN(ctx);
+    if (ctxlen > 255) {
+        rb_raise(rb_eArgError, "ML-DSA context length must be <= 255 bytes");
+    }
+    void *builder = pq_mu_builder_new();
+    if (builder == NULL) {
+        rb_raise(rb_eNoMemError, "Memory allocation failed (mu builder)");
+    }
+    int rc = pq_mu_builder_init(builder, (const uint8_t *)RSTRING_PTR(tr),
+                                (const uint8_t *)RSTRING_PTR(ctx), ctxlen);
+    if (rc != PQ_SUCCESS) {
+        pq_mu_builder_release(builder);
+        pq_raise_general_error(rc);
+    }
+    mu_builder_wrapper_t *wrapper;
+    VALUE obj =
+        TypedData_Make_Struct(rb_cObject, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
+    wrapper->builder = builder;
+    return obj;
+}
+static void *pq_mu_absorb_nogvl(void *arg) {
+    mu_absorb_call_t *call = (mu_absorb_call_t *)arg;
+    call->result = pq_mu_builder_absorb(call->builder, call->chunk, call->chunk_len);
+    return NULL;
+}
+static VALUE pqcrypto__native_mldsa_mu_builder_update(VALUE self, VALUE builder_obj, VALUE chunk) {
+    (void)self;
+    mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);
+    StringValue(chunk);
+    size_t chunk_len = (size_t)RSTRING_LEN(chunk);
+    if (chunk_len == 0) {
+        return Qnil;
+    }
+    uint8_t *copy = pq_alloc_buffer(chunk_len);
+    memcpy(copy, RSTRING_PTR(chunk), chunk_len);
+    mu_absorb_call_t call = {0};
+    call.builder = wrapper->builder;
+    call.chunk = copy;
+    call.chunk_len = chunk_len;
+    rb_nogvl(pq_mu_absorb_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
+    free(copy);
+    if (call.result != PQ_SUCCESS) {
+        pq_raise_general_error(call.result);
+    }
+    return Qnil;
+}
+static void *pq_mu_finalize_nogvl(void *arg) {
+    mu_finalize_call_t *call = (mu_finalize_call_t *)arg;
+    call->result = pq_mu_builder_finalize(call->builder, call->mu_out);
+    return NULL;
+}
+static VALUE pqcrypto__native_mldsa_mu_builder_finalize(VALUE self, VALUE builder_obj) {
+    (void)self;
+    mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);
+    uint8_t mu[PQ_MLDSA_MUBYTES];
+    mu_finalize_call_t call = {0};
+    call.builder = wrapper->builder;
+    call.mu_out = mu;
+    rb_nogvl(pq_mu_finalize_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
+    if (call.result != PQ_SUCCESS) {
+        pq_mu_builder_release(wrapper->builder);
+    }
+    wrapper->builder = NULL;
+    if (call.result != PQ_SUCCESS) {
+        pq_secure_wipe(mu, sizeof(mu));
+        pq_raise_general_error(call.result);
+    }
+    VALUE result = pq_string_from_buffer(mu, sizeof(mu));
+    pq_secure_wipe(mu, sizeof(mu));
+    return result;
+}
+static VALUE pqcrypto__native_mldsa_mu_builder_release(VALUE self, VALUE builder_obj) {
+    (void)self;
+    mu_builder_wrapper_t *wrapper;
+    TypedData_Get_Struct(builder_obj, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
+    if (wrapper != NULL && wrapper->builder != NULL) {
+        pq_mu_builder_release(wrapper->builder);
+        wrapper->builder = NULL;
+    }
+    return Qnil;
+}
+static void *pq_sign_mu_nogvl(void *arg) {
+    sign_mu_call_t *call = (sign_mu_call_t *)arg;
+    call->result = pq_sign_mu(call->signature, &call->signature_len, call->mu, call->secret_key);
+    return NULL;
+}
+static VALUE pqcrypto__native_mldsa_sign_mu(VALUE self, VALUE mu, VALUE secret_key) {
+    (void)self;
+    pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
+    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
+    sign_mu_call_t call = {0};
+    size_t secret_key_len = 0;
+    size_t mu_len = 0;
+    uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
