RubyGems - pq_crypto - Versions diffs - 0.3.1 → 0.4.2 - Mend

pq_crypto 0.3.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

data/ext/pqcrypto/pqcrypto_secure.c CHANGED Viewed

@@ -1,4 +1,5 @@
 #include "pqcrypto_secure.h"
+#include "pqcrypto_version.h"
 #include <stdio.h>
 #include <sys/types.h>
@@ -49,15 +50,6 @@ static int pq_size_add(size_t a, size_t b, size_t *out) {
     return PQ_SUCCESS;
 }
-static int pq_size_mul(size_t a, size_t b, size_t *out) {
-    if (!out)
-        return PQ_ERROR_BUFFER;
-    if (a != 0 && SIZE_MAX / a < b)
-        return PQ_ERROR_BUFFER;
-    *out = a * b;
-    return PQ_SUCCESS;
-}
 static int pq_is_pem_whitespace(char c) {
     return c == '\n' || c == '\r' || c == ' ' || c == '\t';
 }
@@ -256,101 +248,216 @@ cleanup:
     return ret;
 }
-int pq_mlkem_keypair(uint8_t *pk, uint8_t *sk) {
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair(pk, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
-}
+#define PQ_MLKEM_VARIANTS(X)    \
+    X(mlkem, MLKEM768_CLEAN)    \
+    X(mlkem512, MLKEM512_CLEAN) \
+    X(mlkem1024, MLKEM1024_CLEAN)
+#define PQ_DEFINE_MLKEM_SHIMS(prefix, pqclean)                                             \
+    int pq_##prefix##_keypair(uint8_t *pk, uint8_t *sk) {                                  \
+        return PQCLEAN_##pqclean##_crypto_kem_keypair(pk, sk) == 0 ? PQ_SUCCESS            \
+                                                                   : PQ_ERROR_KEYPAIR;     \
+    }                                                                                      \
+    int pq_##prefix##_keypair_from_seed(uint8_t *pk, uint8_t *sk, const uint8_t *seed64) { \
+        if (!pk || !sk || !seed64) {                                                       \
+            return PQ_ERROR_BUFFER;                                                        \
+        }                                                                                  \
+        return PQCLEAN_##pqclean##_crypto_kem_keypair_derand(pk, sk, seed64) == 0          \
+                   ? PQ_SUCCESS                                                            \
+                   : PQ_ERROR_KEYPAIR;                                                     \
+    }                                                                                      \
+    int pq_##prefix##_encapsulate(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {           \
+        return PQCLEAN_##pqclean##_crypto_kem_enc(ct, ss, pk) == 0 ? PQ_SUCCESS            \
+                                                                   : PQ_ERROR_ENCAPSULATE; \
+    }                                                                                      \
+    int pq_##prefix##_decapsulate(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {     \
+        return PQCLEAN_##pqclean##_crypto_kem_dec(ss, ct, sk) == 0 ? PQ_SUCCESS            \
+                                                                   : PQ_ERROR_DECAPSULATE; \
+    }
-int pq_mlkem_encapsulate(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc(ct, ss, pk) == 0 ? PQ_SUCCESS
-                                                                  : PQ_ERROR_ENCAPSULATE;
-}
+PQ_MLKEM_VARIANTS(PQ_DEFINE_MLKEM_SHIMS)
-int pq_mlkem_decapsulate(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(ss, ct, sk) == 0 ? PQ_SUCCESS
-                                                                  : PQ_ERROR_DECAPSULATE;
-}
+#undef PQ_DEFINE_MLKEM_SHIMS
-int pq_testing_mlkem_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
-                                       const uint8_t *seed, size_t seed_len) {
-    if (!public_key || !secret_key || !seed || seed_len != 64) {
+static int pq_testing_mlkem_keypair_from_seed_with(uint8_t *public_key, uint8_t *secret_key,
+                                                   const uint8_t *seed, size_t seed_len,
+                                                   int (*keypair_derand)(uint8_t *, uint8_t *,
