RubyGems - pq_crypto - Versions diffs - 0.5.3 → 0.6.0 - Mend

pq_crypto 0.5.3 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -0
data/GET_STARTED.md +70 -9
data/README.md +11 -6
data/ext/pqcrypto/pq_externalmu.c +23 -18
data/ext/pqcrypto/pqcrypto_native_api.h +10 -0
data/ext/pqcrypto/pqcrypto_ruby_secure.c +212 -48
data/ext/pqcrypto/pqcrypto_secure.c +83 -84
data/ext/pqcrypto/pqcrypto_secure.h +15 -10
data/ext/pqcrypto/pqcrypto_version.h +1 -1
data/lib/pq_crypto/hybrid_kem.rb +1 -0
data/lib/pq_crypto/kem.rb +71 -29
data/lib/pq_crypto/key.rb +90 -0
data/lib/pq_crypto/pkcs8.rb +184 -10
data/lib/pq_crypto/signature.rb +74 -37
data/lib/pq_crypto/version.rb +1 -1
data/lib/pq_crypto.rb +6 -4
metadata +7 -3

data/ext/pqcrypto/pqcrypto_secure.c CHANGED Viewed

@@ -73,7 +73,8 @@ cleanup:
     return ret;
 }
-static int x25519_shared_secret_with_pkey(uint8_t *shared, const uint8_t *their_pk, EVP_PKEY *pkey) {
+static int x25519_shared_secret_with_pkey(uint8_t *shared, const uint8_t *their_pk,
+                                          EVP_PKEY *pkey) {
     EVP_PKEY_CTX *ctx = NULL;
     EVP_PKEY *peer_key = NULL;
     size_t shared_len = X25519_SHAREDSECRETBYTES;
@@ -131,7 +132,7 @@ static int x25519_shared_secret(uint8_t *shared, const uint8_t *their_pk, const
 }
 static int x25519_ephemeral_keypair_and_shared_secret(uint8_t *ephemeral_pk, uint8_t *shared,
-                                                       const uint8_t *their_pk) {
+                                                      const uint8_t *their_pk) {
     EVP_PKEY_CTX *keygen_ctx = NULL;
     EVP_PKEY *ephemeral_pkey = NULL;
     size_t pklen = X25519_PUBLICKEYBYTES;
@@ -173,8 +174,8 @@ static int xwing_combiner(uint8_t shared_secret[HYBRID_SHAREDSECRETBYTES],
                           const uint8_t ss_X[X25519_SHAREDSECRETBYTES],
                           const uint8_t ct_X[X25519_PUBLICKEYBYTES],
                           const uint8_t pk_X[X25519_PUBLICKEYBYTES]) {
-    uint8_t input[MLKEM_SHAREDSECRETBYTES + X25519_SHAREDSECRETBYTES +
-                  X25519_PUBLICKEYBYTES + X25519_PUBLICKEYBYTES + sizeof(XWING_LABEL)];
+    uint8_t input[MLKEM_SHAREDSECRETBYTES + X25519_SHAREDSECRETBYTES + X25519_PUBLICKEYBYTES +
+                  X25519_PUBLICKEYBYTES + sizeof(XWING_LABEL)];
     uint8_t *cur = input;
     if (!shared_secret || !ss_M || !ss_X || !ct_X || !pk_X) {
@@ -232,36 +233,35 @@ cleanup:
     return ret;
 }
-#define PQ_MLKEM_VARIANTS(X)             \
-    X(mlkem, pqcr_mlkem768)             \
-    X(mlkem512, pqcr_mlkem512)          \
+#define PQ_MLKEM_VARIANTS(X)   \
+    X(mlkem, pqcr_mlkem768)    \
+    X(mlkem512, pqcr_mlkem512) \
     X(mlkem1024, pqcr_mlkem1024)
-#define PQ_DEFINE_MLKEM_SHIMS(prefix, native)                                             \
-    int pq_##prefix##_keypair(uint8_t *pk, uint8_t *sk) {                                \
-        if (!pk || !sk) {                                                                 \
-            return PQ_ERROR_BUFFER;                                                       \
-        }                                                                                 \
-        return native##_keypair(pk, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;             \
-    }                                                                                     \
-    int pq_##prefix##_keypair_from_seed(uint8_t *pk, uint8_t *sk, const uint8_t *seed64) {\
-        if (!pk || !sk || !seed64) {                                                      \
-            return PQ_ERROR_BUFFER;                                                       \
-        }                                                                                 \
-        return native##_keypair_derand(pk, sk, seed64) == 0 ? PQ_SUCCESS                  \
-                                                            : PQ_ERROR_KEYPAIR;           \
-    }                                                                                     \
-    int pq_##prefix##_encapsulate(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {          \
-        if (!ct || !ss || !pk) {                                                          \
-            return PQ_ERROR_BUFFER;                                                       \
-        }                                                                                 \
-        return native##_enc(ct, ss, pk) == 0 ? PQ_SUCCESS : PQ_ERROR_ENCAPSULATE;         \