+    uint8_t *sk_copy = pq_copy_ruby_string(secret_key, &secret_key_len);
+    call.mu = mu_copy;
+    call.secret_key = sk_copy;
+    call.signature_len = PQ_MLDSA_BYTES;
+    call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);
+    rb_nogvl(pq_sign_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
+    pq_wipe_and_free(mu_copy, mu_len);
+    pq_wipe_and_free(sk_copy, secret_key_len);
+    if (call.result != PQ_SUCCESS) {
+        pq_free_buffer(call.signature);
+        pq_raise_general_error(call.result);
+    }
+    VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
+    pq_free_buffer(call.signature);
+    return result;
+}
+static void *pq_verify_mu_nogvl(void *arg) {
+    verify_mu_call_t *call = (verify_mu_call_t *)arg;
+    call->result = pq_verify_mu(call->signature, call->signature_len, call->mu, call->public_key);
+    return NULL;
+}
+static VALUE pqcrypto__native_mldsa_verify_mu(VALUE self, VALUE mu, VALUE signature,
+                                              VALUE public_key) {
+    (void)self;
+    StringValue(signature);
+    pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
+    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");
+    verify_mu_call_t call = {0};
+    size_t public_key_len = 0;
+    size_t signature_len = 0;
+    size_t mu_len = 0;
+    uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
+    uint8_t *pk_copy = pq_copy_ruby_string(public_key, &public_key_len);
+    uint8_t *sig_copy = pq_copy_ruby_string(signature, &signature_len);
+    call.mu = mu_copy;
+    call.public_key = pk_copy;
+    call.signature = sig_copy;
+    call.signature_len = signature_len;
+    rb_nogvl(pq_verify_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
+    pq_wipe_and_free(mu_copy, mu_len);
+    pq_free_buffer(pk_copy);
+    pq_free_buffer(sig_copy);
+    if (call.result == PQ_SUCCESS) {
+        return Qtrue;
+    }
+    if (call.result == PQ_ERROR_VERIFY) {
+        return Qfalse;
+    }
+    pq_raise_general_error(call.result);
+}
 static void define_constants(void) {
     rb_define_const(mPQCrypto, "ML_KEM_PUBLIC_KEY_BYTES", INT2NUM(PQ_MLKEM_PUBLICKEYBYTES));
     rb_define_const(mPQCrypto, "ML_KEM_SECRET_KEY_BYTES", INT2NUM(PQ_MLKEM_SECRETKEYBYTES));
@@ -834,6 +1114,22 @@ void Init_pqcrypto_secure(void) {
                               pqcrypto_secret_key_from_pqc_container_der, 1);
     rb_define_module_function(mPQCrypto, "secret_key_from_pqc_container_pem",
                               pqcrypto_secret_key_from_pqc_container_pem, 1);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_extract_tr",
+                              pqcrypto__native_mldsa_extract_tr, 1);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_compute_tr",
+                              pqcrypto__native_mldsa_compute_tr, 1);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_mu_builder_new",
+                              pqcrypto__native_mldsa_mu_builder_new, 2);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_mu_builder_update",
+                              pqcrypto__native_mldsa_mu_builder_update, 2);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_mu_builder_finalize",
+                              pqcrypto__native_mldsa_mu_builder_finalize, 1);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_mu_builder_release",
+                              pqcrypto__native_mldsa_mu_builder_release, 1);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_sign_mu", pqcrypto__native_mldsa_sign_mu,
+                              2);
+    rb_define_module_function(mPQCrypto, "_native_mldsa_verify_mu",
+                              pqcrypto__native_mldsa_verify_mu, 3);
     define_constants();
 }

