pq_crypto 0.3.2 → 0.5.0

data/ext/pqcrypto/pqcrypto_secure.c

@@ -1,4 +1,5 @@
 #include "pqcrypto_secure.h"
+#include "pqcrypto_version.h"
 
 #include <stdio.h>
 #include <sys/types.h>
@@ -21,12 +22,7 @@
 #error "OpenSSL 3.0 or later is required for pq_crypto"
 #endif
 
-#ifndef HAVE_PQCLEAN
-#error "PQClean-backed algorithms are required. Run: bundle exec rake vendor"
-#endif
-
-#include "mlkem_api.h"
-#include "mldsa_api.h"
+#include "pqcrypto_native_api.h"
 
 void pq_secure_wipe(void *ptr, size_t len) {
     if (ptr == NULL) {
@@ -49,15 +45,6 @@ static int pq_size_add(size_t a, size_t b, size_t *out) {
     return PQ_SUCCESS;
 }
 
-static int pq_size_mul(size_t a, size_t b, size_t *out) {
-    if (!out)
-        return PQ_ERROR_BUFFER;
-    if (a != 0 && SIZE_MAX / a < b)
-        return PQ_ERROR_BUFFER;
-    *out = a * b;
-    return PQ_SUCCESS;
-}
-
 static int pq_is_pem_whitespace(char c) {
     return c == '\n' || c == '\r' || c == ' ' || c == '\t';
 }
@@ -231,8 +218,7 @@ static int xwing_expand_secret_key(hybrid_expanded_secret_key_t *expanded_key,
     if (EVP_DigestFinalXOF(ctx, expanded, sizeof(expanded)) != 1)
         goto cleanup;
 
-    ret = PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(expanded_key->mlkem_pk,
-                                                           expanded_key->mlkem_sk, expanded);
+    ret = pqcr_mlkem768_keypair_derand(expanded_key->mlkem_pk, expanded_key->mlkem_sk, expanded);
     if (ret != 0) {
         ret = PQ_ERROR_KEYPAIR;
         goto cleanup;
@@ -256,99 +242,238 @@ cleanup:
     return ret;
 }
 
-int pq_mlkem_keypair(uint8_t *pk, uint8_t *sk) {
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair(pk, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
-}
+#define PQ_MLKEM_VARIANTS(X)             \
+    X(mlkem, pqcr_mlkem768)             \
+    X(mlkem512, pqcr_mlkem512)          \
+    X(mlkem1024, pqcr_mlkem1024)
+
+#define PQ_DEFINE_MLKEM_SHIMS(prefix, native)                                             \
+    int pq_##prefix##_keypair(uint8_t *pk, uint8_t *sk) {                                \
+        if (!pk || !sk) {                                                                 \
+            return PQ_ERROR_BUFFER;                                                       \
+        }                                                                                 \
+        return native##_keypair(pk, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;             \
+    }                                                                                     \
+    int pq_##prefix##_keypair_from_seed(uint8_t *pk, uint8_t *sk, const uint8_t *seed64) {\
+        if (!pk || !sk || !seed64) {                                                      \
+            return PQ_ERROR_BUFFER;                                                       \
+        }                                                                                 \
+        return native##_keypair_derand(pk, sk, seed64) == 0 ? PQ_SUCCESS                  \
+                                                            : PQ_ERROR_KEYPAIR;           \
+    }                                                                                     \
+    int pq_##prefix##_encapsulate(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {          \
+        if (!ct || !ss || !pk) {                                                          \
+            return PQ_ERROR_BUFFER;                                                       \
+        }                                                                                 \
+        return native##_enc(ct, ss, pk) == 0 ? PQ_SUCCESS : PQ_ERROR_ENCAPSULATE;         \
+    }                                                                                     \
+    int pq_##prefix##_decapsulate(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {    \
+        if (!ss || !ct || !sk) {                                                          \
+            return PQ_ERROR_BUFFER;                                                       \
+        }                                                                                 \
+        return native##_dec(ss, ct, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_DECAPSULATE;         \
+    }
 