-    }                                                                                     \
-    int pq_##prefix##_decapsulate(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {    \
-        if (!ss || !ct || !sk) {                                                          \
-            return PQ_ERROR_BUFFER;                                                       \
-        }                                                                                 \
-        return native##_dec(ss, ct, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_DECAPSULATE;         \
+#define PQ_DEFINE_MLKEM_SHIMS(prefix, native)                                                \
+    int pq_##prefix##_keypair(uint8_t *pk, uint8_t *sk) {                                    \
+        if (!pk || !sk) {                                                                    \
+            return PQ_ERROR_BUFFER;                                                          \
+        }                                                                                    \
+        return native##_keypair(pk, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR;                \
+    }                                                                                        \
+    int pq_##prefix##_keypair_from_seed(uint8_t *pk, uint8_t *sk, const uint8_t *seed64) {   \
+        if (!pk || !sk || !seed64) {                                                         \
+            return PQ_ERROR_BUFFER;                                                          \
+        }                                                                                    \
+        return native##_keypair_derand(pk, sk, seed64) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR; \
+    }                                                                                        \
+    int pq_##prefix##_encapsulate(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {             \
+        if (!ct || !ss || !pk) {                                                             \
+            return PQ_ERROR_BUFFER;                                                          \
+        }                                                                                    \
+        return native##_enc(ct, ss, pk) == 0 ? PQ_SUCCESS : PQ_ERROR_ENCAPSULATE;            \
+    }                                                                                        \
+    int pq_##prefix##_decapsulate(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {       \
+        if (!ss || !ct || !sk) {                                                             \
+            return PQ_ERROR_BUFFER;                                                          \
+        }                                                                                    \
+        return native##_dec(ss, ct, sk) == 0 ? PQ_SUCCESS : PQ_ERROR_DECAPSULATE;            \
     }
 PQ_MLKEM_VARIANTS(PQ_DEFINE_MLKEM_SHIMS)
@@ -288,30 +288,29 @@ static int pq_testing_mlkem_encapsulate_from_seed_with(
                                                                         : PQ_ERROR_ENCAPSULATE;
 }
-#define PQ_DEFINE_MLKEM_TESTING_SHIMS(prefix, native)                                         \
-    int pq_testing_##prefix##_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,      \
-                                                const uint8_t *seed, size_t seed_len) {        \
-        return pq_testing_mlkem_keypair_from_seed_with(public_key, secret_key, seed, seed_len, \
-                                                       native##_keypair_derand);               \
-    }                                                                                          \
-    int pq_testing_##prefix##_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,\
-                                                    const uint8_t *public_key,                 \
-                                                    const uint8_t *seed, size_t seed_len) {    \
-        return pq_testing_mlkem_encapsulate_from_seed_with(ciphertext, shared_secret, public_key,\
-                                                           seed, seed_len, native##_enc_derand);\
+#define PQ_DEFINE_MLKEM_TESTING_SHIMS(prefix, native)                                             \
+    int pq_testing_##prefix##_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,         \
+                                                const uint8_t *seed, size_t seed_len) {           \
