RubyGems - pq_crypto - Versions diffs - 0.5.1 → 0.5.2 - Mend

pq_crypto 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +47 -0
data/CHANGELOG.md +15 -0
data/ext/pqcrypto/extconf.rb +66 -27
data/ext/pqcrypto/pqcrypto_version.h +1 -1
data/lib/pq_crypto/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5949078149668609462a1e9a3df7b7f767499311b998e4dd651be1d7865ddfc
-  data.tar.gz: 600fc91b9614aec5f7f61d8c3ab6d11643bbbf919941faf0508384e7ede9dce0
+  metadata.gz: 2274795113da1599b664af11b1393a86d68f1886f3536e0a65385b04b8ce03fe
+  data.tar.gz: 386fe1093ba0b28a910195a40d7698e0cef91f9f57fc90b3a1aaac3eec4451a5
 SHA512:
-  metadata.gz: 2ac70b6f37460e0a56b1601b59ba5660dda7e4c0c87cc03211c9497261b06f632856079622546f6c8b6db6cfff97b1a9355db879958985f48dfe296c5d729b80
-  data.tar.gz: 9e89256c60b8153518520438b77632eb232660ff88d0b0668cfb8aeea7a50875c2c7297773f3d469952129ccceb6e604e4f619cc4cc2ebbd458fdca9d50e837f
+  metadata.gz: f9f73a9d575d9931020e1674f96adafe08816a1f7183b0b948194fcd2fb4da106afb854525ef544409b47bde34c987ac0eae6ce54440b7562f70faf5807446c3
+  data.tar.gz: c5e54b45ab8461bd1edd2b3e4e14f0092267232bc3bf1436841488fa7a604fdf66056dfd160767ec2d47b0a4afe37cb660a46a54466677994a3c1d73269959d1

data/.github/workflows/ci.yml CHANGED Viewed

@@ -116,3 +116,50 @@ jobs:
             echo "OpenSSL 3.5 interop tests must NOT skip on this matrix entry."
             exit 1
           fi
+  linux-native-backend:
+    needs: test
+    name: linux-native-backend
+    runs-on: ubuntu-latest
+    env:
+      PQCRYPTO_NATIVE_ASM: "1"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+      - name: Verify vendored sources
+        run: bundle exec rake vendor:verify
+      - name: Compile extension with native x86_64 backend
+        run: |
+          rm -rf tmp lib/pqcrypto/pqcrypto_secure.so
+          bundle exec rake compile
+      - name: Smoke native backend
+        run: |
+          bundle exec ruby -Ilib -e '
+            require "pq_crypto"
+            kem = PQCrypto::KEM.generate(:ml_kem_768)
+            enc = kem.public_key.encapsulate
+            raise "ML-KEM mismatch" unless kem.secret_key.decapsulate(enc.ciphertext) == enc.shared_secret
+            sig = PQCrypto::Signature.generate(:ml_dsa_65)
+            msg = "linux-native-backend".b
+            signature = sig.secret_key.sign(msg)
+            raise "ML-DSA verify failed" unless sig.public_key.verify(msg, signature)
+          '
+      - name: Verify AVX2 native symbols
+        run: |
+          set -euxo pipefail
+          so="lib/pqcrypto/pqcrypto_secure.so"
+          test -f "$so"
+          nm "$so" | grep -E "pqcr_(mlkem|mldsa).*avx2|keccak.*avx2"

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,20 @@
 # Changelog
+## [0.5.2] - 2026-05-06
+### Build
+- Added Linux/OpenSSL discovery via `OPENSSL_ROOT_DIR`, `OPENSSL_DIR`, and `pkg-config`.
+- Preserved `$(CFLAGS)`/`$(CCDLFLAGS)` for vendored native objects so Linux shared-object builds keep `-fPIC`.
+- Added opt-in Linux x86_64 native-backend support through `PQCRYPTO_NATIVE_ASM=1`.
+- Added x86_64 AVX2 vendor flags for mlkem-native/mldsa-native when native backends are explicitly enabled.
+- Added separate `PQCRYPTO_NATIVE_ARITH` and `PQCRYPTO_NATIVE_FIPS202` switches for native arithmetic and Keccak/FIPS202 backends.
+- Kept AArch64 native asm enabled by default; verified macOS arm64 still builds ML-KEM/ML-DSA native asm paths.
+### CI
+- Added a Linux native-backend job that compiles with `PQCRYPTO_NATIVE_ASM=1`, runs ML-KEM/ML-DSA smoke checks, and verifies AVX2 symbols in the extension.
 ## [0.5.1] - 2026-05-04
 ### Performance