-int pq_mlkem_encapsulate(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc(ct, ss, pk) == 0 ? PQ_SUCCESS
-                                                                  : PQ_ERROR_ENCAPSULATE;
-}
+PQ_MLKEM_VARIANTS(PQ_DEFINE_MLKEM_SHIMS)
 
-int pq_mlkem_decapsulate(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(ss, ct, sk) == 0 ? PQ_SUCCESS
-                                                                  : PQ_ERROR_DECAPSULATE;
+#undef PQ_DEFINE_MLKEM_SHIMS
+
+static int pq_testing_mlkem_keypair_from_seed_with(uint8_t *public_key, uint8_t *secret_key,
+                                                   const uint8_t *seed, size_t seed_len,
+                                                   int (*keypair_derand)(uint8_t *, uint8_t *,
+                                                                         const uint8_t *)) {
+    if (!public_key || !secret_key || !seed || seed_len != 64 || !keypair_derand) {
+        return PQ_ERROR_BUFFER;
+    }
+    return keypair_derand(public_key, secret_key, seed) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
 }
 
-int pq_testing_mlkem_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
-                                       const uint8_t *seed, size_t seed_len) {
-    if (!public_key || !secret_key || !seed || seed_len != 64) {
+static int pq_testing_mlkem_encapsulate_from_seed_with(
+    uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key, const uint8_t *seed,
+    size_t seed_len, int (*enc_derand)(uint8_t *, uint8_t *, const uint8_t *, const uint8_t *)) {
+    if (!ciphertext || !shared_secret || !public_key || !seed || seed_len != 32 || !enc_derand) {
         return PQ_ERROR_BUFFER;
     }
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(public_key, secret_key, seed) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_KEYPAIR;
+    return enc_derand(ciphertext, shared_secret, public_key, seed) == 0 ? PQ_SUCCESS
+                                                                        : PQ_ERROR_ENCAPSULATE;
 }
 