+                                                                         const uint8_t *)) {
+    if (!public_key || !secret_key || !seed || seed_len != 64 || !keypair_derand) {
         return PQ_ERROR_BUFFER;
     }
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(public_key, secret_key, seed) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_KEYPAIR;
+    return keypair_derand(public_key, secret_key, seed) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
 }
-int pq_testing_mlkem_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
-                                           const uint8_t *public_key, const uint8_t *seed,
-                                           size_t seed_len) {
-    if (!ciphertext || !shared_secret || !public_key || !seed || seed_len != 32) {
+static int pq_testing_mlkem_encapsulate_from_seed_with(
+    uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key, const uint8_t *seed,
+    size_t seed_len, int (*enc_derand)(uint8_t *, uint8_t *, const uint8_t *, const uint8_t *)) {
+    if (!ciphertext || !shared_secret || !public_key || !seed || seed_len != 32 || !enc_derand) {
         return PQ_ERROR_BUFFER;
     }
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc_derand(ciphertext, shared_secret, public_key,
-                                                        seed) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_ENCAPSULATE;
+    return enc_derand(ciphertext, shared_secret, public_key, seed) == 0 ? PQ_SUCCESS
+                                                                        : PQ_ERROR_ENCAPSULATE;
 }
-int pq_sign_keypair(uint8_t *public_key, uint8_t *secret_key) {
-    return PQCLEAN_MLDSA65_CLEAN_crypto_sign_keypair(public_key, secret_key) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_KEYPAIR;
-}
+#define PQ_DEFINE_MLKEM_TESTING_SHIMS(prefix, pqclean)                                           \
+    int pq_testing_##prefix##_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,        \
+                                                const uint8_t *seed, size_t seed_len) {          \
+        return pq_testing_mlkem_keypair_from_seed_with(                                          \
+            public_key, secret_key, seed, seed_len,                                              \
+            PQCLEAN_##pqclean##_crypto_kem_keypair_derand);                                      \
+    }                                                                                            \
+    int pq_testing_##prefix##_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret, \
+                                                    const uint8_t *public_key,                   \
+                                                    const uint8_t *seed, size_t seed_len) {      \
+        return pq_testing_mlkem_encapsulate_from_seed_with(                                      \
+            ciphertext, shared_secret, public_key, seed, seed_len,                               \
+            PQCLEAN_##pqclean##_crypto_kem_enc_derand);                                          \
+    }
-int pq_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
-            const uint8_t *secret_key) {
-    return PQCLEAN_MLDSA65_CLEAN_crypto_sign_signature(signature, signature_len, message,
-                                                       message_len, secret_key) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_SIGN;
-}
+PQ_MLKEM_VARIANTS(PQ_DEFINE_MLKEM_TESTING_SHIMS)
-int pq_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
-              size_t message_len, const uint8_t *public_key) {
-    return PQCLEAN_MLDSA65_CLEAN_crypto_sign_verify(signature, signature_len, message, message_len,
-                                                    public_key) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_VERIFY;
-}
+#undef PQ_DEFINE_MLKEM_TESTING_SHIMS
-int pq_testing_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