data/ext/pqcrypto/extconf.rb CHANGED Viewed

@@ -39,32 +39,31 @@ if SANITIZE && !SANITIZE.strip.empty?
   $LDFLAGS << " -fsanitize=#{sanitize}"
 end
-def native_asm_supported_by_default?
-  host_cpu = RbConfig::CONFIG.fetch("host_cpu", "")
-  host_os = RbConfig::CONFIG.fetch("host_os", "")
-  return false if host_os =~ /mswin|mingw|cygwin/i
+def host_cpu
+  RbConfig::CONFIG.fetch("host_cpu", "")
+end
-  host_cpu =~ /\A(?:arm64|aarch64)\z/i
+def host_os
+  RbConfig::CONFIG.fetch("host_os", "")
 end
-def parse_native_asm_env(value)
-  return native_asm_supported_by_default? if value.nil? || value.strip.empty? || value == "auto"
+def aarch64_host?
+  host_cpu =~ /\A(?:arm64|aarch64)\z/i
+end
-  case value.strip.downcase
-  when "1", "true", "yes", "on", "auto"
-    true
-  when "0", "false", "no", "off"
-    false
-  else
-    abort "Invalid PQCRYPTO_NATIVE_ASM=#{value.inspect}; use 1, 0, or auto"
-  end
+def x86_64_host?
+  host_cpu =~ /\A(?:x86_64|amd64|x64)\z/i
 end
-NATIVE_ASM = parse_native_asm_env(ENV["PQCRYPTO_NATIVE_ASM"])
+def native_asm_supported_by_default?
+  return false if host_os =~ /mswin|mingw|cygwin/i
-def parse_native_backend_env(name)
+  aarch64_host?
+end
+def env_bool(name, default)
   value = ENV[name]
-  return NATIVE_ASM if value.nil? || value.strip.empty? || value == "auto"
+  return default if value.nil? || value.strip.empty? || value.strip.downcase == "auto"
   case value.strip.downcase
   when "1", "true", "yes", "on"
@@ -72,19 +71,53 @@ def parse_native_backend_env(name)
   when "0", "false", "no", "off"
     false
   else
-    abort "Invalid #{name}=#{value.inspect}; use 1, 0, or auto"
+    abort "Invalid #{name}=#{value.inspect}; use 1, 0, true, false, or auto"
   end
 end
-NATIVE_ARITH = parse_native_backend_env("PQCRYPTO_NATIVE_ARITH")
-NATIVE_FIPS202 = parse_native_backend_env("PQCRYPTO_NATIVE_FIPS202")
+NATIVE_ASM = env_bool("PQCRYPTO_NATIVE_ASM", native_asm_supported_by_default?)
+NATIVE_ARITH = env_bool("PQCRYPTO_NATIVE_ARITH", NATIVE_ASM)
+NATIVE_FIPS202 = env_bool("PQCRYPTO_NATIVE_FIPS202", NATIVE_ASM)
+X86_VENDOR_ARCH_FLAGS = "-mavx2 -mbmi -mbmi2 -mpopcnt -maes -mssse3 -msse4.1 -msse4.2"
+VENDOR_C_ARCH_FLAGS = +""
+VENDOR_ASM_ARCH_FLAGS = +""
+if x86_64_host? && (NATIVE_ARITH || NATIVE_FIPS202)
+  VENDOR_C_ARCH_FLAGS << "#{X86_VENDOR_ARCH_FLAGS} -fno-tree-vectorize"
+  VENDOR_ASM_ARCH_FLAGS << X86_VENDOR_ARCH_FLAGS
+end
+if ENV["PQCRYPTO_NATIVE_TUNE"] == "1"
+  VENDOR_C_ARCH_FLAGS << " -march=native -mtune=native"
+  VENDOR_ASM_ARCH_FLAGS << " -march=native -mtune=native"
+end
 def configure_compiler_environment
-  return unless RUBY_PLATFORM.include?("darwin")
+  if RUBY_PLATFORM.include?("darwin")
+    dir_config("homebrew", "/opt/homebrew")
+    $CPPFLAGS << " -I/opt/homebrew/include"
+    $LDFLAGS << " -L/opt/homebrew/lib"
+    return
+  end
+  openssl_root = ENV["OPENSSL_ROOT_DIR"] || ENV["OPENSSL_DIR"]
