pq_crypto 0.5.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f34f4ae9f34414fbbc1f6ffc63de9c24306a6a432138e36442c1e43661fa59e
-  data.tar.gz: 6b2a754c55b9a1be4706cf5d835ee08844b54d75d96d43611f22c8c4f68cb10f
+  metadata.gz: d5949078149668609462a1e9a3df7b7f767499311b998e4dd651be1d7865ddfc
+  data.tar.gz: 600fc91b9614aec5f7f61d8c3ab6d11643bbbf919941faf0508384e7ede9dce0
 SHA512:
-  metadata.gz: 0b72822b4b645f891e8f87693004f736070b9bba37432a48ffc840ec1a114865ba691db7c1ffc12aab7643369c3883892d9fbcf3c4f7cf895b5938d2ee650b1c
-  data.tar.gz: 13c0263600408685f5d484528032305c48e3e3d551799abad990167c9a9d14d0287aabb70fd88dc00f72d6236f15e70c3d9f6e9572ad02276e11674aafd87774
+  metadata.gz: 2ac70b6f37460e0a56b1601b59ba5660dda7e4c0c87cc03211c9497261b06f632856079622546f6c8b6db6cfff97b1a9355db879958985f48dfe296c5d729b80
+  data.tar.gz: 9e89256c60b8153518520438b77632eb232660ff88d0b0668cfb8aeea7a50875c2c7297773f3d469952129ccceb6e604e4f619cc4cc2ebbd458fdca9d50e837f

data/.github/workflows/ci.yml

@@ -1,12 +1,30 @@
 name: CI
 
 on:
-  push:
-    branches: ["**"]
   pull_request:
+  push:
+    branches: [main]
 
 jobs:
+  vendor-verify:
+    name: vendor-verify
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Verify vendored sources against pinned tree_sha256
+        run: bundle exec rake vendor:verify
+
   test:
+    needs: vendor-verify
     runs-on: ${{ matrix.os }}
 
     strategy:
@@ -30,6 +48,9 @@ jobs:
         with:
           go-version: "1.26.0"
 
+      - name: Verify vendored sources
+        run: bundle exec rake vendor:verify
+
       - name: Compile extension
         run: bundle exec rake compile
 
@@ -37,6 +58,7 @@ jobs:
         run: bundle exec rake test
 
   interop-openssl-3-5-required:
+    needs: vendor-verify
     name: interop-openssl-3.5-required
     runs-on: ubuntu-24.04
 
@@ -77,6 +99,9 @@ jobs:
         with:
           go-version: "1.26.0"
 
+      - name: Verify vendored sources
+        run: bundle exec rake vendor:verify
+
       - name: Compile extension
         run: bundle exec rake compile
 

data/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Changelog
 
+## [0.5.1] - 2026-05-04
+
+### Performance
+
+- Enabled native asm/SIMD paths for ML-DSA/ML-KEM where available.
+- Reduced Hybrid KEM X25519 overhead by reusing expanded/native key state and avoiding repeated private/public key reconstruction.
+- Moved hot crypto calls under `rb_nogvl` where applicable.
+- Optimized PEM export path by replacing BIO/streaming base64 with direct encode.
+- Reduced small-buffer streaming overhead by avoiding unnecessary `malloc`/`nogvl` work for tiny chunks.
+
+### Vendoring
+
+- Committed `mlkem-native` and `mldsa-native` sources to the repository. Builds no longer require git or network.
+- Pinned upstream by `commit` + `tree_sha256` in `script/vendor_libs.rb`; manifest signed with `manifest_sha256`.
+- Deterministic vendor tree (no symlinks, dotfiles, normalized mtime/permissions).
+- `script/vendor_libs.rb` now supports `--verify`, `--sync`, `--bump`.
+
+### Build
+
+- `extconf.rb` no longer auto-fetches upstream. Missing vendor aborts the build; opt in with `PQCRYPTO_AUTO_VENDOR=1`.
+
+### Rakefile
+
+- Added `vendor:verify`, `vendor:sync`, `vendor:bump`. Default task runs `vendor:verify` before `compile` and `test`.
+
+### CI
+
+- Added `vendor-verify` gating job; `vendor:verify` also runs in each test job before compile.
+
+### Repository
+
+- `.gitattributes` enforces `eol=lf` and marks vendor as binary (CRLF protection).
+- `.gitignore` no longer hides `sempls/`.
+
 ## [0.5.0] - 2026-05-04
 