-                                       const uint8_t *seed, size_t seed_len) {
-    int rc;
-    if (!public_key || !secret_key || !seed) {
-        return PQ_ERROR_BUFFER;
+#define PQ_DEFINE_MLDSA_SIGN_KEYPAIR(prefix, pqclean)                               \
+    int pq_##prefix##_keypair(uint8_t *public_key, uint8_t *secret_key) {           \
+        return PQCLEAN_##pqclean##_crypto_sign_keypair(public_key, secret_key) == 0 \
+                   ? PQ_SUCCESS                                                     \
+                   : PQ_ERROR_KEYPAIR;                                              \
+    }
+PQ_DEFINE_MLDSA_SIGN_KEYPAIR(sign, MLDSA65_CLEAN)
+PQ_DEFINE_MLDSA_SIGN_KEYPAIR(mldsa44_sign, MLDSA44_CLEAN)
+PQ_DEFINE_MLDSA_SIGN_KEYPAIR(mldsa87_sign, MLDSA87_CLEAN)
+#undef PQ_DEFINE_MLDSA_SIGN_KEYPAIR
+#define PQ_DEFINE_MLDSA_SIGN(name, pqclean)                                                 \
+    int pq_##name(uint8_t *signature, size_t *signature_len, const uint8_t *message,        \
+                  size_t message_len, const uint8_t *secret_key) {                          \
+        return PQCLEAN_##pqclean##_crypto_sign_signature(signature, signature_len, message, \
+                                                         message_len, secret_key) == 0      \
+                   ? PQ_SUCCESS                                                             \
+                   : PQ_ERROR_SIGN;                                                         \
     }
-    if (seed_len != 32) {
+PQ_DEFINE_MLDSA_SIGN(sign, MLDSA65_CLEAN)
+PQ_DEFINE_MLDSA_SIGN(mldsa44_sign, MLDSA44_CLEAN)
+PQ_DEFINE_MLDSA_SIGN(mldsa87_sign, MLDSA87_CLEAN)
+#undef PQ_DEFINE_MLDSA_SIGN
+#define PQ_DEFINE_MLDSA_VERIFY(name, pqclean)                                             \
+    int pq_##name(const uint8_t *signature, size_t signature_len, const uint8_t *message, \
+                  size_t message_len, const uint8_t *public_key) {                        \
+        return PQCLEAN_##pqclean##_crypto_sign_verify(signature, signature_len, message,  \
+                                                      message_len, public_key) == 0       \
+                   ? PQ_SUCCESS                                                           \
+                   : PQ_ERROR_VERIFY;                                                     \
+    }
+PQ_DEFINE_MLDSA_VERIFY(verify, MLDSA65_CLEAN)
+PQ_DEFINE_MLDSA_VERIFY(mldsa44_verify, MLDSA44_CLEAN)
+PQ_DEFINE_MLDSA_VERIFY(mldsa87_verify, MLDSA87_CLEAN)
+#undef PQ_DEFINE_MLDSA_VERIFY
+static int pq_testing_mldsa_keypair_from_seed_with(uint8_t *public_key, uint8_t *secret_key,
+                                                   const uint8_t *seed, size_t seed_len,
+                                                   int (*keypair)(uint8_t *, uint8_t *)) {
+    int rc;
+    if (!public_key || !secret_key || !seed || seed_len != 32 || !keypair) {
         return PQ_ERROR_BUFFER;
     }
     pq_testing_set_seed(seed, seed_len);
-    rc = PQCLEAN_MLDSA65_CLEAN_crypto_sign_keypair(public_key, secret_key);
+    rc = keypair(public_key, secret_key);
     pq_testing_clear_seed();
     return rc == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
 }
-int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
-                                    const uint8_t *message, size_t message_len,
-                                    const uint8_t *secret_key, const uint8_t *seed,
-                                    size_t seed_len) {
+static int pq_testing_mldsa_sign_from_seed_with(
+    uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
+    const uint8_t *secret_key, const uint8_t *seed, size_t seed_len,
+    int (*sign)(uint8_t *, size_t *, const uint8_t *, size_t, const uint8_t *)) {
     int rc;
-    if (!signature || !signature_len || !secret_key || !seed) {
-        return PQ_ERROR_BUFFER;
-    }
-    if (seed_len != 32) {