+        return pq_testing_mlkem_keypair_from_seed_with(public_key, secret_key, seed, seed_len,    \
+                                                       native##_keypair_derand);                  \
+    }                                                                                             \
+    int pq_testing_##prefix##_encapsulate_from_seed(uint8_t *ciphertext, uint8_t *shared_secret,  \
+                                                    const uint8_t *public_key,                    \
+                                                    const uint8_t *seed, size_t seed_len) {       \
+        return pq_testing_mlkem_encapsulate_from_seed_with(ciphertext, shared_secret, public_key, \
+                                                           seed, seed_len, native##_enc_derand);  \
     }
 PQ_MLKEM_VARIANTS(PQ_DEFINE_MLKEM_TESTING_SHIMS)
 #undef PQ_DEFINE_MLKEM_TESTING_SHIMS
-#define PQ_DEFINE_MLDSA_SIGN_KEYPAIR(prefix, native)                              \
-    int pq_##prefix##_keypair(uint8_t *public_key, uint8_t *secret_key) {         \
-        if (!public_key || !secret_key) {                                         \
-            return PQ_ERROR_BUFFER;                                               \
-        }                                                                         \
-        return native##_keypair(public_key, secret_key) == 0 ? PQ_SUCCESS         \
-                                                            : PQ_ERROR_KEYPAIR;   \
+#define PQ_DEFINE_MLDSA_SIGN_KEYPAIR(prefix, native)                                          \
+    int pq_##prefix##_keypair(uint8_t *public_key, uint8_t *secret_key) {                     \
+        if (!public_key || !secret_key) {                                                     \
+            return PQ_ERROR_BUFFER;                                                           \
+        }                                                                                     \
+        return native##_keypair(public_key, secret_key) == 0 ? PQ_SUCCESS : PQ_ERROR_KEYPAIR; \
     }
 PQ_DEFINE_MLDSA_SIGN_KEYPAIR(sign, pqcr_mldsa65)
@@ -320,16 +319,18 @@ PQ_DEFINE_MLDSA_SIGN_KEYPAIR(mldsa87_sign, pqcr_mldsa87)
 #undef PQ_DEFINE_MLDSA_SIGN_KEYPAIR
-#define PQ_DEFINE_MLDSA_SIGN(name, native)                                                \
-    int pq_##name(uint8_t *signature, size_t *signature_len, const uint8_t *message,      \
-                  size_t message_len, const uint8_t *secret_key) {                        \
-        if (!signature || !signature_len || !secret_key || (message_len > 0 && !message)) {\
-            return PQ_ERROR_BUFFER;                                                       \
-        }                                                                                 \
-        return native##_signature(signature, signature_len, message, message_len, NULL, 0,\
-                                  secret_key) == 0                                        \
-                   ? PQ_SUCCESS                                                           \
-                   : PQ_ERROR_SIGN;                                                       \
+#define PQ_DEFINE_MLDSA_SIGN(name, native)                                                      \
+    int pq_##name(uint8_t *signature, size_t *signature_len, const uint8_t *message,            \
+                  size_t message_len, const uint8_t *ctx, size_t ctx_len,                       \
+                  const uint8_t *secret_key) {                                                  \
+        if (!signature || !signature_len || !secret_key || (message_len > 0 && !message) ||     \
+            (ctx_len > 0 && !ctx) || ctx_len > 255) {                                           \
+            return PQ_ERROR_BUFFER;                                                             \
+        }                                                                                       \
+        return native##_signature(signature, signature_len, message, message_len, ctx, ctx_len, \
+                                  secret_key) == 0                                              \
+                   ? PQ_SUCCESS                                                                 \
+                   : PQ_ERROR_SIGN;                                                             \
     }
 PQ_DEFINE_MLDSA_SIGN(sign, pqcr_mldsa65)