 ### Changed — native backend migration

data/ext/pqcrypto/extconf.rb

@@ -39,7 +39,45 @@ if SANITIZE && !SANITIZE.strip.empty?
   $LDFLAGS << " -fsanitize=#{sanitize}"
 end
 
-NATIVE_ASM = (ENV["PQCRYPTO_NATIVE_ASM"] || "0") == "1"
+def native_asm_supported_by_default?
+  host_cpu = RbConfig::CONFIG.fetch("host_cpu", "")
+  host_os = RbConfig::CONFIG.fetch("host_os", "")
+  return false if host_os =~ /mswin|mingw|cygwin/i
+
+  host_cpu =~ /\A(?:arm64|aarch64)\z/i
+end
+
+def parse_native_asm_env(value)
+  return native_asm_supported_by_default? if value.nil? || value.strip.empty? || value == "auto"
+
+  case value.strip.downcase
+  when "1", "true", "yes", "on", "auto"
+    true
+  when "0", "false", "no", "off"
+    false
+  else
+    abort "Invalid PQCRYPTO_NATIVE_ASM=#{value.inspect}; use 1, 0, or auto"
+  end
+end
+
+NATIVE_ASM = parse_native_asm_env(ENV["PQCRYPTO_NATIVE_ASM"])
+
+def parse_native_backend_env(name)
+  value = ENV[name]
+  return NATIVE_ASM if value.nil? || value.strip.empty? || value == "auto"
+
+  case value.strip.downcase
+  when "1", "true", "yes", "on"
+    true
+  when "0", "false", "no", "off"
+    false
+  else
+    abort "Invalid #{name}=#{value.inspect}; use 1, 0, or auto"
+  end
+end
+
+NATIVE_ARITH = parse_native_backend_env("PQCRYPTO_NATIVE_ARITH")
+NATIVE_FIPS202 = parse_native_backend_env("PQCRYPTO_NATIVE_FIPS202")
 
 def configure_compiler_environment
   return unless RUBY_PLATFORM.include?("darwin")
@@ -66,28 +104,25 @@ def vendor_script_path
 end
 
 def run_vendor_script!(vendor_dir)
-  script = vendor_script_path
-  abort <<~MSG unless File.exist?(script)
-    PQ Code Package vendored sources are missing and script/vendor_libs.rb was not packaged.
+  abort <<~MSG if ENV["PQCRYPTO_AUTO_VENDOR"] != "1"
+    PQ Code Package vendored sources are missing.
 
     Expected:
       #{native_vendor_sources_for(vendor_dir).join("\n  ")}
 
-    Rebuild the gem from a repository that includes script/vendor_libs.rb, or run
-    script/vendor_libs.rb before building the gem package.
-  MSG
-
-  abort <<~MSG if ENV["PQCRYPTO_AUTO_VENDOR"] == "0"
-    PQ Code Package vendored sources are missing and PQCRYPTO_AUTO_VENDOR=0 was set.
-
-    Expected:
-      #{native_vendor_sources_for(vendor_dir).join("\n  ")}
+    The vendor tree is committed to the repository and shipped with the gem.
+    If it is missing, the source tree is incomplete or corrupted.
 
-    Run:
+    To fetch upstream sources at the pinned commits run:
       ruby script/vendor_libs.rb
+
+    Or to allow extconf.rb to do this for you set PQCRYPTO_AUTO_VENDOR=1.
   MSG
 