+    if (!signature || !signature_len || !secret_key || !seed || seed_len != 32 || !sign) {
         return PQ_ERROR_BUFFER;
     }
     pq_testing_set_seed(seed, seed_len);
-    rc = PQCLEAN_MLDSA65_CLEAN_crypto_sign_signature(signature, signature_len, message, message_len,
-                                                     secret_key);
+    rc = sign(signature, signature_len, message, message_len, secret_key);
     pq_testing_clear_seed();
     return rc == 0 ? PQ_SUCCESS : PQ_ERROR_SIGN;
 }
+/*
+ * Production ML-DSA seed expansion for RFC 9881 seed-format PKCS#8 imports.
+ *
+ * PQClean does not expose a public crypto_sign_keypair_derand entrypoint for
+ * ML-DSA. This deliberately reuses pq_crypto's thread-local seed-replay
+ * randombytes() path, the same path covered by Patch 8 KATs, and is surfaced
+ * only through the Ruby PKCS#8 opt-in gate.
+ */
+int pq_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed32) {
+    return pq_testing_mldsa_keypair_from_seed_with(public_key, secret_key, seed32, 32,
+                                                   PQCLEAN_MLDSA44_CLEAN_crypto_sign_keypair);
+}
+int pq_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed32) {
+    return pq_testing_mldsa_keypair_from_seed_with(public_key, secret_key, seed32, 32,
+                                                   PQCLEAN_MLDSA65_CLEAN_crypto_sign_keypair);
+}
+int pq_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed32) {
+    return pq_testing_mldsa_keypair_from_seed_with(public_key, secret_key, seed32, 32,
+                                                   PQCLEAN_MLDSA87_CLEAN_crypto_sign_keypair);
+}
+int pq_testing_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                       const uint8_t *seed, size_t seed_len) {
+    return pq_testing_mldsa_keypair_from_seed_with(public_key, secret_key, seed, seed_len,
+                                                   PQCLEAN_MLDSA65_CLEAN_crypto_sign_keypair);
+}
+int pq_testing_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len) {
+    return pq_testing_mldsa_keypair_from_seed_with(public_key, secret_key, seed, seed_len,
+                                                   PQCLEAN_MLDSA44_CLEAN_crypto_sign_keypair);
+}
+int pq_testing_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len) {
+    return pq_testing_mldsa_keypair_from_seed_with(public_key, secret_key, seed, seed_len,
+                                                   PQCLEAN_MLDSA87_CLEAN_crypto_sign_keypair);
+}
+int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                    const uint8_t *message, size_t message_len,
+                                    const uint8_t *secret_key, const uint8_t *seed,
+                                    size_t seed_len) {
+    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
+                                                secret_key, seed, seed_len,
+                                                PQCLEAN_MLDSA65_CLEAN_crypto_sign_signature);
+}
+int pq_testing_mldsa44_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len) {
+    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
+                                                secret_key, seed, seed_len,
+                                                PQCLEAN_MLDSA44_CLEAN_crypto_sign_signature);
+}
+int pq_testing_mldsa87_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len) {
+    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
+                                                secret_key, seed, seed_len,
+                                                PQCLEAN_MLDSA87_CLEAN_crypto_sign_signature);
+}
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key) {
     hybrid_public_key_t pk;
     hybrid_expanded_secret_key_t expanded;
@@ -959,5 +1066,5 @@ int pq_secret_key_from_pqc_container_pem(char **algorithm_out, uint8_t **key_out
 }
 const char *pq_version(void) {
-    return "0.3.0";
+    return PQCRYPTO_VERSION;
 }

