pq_crypto 0.4.2 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65d8d9a5d3aeecaba257218dcae5bedb56c82283a4d4d34cdea4a5946c5d2b80
-  data.tar.gz: 210cd374801dd9f8ce7beafa4f5eb528c807bcedd3762977445849e2def7e215
+  metadata.gz: 4f34f4ae9f34414fbbc1f6ffc63de9c24306a6a432138e36442c1e43661fa59e
+  data.tar.gz: 6b2a754c55b9a1be4706cf5d835ee08844b54d75d96d43611f22c8c4f68cb10f
 SHA512:
-  metadata.gz: a2085b6a3b6b48389219b81fa8b7a0e656c6583587df9a52817fcf28e663210be744e9e6a121dbaccdb9d06e8ce12fc2ee7b84f581fb9ce4e4bd74273df6a4b5
-  data.tar.gz: b6e7e3737f0d052d045b6fd4c424f188f6eab01333bc86b8685c707b6a90c14f4af0ecc3cacad6e8ca36750d71694d11481e5d4e617fa41bdbfe68a19a5ea0c3
+  metadata.gz: 0b72822b4b645f891e8f87693004f736070b9bba37432a48ffc840ec1a114865ba691db7c1ffc12aab7643369c3883892d9fbcf3c4f7cf895b5938d2ee650b1c
+  data.tar.gz: 13c0263600408685f5d484528032305c48e3e3d551799abad990167c9a9d14d0287aabb70fd88dc00f72d6236f15e70c3d9f6e9572ad02276e11674aafd87774

data/CHANGELOG.md

@@ -1,5 +1,30 @@
 # Changelog
 
+## [0.5.0] - 2026-05-04
+
+### Changed — native backend migration
+
+- Replaced the PQClean runtime/build path with PQ Code Package `mlkem-native` and `mldsa-native` as the only ML-KEM / ML-DSA backend.
+- Removed the PQClean fallback entirely so backend failures are attributable to the new native path instead of mixed old/new implementations.
+- Updated the native extension build to require `ext/pqcrypto/vendor/mlkem-native/mlkem/mlkem_native.c` and `ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.c`.
+- Changed vendoring and gem packaging to keep only a minimal PQ Code Package source snapshot, avoiding upstream examples and symlink-heavy trees in packaged gems.
+- Switched native compilation to `-O3`; optional upstream native assembly remains opt-in through `PQCRYPTO_NATIVE_ASM=1`.
+- `PQCrypto.backend` now reports `:native_pq_code_package`.
+
+### Fixed
+
+- Corrected deterministic ML-DSA test signing on `mldsa-native` by passing the FIPS 204 pure-mode domain-separation prefix (`00 00` for an empty context) into `signature_internal`. This restores deterministic round-trip verification and ML-DSA siggen KAT compatibility.
+
+### Documentation
+
+- Updated README, GET_STARTED, SECURITY, and migration notes for the native-only backend and the no-PQClean policy.
+- Documented that `pqc_container_*` remains a compatibility serialization format while the cryptographic backend has moved to PQ Code Package native sources.
+
+### Migration notes
+
+- Source checkouts must refresh vendor sources with `bundle exec rake vendor` before compiling if `ext/pqcrypto/vendor/.vendored` is missing or stale.
+- This release intentionally does not support falling back to PQClean. If native sources are absent or incompatible, the extension build fails early.
+
 ## [0.4.2] - 2026-04-29
 
 ### Fixed

data/GET_STARTED.md

@@ -359,17 +359,23 @@ keypair.secret_key == imported_secret_key
 Secret key `inspect` output is intentionally redacted, and secret key objects
 do not expose a public fingerprint method.
 