data/ext/pqcrypto/pqcrypto_secure.c CHANGED Viewed

@@ -959,5 +959,5 @@ int pq_secret_key_from_pqc_container_pem(char **algorithm_out, uint8_t **key_out
 }
 const char *pq_version(void) {
-    return "0.3.0";
+    return "0.3.2";
 }

data/ext/pqcrypto/pqcrypto_secure.h CHANGED Viewed

@@ -144,6 +144,22 @@ const char *pq_version(void);
 #define PQ_MLDSA_PUBLICKEYBYTES MLDSA_PUBLICKEYBYTES
 #define PQ_MLDSA_SECRETKEYBYTES MLDSA_SECRETKEYBYTES
 #define PQ_MLDSA_BYTES          MLDSA_BYTES
+#define PQ_MLDSA_MUBYTES        64
+#define PQ_MLDSA_TRBYTES        64
+int pq_mldsa_extract_tr_from_secret_key(uint8_t *tr_out, const uint8_t *secret_key);
+int pq_mldsa_compute_tr_from_public_key(uint8_t *tr_out, const uint8_t *public_key);
+int pq_sign_mu(uint8_t *signature, size_t *signature_len,
+               const uint8_t *mu, const uint8_t *secret_key);
+int pq_verify_mu(const uint8_t *signature, size_t signature_len,
+                 const uint8_t *mu, const uint8_t *public_key);
+void *pq_mu_builder_new(void);
+int pq_mu_builder_init(void *state, const uint8_t *tr,
+                       const uint8_t *ctx, size_t ctxlen);
+int pq_mu_builder_absorb(void *state, const uint8_t *chunk, size_t chunk_len);
+int pq_mu_builder_finalize(void *state, uint8_t *mu_out);
+void pq_mu_builder_release(void *state);
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key);
 int pq_hybrid_kem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile ADDED Viewed

@@ -0,0 +1,8 @@
+KeccakP-1600-times4-SIMD256.o: KeccakP-1600-times4-SIMD256.c \
+  align.h brg_endian.h KeccakP-1600-times4-SnP.h \
+  KeccakP-1600-unrolling.macros SIMD256-config.h
+	$(CC) -O3 -mavx2 -c $< -o $@
+.PHONY: clean
+clean:
+	$(RM) KeccakP-1600-times4-SIMD256.o

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile ADDED Viewed

@@ -0,0 +1,19 @@
+# This Makefile can be used with GNU Make or BSD Make
+LIB=libml-kem-768_clean.a
+HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric.h verify.h
+OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-shake.o verify.o
+CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
+all: $(LIB)
+%.o: %.c $(HEADERS)
+	$(CC) $(CFLAGS) -c -o $@ $<
+$(LIB): $(OBJECTS)
+	$(AR) -r $@ $(OBJECTS)
+clean:
+	$(RM) $(OBJECTS)
+	$(RM) $(LIB)

data/ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile ADDED Viewed

@@ -0,0 +1,19 @@
+# This Makefile can be used with GNU Make or BSD Make
+LIB=libml-dsa-65_clean.a
+HEADERS=api.h ntt.h packing.h params.h poly.h polyvec.h reduce.h rounding.h sign.h symmetric.h
+OBJECTS=ntt.o packing.o poly.o polyvec.o reduce.o rounding.o sign.o symmetric-shake.o
+CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
+all: $(LIB)
+%.o: %.c $(HEADERS)
+	$(CC) $(CFLAGS) -c -o $@ $<
+$(LIB): $(OBJECTS)
+	$(AR) -r $@ $(OBJECTS)
+clean:
+	$(RM) $(OBJECTS)
+	$(RM) $(LIB)