data/ext/pqcrypto/pqcrypto_secure.h CHANGED Viewed

@@ -11,14 +11,42 @@
 #include "mlkem_api.h"
 #include "mldsa_api.h"
-#define MLKEM_PUBLICKEYBYTES    PQCLEAN_MLKEM768_CLEAN_CRYPTO_PUBLICKEYBYTES
-#define MLKEM_SECRETKEYBYTES    PQCLEAN_MLKEM768_CLEAN_CRYPTO_SECRETKEYBYTES
-#define MLKEM_CIPHERTEXTBYTES   PQCLEAN_MLKEM768_CLEAN_CRYPTO_CIPHERTEXTBYTES
-#define MLKEM_SHAREDSECRETBYTES PQCLEAN_MLKEM768_CLEAN_CRYPTO_BYTES
-#define MLDSA_PUBLICKEYBYTES 1952
-#define MLDSA_SECRETKEYBYTES 4032
-#define MLDSA_BYTES          3309
+#define MLKEM512_PUBLICKEYBYTES    PQCLEAN_MLKEM512_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define MLKEM512_SECRETKEYBYTES    PQCLEAN_MLKEM512_CLEAN_CRYPTO_SECRETKEYBYTES
+#define MLKEM512_CIPHERTEXTBYTES   PQCLEAN_MLKEM512_CLEAN_CRYPTO_CIPHERTEXTBYTES
+#define MLKEM512_SHAREDSECRETBYTES PQCLEAN_MLKEM512_CLEAN_CRYPTO_BYTES
+#define MLKEM768_PUBLICKEYBYTES    PQCLEAN_MLKEM768_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define MLKEM768_SECRETKEYBYTES    PQCLEAN_MLKEM768_CLEAN_CRYPTO_SECRETKEYBYTES
+#define MLKEM768_CIPHERTEXTBYTES   PQCLEAN_MLKEM768_CLEAN_CRYPTO_CIPHERTEXTBYTES
+#define MLKEM768_SHAREDSECRETBYTES PQCLEAN_MLKEM768_CLEAN_CRYPTO_BYTES
+#define MLKEM1024_PUBLICKEYBYTES    PQCLEAN_MLKEM1024_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define MLKEM1024_SECRETKEYBYTES    PQCLEAN_MLKEM1024_CLEAN_CRYPTO_SECRETKEYBYTES
+#define MLKEM1024_CIPHERTEXTBYTES   PQCLEAN_MLKEM1024_CLEAN_CRYPTO_CIPHERTEXTBYTES
+#define MLKEM1024_SHAREDSECRETBYTES PQCLEAN_MLKEM1024_CLEAN_CRYPTO_BYTES
+#define MLKEM_PUBLICKEYBYTES    MLKEM768_PUBLICKEYBYTES
+#define MLKEM_SECRETKEYBYTES    MLKEM768_SECRETKEYBYTES
+#define MLKEM_CIPHERTEXTBYTES   MLKEM768_CIPHERTEXTBYTES
+#define MLKEM_SHAREDSECRETBYTES MLKEM768_SHAREDSECRETBYTES
+#define MLDSA44_PUBLICKEYBYTES PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define MLDSA44_SECRETKEYBYTES PQCLEAN_MLDSA44_CLEAN_CRYPTO_SECRETKEYBYTES
+#define MLDSA44_BYTES          PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES
+#define MLDSA65_PUBLICKEYBYTES PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define MLDSA65_SECRETKEYBYTES PQCLEAN_MLDSA65_CLEAN_CRYPTO_SECRETKEYBYTES
+#define MLDSA65_BYTES          PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES
+#define MLDSA87_PUBLICKEYBYTES PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define MLDSA87_SECRETKEYBYTES PQCLEAN_MLDSA87_CLEAN_CRYPTO_SECRETKEYBYTES
+#define MLDSA87_BYTES          PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES
+#define MLDSA_PUBLICKEYBYTES MLDSA65_PUBLICKEYBYTES
+#define MLDSA_SECRETKEYBYTES MLDSA65_SECRETKEYBYTES
+#define MLDSA_BYTES          MLDSA65_BYTES
 #define X25519_PUBLICKEYBYTES    32
 #define X25519_SECRETKEYBYTES    32
@@ -78,15 +106,45 @@ _Static_assert(sizeof(hybrid_ciphertext_t) == HYBRID_CIPHERTEXTBYTES,
 void pq_secure_wipe(void *ptr, size_t len);
 int pq_mlkem_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mlkem512_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mlkem1024_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mlkem_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                               const uint8_t *seed64);
+int pq_mlkem512_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                  const uint8_t *seed64);
+int pq_mlkem1024_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                   const uint8_t *seed64);
 int pq_mlkem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+int pq_mlkem512_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+int pq_mlkem1024_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
 int pq_mlkem_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
                          const uint8_t *secret_key);
+int pq_mlkem512_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
+                            const uint8_t *secret_key);
+int pq_mlkem1024_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
+                             const uint8_t *secret_key);
 int pq_sign_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mldsa44_sign_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mldsa87_sign_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                  const uint8_t *seed32);
+int pq_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                               const uint8_t *seed32);