-int pq_testing_mlkem_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
-                                           const uint8_t *public_key, const uint8_t *seed,
-                                           size_t seed_len) {
-    if (!ciphertext || !shared_secret || !public_key || !seed || seed_len != 32) {
+#define PQ_DEFINE_MLKEM_TESTING_SHIMS(prefix, native)                                         \
+    int pq_testing_##prefix##_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,      \
+                                                const uint8_t *seed, size_t seed_len) {        \
+        return pq_testing_mlkem_keypair_from_seed_with(public_key, secret_key, seed, seed_len, \
+                                                       native##_keypair_derand);               \
+    }                                                                                          \
+    int pq_testing_##prefix##_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,\
+                                                    const uint8_t *public_key,                 \
+                                                    const uint8_t *seed, size_t seed_len) {    \
+        return pq_testing_mlkem_encapsulate_from_seed_with(ciphertext, shared_secret, public_key,\
+                                                           seed, seed_len, native##_enc_derand);\
+    }
+
+PQ_MLKEM_VARIANTS(PQ_DEFINE_MLKEM_TESTING_SHIMS)
+
+#undef PQ_DEFINE_MLKEM_TESTING_SHIMS
+
+#define PQ_DEFINE_MLDSA_SIGN_KEYPAIR(prefix, native)                              \
+    int pq_##prefix##_keypair(uint8_t *public_key, uint8_t *secret_key) {         \
+        if (!public_key || !secret_key) {                                         \
+            return PQ_ERROR_BUFFER;                                               \
+        }                                                                         \
+        return native##_keypair(public_key, secret_key) == 0 ? PQ_SUCCESS         \
+                                                            : PQ_ERROR_KEYPAIR;   \
+    }
+
+PQ_DEFINE_MLDSA_SIGN_KEYPAIR(sign, pqcr_mldsa65)
+PQ_DEFINE_MLDSA_SIGN_KEYPAIR(mldsa44_sign, pqcr_mldsa44)
+PQ_DEFINE_MLDSA_SIGN_KEYPAIR(mldsa87_sign, pqcr_mldsa87)
+
+#undef PQ_DEFINE_MLDSA_SIGN_KEYPAIR
+
+#define PQ_DEFINE_MLDSA_SIGN(name, native)                                                \
+    int pq_##name(uint8_t *signature, size_t *signature_len, const uint8_t *message,      \
+                  size_t message_len, const uint8_t *secret_key) {                        \
+        if (!signature || !signature_len || !secret_key || (message_len > 0 && !message)) {\
+            return PQ_ERROR_BUFFER;                                                       \
+        }                                                                                 \
+        return native##_signature(signature, signature_len, message, message_len, NULL, 0,\
+                                  secret_key) == 0                                        \
+                   ? PQ_SUCCESS                                                           \
+                   : PQ_ERROR_SIGN;                                                       \
+    }
+
+PQ_DEFINE_MLDSA_SIGN(sign, pqcr_mldsa65)
+PQ_DEFINE_MLDSA_SIGN(mldsa44_sign, pqcr_mldsa44)
+PQ_DEFINE_MLDSA_SIGN(mldsa87_sign, pqcr_mldsa87)
+
+#undef PQ_DEFINE_MLDSA_SIGN
+
+#define PQ_DEFINE_MLDSA_VERIFY(name, native)                                             \
+    int pq_##name(const uint8_t *signature, size_t signature_len, const uint8_t *message, \
+                  size_t message_len, const uint8_t *public_key) {                       \
+        if (!signature || !public_key || (message_len > 0 && !message)) {                 \
+            return PQ_ERROR_BUFFER;                                                       \
+        }                                                                                 \
+        return native##_verify(signature, signature_len, message, message_len, NULL, 0,   \
+                               public_key) == 0                                          \
+                   ? PQ_SUCCESS                                                           \
+                   : PQ_ERROR_VERIFY;                                                     \
+    }
+
+PQ_DEFINE_MLDSA_VERIFY(verify, pqcr_mldsa65)
+PQ_DEFINE_MLDSA_VERIFY(mldsa44_verify, pqcr_mldsa44)
+PQ_DEFINE_MLDSA_VERIFY(mldsa87_verify, pqcr_mldsa87)
+
+#undef PQ_DEFINE_MLDSA_VERIFY
+
+static int pq_testing_mldsa_sign_from_seed_with(
+    uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
+    const uint8_t *secret_key, const uint8_t *seed, size_t seed_len,
+    int (*signature_internal)(uint8_t *, size_t *, const uint8_t *, size_t, const uint8_t *, size_t,
+                              const uint8_t *, const uint8_t *, int),
+    size_t (*prepare_prefix)(uint8_t *, const uint8_t *, size_t, const uint8_t *, size_t, int)) {
+    uint8_t pre[MLDSA_DOMAIN_SEPARATION_MAX_BYTES];
+    size_t pre_len;
+
+    if (!signature || !signature_len || !secret_key || !seed || seed_len != MLDSA_RNDBYTES ||
+        !signature_internal || !prepare_prefix || (message_len > 0 && !message)) {
         return PQ_ERROR_BUFFER;
     }
-    return PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc_derand(ciphertext, shared_secret, public_key,
-                                                        seed) == 0
+
+    /*
+     * mldsa-native's signature_internal is lower-level than the public pure
+     * ML-DSA signing API. It expects the FIPS 204 domain-separation prefix explicitly. Passing
+     * NULL/0 signs CRH(tr, message) instead of CRH(tr, 0x00 || ctxlen || ctx || message),
+     * which produces signatures that do not verify through the public pure-ML-DSA API
+     * and do not match ACVP/KAT sigGen vectors.
+     */
+    pre_len = prepare_prefix(pre, NULL, 0, NULL, 0, MLDSA_PREHASH_NONE);
+    if (pre_len == 0) {
+        return PQ_ERROR_SIGN;
+    }
+
+    return signature_internal(signature, signature_len, message, message_len, pre, pre_len, seed,
+                              secret_key, 0) == 0
                ? PQ_SUCCESS
-               : PQ_ERROR_ENCAPSULATE;
+               : PQ_ERROR_SIGN;
 }
 