-## 13. Build-time Keccak backend
+## 13. Native backend
 
-The default build uses PQClean's scalar `common/fips202.c` backend:
+Since `0.5.0`, the build uses PQ Code Package `mlkem-native` / `mldsa-native`
+sources only. There is no PQClean fallback and no separate
+`PQCRYPTO_KECCAK_BACKEND` switch: Keccak/SHAKE comes from the selected PQ Code
+Package native source tree.
 
 ```bash
-PQCRYPTO_KECCAK_BACKEND=clean bundle exec rake compile
+bundle exec rake vendor
+bundle exec rake compile
 ```
 
-`PQCRYPTO_KECCAK_BACKEND=xkcp` is reserved for a separately vendored, reviewed,
-`fips202.h`-compatible XKCP adapter. If requested without that adapter, the
-build aborts instead of silently falling back to `clean`.
+To try the upstream native assembly backend, opt in explicitly:
+
+```bash
+PQCRYPTO_NATIVE_ASM=1 bundle exec rake compile
+```
 
 ## 14. Async / Fiber scheduler behavior
 
@@ -389,8 +395,8 @@ PQCrypto::Testing.ml_dsa_keypair_from_seed(seed)       # 32-byte seed
 PQCrypto::Testing.ml_dsa_sign_from_seed(message, sk, seed)
 ```
 
-These helpers are intended for tests only. They drive stock PQClean entrypoints
-and are not part of the normal application API.
+These helpers are intended for tests only. They drive deterministic PQ Code
+Package native entrypoints and are not part of the normal application API.
 
 ## 16. Development commands
 
@@ -400,20 +406,19 @@ Run the test suite:
 bundle exec rake test
 ```
 
-Refresh the pinned PQClean vendor snapshot only when intentionally updating
-vendored sources:
+Refresh the pinned PQ Code Package native vendor snapshot only when intentionally
+updating vendored sources. The vendoring script keeps a minimal, source-gem-safe
+snapshot: `mlkem-native/mlkem`, `mldsa-native/mldsa`, and upstream license/docs
+only. It intentionally omits examples and symlink-heavy upstream trees:
 
 ```bash
 bundle exec ruby script/vendor_libs.rb
 ```
 
-To intentionally change the upstream snapshot, override all pinning inputs
-together:
+To intentionally change the upstream snapshot, override the native package refs:
 
 ```bash
-PQCLEAN_VERSION=<full-git-commit> \
-PQCLEAN_URL=https://github.com/PQClean/PQClean/archive/<full-git-commit>.tar.gz \
-PQCLEAN_SHA256=<archive-sha256> \
-PQCLEAN_STRIP=PQClean-<full-git-commit> \
+MLKEM_NATIVE_REF=<tag-or-commit> \
+MLDSA_NATIVE_REF=<tag-or-commit> \
   bundle exec ruby script/vendor_libs.rb
 ```

data/README.md

@@ -66,6 +66,31 @@ original algorithms:
 - Ruby 3.4 or later
 - a C toolchain with C11 support
 - OpenSSL 3.0 or later with SHA3-256 and SHAKE256 available
+- vendored minimal PQ Code Package native snapshot in `ext/pqcrypto/vendor`
+
+## Native backend
+
+Version `0.5.0` moves ML-KEM and ML-DSA to PQ Code Package
+`mlkem-native` / `mldsa-native` sources. PQClean is no longer built and there
+is no runtime or build-time PQClean fallback. The repository and source gem
+ship a minimal vendor snapshot containing only the `mlkem/` and `mldsa/` source
+trees plus license/docs; upstream examples, tests, proofs, `.git` directories,
+and symlink-heavy trees are intentionally omitted. If the native vendor snapshot
+is missing, the extension build fails early.
+
+From a source checkout, refresh the native vendor snapshot before compiling:
+
+```bash
+bundle exec rake vendor
+bundle exec rake compile
+```
+
+The default build uses the portable native source path. Upstream native assembly
+can be tested explicitly with:
+
+```bash
+PQCRYPTO_NATIVE_ASM=1 bundle exec rake compile
+```
 
 ## Security status
 
@@ -98,4 +123,5 @@ Detailed usage examples live in [`GET_STARTED.md`](GET_STARTED.md):
 - streaming ML-DSA for large files
 - SPKI and PKCS#8 serialization
 - `pqc_container_*` compatibility serialization
+- native backend / vendoring notes
 - secure wiping and practical safety notes

data/SECURITY.md

@@ -27,9 +27,14 @@ substitute for a security audit.
 