+int pq_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                  const uint8_t *seed32);
 int pq_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
             const uint8_t *secret_key);
+int pq_mldsa44_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
+                    const uint8_t *secret_key);
+int pq_mldsa87_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
+                    const uint8_t *secret_key);
 int pq_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
               size_t message_len, const uint8_t *public_key);
+int pq_mldsa44_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
+                      size_t message_len, const uint8_t *public_key);
+int pq_mldsa87_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
+                      size_t message_len, const uint8_t *public_key);
 int pq_public_key_to_pqc_container_der(uint8_t **output, size_t *output_len,
                                        const uint8_t *public_key,
@@ -115,15 +173,37 @@ int pq_secret_key_from_pqc_container_pem(char **algorithm_out, uint8_t **key_out
 int pq_testing_mlkem_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
                                        const uint8_t *seed, size_t seed_len);
+int pq_testing_mlkem512_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                          const uint8_t *seed, size_t seed_len);
+int pq_testing_mlkem1024_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                           const uint8_t *seed, size_t seed_len);
 int pq_testing_mlkem_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
                                            const uint8_t *public_key, const uint8_t *seed,
                                            size_t seed_len);
+int pq_testing_mlkem512_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
+                                              const uint8_t *public_key, const uint8_t *seed,
+                                              size_t seed_len);
+int pq_testing_mlkem1024_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
+                                               const uint8_t *public_key, const uint8_t *seed,
+                                               size_t seed_len);
 int pq_testing_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
                                        const uint8_t *seed, size_t seed_len);
+int pq_testing_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len);
+int pq_testing_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len);
 int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
                                     const uint8_t *message, size_t message_len,
                                     const uint8_t *secret_key, const uint8_t *seed,
                                     size_t seed_len);
+int pq_testing_mldsa44_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len);
+int pq_testing_mldsa87_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len);
 void pq_testing_set_seed(const uint8_t *seed, size_t len);
 void pq_testing_clear_seed(void);
@@ -144,6 +224,22 @@ const char *pq_version(void);
 #define PQ_MLDSA_PUBLICKEYBYTES MLDSA_PUBLICKEYBYTES
 #define PQ_MLDSA_SECRETKEYBYTES MLDSA_SECRETKEYBYTES
 #define PQ_MLDSA_BYTES          MLDSA_BYTES
+#define PQ_MLDSA_MUBYTES        64
+#define PQ_MLDSA_TRBYTES        64
+int pq_mldsa_extract_tr_from_secret_key(uint8_t *tr_out, const uint8_t *secret_key);
+int pq_mldsa_compute_tr_from_public_key(uint8_t *tr_out, const uint8_t *public_key);
+int pq_sign_mu(uint8_t *signature, size_t *signature_len,
+               const uint8_t *mu, const uint8_t *secret_key);
+int pq_verify_mu(const uint8_t *signature, size_t signature_len,
+                 const uint8_t *mu, const uint8_t *public_key);
+void *pq_mu_builder_new(void);
+int pq_mu_builder_init(void *state, const uint8_t *tr,
+                       const uint8_t *ctx, size_t ctxlen);
+int pq_mu_builder_absorb(void *state, const uint8_t *chunk, size_t chunk_len);
+int pq_mu_builder_finalize(void *state, uint8_t *mu_out);
+void pq_mu_builder_release(void *state);
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key);
 int pq_hybrid_kem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,