-  puts "PQ Code Package native sources are missing; vendoring now..."
+  script = vendor_script_path
+  abort "PQ Code Package vendored sources are missing and script/vendor_libs.rb was not packaged." unless File.exist?(script)
+
+  puts "PQ Code Package native sources are missing; vendoring now (PQCRYPTO_AUTO_VENDOR=1)..."
   ok = system(RbConfig.ruby, script)
   abort <<~MSG unless ok
     Failed to vendor PQ Code Package native sources.
@@ -210,10 +245,8 @@ def native_flags(kind, level, shared:)
   flags << "-D#{prefix}_CONFIG_NAMESPACE_PREFIX=#{ns}"
   flags << "-D#{prefix}_CONFIG_NO_SUPERCOP"
   flags << (shared ? "-D#{prefix}_CONFIG_MULTILEVEL_WITH_SHARED" : "-D#{prefix}_CONFIG_MULTILEVEL_NO_SHARED")
-  if NATIVE_ASM
-    flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_ARITH"
-    flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_FIPS202"
-  end
+  flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_ARITH" if NATIVE_ARITH
+  flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_FIPS202" if NATIVE_FIPS202
   flags.join(" ")
 end
 
@@ -241,7 +274,7 @@ def inject_native_sources!(config)
     RULE
   end
 
-  if NATIVE_ASM
+  if NATIVE_ARITH || NATIVE_FIPS202
     [
       [:mlkem, "512", config[:mlkem_asm], true],
       [:mlkem, "768", config[:mlkem_asm], false],
@@ -288,7 +321,9 @@ native_config = native_vendor_config(vendor_dir)
 puts "OpenSSL: system"
 puts "ML-KEM: mlkem-native vendored"
 puts "ML-DSA: mldsa-native vendored"
-puts "Native asm backends: #{NATIVE_ASM ? 'enabled' : 'disabled'}"
+puts "Native asm auto/forced: #{NATIVE_ASM ? 'enabled' : 'disabled'}"
+puts "Native arithmetic backend: #{NATIVE_ARITH ? 'enabled' : 'disabled'}"
+puts "Native FIPS202 backend: #{NATIVE_FIPS202 ? 'enabled' : 'disabled'}"
 puts "PQClean fallback: removed"
 puts "Output: pqcrypto/pqcrypto_secure"
 puts "===================================="

data/ext/pqcrypto/pqcrypto_native_api.h

@@ -78,6 +78,9 @@ int pqcr_mlkem1024_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
 int pqcr_mlkem1024_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins);
 int pqcr_mlkem1024_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
+void pqcr_mlkem_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen);
+void pqcr_mlkem_sha3_256(uint8_t *output, const uint8_t *input, size_t inlen);
+
 /* mldsa-native symbols: namespace prefix pqcr_mldsa + level suffix. */
 int pqcr_mldsa44_keypair(uint8_t *pk, uint8_t *sk);
 int pqcr_mldsa44_keypair_internal(uint8_t *pk, uint8_t *sk, const uint8_t seed[MLDSA_SEEDBYTES]);

data/ext/pqcrypto/pqcrypto_ruby_secure.c

@@ -5,6 +5,7 @@
 #include <string.h>
 
 #include <openssl/crypto.h>
+#include <openssl/evp.h>
 
 #include "pqcrypto_secure.h"
 
@@ -12,6 +13,8 @@
 #define RB_NOGVL_OFFLOAD_SAFE 0
 #endif
 
+#define PQ_MU_ABSORB_NOGVL_MIN_BYTES 16384
+
 typedef struct {
     int result;
     uint8_t *public_key;
@@ -36,6 +39,25 @@ typedef struct {
     const uint8_t *secret_key;
 } kem_decapsulate_call_t;
 
+typedef struct {
+    int result;
+    uint8_t *expanded_secret_key;
+    const uint8_t *secret_key;
+} hybrid_expand_call_t;
+
+typedef struct {
+    int result;
+    uint8_t *shared_secret;
+    const uint8_t *ciphertext;
+    const uint8_t *expanded_secret_key;
+    void *x25519_private_pkey;
+} hybrid_decapsulate_expanded_pkey_call_t;
+
+typedef struct {
+    uint8_t expanded_secret_key[PQ_HYBRID_EXPANDED_SECRETKEYBYTES];
+    EVP_PKEY *x25519_private_pkey;
+} hybrid_expanded_key_wrapper_t;
+
 typedef struct {
     int result;
     uint8_t *public_key;
@@ -68,6 +90,49 @@ static VALUE mPQCrypto;
 static VALUE ePQCryptoError;
 static VALUE ePQCryptoVerificationError;
 