@@ -338,16 +339,18 @@ PQ_DEFINE_MLDSA_SIGN(mldsa87_sign, pqcr_mldsa87)
 #undef PQ_DEFINE_MLDSA_SIGN
-#define PQ_DEFINE_MLDSA_VERIFY(name, native)                                             \
-    int pq_##name(const uint8_t *signature, size_t signature_len, const uint8_t *message, \
-                  size_t message_len, const uint8_t *public_key) {                       \
-        if (!signature || !public_key || (message_len > 0 && !message)) {                 \
-            return PQ_ERROR_BUFFER;                                                       \
-        }                                                                                 \
-        return native##_verify(signature, signature_len, message, message_len, NULL, 0,   \
-                               public_key) == 0                                          \
-                   ? PQ_SUCCESS                                                           \
-                   : PQ_ERROR_VERIFY;                                                     \
+#define PQ_DEFINE_MLDSA_VERIFY(name, native)                                                       \
+    int pq_##name(const uint8_t *signature, size_t signature_len, const uint8_t *message,          \
+                  size_t message_len, const uint8_t *ctx, size_t ctx_len,                          \
+                  const uint8_t *public_key) {                                                     \
+        if (!signature || !public_key || (message_len > 0 && !message) || (ctx_len > 0 && !ctx) || \
+            ctx_len > 255) {                                                                       \
+            return PQ_ERROR_BUFFER;                                                                \
+        }                                                                                          \
+        return native##_verify(signature, signature_len, message, message_len, ctx, ctx_len,       \
+                               public_key) == 0                                                    \
+                   ? PQ_SUCCESS                                                                    \
+                   : PQ_ERROR_VERIFY;                                                              \
     }
 PQ_DEFINE_MLDSA_VERIFY(verify, pqcr_mldsa65)
@@ -440,30 +443,27 @@ int pq_testing_mldsa_sign_from_seed(uint8_t *signature, size_t *signature_len,
                                     const uint8_t *message, size_t message_len,
                                     const uint8_t *secret_key, const uint8_t *seed,
                                     size_t seed_len) {
-    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
-                                                secret_key, seed, seed_len,
-                                                pqcr_mldsa65_signature_internal,
-                                                pqcr_mldsa65_prepare_domain_separation_prefix);
+    return pq_testing_mldsa_sign_from_seed_with(
+        signature, signature_len, message, message_len, secret_key, seed, seed_len,
+        pqcr_mldsa65_signature_internal, pqcr_mldsa65_prepare_domain_separation_prefix);
 }
 int pq_testing_mldsa44_sign_from_seed(uint8_t *signature, size_t *signature_len,
                                       const uint8_t *message, size_t message_len,
                                       const uint8_t *secret_key, const uint8_t *seed,
                                       size_t seed_len) {
-    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
-                                                secret_key, seed, seed_len,
-                                                pqcr_mldsa44_signature_internal,
-                                                pqcr_mldsa44_prepare_domain_separation_prefix);
+    return pq_testing_mldsa_sign_from_seed_with(
+        signature, signature_len, message, message_len, secret_key, seed, seed_len,
+        pqcr_mldsa44_signature_internal, pqcr_mldsa44_prepare_domain_separation_prefix);
 }
 int pq_testing_mldsa87_sign_from_seed(uint8_t *signature, size_t *signature_len,
                                       const uint8_t *message, size_t message_len,
                                       const uint8_t *secret_key, const uint8_t *seed,
                                       size_t seed_len) {
-    return pq_testing_mldsa_sign_from_seed_with(signature, signature_len, message, message_len,
-                                                secret_key, seed, seed_len,