-int pq_sign_keypair(uint8_t *public_key, uint8_t *secret_key) {
-    return PQCLEAN_MLDSA65_CLEAN_crypto_sign_keypair(public_key, secret_key) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_KEYPAIR;
+int pq_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed32) {
+    if (!public_key || !secret_key || !seed32) {
+        return PQ_ERROR_BUFFER;
+    }
+    return pqcr_mldsa44_keypair_internal(public_key, secret_key, seed32) == 0 ? PQ_SUCCESS
+                                                                              : PQ_ERROR_KEYPAIR;
 }
 
-int pq_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
-            const uint8_t *secret_key) {
-    return PQCLEAN_MLDSA65_CLEAN_crypto_sign_signature(signature, signature_len, message,
-                                                       message_len, secret_key) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_SIGN;
+int pq_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed32) {
+    if (!public_key || !secret_key || !seed32) {
+        return PQ_ERROR_BUFFER;
+    }
+    return pqcr_mldsa65_keypair_internal(public_key, secret_key, seed32) == 0 ? PQ_SUCCESS
+                                                                              : PQ_ERROR_KEYPAIR;
 }
 
-int pq_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
-              size_t message_len, const uint8_t *public_key) {
-    return PQCLEAN_MLDSA65_CLEAN_crypto_sign_verify(signature, signature_len, message, message_len,
-                                                    public_key) == 0
-               ? PQ_SUCCESS
-               : PQ_ERROR_VERIFY;
+int pq_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed32) {
+    if (!public_key || !secret_key || !seed32) {
+        return PQ_ERROR_BUFFER;
+    }
+    return pqcr_mldsa87_keypair_internal(public_key, secret_key, seed32) == 0 ? PQ_SUCCESS
+                                                                              : PQ_ERROR_KEYPAIR;
 }
 
 int pq_testing_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
                                        const uint8_t *seed, size_t seed_len) {
-    int rc;
-    if (!public_key || !secret_key || !seed) {
+    if (seed_len != MLDSA_SEEDBYTES) {
         return PQ_ERROR_BUFFER;
     }
+    return pq_mldsa_keypair_from_seed(public_key, secret_key, seed);
+}
 
-    if (seed_len != 32) {
+int pq_testing_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len) {
+    if (seed_len != MLDSA_SEEDBYTES) {
         return PQ_ERROR_BUFFER;
     }
+    return pq_mldsa44_keypair_from_seed(public_key, secret_key, seed);
+}
 
-    pq_testing_set_seed(seed, seed_len);
-    rc = PQCLEAN_MLDSA65_CLEAN_crypto_sign_keypair(public_key, secret_key);
-    pq_testing_clear_seed();
-    return rc == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;
+int pq_testing_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len) {
+    if (seed_len != MLDSA_SEEDBYTES) {
+        return PQ_ERROR_BUFFER;
+    }
+    return pq_mldsa87_keypair_from_seed(public_key, secret_key, seed);
 }
 
 int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
                                     const uint8_t *message, size_t message_len,
                                     const uint8_t *secret_key, const uint8_t *seed,
                                     size_t seed_len) {
-    int rc;
-    if (!signature || !signature_len || !secret_key || !seed) {
-        return PQ_ERROR_BUFFER;
-    }
+    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
+                                                secret_key, seed, seed_len,
+                                                pqcr_mldsa65_signature_internal,
+                                                pqcr_mldsa65_prepare_domain_separation_prefix);
+}
 
-    if (seed_len != 32) {
-        return PQ_ERROR_BUFFER;
-    }
+int pq_testing_mldsa44_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len) {
+    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
+                                                secret_key, seed, seed_len,
+                                                pqcr_mldsa44_signature_internal,
+                                                pqcr_mldsa44_prepare_domain_separation_prefix);
+}
 
-    pq_testing_set_seed(seed, seed_len);
-    rc = PQCLEAN_MLDSA65_CLEAN_crypto_sign_signature(signature, signature_len, message, message_len,
-                                                     secret_key);
-    pq_testing_clear_seed();
-    return rc == 0 ? PQ_SUCCESS : PQ_ERROR_SIGN;
+int pq_testing_mldsa87_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len) {
+    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
+                                                secret_key, seed, seed_len,
+                                                pqcr_mldsa87_signature_internal,
+                                                pqcr_mldsa87_prepare_domain_separation_prefix);
 }
 