+static void hybrid_expanded_key_wrapper_free(void *ptr) {
+    hybrid_expanded_key_wrapper_t *wrapper = (hybrid_expanded_key_wrapper_t *)ptr;
+    if (!wrapper) {
+        return;
+    }
+    pq_secure_wipe(wrapper->expanded_secret_key, sizeof(wrapper->expanded_secret_key));
+    if (wrapper->x25519_private_pkey) {
+        EVP_PKEY_free(wrapper->x25519_private_pkey);
+        wrapper->x25519_private_pkey = NULL;
+    }
+    xfree(wrapper);
+}
+
+static size_t hybrid_expanded_key_wrapper_size(const void *ptr) {
+    (void)ptr;
+    return sizeof(hybrid_expanded_key_wrapper_t);
+}
+
+static const rb_data_type_t hybrid_expanded_key_data_type = {
+    .wrap_struct_name = "PQCrypto::HybridKEM::ExpandedSecretKey",
+    .function =
+        {
+            .dmark = NULL,
+            .dfree = hybrid_expanded_key_wrapper_free,
+            .dsize = hybrid_expanded_key_wrapper_size,
+            .dcompact = NULL,
+            .reserved = {NULL},
+        },
+    .parent = NULL,
+    .data = NULL,
+    .flags = RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
+static hybrid_expanded_key_wrapper_t *hybrid_expanded_key_unwrap(VALUE obj) {
+    hybrid_expanded_key_wrapper_t *wrapper;
+    TypedData_Get_Struct(obj, hybrid_expanded_key_wrapper_t, &hybrid_expanded_key_data_type,
+                         wrapper);
+    if (!wrapper || !wrapper->x25519_private_pkey) {
+        rb_raise(ePQCryptoError, "hybrid expanded secret key used after release");
+    }
+    return wrapper;
+}
+
 __attribute__((noreturn)) static void pq_raise_general_error(int err);
 
 static const char *const PQC_CONTAINER_ALGORITHMS[] = {
@@ -76,18 +141,35 @@ static const char *const PQC_CONTAINER_ALGORITHMS[] = {
     "ml_dsa_65",
 };
 
+static ID pqc_container_algorithm_ids[sizeof(PQC_CONTAINER_ALGORITHMS) /
+                                      sizeof(PQC_CONTAINER_ALGORITHMS[0])];
+
+static void pq_init_algorithm_ids(void) {
+    for (size_t i = 0; i < sizeof(PQC_CONTAINER_ALGORITHMS) / sizeof(PQC_CONTAINER_ALGORITHMS[0]);
+         ++i) {
+        pqc_container_algorithm_ids[i] = rb_intern(PQC_CONTAINER_ALGORITHMS[i]);
+    }
+}
+
 static const char *pq_algorithm_symbol_to_cstr(VALUE algorithm) {
-    ID id;
     if (SYMBOL_P(algorithm)) {
-        id = SYM2ID(algorithm);
+        ID id = SYM2ID(algorithm);
+        for (size_t i = 0; i < sizeof(PQC_CONTAINER_ALGORITHMS) / sizeof(PQC_CONTAINER_ALGORITHMS[0]);
+             ++i) {
+            if (id == pqc_container_algorithm_ids[i]) {
+                return PQC_CONTAINER_ALGORITHMS[i];
+            }
+        }
     } else {
         VALUE str = StringValue(algorithm);
-        id = rb_intern_str(str);
-    }
-    for (size_t i = 0; i < sizeof(PQC_CONTAINER_ALGORITHMS) / sizeof(PQC_CONTAINER_ALGORITHMS[0]);
-         ++i) {
-        if (id == rb_intern(PQC_CONTAINER_ALGORITHMS[i])) {
-            return PQC_CONTAINER_ALGORITHMS[i];
+        const char *ptr = RSTRING_PTR(str);
+        size_t len = (size_t)RSTRING_LEN(str);
+        for (size_t i = 0; i < sizeof(PQC_CONTAINER_ALGORITHMS) / sizeof(PQC_CONTAINER_ALGORITHMS[0]);
+             ++i) {
+            size_t algorithm_len = strlen(PQC_CONTAINER_ALGORITHMS[i]);
+            if (len == algorithm_len && memcmp(ptr, PQC_CONTAINER_ALGORITHMS[i], len) == 0) {
+                return PQC_CONTAINER_ALGORITHMS[i];
+            }
         }
     }
     rb_raise(rb_eArgError, "Unsupported serialization algorithm");
@@ -97,7 +179,7 @@ static VALUE pq_algorithm_cstr_to_symbol(const char *algorithm) {
     for (size_t i = 0; i < sizeof(PQC_CONTAINER_ALGORITHMS) / sizeof(PQC_CONTAINER_ALGORITHMS[0]);
          ++i) {
         if (strcmp(algorithm, PQC_CONTAINER_ALGORITHMS[i]) == 0) {
-            return ID2SYM(rb_intern(PQC_CONTAINER_ALGORITHMS[i]));
+            return ID2SYM(pqc_container_algorithm_ids[i]);
         }
     }
     rb_raise(rb_eArgError, "Unsupported serialization algorithm");
@@ -175,6 +257,12 @@ static void *pq_hybrid_kem_encapsulate_nogvl(void *arg) {
     return NULL;
 }
 