-                                                pqcr_mldsa87_signature_internal,
-                                                pqcr_mldsa87_prepare_domain_separation_prefix);
+    return pq_testing_mldsa_sign_from_seed_with(
+        signature, signature_len, message, message_len, secret_key, seed, seed_len,
+        pqcr_mldsa87_signature_internal, pqcr_mldsa87_prepare_domain_separation_prefix);
 }
 int pq_hybrid_kem_keypair(uint8_t *public_key, uint8_t *secret_key) {
@@ -523,8 +523,7 @@ int pq_hybrid_kem_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,
         goto cleanup;
     }
-    ret = x25519_ephemeral_keypair_and_shared_secret(ct.x25519_ephemeral, x25519_ss,
-                                                     pk.x25519_pk);
+    ret = x25519_ephemeral_keypair_and_shared_secret(ct.x25519_ephemeral, x25519_ss, pk.x25519_pk);
     if (ret != PQ_SUCCESS) {
         ret = PQ_ERROR_ENCAPSULATE;
         goto cleanup;

data/ext/pqcrypto/pqcrypto_secure.h CHANGED Viewed

@@ -95,17 +95,17 @@ int pq_mldsa_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
 int pq_mldsa87_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key,
                                   const uint8_t *seed32);
 int pq_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
-            const uint8_t *secret_key);
+            const uint8_t *ctx, size_t ctx_len, const uint8_t *secret_key);
 int pq_mldsa44_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
-                    const uint8_t *secret_key);
+                    const uint8_t *ctx, size_t ctx_len, const uint8_t *secret_key);
 int pq_mldsa87_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len,
-                    const uint8_t *secret_key);
+                    const uint8_t *ctx, size_t ctx_len, const uint8_t *secret_key);
 int pq_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
-              size_t message_len, const uint8_t *public_key);
+              size_t message_len, const uint8_t *ctx, size_t ctx_len, const uint8_t *public_key);
 int pq_mldsa44_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
-                      size_t message_len, const uint8_t *public_key);
+                      size_t message_len, const uint8_t *ctx, size_t ctx_len, const uint8_t *public_key);
 int pq_mldsa87_verify(const uint8_t *signature, size_t signature_len, const uint8_t *message,
-                      size_t message_len, const uint8_t *public_key);
+                      size_t message_len, const uint8_t *ctx, size_t ctx_len, const uint8_t *public_key);
 int pq_public_key_to_pqc_container_der(uint8_t **output, size_t *output_len,
                                        const uint8_t *public_key,
@@ -189,13 +189,18 @@ const char *pq_version(void);
 #define PQ_MLDSA_MUBYTES        64
 #define PQ_MLDSA_TRBYTES        64
-int pq_mldsa_extract_tr_from_secret_key(uint8_t *tr_out, const uint8_t *secret_key);
-int pq_mldsa_compute_tr_from_public_key(uint8_t *tr_out, const uint8_t *public_key);
+int pq_mldsa_extract_tr_from_secret_key(uint8_t *tr_out, const uint8_t *secret_key,
+                                        size_t public_key_len,
+                                        int (*pk_from_sk)(uint8_t *, const uint8_t *));
+int pq_mldsa_compute_tr_from_public_key(uint8_t *tr_out, const uint8_t *public_key,
+                                        size_t public_key_len);
 int pq_sign_mu(uint8_t *signature, size_t *signature_len,
-               const uint8_t *mu, const uint8_t *secret_key);
+               const uint8_t *mu, const uint8_t *secret_key,
+               int (*signature_extmu)(uint8_t *, size_t *, const uint8_t *, const uint8_t *));
 int pq_verify_mu(const uint8_t *signature, size_t signature_len,
-                 const uint8_t *mu, const uint8_t *public_key);
+                 const uint8_t *mu, const uint8_t *public_key, size_t expected_signature_len,
+                 int (*verify_extmu)(const uint8_t *, size_t, const uint8_t *, const uint8_t *));
 void *pq_mu_builder_new(void);
 int pq_mu_builder_init(void *state, const uint8_t *tr,
                        const uint8_t *ctx, size_t ctxlen);

data/ext/pqcrypto/pqcrypto_version.h CHANGED Viewed

@@ -2,6 +2,6 @@
 #ifndef PQCRYPTO_VERSION_H
 #define PQCRYPTO_VERSION_H
-#define PQCRYPTO_VERSION "0.5.3"
+#define PQCRYPTO_VERSION "0.6.0"
 #endif

data/lib/pq_crypto/hybrid_kem.rb CHANGED Viewed

@@ -85,6 +85,7 @@ module PQCrypto
       end
       def wipe!