 ### ML-KEM / ML-DSA
 
-The post-quantum primitives are backed by vendored `PQClean` sources and called
-through PQClean's public `crypto_kem_*` and `crypto_sign_*` entrypoints. The gem
-does not reimplement ML-KEM, ML-DSA, SHAKE, or Keccak.
+As of `0.5.0`, the post-quantum primitives are backed by vendored PQ Code
+Package `mlkem-native` and `mldsa-native` sources. PQClean is not built and
+there is intentionally no PQClean fallback.
+
+The gem calls the native package entrypoints for ML-KEM key generation,
+encapsulation, decapsulation, ML-DSA key generation, signing, verification, and
+test-only deterministic hooks. It does not reimplement ML-KEM, ML-DSA, SHAKE,
+or Keccak.
 
 ### HybridKEM
 
@@ -96,22 +101,23 @@ these encodings, callers must explicitly set:
 PQCrypto::PKCS8.allow_ml_dsa_seed_format = true
 ```
 
-This opt-in exists because PQClean exposes no public ML-DSA
-`crypto_sign_keypair_derand` entrypoint. The implementation therefore reuses the
-same thread-local seed-replay `randombytes()` path introduced for KAT tests to
-expand the RFC 9881 seed into an expanded private key. The replay buffer is
-thread-local, cleared immediately after expansion, and remains inactive for all
-normal production randomness paths.
-
-For `both` encodings, the decoder expands the seed and rejects the key if the
+This opt-in remains explicit because seed and both-form imports are more
+sensitive than expanded-key imports: the decoder expands the seed into an
+expanded private key and, for `both` encodings, rejects the key if the
 expandedKey half does not match the seed-derived key.
 
+The expansion path uses the vendored `mldsa-native` deterministic keypair
+entrypoints rather than a `randombytes()` seed-replay fallback.
+
 ## Deterministic test hooks
 
-`PQCrypto::Testing` deterministic helpers drive the stock PQClean entrypoints
-against caller-supplied seeds. For ML-DSA, which has no derand API upstream, the
-gem installs a thread-local seed-replay buffer inside its `randombytes()`
-implementation; outside of a test call the same `randombytes()` entry delegates
+`PQCrypto::Testing` deterministic helpers drive the vendored PQ Code Package
+native deterministic entrypoints against caller-supplied seeds. ML-DSA
+deterministic signing passes the FIPS 204 pure-mode domain-separation prefix
+into `mldsa-native` `signature_internal`; for an empty context this prefix is
+`00 00`.
+
+Outside of test-only deterministic calls, production randomness delegates
 directly to OpenSSL `RAND_bytes`.
 
 ## Memory wiping
@@ -135,7 +141,7 @@ OpenSSL is used for:
 - SHA3-256 for the X-Wing combiner
 - RAND_bytes as the production entropy source for `randombytes()`
 - CRYPTO_memcmp for constant-time comparison
-- Base64 encode/decode for PEM via OpenSSL BIOs
+- Base64 encode/decode for PEM
 
 OpenSSL 3.5+ is additionally used in interop tests when ML-KEM / ML-DSA EVP
 support is available.

data/ext/pqcrypto/extconf.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "mkmf"
+require "rbconfig"
 require_relative "../../lib/pq_crypto/version"
 
 def generate_version_header!
@@ -24,19 +25,13 @@ end
 
 generate_version_header!
 
