pq_crypto 0.5.0 → 0.5.2

data/ext/pqcrypto/pqcrypto_secure.h

@@ -48,6 +48,8 @@ typedef struct {
     uint8_t x25519_pk[X25519_PUBLICKEYBYTES];
 } hybrid_expanded_secret_key_t;
 
+#define HYBRID_EXPANDED_SECRETKEYBYTES (sizeof(hybrid_expanded_secret_key_t))
+
 typedef struct {
     uint8_t mlkem_ct[MLKEM_CIPHERTEXTBYTES];
     uint8_t x25519_ephemeral[X25519_PUBLICKEYBYTES];
@@ -176,9 +178,10 @@ const char *pq_version(void);
 #define PQ_MLKEM_SHAREDSECRETBYTES MLKEM_SHAREDSECRETBYTES
 
 #define PQ_HYBRID_PUBLICKEYBYTES    HYBRID_PUBLICKEYBYTES
-#define PQ_HYBRID_SECRETKEYBYTES    HYBRID_SECRETKEYBYTES
-#define PQ_HYBRID_CIPHERTEXTBYTES   HYBRID_CIPHERTEXTBYTES
-#define PQ_HYBRID_SHAREDSECRETBYTES HYBRID_SHAREDSECRETBYTES
+#define PQ_HYBRID_SECRETKEYBYTES          HYBRID_SECRETKEYBYTES
+#define PQ_HYBRID_EXPANDED_SECRETKEYBYTES HYBRID_EXPANDED_SECRETKEYBYTES
+#define PQ_HYBRID_CIPHERTEXTBYTES         HYBRID_CIPHERTEXTBYTES
+#define PQ_HYBRID_SHAREDSECRETBYTES       HYBRID_SHAREDSECRETBYTES
 
 #define PQ_MLDSA_PUBLICKEYBYTES MLDSA_PUBLICKEYBYTES
 #define PQ_MLDSA_SECRETKEYBYTES MLDSA_SECRETKEYBYTES
@@ -203,6 +206,12 @@ void pq_mu_builder_release(void *state);
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key);
 int pq_hybrid_kem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,
                               const uint8_t *public_key);
+int pq_hybrid_kem_expand_secret_key(uint8_t *expanded_secret_key, const uint8_t *secret_key);
+int pq_hybrid_kem_decapsulate_expanded(uint8_t *shared_secret, const uint8_t *ciphertext,
+                                       const uint8_t *expanded_secret_key);
+int pq_hybrid_kem_decapsulate_expanded_pkey(uint8_t *shared_secret, const uint8_t *ciphertext,
+                                            const uint8_t *expanded_secret_key,
+                                            void *x25519_private_pkey);
 int pq_hybrid_kem_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
                               const uint8_t *secret_key);
 

data/ext/pqcrypto/pqcrypto_version.h

@@ -2,6 +2,6 @@
 #ifndef PQCRYPTO_VERSION_H
 #define PQCRYPTO_VERSION_H
 
-#define PQCRYPTO_VERSION "0.5.0"
+#define PQCRYPTO_VERSION "0.5.2"
 
 #endif

data/ext/pqcrypto/vendor/.vendored

@@ -1,10 +1,12 @@
+# pq_crypto vendor manifest. Do not edit by hand. Regenerate with: ruby script/vendor_libs.rb
 backend=PQ Code Package native only
 pqclean=removed
 mlkem_native_repo=https://github.com/pq-code-package/mlkem-native.git
 mlkem_native_ref=v1.1.0
 mlkem_native_commit=d2cae2be522a67bfae26100fdb520576f1b2ef90
-mlkem_native_tree_sha256=368ad66b3a8092dd919d5646eb8507b8336e8f9f09c43b779dbf864700b5b8fb
+mlkem_native_tree_sha256=c225de87a69e6d6360cddc4b5839b03e65fa9d5a1112a5f19700c905b7e74512
 mldsa_native_repo=https://github.com/pq-code-package/mldsa-native.git
 mldsa_native_ref=v1.0.0-beta
 mldsa_native_commit=db65535319d9750d75d34c6d170677415f9d2c46
-mldsa_native_tree_sha256=9c73cd6c185bb6885a7cf0ecb56a5282a5657aa5e6c32f68f442d941baa92b3d
+mldsa_native_tree_sha256=3b2cb648dade4540191f08d606b422042bf781fb37b434934ab02b58a0121f5c
+manifest_sha256=aeb28860537e30f4da0d28dc2961ba6bb06e700195a56f1648e5caddf1b6e1be