+static void *pq_hybrid_kem_expand_secret_key_nogvl(void *arg) {
+    hybrid_expand_call_t *call = (hybrid_expand_call_t *)arg;
+    call->result = pq_hybrid_kem_expand_secret_key(call->expanded_secret_key, call->secret_key);
+    return NULL;
+}
+
 static void *pq_hybrid_kem_decapsulate_nogvl(void *arg) {
     kem_decapsulate_call_t *call = (kem_decapsulate_call_t *)arg;
     call->result =
@@ -182,6 +270,21 @@ static void *pq_hybrid_kem_decapsulate_nogvl(void *arg) {
     return NULL;
 }
 
+static void *pq_hybrid_kem_decapsulate_expanded_nogvl(void *arg) {
+    kem_decapsulate_call_t *call = (kem_decapsulate_call_t *)arg;
+    call->result = pq_hybrid_kem_decapsulate_expanded(call->shared_secret, call->ciphertext,
+                                                      call->secret_key);
+    return NULL;
+}
+
+static void *pq_hybrid_kem_decapsulate_expanded_pkey_nogvl(void *arg) {
+    hybrid_decapsulate_expanded_pkey_call_t *call =
+        (hybrid_decapsulate_expanded_pkey_call_t *)arg;
+    call->result = pq_hybrid_kem_decapsulate_expanded_pkey(
+        call->shared_secret, call->ciphertext, call->expanded_secret_key, call->x25519_private_pkey);
+    return NULL;
+}
+
 #define PQ_DEFINE_SIGN_KEYPAIR_NOGVL(rb_name, c_call)              \
     static void *pq_##rb_name##_nogvl(void *arg) {                 \
         sign_keypair_call_t *call = (sign_keypair_call_t *)arg;    \
@@ -640,6 +743,66 @@ static VALUE pqcrypto_hybrid_kem_encapsulate(VALUE self, VALUE public_key) {
                                   PQ_HYBRID_SHAREDSECRETBYTES);
 }
 