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key) {
@@ -405,7 +530,7 @@ int pq_hybrid_kem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,
     memset(x25519_ss, 0, sizeof(x25519_ss));
     memset(x25519_ephemeral_sk, 0, sizeof(x25519_ephemeral_sk));
 
-    if (PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc(ct.mlkem_ct, mlkem_ss, pk.mlkem_pk) != 0) {
+    if (pqcr_mlkem768_enc(ct.mlkem_ct, mlkem_ss, pk.mlkem_pk) != 0) {
         ret = PQ_ERROR_ENCAPSULATE;
         goto cleanup;
     }
@@ -459,7 +584,7 @@ int pq_hybrid_kem_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
         goto cleanup;
     }
 
-    if (PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(mlkem_ss, ct.mlkem_ct, expanded.mlkem_sk) != 0) {
+    if (pqcr_mlkem768_dec(mlkem_ss, ct.mlkem_ct, expanded.mlkem_sk) != 0) {
         ret = PQ_ERROR_DECAPSULATE;
         goto cleanup;
     }
@@ -959,5 +1084,5 @@ int pq_secret_key_from_pqc_container_pem(char **algorithm_out, uint8_t **key_out
 }
 
 const char *pq_version(void) {
-    return "0.3.2";
+    return PQCRYPTO_VERSION;
 }

data/ext/pqcrypto/pqcrypto_secure.h

@@ -5,20 +5,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifndef HAVE_PQCLEAN
-#error "PQClean sources are required to build pq_crypto. Run: bundle exec rake vendor"
-#endif
-
-#include "mlkem_api.h"
-#include "mldsa_api.h"
-#define MLKEM_PUBLICKEYBYTES    PQCLEAN_MLKEM768_CLEAN_CRYPTO_PUBLICKEYBYTES
-#define MLKEM_SECRETKEYBYTES    PQCLEAN_MLKEM768_CLEAN_CRYPTO_SECRETKEYBYTES
-#define MLKEM_CIPHERTEXTBYTES   PQCLEAN_MLKEM768_CLEAN_CRYPTO_CIPHERTEXTBYTES
-#define MLKEM_SHAREDSECRETBYTES PQCLEAN_MLKEM768_CLEAN_CRYPTO_BYTES
-
-#define MLDSA_PUBLICKEYBYTES 1952
-#define MLDSA_SECRETKEYBYTES 4032
-#define MLDSA_BYTES          3309
+#include "pqcrypto_native_api.h"
 
 #define X25519_PUBLICKEYBYTES    32
 #define X25519_SECRETKEYBYTES    32
@@ -78,15 +65,45 @@ _Static_assert(sizeof(hybrid_ciphertext_t) == HYBRID_CIPHERTEXTBYTES,
 void pq_secure_wipe(void *ptr, size_t len);
 
 int pq_mlkem_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mlkem512_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mlkem1024_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mlkem_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                               const uint8_t *seed64);
+int pq_mlkem512_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                  const uint8_t *seed64);
+int pq_mlkem1024_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                   const uint8_t *seed64);
 int pq_mlkem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+int pq_mlkem512_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+int pq_mlkem1024_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
 int pq_mlkem_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
                          const uint8_t *secret_key);
+int pq_mlkem512_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
+                            const uint8_t *secret_key);
+int pq_mlkem1024_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
+                             const uint8_t *secret_key);
 
 int pq_sign_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mldsa44_sign_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mldsa87_sign_keypair(uint8_t *public_key, uint8_t *secret_key);
+int pq_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                  const uint8_t *seed32);
+int pq_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                               const uint8_t *seed32);
+int pq_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                  const uint8_t *seed32);
 int pq_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
             const uint8_t *secret_key);
+int pq_mldsa44_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
+                    const uint8_t *secret_key);
+int pq_mldsa87_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
+                    const uint8_t *secret_key);
 int pq_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
               size_t message_len, const uint8_t *public_key);
+int pq_mldsa44_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
+                      size_t message_len, const uint8_t *public_key);
+int pq_mldsa87_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
+                      size_t message_len, const uint8_t *public_key);
 