+        PQCrypto.__send__(:native_hybrid_kem_expanded_secret_key_wipe, @expanded_key) if @expanded_key
         @expanded_key = nil
         super
       end

data/lib/pq_crypto/kem.rb CHANGED Viewed

@@ -44,6 +44,10 @@ module PQCrypto
         SecretKey.new(resolve_algorithm!(algorithm), bytes)
       end
+      def secret_key_from_seed(algorithm, seed)
+        SecretKey.from_seed(resolve_algorithm!(algorithm), seed)
+      end
       def public_key_from_pqc_container_der(der, algorithm = nil)
         resolved_algorithm, bytes = Serialization.public_key_from_pqc_container_der(algorithm, der)
         PublicKey.new(resolve_algorithm!(resolved_algorithm), bytes)
@@ -64,12 +68,12 @@ module PQCrypto
         SecretKey.new(resolve_algorithm!(resolved_algorithm), bytes)
       end
-      def secret_key_from_pkcs8_der(der)
-        secret_key_from_decoded_pkcs8(*PKCS8.decode_der(der))
+      def secret_key_from_pkcs8_der(der, passphrase: nil)
+        secret_key_from_decoded_pkcs8(*PKCS8.decode_der(der, passphrase: passphrase))
       end
-      def secret_key_from_pkcs8_pem(pem)
-        secret_key_from_decoded_pkcs8(*PKCS8.decode_pem(pem))
+      def secret_key_from_pkcs8_pem(pem, passphrase: nil)
+        secret_key_from_decoded_pkcs8(*PKCS8.decode_pem(pem, passphrase: passphrase))
       end
       def public_key_from_spki_der(der, algorithm: nil)
@@ -101,20 +105,20 @@ module PQCrypto
       end
       def secret_key_from_decoded_pkcs8(algorithm, format, material)
-        secret_material = case format
-                          when :seed
-                            _public_key, expanded = PQCrypto.__send__(native_method_for(algorithm, :keypair_from_seed), material)
-                            expanded
-                          when :both
-                            _seed, expanded = material
-                            expanded
-                          when :expanded
-                            material
-                          else
-                            raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
-                          end
-        SecretKey.new(resolve_algorithm!(algorithm), secret_material)
+        algorithm = resolve_algorithm!(algorithm)
+        case format
+        when :seed
+          _public_key, expanded = PQCrypto.__send__(native_method_for(algorithm, :keypair_from_seed), material)
+          SecretKey.new(algorithm, expanded, seed: material)
+        when :both
+          seed, expanded = material
+          SecretKey.new(algorithm, expanded, seed: seed)
+        when :expanded
+          SecretKey.new(algorithm, material)
+        else
+          raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
+        end
       end
       def native_method_for(algorithm, operation)
@@ -192,7 +196,7 @@ module PQCrypto
       def ==(other)
         return false unless other.is_a?(PublicKey) && other.algorithm == algorithm
-        PQCrypto.__send__(:native_ct_equals, other.to_bytes, @bytes)
+        PQCrypto.__send__(:native_ct_equals, other.send(:bytes_for_native), @bytes)
       end
       alias eql? ==
@@ -207,6 +211,10 @@ module PQCrypto
       private
+      def bytes_for_native
+        @bytes
+      end
       def validate_length!
         expected = KEM.details(@algorithm).fetch(:public_key_bytes)
         raise InvalidKeyError, "Invalid KEM public key length" unless @bytes.bytesize == expected
@@ -216,10 +224,20 @@ module PQCrypto
     class SecretKey
       attr_reader :algorithm
-      def initialize(algorithm, bytes)
+      def initialize(algorithm, bytes, seed: nil)
         @algorithm = algorithm
         @bytes = String(bytes).b
+        @seed = seed.nil? ? nil : String(seed).b
         validate_length!