data/lib/pq_crypto/signature.rb CHANGED Viewed

@@ -74,6 +74,95 @@ module PQCrypto
         raise UnsupportedAlgorithmError, "Unsupported signature algorithm: #{algorithm.inspect}"
       end
+      def _streaming_sign(secret_key, io, chunk_size, context)
+        validate_chunk_size!(chunk_size)
+        validate_context!(context)
+        validate_io!(io)
+        sk_bytes = secret_key.__send__(:bytes_for_native)
+        begin
+          tr = PQCrypto.__send__(:_native_mldsa_extract_tr, sk_bytes)
+        rescue ArgumentError => e
+          raise InvalidKeyError, e.message
+        end
+        builder = PQCrypto.__send__(:_native_mldsa_mu_builder_new, tr, context.b)
+        builder_consumed = false
+        mu = nil
+        begin
+          _drain_io_into_builder(io, builder, chunk_size)
+          mu = PQCrypto.__send__(:_native_mldsa_mu_builder_finalize, builder)
+          builder_consumed = true
+          PQCrypto.__send__(:_native_mldsa_sign_mu, mu, sk_bytes)
+        ensure
+          PQCrypto.__send__(:_native_mldsa_mu_builder_release, builder) unless builder_consumed
+          PQCrypto.secure_wipe(tr) if tr && !tr.frozen?
+          PQCrypto.secure_wipe(mu) if mu && !mu.frozen?
+        end
+      end
+      def _streaming_verify(public_key, io, signature, chunk_size, context)
+        validate_chunk_size!(chunk_size)
+        validate_context!(context)
+        validate_io!(io)
+        pk_bytes = public_key.__send__(:bytes_for_native)
+        begin
+          tr = PQCrypto.__send__(:_native_mldsa_compute_tr, pk_bytes)
+        rescue ArgumentError => e
+          raise InvalidKeyError, e.message
+        end
+        builder = PQCrypto.__send__(:_native_mldsa_mu_builder_new, tr, context.b)
+        builder_consumed = false
+        mu = nil
+        sig_bytes = String(signature).b
+        begin
+          _drain_io_into_builder(io, builder, chunk_size)
+          mu = PQCrypto.__send__(:_native_mldsa_mu_builder_finalize, builder)
+          builder_consumed = true
+          PQCrypto.__send__(:_native_mldsa_verify_mu, mu, sig_bytes, pk_bytes)
+        ensure
+          PQCrypto.__send__(:_native_mldsa_mu_builder_release, builder) unless builder_consumed
+          PQCrypto.secure_wipe(tr) if tr && !tr.frozen?
+          PQCrypto.secure_wipe(mu) if mu && !mu.frozen?
+        end
+      end
+      def _drain_io_into_builder(io, builder, chunk_size)
+        buffer = String.new(capacity: chunk_size).b
+        loop do
+          result = io.read(chunk_size, buffer)
+          break if result.nil?
+          chunk = result.equal?(buffer) ? buffer : result
+          chunk_bytes = chunk.encoding == Encoding::BINARY ? chunk : chunk.b
+          break if chunk_bytes.bytesize.zero?
+          PQCrypto.__send__(:_native_mldsa_mu_builder_update, builder, chunk_bytes)
+        end
+      end
+      def validate_io!(io)
+        unless io.respond_to?(:read)
+          raise ArgumentError, "io must respond to #read"
+        end
+      end
+      def validate_chunk_size!(chunk_size)
+        unless chunk_size.is_a?(Integer) && chunk_size > 0
+          raise ArgumentError, "chunk_size must be a positive Integer"
+        end
+      end
+      def validate_context!(context)
+        ctx = String(context).b
+        if ctx.bytesize > 255
+          raise ArgumentError, "context must be at most 255 bytes (FIPS 204)"
+        end
+      end
     end
     class Keypair
@@ -125,6 +214,17 @@ module PQCrypto
         true
       end
+      def verify_io(io, signature, chunk_size: 1 << 20, context: "".b)
+        Signature.send(:_streaming_verify, self, io, signature, chunk_size, context)
+      end
+      def verify_io!(io, signature, chunk_size: 1 << 20, context: "".b)
+        unless verify_io(io, signature, chunk_size: chunk_size, context: context)
+          raise PQCrypto::VerificationError, "Verification failed"
+        end
+        true
+      end
       def ==(other)
         return false unless other.is_a?(PublicKey) && other.algorithm == algorithm
         PQCrypto.__send__(:native_ct_equals, other.to_bytes, @bytes)
@@ -142,6 +242,10 @@ module PQCrypto
       private
+      def bytes_for_native
+        @bytes
+      end
       def validate_length!
         expected = Signature.details(@algorithm).fetch(:public_key_bytes)
         raise InvalidKeyError, "Invalid signature public key length" unless @bytes.bytesize == expected
@@ -175,6 +279,10 @@ module PQCrypto
         raise InvalidKeyError, e.message
       end
+      def sign_io(io, chunk_size: 1 << 20, context: "".b)
+        Signature.send(:_streaming_sign, self, io, chunk_size, context)
+      end
       def wipe!
         PQCrypto.secure_wipe(@bytes)
         self
@@ -197,6 +305,10 @@ module PQCrypto
       private
+      def bytes_for_native
+        @bytes
+      end
       def validate_length!
         expected = Signature.details(@algorithm).fetch(:secret_key_bytes)
         raise InvalidKeyError, "Invalid signature secret key length" unless @bytes.bytesize == expected