 int pq_public_key_to_pqc_container_der(uint8_t **output, size_t *output_len,
                                        const uint8_t *public_key,
@@ -115,15 +132,37 @@ int pq_secret_key_from_pqc_container_pem(char **algorithm_out, uint8_t **key_out
 
 int pq_testing_mlkem_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
                                        const uint8_t *seed, size_t seed_len);
+int pq_testing_mlkem512_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                          const uint8_t *seed, size_t seed_len);
+int pq_testing_mlkem1024_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                           const uint8_t *seed, size_t seed_len);
 int pq_testing_mlkem_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
                                            const uint8_t *public_key, const uint8_t *seed,
                                            size_t seed_len);
+int pq_testing_mlkem512_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
+                                              const uint8_t *public_key, const uint8_t *seed,
+                                              size_t seed_len);
+int pq_testing_mlkem1024_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,
+                                               const uint8_t *public_key, const uint8_t *seed,
+                                               size_t seed_len);
 int pq_testing_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
                                        const uint8_t *seed, size_t seed_len);
+int pq_testing_mldsa44_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len);
+int pq_testing_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
+                                         const uint8_t *seed, size_t seed_len);
 int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
                                     const uint8_t *message, size_t message_len,
                                     const uint8_t *secret_key, const uint8_t *seed,
                                     size_t seed_len);
+int pq_testing_mldsa44_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len);
+int pq_testing_mldsa87_sign_from_seed(uint8_t *signature, size_t *signature_len,
+                                      const uint8_t *message, size_t message_len,
+                                      const uint8_t *secret_key, const uint8_t *seed,
+                                      size_t seed_len);
 
 void pq_testing_set_seed(const uint8_t *seed, size_t len);
 void pq_testing_clear_seed(void);

data/ext/pqcrypto/pqcrypto_version.h

@@ -0,0 +1,7 @@
+/* Generated by extconf.rb from lib/pq_crypto/version.rb. Do not edit. */
+#ifndef PQCRYPTO_VERSION_H
+#define PQCRYPTO_VERSION_H
+
+#define PQCRYPTO_VERSION "0.5.0"
+
+#endif

data/ext/pqcrypto/randombytes.h

@@ -0,0 +1,9 @@
+#ifndef PQCRYPTO_RANDOMBYTES_H
+#define PQCRYPTO_RANDOMBYTES_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+int randombytes(uint8_t *output, size_t n);
+
+#endif

data/ext/pqcrypto/vendor/.vendored

@@ -1,5 +1,10 @@
-pqclean_version=2cc64716044832eea747234ddbffc06746ab815d
-pqclean_url=https://github.com/PQClean/PQClean/archive/2cc64716044832eea747234ddbffc06746ab815d.tar.gz
-pqclean_archive_sha256=0e92076a79082a8d220e27227f37b280fb2ce050af412babd2bc755ab37b871a
-pqclean_strip=PQClean-2cc64716044832eea747234ddbffc06746ab815d
-pqclean_tree_sha256=2af0c3ec2cbe3b06805c39d3d1389ee7a9b0b29a83183328374a0db55f56c19e
+backend=PQ Code Package native only
+pqclean=removed
+mlkem_native_repo=https://github.com/pq-code-package/mlkem-native.git
+mlkem_native_ref=v1.1.0
+mlkem_native_commit=d2cae2be522a67bfae26100fdb520576f1b2ef90
+mlkem_native_tree_sha256=368ad66b3a8092dd919d5646eb8507b8336e8f9f09c43b779dbf864700b5b8fb
+mldsa_native_repo=https://github.com/pq-code-package/mldsa-native.git
+mldsa_native_ref=v1.0.0-beta
+mldsa_native_commit=db65535319d9750d75d34c6d170677415f9d2c46
+mldsa_native_tree_sha256=9c73cd6c185bb6885a7cf0ecb56a5282a5657aa5e6c32f68f442d941baa92b3d