data/ext/pqcrypto/pqcrypto_version.h ADDED Viewed

@@ -0,0 +1,7 @@
+/* Generated by extconf.rb from lib/pq_crypto/version.rb. Do not edit. */
+#ifndef PQCRYPTO_VERSION_H
+#define PQCRYPTO_VERSION_H
+#define PQCRYPTO_VERSION "0.4.2"
+#endif

data/ext/pqcrypto/vendor/.vendored CHANGED Viewed

@@ -2,4 +2,4 @@ pqclean_version=2cc64716044832eea747234ddbffc06746ab815d
 pqclean_url=https://github.com/PQClean/PQClean/archive/2cc64716044832eea747234ddbffc06746ab815d.tar.gz
 pqclean_archive_sha256=0e92076a79082a8d220e27227f37b280fb2ce050af412babd2bc755ab37b871a
 pqclean_strip=PQClean-2cc64716044832eea747234ddbffc06746ab815d
-pqclean_tree_sha256=2af0c3ec2cbe3b06805c39d3d1389ee7a9b0b29a83183328374a0db55f56c19e
+pqclean_tree_sha256=14a141198236603be48b637021edfd1fca9970cae41bcfd76a9e9aa18823eaad

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile ADDED Viewed

@@ -0,0 +1,8 @@
+KeccakP-1600-times4-SIMD256.o: KeccakP-1600-times4-SIMD256.c \
+  align.h brg_endian.h KeccakP-1600-times4-SnP.h \
+  KeccakP-1600-unrolling.macros SIMD256-config.h
+	$(CC) -O3 -mavx2 -c $< -o $@
+.PHONY: clean
+clean:
+	$(RM) KeccakP-1600-times4-SIMD256.o

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/LICENSE ADDED Viewed

@@ -0,0 +1,5 @@
+Public Domain (https://creativecommons.org/share-your-work/public-domain/cc0/)
+For Keccak and AES we are using public-domain
+code from sources and by authors listed in
+comments on top of the respective files.

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/Makefile ADDED Viewed

@@ -0,0 +1,19 @@
+# This Makefile can be used with GNU Make or BSD Make
+LIB=libml-kem-1024_clean.a
+HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric.h verify.h
+OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-shake.o verify.o
+CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
+all: $(LIB)
+%.o: %.c $(HEADERS)
+	$(CC) $(CFLAGS) -c -o $@ $<
+$(LIB): $(OBJECTS)
+	$(AR) -r $@ $(OBJECTS)
+clean:
+	$(RM) $(OBJECTS)
+	$(RM) $(LIB)

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/Makefile.Microsoft_nmake ADDED Viewed

@@ -0,0 +1,23 @@
+# This Makefile can be used with Microsoft Visual Studio's nmake using the command:
+#    nmake /f Makefile.Microsoft_nmake
+LIBRARY=libml-kem-1024_clean.lib
+OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-shake.obj verify.obj
+# Warning C4146 is raised when a unary minus operator is applied to an
+# unsigned type; this has nonetheless been standard and portable for as
+# long as there has been a C standard, and we need it for constant-time
+# computations. Thus, we disable that spurious warning.
+CFLAGS=/nologo /O2 /I ..\..\..\common /W4 /WX /wd4146
+all: $(LIBRARY)
+# Make sure objects are recompiled if headers change.
+$(OBJECTS): *.h
+$(LIBRARY): $(OBJECTS)
+    LIB.EXE /NOLOGO /WX /OUT:$@ $**
+clean:
+    -DEL $(OBJECTS)
+    -DEL $(LIBRARY)

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/api.h ADDED Viewed

@@ -0,0 +1,18 @@
+#ifndef PQCLEAN_MLKEM1024_CLEAN_API_H
+#define PQCLEAN_MLKEM1024_CLEAN_API_H
+#include <stdint.h>
+#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_SECRETKEYBYTES  3168
+#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_PUBLICKEYBYTES  1568
+#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_CIPHERTEXTBYTES 1568
+#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_BYTES           32
+#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_ALGNAME "ML-KEM-1024"
+int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+#endif