-$CFLAGS << " -std=c11 -Wall -Wextra -O2"
+$CFLAGS << " -std=c11 -Wall -Wextra -O3"
 $CFLAGS << " -fstack-protector-strong -D_FORTIFY_SOURCE=2"
-VENDOR_ONLY_CFLAGS = "-Wno-unused-parameter -Wno-unused-function -Wno-strict-prototypes -Wno-pedantic -Wno-c23-extensions -Wno-undef"
-
 $LDFLAGS << " -Wl,-no_warn_duplicate_libraries" if RbConfig::CONFIG["host_os"] =~ /darwin/
 
-USE_SYSTEM = arg_config("--use-system-libraries") || ENV["PQCRYPTO_USE_SYSTEM_LIBRARIES"]
-
-KECCAK_BACKEND = (ENV["PQCRYPTO_KECCAK_BACKEND"] || "clean").strip.downcase
-SUPPORTED_KECCAK_BACKENDS = %w[clean xkcp].freeze
+VENDOR_ONLY_CFLAGS = "-Wno-unused-parameter -Wno-unused-function -Wno-strict-prototypes -Wno-pedantic -Wno-c23-extensions -Wno-undef"
 
 SANITIZE = ENV["PQCRYPTO_SANITIZE"]
-
 if SANITIZE && !SANITIZE.strip.empty?
   sanitize = SANITIZE.strip
   $CFLAGS.gsub!(/\s-D_FORTIFY_SOURCE=\d+/, "")
@@ -44,6 +39,8 @@ if SANITIZE && !SANITIZE.strip.empty?
   $LDFLAGS << " -fsanitize=#{sanitize}"
 end
 
+NATIVE_ASM = (ENV["PQCRYPTO_NATIVE_ASM"] || "0") == "1"
+
 def configure_compiler_environment
   return unless RUBY_PLATFORM.include?("darwin")
 
@@ -52,6 +49,54 @@ def configure_compiler_environment
   $LDFLAGS << " -L/opt/homebrew/lib"
 end
 
+def native_vendor_sources_for(vendor_dir)
+  [
+    File.join(vendor_dir, "mlkem-native", "mlkem", "mlkem_native.c"),
+    File.join(vendor_dir, "mldsa-native", "mldsa", "mldsa_native.c")
+  ]
+end
+
+def native_vendor_ready?(vendor_dir)
+  File.exist?(File.join(vendor_dir, ".vendored")) &&
+    native_vendor_sources_for(vendor_dir).all? { |path| File.exist?(path) }
+end
+
+def vendor_script_path
+  File.expand_path("../../script/vendor_libs.rb", __dir__)
+end
+
+def run_vendor_script!(vendor_dir)
+  script = vendor_script_path
+  abort <<~MSG unless File.exist?(script)
+    PQ Code Package vendored sources are missing and script/vendor_libs.rb was not packaged.
+
+    Expected:
+      #{native_vendor_sources_for(vendor_dir).join("\n  ")}
+
+    Rebuild the gem from a repository that includes script/vendor_libs.rb, or run
+    script/vendor_libs.rb before building the gem package.
+  MSG
+
+  abort <<~MSG if ENV["PQCRYPTO_AUTO_VENDOR"] == "0"
+    PQ Code Package vendored sources are missing and PQCRYPTO_AUTO_VENDOR=0 was set.
+
+    Expected:
+      #{native_vendor_sources_for(vendor_dir).join("\n  ")}
+
+    Run:
+      ruby script/vendor_libs.rb
+  MSG
+
+  puts "PQ Code Package native sources are missing; vendoring now..."
+  ok = system(RbConfig.ruby, script)
+  abort <<~MSG unless ok
+    Failed to vendor PQ Code Package native sources.
+
+    This build intentionally has no PQClean fallback. Install git/network access or
+    vendor mlkem-native and mldsa-native before installing the gem.
+  MSG
+end
+
 def find_vendor_dir
   candidates = [
     File.join(__dir__, "vendor"),
@@ -65,8 +110,13 @@ def find_vendor_dir
     dir = File.dirname(dir)
   end
 
-  candidates.find { |path| File.exist?(File.join(path, ".vendored")) }
-            &.then { |path| File.expand_path(path) }
+  candidates.map! { |path| File.expand_path(path) }
+  candidates.uniq!
+