data/lib/pq_crypto/hybrid_kem.rb

@@ -79,13 +79,22 @@ module PQCrypto
 
     class SecretKey < KEM::SecretKey
       def decapsulate(ciphertext)
-        PQCrypto.__send__(:native_hybrid_kem_decapsulate, String(ciphertext).b, @bytes)
+        PQCrypto.__send__(:native_hybrid_kem_decapsulate_expanded_object, String(ciphertext).b, expanded_key_for_native)
       rescue ArgumentError => e
         raise InvalidCiphertextError, e.message
       end
 
+      def wipe!
+        @expanded_key = nil
+        super
+      end
+
       private
 
+      def expanded_key_for_native
+        @expanded_key ||= PQCrypto.__send__(:native_hybrid_kem_expand_secret_key_object, @bytes)
+      end
+
       def validate_length!
         expected = HybridKEM.details(@algorithm).fetch(:secret_key_bytes)
         raise InvalidKeyError, "Invalid hybrid KEM secret key length" unless @bytes.bytesize == expected

data/lib/pq_crypto/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PQCrypto
-  VERSION = "0.5.0"
+  VERSION = "0.5.2"
 end

data/lib/pq_crypto.rb

@@ -63,7 +63,11 @@ module PQCrypto
       ml_kem_1024_decapsulate
       hybrid_kem_keypair
       hybrid_kem_encapsulate
+      hybrid_kem_expand_secret_key
+      hybrid_kem_expand_secret_key_object
       hybrid_kem_decapsulate
+      hybrid_kem_decapsulate_expanded
+      hybrid_kem_decapsulate_expanded_object
       sign_keypair
       sign
       verify

data/script/vendor_libs.rb

@@ -4,48 +4,106 @@
 require "digest"
 require "fileutils"
 require "open3"
+require "optparse"
 require "tmpdir"
 
 VENDOR_DIR = File.expand_path("../ext/pqcrypto/vendor", __dir__)
 MANIFEST_PATH = File.join(VENDOR_DIR, ".vendored")
 
-DEFAULTS = {
+PINS = {
   mlkem: {
     repo: "https://github.com/pq-code-package/mlkem-native.git",
     ref: "v1.1.0",
+    commit: "d2cae2be522a67bfae26100fdb520576f1b2ef90",
+    tree_sha256: "c225de87a69e6d6360cddc4b5839b03e65fa9d5a1112a5f19700c905b7e74512",
     target: "mlkem-native",
     source_dir: "mlkem"
   },
   mldsa: {
     repo: "https://github.com/pq-code-package/mldsa-native.git",
     ref: "v1.0.0-beta",
+    commit: "db65535319d9750d75d34c6d170677415f9d2c46",
+    tree_sha256: "3b2cb648dade4540191f08d606b422042bf781fb37b434934ab02b58a0121f5c",
     target: "mldsa-native",
     source_dir: "mldsa"
   }
 }.freeze
 
-WARNING = <<~TEXT.freeze
-  WARNING: this script vendors a minimal PQ Code Package source snapshot.
+VENDORED_DOCS = %w[LICENSE LICENSE.txt README.md SECURITY.md BUILDING.md RELEASE.md META.yml].freeze
+NORMALIZED_MTIME = Time.utc(2000, 1, 1).freeze
+MANIFEST_HEADER = "# pq_crypto vendor manifest. Do not edit by hand. Regenerate with: ruby script/vendor_libs.rb"
 
-  pq_crypto now has no PQClean fallback. Only the files required by the native
-  extension are copied into ext/pqcrypto/vendor; upstream examples, .git
-  directories, tests, proofs, and symlink-heavy trees are intentionally omitted
-  so source gems are portable and do not emit RubyGems symlink warnings.
-TEXT
+options = { mode: :sync }
+OptionParser.new do |opts|
+  opts.banner = "Usage: vendor_libs.rb [--verify | --sync | --bump]"
+  opts.on("--verify", "Verify existing vendor tree against pinned tree_sha256 (no network)") { options[:mode] = :verify }
+  opts.on("--sync", "Re-clone at pinned commits and rebuild vendor tree (idempotent)") { options[:mode] = :sync }
+  opts.on("--bump", "Re-clone and print new tree_sha256 values to update PINS in this file") { options[:mode] = :bump }
+end.parse!
 