+        validate_seed_length! if @seed
+      end
+      def self.from_seed(algorithm, seed)
+        seed_bytes = String(seed).b
+        _public_key, expanded = PQCrypto.__send__(KEM.send(:native_method_for, algorithm, :keypair_from_seed), seed_bytes)
+        new(algorithm, expanded, seed: seed_bytes)
+      rescue ArgumentError => e
+        raise InvalidKeyError, e.message
       end
       def to_bytes
@@ -234,23 +252,31 @@ module PQCrypto
         Serialization.secret_key_to_pqc_container_pem(@algorithm, @bytes)
       end
-      def to_pkcs8_der(format: :expanded)
+      def to_pkcs8_der(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS)
         case format
         when :expanded
-          PKCS8.encode_der(@algorithm, @bytes, format: :expanded)
-        when :seed, :both
-          raise SerializationError, "PKCS#8 #{format.inspect} export from KEM::SecretKey requires original seed material"
+          PKCS8.encode_der(@algorithm, @bytes, format: :expanded, passphrase: passphrase, iterations: iterations)
+        when :seed
+          ensure_seed_available!(format)
+          PKCS8.encode_der(@algorithm, @seed, format: :seed, passphrase: passphrase, iterations: iterations)
+        when :both
+          ensure_seed_available!(format)
+          PKCS8.encode_der(@algorithm, [@seed, @bytes], format: :both, passphrase: passphrase, iterations: iterations)
         else
           raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
         end
       end
-      def to_pkcs8_pem(format: :expanded)
+      def to_pkcs8_pem(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS)
         case format
         when :expanded
-          PKCS8.encode_pem(@algorithm, @bytes, format: :expanded)
-        when :seed, :both
-          raise SerializationError, "PKCS#8 #{format.inspect} export from KEM::SecretKey requires original seed material"
+          PKCS8.encode_pem(@algorithm, @bytes, format: :expanded, passphrase: passphrase, iterations: iterations)
+        when :seed
+          ensure_seed_available!(format)
+          PKCS8.encode_pem(@algorithm, @seed, format: :seed, passphrase: passphrase, iterations: iterations)
+        when :both
+          ensure_seed_available!(format)
+          PKCS8.encode_pem(@algorithm, [@seed, @bytes], format: :both, passphrase: passphrase, iterations: iterations)
         else
           raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
         end
@@ -264,12 +290,13 @@ module PQCrypto
       def wipe!
         PQCrypto.secure_wipe(@bytes)
+        PQCrypto.secure_wipe(@seed) if @seed
         self
       end
       def ==(other)
         return false unless other.is_a?(SecretKey) && other.algorithm == algorithm
-        PQCrypto.__send__(:native_ct_equals, other.to_bytes, @bytes)
+        PQCrypto.__send__(:native_ct_equals, other.send(:bytes_for_native), @bytes)
       end
       alias eql? ==
@@ -284,10 +311,25 @@ module PQCrypto
       private
+      def bytes_for_native
+        @bytes
+      end
       def validate_length!
         expected = KEM.details(@algorithm).fetch(:secret_key_bytes)
         raise InvalidKeyError, "Invalid KEM secret key length" unless @bytes.bytesize == expected
       end
+      def validate_seed_length!