+  primary = File.expand_path(File.join(__dir__, "vendor"))
+  run_vendor_script!(primary) unless native_vendor_ready?(primary)
+
+  candidates.find { |path| native_vendor_ready?(path) }
 end
 
 def configure_openssl!
@@ -85,7 +135,6 @@ def configure_openssl!
     #endif
     int main(void) { return 0; }
   SRC
-
   abort "OpenSSL 3.0 or later is required" unless try_compile(version_check)
 
   sha3_check = <<~SRC
@@ -104,113 +153,112 @@ def configure_openssl!
         return md == NULL ? 1 : 0;
     }
   SRC
-  abort "OpenSSL SHAKE256 is required (X-Wing key expansion)" unless try_compile(shake_check)
+  abort "OpenSSL SHAKE256 is required (X-Wing key expansion / ML-DSA streaming mu)" unless try_compile(shake_check)
 
   $CFLAGS << " -DHAVE_OPENSSL_EVP_H -DHAVE_OPENSSL_RAND_H"
 end
 
-def configure_keccak_backend(vendor_dir, common_dir)
-  abort "Unsupported PQCRYPTO_KECCAK_BACKEND=#{KECCAK_BACKEND.inspect}. Supported: #{SUPPORTED_KECCAK_BACKENDS.join(", ")}" unless SUPPORTED_KECCAK_BACKENDS.include?(KECCAK_BACKEND)
-
-  case KECCAK_BACKEND
-  when "clean"
-    {
-      name: "clean",
-      include_dirs: [],
-      source_group: ["pqclean_common", [File.join(common_dir, "fips202.c")]]
-    }
-  when "xkcp"
-    # The optimized backend must provide the same fips202.h-compatible API as
-    # PQClean's common/fips202.c. Do not substitute OpenSSL EVP SHAKE here: the
-    # PQClean SHAKE state layout is part of the ML-KEM/ML-DSA call graph.
-    xkcp_dir = File.join(vendor_dir, "xkcp")
-    adapter_source = File.join(xkcp_dir, "pqclean_fips202_xkcp.c")
-
-    abort <<~MSG unless File.exist?(adapter_source)
-      PQCRYPTO_KECCAK_BACKEND=xkcp was requested, but no reviewed XKCP adapter was found.
-
-      Expected:
-        #{adapter_source}
-
-      Refusing to fall back silently to the clean backend. Vendor a fips202.h-compatible
-      XKCP adapter first, then run the full SHAKE-dependent KAT/regression test matrix.
-    MSG
-
-    {
-      name: "xkcp",
-      include_dirs: [xkcp_dir],
-      source_group: ["xkcp_keccak", [adapter_source]]
-    }
-  end
+def recursive_include_dirs(root)
+  Dir.glob(File.join(root, "**", "*")).select { |p| File.directory?(p) }.map { |p| File.expand_path(p) }
 end
 
-def configure_pqclean(vendor_dir)
-  return nil unless vendor_dir
-
-  pqclean_dir = File.join(vendor_dir, "pqclean")
-  return nil unless Dir.exist?(pqclean_dir)
+def native_vendor_config(vendor_dir)
+  abort <<~MSG unless vendor_dir
+    PQ Code Package vendored sources are required.
 
-  mlkem_dirs = {
-    "pqclean_mlkem512" => File.join(pqclean_dir, "crypto_kem", "ml-kem-512", "clean"),
-    "pqclean_mlkem768" => File.join(pqclean_dir, "crypto_kem", "ml-kem-768", "clean"),
-    "pqclean_mlkem1024" => File.join(pqclean_dir, "crypto_kem", "ml-kem-1024", "clean")
-  }
-  mldsa_dirs = {
-    "pqclean_mldsa44" => File.join(pqclean_dir, "crypto_sign", "ml-dsa-44", "clean"),
-    "pqclean_mldsa65" => File.join(pqclean_dir, "crypto_sign", "ml-dsa-65", "clean"),
-    "pqclean_mldsa87" => File.join(pqclean_dir, "crypto_sign", "ml-dsa-87", "clean")
-  }
-  common_dir = File.join(pqclean_dir, "common")
-