+static VALUE pqcrypto_hybrid_kem_expand_secret_key(VALUE self, VALUE secret_key) {
+    (void)self;
+    hybrid_expand_call_t call = {0};
+    VALUE result;
+    size_t copied_secret_key_len = 0;
+
+    pq_validate_bytes_argument(secret_key, PQ_HYBRID_SECRETKEYBYTES, "hybrid secret key");
+
+    call.secret_key = pq_copy_ruby_string(secret_key, &copied_secret_key_len);
+    call.expanded_secret_key = pq_alloc_buffer(PQ_HYBRID_EXPANDED_SECRETKEYBYTES);
+
+    rb_thread_call_without_gvl(pq_hybrid_kem_expand_secret_key_nogvl, &call, NULL, NULL);
+    pq_wipe_and_free((uint8_t *)call.secret_key, copied_secret_key_len);
+
+    if (call.result != PQ_SUCCESS) {
+        pq_wipe_and_free(call.expanded_secret_key, PQ_HYBRID_EXPANDED_SECRETKEYBYTES);
+        pq_raise_general_error(call.result);
+    }
+
+    result = pq_string_from_buffer(call.expanded_secret_key, PQ_HYBRID_EXPANDED_SECRETKEYBYTES);
+    pq_wipe_and_free(call.expanded_secret_key, PQ_HYBRID_EXPANDED_SECRETKEYBYTES);
+    return result;
+}
+
+static VALUE pqcrypto_hybrid_kem_expand_secret_key_object(VALUE self, VALUE secret_key) {
+    (void)self;
+    hybrid_expand_call_t call = {0};
+    size_t copied_secret_key_len = 0;
+
+    pq_validate_bytes_argument(secret_key, PQ_HYBRID_SECRETKEYBYTES, "hybrid secret key");
+
+    hybrid_expanded_key_wrapper_t *wrapper;
+    VALUE obj = TypedData_Make_Struct(rb_cObject, hybrid_expanded_key_wrapper_t,
+                                      &hybrid_expanded_key_data_type, wrapper);
+    memset(wrapper->expanded_secret_key, 0, sizeof(wrapper->expanded_secret_key));
+    wrapper->x25519_private_pkey = NULL;
+
+    call.secret_key = pq_copy_ruby_string(secret_key, &copied_secret_key_len);
+    call.expanded_secret_key = wrapper->expanded_secret_key;
+
+    rb_thread_call_without_gvl(pq_hybrid_kem_expand_secret_key_nogvl, &call, NULL, NULL);
+    pq_wipe_and_free((uint8_t *)call.secret_key, copied_secret_key_len);
+
+    if (call.result != PQ_SUCCESS) {
+        pq_secure_wipe(wrapper->expanded_secret_key, sizeof(wrapper->expanded_secret_key));
+        pq_raise_general_error(call.result);
+    }
+
+    const hybrid_expanded_secret_key_t *expanded =
+        (const hybrid_expanded_secret_key_t *)wrapper->expanded_secret_key;
+    wrapper->x25519_private_pkey = EVP_PKEY_new_raw_private_key(
+        EVP_PKEY_X25519, NULL, expanded->x25519_sk, X25519_SECRETKEYBYTES);
+    if (!wrapper->x25519_private_pkey) {
+        pq_secure_wipe(wrapper->expanded_secret_key, sizeof(wrapper->expanded_secret_key));
+        pq_raise_general_error(PQ_ERROR_OPENSSL);
+    }
+
+    return obj;
+}
+
 static VALUE pqcrypto_hybrid_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
     (void)self;
     return pq_run_kem_decapsulate(pq_hybrid_kem_decapsulate_nogvl, ciphertext,
@@ -647,6 +810,50 @@ static VALUE pqcrypto_hybrid_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE
                                   PQ_HYBRID_SHAREDSECRETBYTES);
 }
 