+  if openssl_root && !openssl_root.strip.empty? && File.directory?(openssl_root)
+    $CPPFLAGS << " -I#{openssl_root}/include"
+    %w[lib64 lib].each do |suffix|
+      libdir = File.join(openssl_root, suffix)
+      next unless File.directory?(libdir)
-  dir_config("homebrew", "/opt/homebrew")
-  $CPPFLAGS << " -I/opt/homebrew/include"
-  $LDFLAGS << " -L/opt/homebrew/lib"
+      $LDFLAGS << " -L#{libdir} -Wl,-rpath,#{libdir}"
+      break
+    end
+  elsif find_executable("pkg-config")
+    cflags = `pkg-config --cflags openssl 2>/dev/null`.strip
+    libs = `pkg-config --libs-only-L openssl 2>/dev/null`.strip
+    $CPPFLAGS << " #{cflags}" unless cflags.empty?
+    $LDFLAGS << " #{libs}" unless libs.empty?
+  end
 end
 def native_vendor_sources_for(vendor_dir)
@@ -270,7 +303,7 @@ def inject_native_sources!(config)
     build_rules << <<~RULE
       #{object}: #{source}
       	$(ECHO) compiling #{source} [#{kind}-#{level}]
-      	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
+      	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(CCDLFLAGS) #{VENDOR_ONLY_CFLAGS} #{VENDOR_C_ARCH_FLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
     RULE
   end
@@ -291,7 +324,7 @@ def inject_native_sources!(config)
       build_rules << <<~RULE
         #{object}: #{source}
         	$(ECHO) assembling #{source} [#{kind}-#{level}]
-        	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
+        	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(CCDLFLAGS) #{VENDOR_ONLY_CFLAGS} #{VENDOR_ASM_ARCH_FLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
       RULE
     end
   end
@@ -321,9 +354,15 @@ native_config = native_vendor_config(vendor_dir)
 puts "OpenSSL: system"
 puts "ML-KEM: mlkem-native vendored"
 puts "ML-DSA: mldsa-native vendored"
+puts "Host CPU: #{host_cpu} (#{host_os})"
 puts "Native asm auto/forced: #{NATIVE_ASM ? 'enabled' : 'disabled'}"
 puts "Native arithmetic backend: #{NATIVE_ARITH ? 'enabled' : 'disabled'}"
 puts "Native FIPS202 backend: #{NATIVE_FIPS202 ? 'enabled' : 'disabled'}"
+puts "Vendor C arch flags: #{VENDOR_C_ARCH_FLAGS.empty? ? '(none)' : VENDOR_C_ARCH_FLAGS}"
+puts "Vendor ASM arch flags: #{VENDOR_ASM_ARCH_FLAGS.empty? ? '(none)' : VENDOR_ASM_ARCH_FLAGS}"
+if x86_64_host? && (NATIVE_ARITH || NATIVE_FIPS202)
+  puts "x86_64 native backend: AVX2 build flags enabled"
+end
 puts "PQClean fallback: removed"
 puts "Output: pqcrypto/pqcrypto_secure"
 puts "===================================="

data/ext/pqcrypto/pqcrypto_version.h CHANGED Viewed

@@ -2,6 +2,6 @@
 #ifndef PQCRYPTO_VERSION_H
 #define PQCRYPTO_VERSION_H
-#define PQCRYPTO_VERSION "0.5.1"
+#define PQCRYPTO_VERSION "0.5.2"
 #endif

data/lib/pq_crypto/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PQCrypto
-  VERSION = "0.5.1"
+  VERSION = "0.5.2"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pq_crypto
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.2
 platform: ruby
 authors:
 - Roman Haydarov