+        expected = PKCS8::PRIVATE_KEY_CHOICES.fetch(@algorithm).fetch(:seed_bytes)
+        raise InvalidKeyError, "Invalid KEM seed length" unless @seed.bytesize == expected
+      end
+      def ensure_seed_available!(format)
+        return if @seed
+        raise SerializationError, "PKCS#8 #{format.inspect} export from KEM::SecretKey requires original seed material"
+      end
     end
     class EncapsulationResult

data/lib/pq_crypto/key.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+module PQCrypto
+  module Key
+    class << self
+      def generate(algorithm)
+        algorithm = resolve_algorithm!(algorithm)
+        case AlgorithmRegistry.fetch(algorithm).fetch(:family)
+        when :ml_kem
+          KEM.generate(algorithm)
+        when :ml_dsa
+          Signature.generate(algorithm)
+        when :ml_kem_hybrid
+          HybridKEM.generate(algorithm)
+        else
+          raise UnsupportedAlgorithmError, "Unsupported key generation algorithm: #{algorithm.inspect}"
+        end
+      end
+      def from_pem(pem, passphrase: nil)
+        text = String(pem)
+        if text.include?(SPKI::PEM_BEGIN)
+          public_key_from_spki_pem(text)
+        elsif text.include?(PKCS8::PEM_BEGIN) || text.include?(PKCS8::ENCRYPTED_PEM_BEGIN)
+          secret_key_from_pkcs8_pem(text, passphrase: passphrase)
+        else
+          raise SerializationError, "Unsupported PEM label for PQCrypto::Key.from_pem"
+        end
+      end
+      def from_der(der, passphrase: nil)
+        public_key_from_spki_der(der)
+      rescue SerializationError => spki_error
+        begin
+          secret_key_from_pkcs8_der(der, passphrase: passphrase)
+        rescue SerializationError => pkcs8_error
+          raise SerializationError,
+                "Unable to decode DER as SPKI or PKCS#8 (SPKI: #{spki_error.message}; PKCS#8: #{pkcs8_error.message})"
+        end
+      end
+      private
+      def resolve_algorithm!(algorithm)
+        AlgorithmRegistry.fetch(algorithm)
+        algorithm
+      end
+      def public_key_from_spki_pem(pem)
+        algorithm, bytes = SPKI.decode_pem(pem)
+        public_key_from_algorithm_and_bytes(algorithm, bytes)
+      end
+      def public_key_from_spki_der(der)
+        algorithm, bytes = SPKI.decode_der(der)
+        public_key_from_algorithm_and_bytes(algorithm, bytes)
+      end
+      def secret_key_from_pkcs8_pem(pem, passphrase: nil)
+        secret_key_from_decoded_pkcs8(*PKCS8.decode_pem(pem, passphrase: passphrase))
+      end
+      def secret_key_from_pkcs8_der(der, passphrase: nil)
+        secret_key_from_decoded_pkcs8(*PKCS8.decode_der(der, passphrase: passphrase))
+      end
+      def secret_key_from_decoded_pkcs8(algorithm, format, material)
+        case AlgorithmRegistry.fetch(algorithm).fetch(:family)
+        when :ml_kem
+          KEM.send(:secret_key_from_decoded_pkcs8, algorithm, format, material)
+        when :ml_dsa
+          Signature.send(:secret_key_from_decoded_pkcs8, algorithm, format, material)
+        else
+          raise SerializationError, "PKCS#8 private key codec is not supported for #{algorithm.inspect}"
+        end
+      end
+      def public_key_from_algorithm_and_bytes(algorithm, bytes)
+        case AlgorithmRegistry.fetch(algorithm).fetch(:family)
+        when :ml_kem
+          KEM::PublicKey.new(algorithm, bytes)
+        when :ml_dsa
+          Signature::PublicKey.new(algorithm, bytes)
+        else
+          raise SerializationError, "SPKI public key codec is not supported for #{algorithm.inspect}"
+        end
+      end
+    end
+  end
+end