data/lib/pq_crypto/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PQCrypto
-  VERSION = "0.3.1"
+  VERSION = "0.3.2"
 end

data/lib/pq_crypto.rb CHANGED Viewed

@@ -69,6 +69,17 @@ module PQCrypto
       __test_sign_from_seed
     ].freeze
+    EXTERNAL_MU_METHODS = %i[
+      _native_mldsa_extract_tr
+      _native_mldsa_compute_tr
+      _native_mldsa_mu_builder_new
+      _native_mldsa_mu_builder_update
+      _native_mldsa_mu_builder_finalize
+      _native_mldsa_mu_builder_release
+      _native_mldsa_sign_mu
+      _native_mldsa_verify_mu
+    ].freeze
     class << PQCrypto
       NativeBindings::NATIVE_METHODS.each do |name|
         alias_name = :"native_#{name.to_s.sub(/\A__/, '')}"
@@ -78,6 +89,7 @@ module PQCrypto
       private(*NativeBindings::NATIVE_METHODS)
       private(*NativeBindings::NATIVE_METHODS.map { |n| :"native_#{n.to_s.sub(/\A__/, '')}" })
+      private(*NativeBindings::EXTERNAL_MU_METHODS)
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pq_crypto
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Roman Haydarov
@@ -69,6 +69,7 @@ files:
 - ext/pqcrypto/extconf.rb
 - ext/pqcrypto/mldsa_api.h
 - ext/pqcrypto/mlkem_api.h
+- ext/pqcrypto/pq_externalmu.c
 - ext/pqcrypto/pq_randombytes.c
 - ext/pqcrypto/pqcrypto_ruby_secure.c
 - ext/pqcrypto/pqcrypto_secure.c
@@ -86,6 +87,7 @@ files:
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SIMD256.c
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SnP.h
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-unrolling.macros
+- ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile.Microsoft_nmake
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/SIMD256-config.h
 - ext/pqcrypto/vendor/pqclean/common/keccak4x/align.h
@@ -99,6 +101,7 @@ files:
 - ext/pqcrypto/vendor/pqclean/common/sp800-185.c
 - ext/pqcrypto/vendor/pqclean/common/sp800-185.h
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/LICENSE
+- ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/Makefile.Microsoft_nmake
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/api.h
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/cbd.c
@@ -121,6 +124,7 @@ files:
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/verify.c
 - ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/verify.h
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/LICENSE
+- ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/Makefile.Microsoft_nmake
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/api.h
 - ext/pqcrypto/vendor/pqclean/crypto_sign/ml-dsa-65/clean/ntt.c