+static VALUE pqcrypto_hybrid_kem_decapsulate_expanded(VALUE self, VALUE ciphertext,
+                                                      VALUE expanded_secret_key) {
+    (void)self;
+    return pq_run_kem_decapsulate(pq_hybrid_kem_decapsulate_expanded_nogvl, ciphertext,
+                                  PQ_HYBRID_CIPHERTEXTBYTES, expanded_secret_key,
+                                  PQ_HYBRID_EXPANDED_SECRETKEYBYTES,
+                                  PQ_HYBRID_SHAREDSECRETBYTES);
+}
+
+static VALUE pqcrypto_hybrid_kem_decapsulate_expanded_object(VALUE self, VALUE ciphertext,
+                                                            VALUE expanded_secret_key_obj) {
+    (void)self;
+    hybrid_expanded_key_wrapper_t *wrapper = hybrid_expanded_key_unwrap(expanded_secret_key_obj);
+    hybrid_decapsulate_expanded_pkey_call_t call = {0};
+    VALUE result;
+    size_t copied_ciphertext_len = 0;
+
+    pq_validate_bytes_argument(ciphertext, PQ_HYBRID_CIPHERTEXTBYTES, "ciphertext");
+
+    call.ciphertext = pq_copy_ruby_string(ciphertext, &copied_ciphertext_len);
+    call.expanded_secret_key = wrapper->expanded_secret_key;
+    call.shared_secret = pq_alloc_buffer(PQ_HYBRID_SHAREDSECRETBYTES);
+
+    if (EVP_PKEY_up_ref(wrapper->x25519_private_pkey) != 1) {
+        pq_wipe_and_free((uint8_t *)call.ciphertext, copied_ciphertext_len);
+        pq_wipe_and_free(call.shared_secret, PQ_HYBRID_SHAREDSECRETBYTES);
+        pq_raise_general_error(PQ_ERROR_OPENSSL);
+    }
+    call.x25519_private_pkey = wrapper->x25519_private_pkey;
+
+    rb_thread_call_without_gvl(pq_hybrid_kem_decapsulate_expanded_pkey_nogvl, &call, NULL, NULL);
+    EVP_PKEY_free((EVP_PKEY *)call.x25519_private_pkey);
+    pq_wipe_and_free((uint8_t *)call.ciphertext, copied_ciphertext_len);
+
+    if (call.result != PQ_SUCCESS) {
+        pq_wipe_and_free(call.shared_secret, PQ_HYBRID_SHAREDSECRETBYTES);
+        pq_raise_general_error(call.result);
+    }
+
+    result = pq_string_from_buffer(call.shared_secret, PQ_HYBRID_SHAREDSECRETBYTES);
+    pq_wipe_and_free(call.shared_secret, PQ_HYBRID_SHAREDSECRETBYTES);
+    return result;
+}
+
 static VALUE pqcrypto__test_ml_kem_keypair_from_seed(VALUE self, VALUE seed) {
     (void)self;
     StringValue(seed);
@@ -1220,6 +1427,15 @@ static VALUE pqcrypto__native_mldsa_mu_builder_update(VALUE self, VALUE builder_
         return Qnil;
     }
 
+    if (chunk_len < PQ_MU_ABSORB_NOGVL_MIN_BYTES) {
+        int rc = pq_mu_builder_absorb(wrapper->builder, (const uint8_t *)RSTRING_PTR(chunk),
+                                      chunk_len);
+        if (rc != PQ_SUCCESS) {
+            pq_raise_general_error(rc);
+        }
+        return Qnil;
+    }
+
     uint8_t *copy = pq_alloc_buffer(chunk_len);
     memcpy(copy, RSTRING_PTR(chunk), chunk_len);
 
@@ -1432,6 +1648,7 @@ static VALUE pqcrypto_secret_key_from_pqc_container_pem(VALUE self, VALUE pem) {
 
 void Init_pqcrypto_secure(void) {
     mPQCrypto = rb_define_module("PQCrypto");
+    pq_init_algorithm_ids();
     ePQCryptoError = rb_define_class_under(mPQCrypto, "Error", rb_eStandardError);
 
     ePQCryptoVerificationError =
@@ -1478,8 +1695,16 @@ void Init_pqcrypto_secure(void) {
     rb_define_module_function(mPQCrypto, "hybrid_kem_keypair", pqcrypto_hybrid_kem_keypair, 0);
     rb_define_module_function(mPQCrypto, "hybrid_kem_encapsulate", pqcrypto_hybrid_kem_encapsulate,
                               1);
+    rb_define_module_function(mPQCrypto, "hybrid_kem_expand_secret_key",
+                              pqcrypto_hybrid_kem_expand_secret_key, 1);
+    rb_define_module_function(mPQCrypto, "hybrid_kem_expand_secret_key_object",
+                              pqcrypto_hybrid_kem_expand_secret_key_object, 1);
     rb_define_module_function(mPQCrypto, "hybrid_kem_decapsulate", pqcrypto_hybrid_kem_decapsulate,
                               2);
+    rb_define_module_function(mPQCrypto, "hybrid_kem_decapsulate_expanded",
+                              pqcrypto_hybrid_kem_decapsulate_expanded, 2);
+    rb_define_module_function(mPQCrypto, "hybrid_kem_decapsulate_expanded_object",
+                              pqcrypto_hybrid_kem_decapsulate_expanded_object, 2);
     rb_define_module_function(mPQCrypto, "sign_keypair", pqcrypto_sign_keypair, 0);
     rb_define_module_function(mPQCrypto, "sign", pqcrypto_sign, 2);
     rb_define_module_function(mPQCrypto, "verify", pqcrypto_verify, 3);