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/cbd.c ADDED Viewed

@@ -0,0 +1,83 @@
+#include "cbd.h"
+#include "params.h"
+#include <stdint.h>
+/*************************************************
+* Name:        load32_littleendian
+*
+* Description: load 4 bytes into a 32-bit integer
+*              in little-endian order
+*
+* Arguments:   - const uint8_t *x: pointer to input byte array
+*
+* Returns 32-bit unsigned integer loaded from x
+**************************************************/
+static uint32_t load32_littleendian(const uint8_t x[4]) {
+    uint32_t r;
+    r  = (uint32_t)x[0];
+    r |= (uint32_t)x[1] << 8;
+    r |= (uint32_t)x[2] << 16;
+    r |= (uint32_t)x[3] << 24;
+    return r;
+}
+/*************************************************
+* Name:        load24_littleendian
+*
+* Description: load 3 bytes into a 32-bit integer
+*              in little-endian order.
+*              This function is only needed for Kyber-512
+*
+* Arguments:   - const uint8_t *x: pointer to input byte array
+*
+* Returns 32-bit unsigned integer loaded from x (most significant byte is zero)
+**************************************************/
+/*************************************************
+* Name:        cbd2
+*
+* Description: Given an array of uniformly random bytes, compute
+*              polynomial with coefficients distributed according to
+*              a centered binomial distribution with parameter eta=2
+*
+* Arguments:   - poly *r: pointer to output polynomial
+*              - const uint8_t *buf: pointer to input byte array
+**************************************************/
+static void cbd2(poly *r, const uint8_t buf[2 * KYBER_N / 4]) {
+    unsigned int i, j;
+    uint32_t t, d;
+    int16_t a, b;
+    for (i = 0; i < KYBER_N / 8; i++) {
+        t  = load32_littleendian(buf + 4 * i);
+        d  = t & 0x55555555;
+        d += (t >> 1) & 0x55555555;
+        for (j = 0; j < 8; j++) {
+            a = (d >> (4 * j + 0)) & 0x3;
+            b = (d >> (4 * j + 2)) & 0x3;
+            r->coeffs[8 * i + j] = a - b;
+        }
+    }
+}
+/*************************************************
+* Name:        cbd3
+*
+* Description: Given an array of uniformly random bytes, compute
+*              polynomial with coefficients distributed according to
+*              a centered binomial distribution with parameter eta=3.
+*              This function is only needed for Kyber-512
+*
+* Arguments:   - poly *r: pointer to output polynomial
+*              - const uint8_t *buf: pointer to input byte array
+**************************************************/
+void PQCLEAN_MLKEM1024_CLEAN_poly_cbd_eta1(poly *r, const uint8_t buf[KYBER_ETA1 * KYBER_N / 4]) {
+    cbd2(r, buf);
+}
+void PQCLEAN_MLKEM1024_CLEAN_poly_cbd_eta2(poly *r, const uint8_t buf[KYBER_ETA2 * KYBER_N / 4]) {
+    cbd2(r, buf);
+}

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/cbd.h ADDED Viewed

@@ -0,0 +1,11 @@
+#ifndef PQCLEAN_MLKEM1024_CLEAN_CBD_H
+#define PQCLEAN_MLKEM1024_CLEAN_CBD_H
+#include "params.h"
+#include "poly.h"
+#include <stdint.h>
+void PQCLEAN_MLKEM1024_CLEAN_poly_cbd_eta1(poly *r, const uint8_t buf[KYBER_ETA1 * KYBER_N / 4]);
+void PQCLEAN_MLKEM1024_CLEAN_poly_cbd_eta2(poly *r, const uint8_t buf[KYBER_ETA2 * KYBER_N / 4]);
+#endif