 def sh!(cmd)
-  puts "+ #{cmd.join(" ")}"
   system(*cmd) || abort("command failed: #{cmd.join(" ")}")
 end
 
+def capture!(*cmd)
+  out, status = Open3.capture2(*cmd)
+  abort("command failed: #{cmd.join(" ")}") unless status.success?
+  out.strip
+end
+
+def vendor_candidate?(path)
+  return false if File.symlink?(path)
+  return false unless File.file?(path)
+  return false if path.split(File::SEPARATOR).any? { |seg| seg.start_with?(".") && seg != "." && seg != ".." }
+  true
+end
+
+def normalize_tree!(directory)
+  Dir.glob(File.join(directory, "**", "*"), File::FNM_DOTMATCH).each do |path|
+    base = File.basename(path)
+    next if base == "." || base == ".."
+    next if File.symlink?(path)
+    if File.file?(path)
+      File.chmod(0o644, path)
+      File.utime(NORMALIZED_MTIME, NORMALIZED_MTIME, path)
+    elsif File.directory?(path)
+      File.chmod(0o755, path)
+    end
+  end
+  File.utime(NORMALIZED_MTIME, NORMALIZED_MTIME, directory) if File.directory?(directory)
+end
+
+def copy_sources!(source_root, target_root, source_dir)
+  required = File.join(source_root, source_dir)
+  abort "missing required upstream directory: #{required}" unless Dir.exist?(required)
+
+  FileUtils.rm_rf(File.join(target_root, source_dir))
+  FileUtils.mkdir_p(File.join(target_root, source_dir))
+
+  Dir.glob(File.join(required, "**", "*"), File::FNM_DOTMATCH).sort.each do |path|
+    next unless vendor_candidate?(path)
+    relative = path.sub(/\A#{Regexp.escape(required)}\//, "")
+    dest = File.join(target_root, source_dir, relative)
+    FileUtils.mkdir_p(File.dirname(dest))
+    FileUtils.cp(path, dest, preserve: false)
+  end
+
+  VENDORED_DOCS.each do |relative|
+    src = File.join(source_root, relative)
+    next if File.symlink?(src)
+    next unless File.file?(src)
+    FileUtils.cp(src, File.join(target_root, relative), preserve: false)
+  end
+end
+
 def tree_sha256_for(directory)
   entries = Dir.glob(File.join(directory, "**", "*"), File::FNM_DOTMATCH)
-               .reject { |path| File.directory?(path) }
+               .reject { |p| File.directory?(p) || File.symlink?(p) || %w[. ..].include?(File.basename(p)) }
                .sort
 
   digest = Digest::SHA256.new
   entries.each do |path|
-    relative = path.delete_prefix("#{directory}/")
+    relative = path.sub(/\A#{Regexp.escape(directory)}\/?/, "")
     digest << relative << "\0"
     digest << File.binread(path)
     digest << "\0"
@@ -53,79 +111,166 @@ def tree_sha256_for(directory)
   digest.hexdigest
 end
 
-VENDORED_DOCS = %w[
-  LICENSE
-  README.md
-  SECURITY.md
-  BUILDING.md
-  RELEASE.md
-  META.yml
-].freeze
-
-def copy_file_without_symlink(source, target)
-  return if File.symlink?(source)
-  return unless File.file?(source)
-
-  FileUtils.mkdir_p(File.dirname(target))
-  FileUtils.cp(source, target)
+def vendor_one(name, pin)
+  target = File.join(VENDOR_DIR, pin[:target])
+  FileUtils.rm_rf(target)
+  FileUtils.mkdir_p(target)
+
+  Dir.mktmpdir("pqcrypto-#{name}-") do |tmpdir|
+    clone_dir = File.join(tmpdir, pin[:target])
+    sh!(["git", "clone", "--depth", "1", "--branch", pin[:ref], pin[:repo], clone_dir])
+    actual_commit = capture!("git", "-C", clone_dir, "rev-parse", "HEAD")
+
+    if actual_commit != pin[:commit]
+      sh!(["git", "-C", clone_dir, "fetch", "--depth", "1", "origin", pin[:commit]])
+      sh!(["git", "-C", clone_dir, "checkout", "--detach", pin[:commit]])
+      actual_commit = capture!("git", "-C", clone_dir, "rev-parse", "HEAD")
+    end
+
+    abort "commit mismatch for #{name}: expected #{pin[:commit]}, got #{actual_commit}" unless actual_commit == pin[:commit]
+
+    copy_sources!(clone_dir, target, pin[:source_dir])
+  end
+
+  normalize_tree!(target)
+  tree_sha256_for(target)
+end
+
+def manifest_body_lines(results)
+  lines = ["backend=PQ Code Package native only", "pqclean=removed"]
+  results.each do |name, data|
+    prefix = "#{name}_native"
+    lines << "#{prefix}_repo=#{data[:repo]}"
+    lines << "#{prefix}_ref=#{data[:ref]}"
+    lines << "#{prefix}_commit=#{data[:commit]}"
+    lines << "#{prefix}_tree_sha256=#{data[:tree_sha256]}"
+  end
+  lines
 end
 