-  keccak_config = configure_keccak_backend(vendor_dir, common_dir)
+    Expected:
+      ext/pqcrypto/vendor/mlkem-native/mlkem/mlkem_native.c
+      ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.c
 
-  include_dirs = [*mlkem_dirs.values, *mldsa_dirs.values, common_dir, *keccak_config[:include_dirs]]
-  return nil unless include_dirs.all? { |dir| Dir.exist?(dir) }
+    Run:
+      bundle exec rake vendor
+  MSG
 
-  mlkem_source_groups = mlkem_dirs.map do |prefix, dir|
-    [prefix, Dir.glob(File.join(dir, "*.c")).sort]
-  end
-  mldsa_source_groups = mldsa_dirs.map do |prefix, dir|
-    [prefix, Dir.glob(File.join(dir, "*.c")).sort]
-  end
-  common_sources = %w[sha2.c sp800-185.c].map { |name| File.join(common_dir, name) }
+  mlkem_dir = File.join(vendor_dir, "mlkem-native", "mlkem")
+  mldsa_dir = File.join(vendor_dir, "mldsa-native", "mldsa")
+  mlkem_c = File.join(mlkem_dir, "mlkem_native.c")
+  mldsa_c = File.join(mldsa_dir, "mldsa_native.c")
 
-  source_groups = [
-    *mlkem_source_groups,
-    *mldsa_source_groups,
-    ["pqclean_common", common_sources],
-    keccak_config[:source_group]
-  ]
+  missing = [mlkem_c, mldsa_c].reject { |path| File.exist?(path) }
+  abort <<~MSG unless missing.empty?
+    Missing PQ Code Package native source files:
+      #{missing.join("\n  ")}
 
-  return nil unless source_groups.all? { |_, sources| sources.all? { |path| File.exist?(path) } }
+    This build intentionally has no PQClean fallback. Auto-vendoring did not
+    produce the required files. Vendor mlkem-native and mldsa-native, then rebuild.
+  MSG
 
-  $CFLAGS << " -DHAVE_PQCLEAN"
+  include_dirs = [__dir__, mlkem_dir, mldsa_dir, *recursive_include_dirs(mlkem_dir), *recursive_include_dirs(mldsa_dir)].uniq
   include_dirs.each { |dir| $CPPFLAGS << " -I#{dir}" }
 
   {
-    include_dirs: include_dirs,
-    keccak_backend: keccak_config[:name],
-    source_groups: source_groups
+    mlkem_dir: mlkem_dir,
+    mldsa_dir: mldsa_dir,
+    mlkem_c: mlkem_c,
+    mldsa_c: mldsa_c,
+    mlkem_asm: File.join(mlkem_dir, "mlkem_native_asm.S"),
+    mldsa_asm: File.join(mldsa_dir, "mldsa_native_asm.S")
   }
 end
 
-def inject_pqclean_sources!(pqclean_config)
-  return unless pqclean_config
+def native_flags(kind, level, shared:)
+  prefix = kind == :mlkem ? "MLK" : "MLD"
+  ns = kind == :mlkem ? "pqcr_mlkem" : "pqcr_mldsa"
+  flags = []
+  flags << "-D#{prefix}_CONFIG_MULTILEVEL_BUILD"
+  flags << "-D#{prefix}_CONFIG_PARAMETER_SET=#{level}"
+  flags << "-D#{prefix}_CONFIG_NAMESPACE_PREFIX=#{ns}"
+  flags << "-D#{prefix}_CONFIG_NO_SUPERCOP"
+  flags << (shared ? "-D#{prefix}_CONFIG_MULTILEVEL_WITH_SHARED" : "-D#{prefix}_CONFIG_MULTILEVEL_NO_SHARED")
+  if NATIVE_ASM
+    flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_ARITH"
+    flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_FIPS202"
+  end
+  flags.join(" ")
+end
 
+def inject_native_sources!(config)
   makefile = File.read("Makefile")
 
   vendor_objects = []
   build_rules = []
 
-  pqclean_config[:source_groups].each do |prefix, sources|
-    sources.each do |source|
-      base = File.basename(source, ".c").tr("-", "_")