data/ext/pqcrypto/vendor/mldsa-native/BUILDING.md

@@ -0,0 +1,105 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+
+# Building mldsa-native
+
+### Prerequisites
+
+To build **mldsa-native**, you need `make` and a C90 compiler. To use the test scripts, you need Python3 (>= 3.7).
+
+### By hand
+
+See [mldsa](mldsa).
+
+### Using `make`
+
+You can build and test **mldsa-native** as follows:
+
+```bash
+make test       # With native code backend (if available)
+make OPT=0 test # With C backend
+```
+
+To merely build test components, use the following `make` targets:
+
+```bash
+make func
+make kat
+make acvp
+```
+
+To run them, add `run_`:
+
+```bash
+make run_func
+make run_kat
+make run_acvp
+```
+
+The resulting binaries can be found in `test/build` (their full path is printed by `make`).
+
+For benchmarking, specify the cycle counting method. Currently, **mldsa-native** is supporting NO, PERF, PMU, and MAC:
+* `NO` means that no cycle counting will be used; this can be used to confirm that benchmarks compile fine.
+* `PERF` uses the `perf` kernel module for cycle counting. Does not work on Apple platforms.
+* `PMU` uses direct PMU access if available. On AArch64, this may require you to load a kernel module first, see [here](https://github.com/mupq/pqax?tab=readme-ov-file#enable-access-to-performance-counters). Does not work on Apple platforms.
+* `MAC` is `perf`-based and works on some Apple platforms, at least Apple M1.
+
+```
+# CYCLES has to be one of PERF, PMU, MAC, NO
+sudo make run_bench CYCLES=PERF
+sudo make run_bench_components CYCLES=PERF
+```
+
+### Using `tests` script
+
+For convenience, you can also use the [`./scripts/tests`](scripts/tests) script as a wrapper around `make`. For
+example,
+
+```bash
+./scripts/tests func
+```
+
+will compile and run functionality tests. Similarly,
+
+```bash
+./scripts/tests bench -c PERF -r
+```
+
+will compile and run benchmarks, using PERF for cycle counting (`-c PERF`) and running as root (`-r`).
+
+For detailed information on how to use the script, please refer to
+`./scripts/tests --help`.
+
+### Windows
+
+You can also build **mldsa-native** on Windows using `nmake` and an MSVC compiler.
+
+To build and run the tests (only support functional testing for non-opt implementation for now), use the following `nmake` targets:
+```powershell
+nmke /f .\Makefile.Microsoft_nmake quickcheck
+```
+
+# Checking the proofs
+
+## CBMC
+
+### Prerequisites
+
+To run the CBMC proofs, you need specific versions of CBMC and the underlying solvers, e.g. as specified in our `nix` environment; see [nix/cbmc](nix/cbmc/).
+See [CONTRIBUTING.md](CONTRIBUTING.md) for instructions on how to setup and use `nix`.
+
+### Running the CBMC proofs
+
+Once you are in the `nix` shell or have all tools setup by hand, use `./scripts/tests cbmc` (or just `tests cbmc` in the `nix` shell) to re-check the CBMC proofs.
+See `tests cbmc --help` for details on the command line options, and [proofs/cbmc](proofs/cbmc) for more details on the CBMC proofs in general.
+
+## HOL-Light
+
+### Prerequisites
+
+To run the HOL-Light proofs, you need recent versions of HOL-Light and s2n-bignum, e.g. as specified in our `nix` environment; see [nix/s2n_bignum](nix/s2n_bignum) and [nix/hol_light](nix/hol_light).
+See [CONTRIBUTING.md](CONTRIBUTING.md) for instructions on how to setup and use `nix`.
+
+### Running the HOL-Light proofs
+
+Once you are in the `nix` shell or have all tools setup by hand, use `./scripts/tests hol_light` (or just `tests hol_light` in the `nix` shell) to re-check the HOL-Light proofs. Note that depending on the function, they will take a long time. See `tests hol_light --help` for details on the command line options, and [proofs/hol_light](proofs/hol_light) for more details on the HOL-Light proofs in general.
+