-def copy_required_snapshot(source_root, target_root, source_dir)
-  required_source = File.join(source_root, source_dir)
-  abort "missing required upstream directory: #{required_source}" unless Dir.exist?(required_source)
+def manifest_signature(body_lines)
+  Digest::SHA256.hexdigest(body_lines.join("\n") + "\n")
+end
 
-  FileUtils.mkdir_p(target_root)
-  FileUtils.cp_r(required_source, File.join(target_root, source_dir), remove_destination: true)
+def write_manifest(results)
+  body = manifest_body_lines(results)
+  sig = manifest_signature(body)
+  content = ([MANIFEST_HEADER] + body + ["manifest_sha256=#{sig}"]).join("\n") + "\n"
+  File.write(MANIFEST_PATH, content)
+  File.chmod(0o644, MANIFEST_PATH)
+  File.utime(NORMALIZED_MTIME, NORMALIZED_MTIME, MANIFEST_PATH)
+end
 
-  VENDORED_DOCS.each do |relative|
-    copy_file_without_symlink(File.join(source_root, relative), File.join(target_root, relative))
+def parse_manifest(path)
+  return { kv: {}, body: [], signature: nil } unless File.exist?(path)
+  body = []
+  kv = {}
+  signature = nil
+  File.readlines(path, chomp: true).each do |line|
+    next if line.start_with?("#")
+    next if line.empty?
+    if line.start_with?("manifest_sha256=")
+      signature = line.split("=", 2).last
+    else
+      body << line
+      k, v = line.split("=", 2)
+      kv[k] = v if k && v
+    end
   end
+  { kv: kv, body: body, signature: signature }
 end
 
-def clone_project(name, config)
-  env_prefix = name.to_s.upcase
-  repo = ENV["#{env_prefix}_NATIVE_REPO"] || config[:repo]
-  ref = ENV["#{env_prefix}_NATIVE_REF"] || config[:ref]
-  target = File.join(VENDOR_DIR, config[:target])
+case options[:mode]
+when :verify
+  manifest = parse_manifest(MANIFEST_PATH)
+  failures = []
 
-  FileUtils.rm_rf(target)
+  if manifest[:signature].nil?
+    failures << "manifest: missing manifest_sha256 line"
+  else
+    expected_sig = manifest_signature(manifest[:body])
+    failures << "manifest: signature mismatch (manifest_sha256=#{manifest[:signature]}, computed=#{expected_sig})" if expected_sig != manifest[:signature]
+  end
 
-  Dir.mktmpdir("pqcrypto-#{name}-") do |tmpdir|
-    clone_dir = File.join(tmpdir, config[:target])
-    sh!(["git", "clone", "--depth", "1", "--branch", ref, repo, clone_dir])
+  PINS.each do |name, pin|
+    target = File.join(VENDOR_DIR, pin[:target])
+    unless Dir.exist?(target)
+      failures << "#{name}: vendor directory missing (#{target})"
+      next
+    end
 
-    commit, status = Open3.capture2("git", "-C", clone_dir, "rev-parse", "HEAD")
-    commit = status.success? ? commit.strip : "unknown"
+    manifest_commit = manifest[:kv]["#{name}_native_commit"]
+    if manifest_commit != pin[:commit]
+      failures << "#{name}: manifest commit (#{manifest_commit.inspect}) != PINS commit (#{pin[:commit]})"
+    end
 