-      object = "#{prefix}_#{base}.o"
+  [
+    [:mlkem, "512", config[:mlkem_c], true],
+    [:mlkem, "768", config[:mlkem_c], false],
+    [:mlkem, "1024", config[:mlkem_c], false],
+    [:mldsa, "44", config[:mldsa_c], true],
+    [:mldsa, "65", config[:mldsa_c], false],
+    [:mldsa, "87", config[:mldsa_c], false]
+  ].each do |kind, level, source, shared|
+    object = "pqnative_#{kind}_#{level}.o"
+    flags = native_flags(kind, level, shared: shared)
+    vendor_objects << object
+    build_rules << <<~RULE
+      #{object}: #{source}
+      	$(ECHO) compiling #{source} [#{kind}-#{level}]
+      	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
+    RULE
+  end
+
+  if NATIVE_ASM
+    [
+      [:mlkem, "512", config[:mlkem_asm], true],
+      [:mlkem, "768", config[:mlkem_asm], false],
+      [:mlkem, "1024", config[:mlkem_asm], false],
+      [:mldsa, "44", config[:mldsa_asm], true],
+      [:mldsa, "65", config[:mldsa_asm], false],
+      [:mldsa, "87", config[:mldsa_asm], false]
+    ].each do |kind, level, source, shared|
+      next unless File.exist?(source)
+
+      object = "pqnative_#{kind}_#{level}_asm.o"
+      flags = native_flags(kind, level, shared: shared)
       vendor_objects << object
       build_rules << <<~RULE
         #{object}: #{source}
-        	$(ECHO) compiling #{source}
-        	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
+        	$(ECHO) assembling #{source} [#{kind}-#{level}]
+        	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
       RULE
     end
   end
@@ -220,8 +268,8 @@ def inject_pqclean_sources!(pqclean_config)
 
   makefile.sub!(objects_line, objects_line.chomp + " #{vendor_objects.join(' ')}\n")
 
-  unless makefile.include?("# vendored pqclean objects")
-    rules_block = "\n# vendored pqclean objects\n" + build_rules.join("\n") + "\n"
+  unless makefile.include?("# vendored pq-code-package objects")
+    rules_block = "\n# vendored pq-code-package objects\n" + build_rules.join("\n") + "\n"
     anchor = "$(OBJS): $(HDRS) $(ruby_headers)\n"
     raise "Could not find OBJS dependency anchor in generated Makefile" unless makefile.include?(anchor)
 
@@ -231,18 +279,19 @@ def inject_pqclean_sources!(pqclean_config)
   File.write("Makefile", makefile)
 end
 
-vendor_dir = USE_SYSTEM ? nil : find_vendor_dir
+vendor_dir = find_vendor_dir
 
 puts
 puts "=== PQCrypto build configuration ==="
 configure_openssl!
-pqclean_config = configure_pqclean(vendor_dir)
+native_config = native_vendor_config(vendor_dir)
 puts "OpenSSL: system"
-abort "PQClean vendored sources are required. Run: bundle exec rake vendor" unless pqclean_config
-puts "PQClean: vendored (randombytes overridden by pq_randombytes.c)"
-puts "Keccak backend: #{pqclean_config[:keccak_backend]}"
+puts "ML-KEM: mlkem-native vendored"
+puts "ML-DSA: mldsa-native vendored"
+puts "Native asm backends: #{NATIVE_ASM ? 'enabled' : 'disabled'}"
+puts "PQClean fallback: removed"
 puts "Output: pqcrypto/pqcrypto_secure"
 puts "===================================="
 
 create_makefile("pqcrypto/pqcrypto_secure")
-inject_pqclean_sources!(pqclean_config)
+inject_native_sources!(native_config)