-    copy_required_snapshot(clone_dir, target, config[:source_dir])
+    manifest_tree = manifest[:kv]["#{name}_native_tree_sha256"]
+    if manifest_tree != pin[:tree_sha256]
+      failures << "#{name}: manifest tree_sha256 (#{manifest_tree.inspect}) != PINS tree_sha256 (#{pin[:tree_sha256]})"
+    end
 
-    [repo, ref, commit, tree_sha256_for(target)]
+    actual_tree = tree_sha256_for(target)
+    if actual_tree != pin[:tree_sha256]
+      failures << "#{name}: filesystem tree_sha256 (#{actual_tree}) != PINS tree_sha256 (#{pin[:tree_sha256]})"
+    end
+  end
+
+  if failures.empty?
+    puts "vendor verify: ok"
+    exit 0
+  else
+    failures.each { |f| warn f }
+    exit 1
   end
-end
 
-puts WARNING
-puts "Vendoring into #{VENDOR_DIR}"
-
-FileUtils.rm_rf(VENDOR_DIR)
-FileUtils.mkdir_p(VENDOR_DIR)
-
-mlkem_repo, mlkem_ref, mlkem_commit, mlkem_tree = clone_project(:mlkem, DEFAULTS[:mlkem])
-mldsa_repo, mldsa_ref, mldsa_commit, mldsa_tree = clone_project(:mldsa, DEFAULTS[:mldsa])
-
-File.write(
-  MANIFEST_PATH,
-  <<~TEXT
-    backend=PQ Code Package native only
-    pqclean=removed
-    mlkem_native_repo=#{mlkem_repo}
-    mlkem_native_ref=#{mlkem_ref}
-    mlkem_native_commit=#{mlkem_commit}
-    mlkem_native_tree_sha256=#{mlkem_tree}
-    mldsa_native_repo=#{mldsa_repo}
-    mldsa_native_ref=#{mldsa_ref}
-    mldsa_native_commit=#{mldsa_commit}
-    mldsa_native_tree_sha256=#{mldsa_tree}
-  TEXT
-)
-
-puts "Done. Next step: bundle exec rake compile"
+when :sync
+  if Dir.exist?(VENDOR_DIR) && File.exist?(MANIFEST_PATH)
+    manifest = parse_manifest(MANIFEST_PATH)
+    sig_ok = manifest[:signature] && manifest_signature(manifest[:body]) == manifest[:signature]
+    pins_ok = sig_ok && PINS.all? do |name, pin|
+      target = File.join(VENDOR_DIR, pin[:target])
+      Dir.exist?(target) &&
+        manifest[:kv]["#{name}_native_commit"] == pin[:commit] &&
+        manifest[:kv]["#{name}_native_tree_sha256"] == pin[:tree_sha256] &&
+        tree_sha256_for(target) == pin[:tree_sha256]
+    end
+
+    if pins_ok
+      puts "vendor already at pinned commits and tree_sha256; nothing to do"
+      exit 0
+    end
+  end
+
+  FileUtils.rm_rf(VENDOR_DIR)
+  FileUtils.mkdir_p(VENDOR_DIR)
+
+  results = {}
+  PINS.each do |name, pin|
+    actual_tree = vendor_one(name, pin)
+    if actual_tree != pin[:tree_sha256]
+      abort "#{name}: tree_sha256 drift (PINS=#{pin[:tree_sha256]}, actual=#{actual_tree}). " \
+            "Upstream changed under the pinned commit, or the vendor algorithm changed. " \
+            "If intentional, run with --bump to print new pins."
+    end
+    results[name] = pin.merge(tree_sha256: actual_tree)
+  end
+  write_manifest(results)
+  puts "vendor sync: ok"
+  results.each { |name, data| puts "  #{name}: commit=#{data[:commit]} tree_sha256=#{data[:tree_sha256]}" }
+
+when :bump
+  FileUtils.rm_rf(VENDOR_DIR)
+  FileUtils.mkdir_p(VENDOR_DIR)
+
+  results = {}
+  PINS.each do |name, pin|
+    actual_tree = vendor_one(name, pin)
+    results[name] = pin.merge(tree_sha256: actual_tree)
+  end
+  write_manifest(results)
+
+  puts "Update PINS in script/vendor_libs.rb to:"
+  results.each do |name, data|
+    puts "  PINS[:#{name}][:tree_sha256] = #{data[:tree_sha256].inspect}"
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pq_crypto
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.2
 platform: ruby
 authors:
 - Roman Haydarov