Module: PQCrypto

Defined in:

lib/pq_crypto.rb,
lib/pq_crypto/kem.rb,
lib/pq_crypto/errors.rb,
lib/pq_crypto/version.rb,
lib/pq_crypto/signature.rb,
lib/pq_crypto/hybrid_kem.rb,
lib/pq_crypto/serialization.rb,
ext/pqcrypto/pqcrypto_ruby_secure.c

Defined Under Namespace

Modules: HybridKEM, KEM, NativeBindings, Serialization, Signature, Testing Classes: Error, InvalidCiphertextError, InvalidKeyError, SerializationError, UnsupportedAlgorithmError, VerificationError

Constant Summary

SUITES =

{
  kem: [:ml_kem_768].freeze,
  hybrid_kem: [:ml_kem_768_x25519_xwing].freeze,
  signature: [:ml_dsa_65].freeze,
}.freeze

NATIVE_EXTENSION_LOADED =

true

VERSION =

"0.3.2"

ML_KEM_PUBLIC_KEY_BYTES =

INT2NUM(PQ_MLKEM_PUBLICKEYBYTES)

ML_KEM_SECRET_KEY_BYTES =

INT2NUM(PQ_MLKEM_SECRETKEYBYTES)

ML_KEM_CIPHERTEXT_BYTES =

INT2NUM(PQ_MLKEM_CIPHERTEXTBYTES)

ML_KEM_SHARED_SECRET_BYTES =

INT2NUM(PQ_MLKEM_SHAREDSECRETBYTES)

HYBRID_KEM_PUBLIC_KEY_BYTES =

INT2NUM(PQ_HYBRID_PUBLICKEYBYTES)

HYBRID_KEM_SECRET_KEY_BYTES =

INT2NUM(PQ_HYBRID_SECRETKEYBYTES)

HYBRID_KEM_CIPHERTEXT_BYTES =

INT2NUM(PQ_HYBRID_CIPHERTEXTBYTES)

HYBRID_KEM_SHARED_SECRET_BYTES =

INT2NUM(PQ_HYBRID_SHAREDSECRETBYTES)

SIGN_PUBLIC_KEY_BYTES =

INT2NUM(PQ_MLDSA_PUBLICKEYBYTES)

SIGN_SECRET_KEY_BYTES =

INT2NUM(PQ_MLDSA_SECRETKEYBYTES)

SIGN_BYTES =

INT2NUM(PQ_MLDSA_BYTES)

Class Method Summary

• .__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ Object
• .__test_ml_kem_keypair_from_seed(seed) ⇒ Object
• .__test_sign_from_seed(message, secret_key, seed) ⇒ Object
• .__test_sign_keypair_from_seed(seed) ⇒ Object
• ._native_mldsa_compute_tr(public_key) ⇒ Object
• ._native_mldsa_extract_tr(secret_key) ⇒ Object
• ._native_mldsa_mu_builder_finalize(builder_obj) ⇒ Object
• ._native_mldsa_mu_builder_new(tr, ctx) ⇒ Object
• ._native_mldsa_mu_builder_release(builder_obj) ⇒ Object
• ._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ Object
• ._native_mldsa_sign_mu(mu, secret_key) ⇒ Object
• ._native_mldsa_verify_mu(mu, signature, public_key) ⇒ Object
• .backend ⇒ Object
• .ct_equals(a, b) ⇒ Object
• .hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ Object
• .hybrid_kem_encapsulate(public_key) ⇒ Object
• .hybrid_kem_keypair ⇒ Object
• .ml_kem_decapsulate(ciphertext, secret_key) ⇒ Object
• .ml_kem_encapsulate(public_key) ⇒ Object
• .ml_kem_keypair ⇒ Object
• .native_extension_loaded? ⇒ Boolean
• .public_key_from_pqc_container_der(der) ⇒ Object
• .public_key_from_pqc_container_pem(pem) ⇒ Object
• .public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
• .public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
• .secret_key_from_pqc_container_der(der) ⇒ Object
• .secret_key_from_pqc_container_pem(pem) ⇒ Object
• .secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
• .secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
• .secure_wipe(str) ⇒ Object
• .sign(message, secret_key) ⇒ Object
• .sign_keypair ⇒ Object
• .supported_hybrid_kems ⇒ Object
• .supported_kems ⇒ Object
• .supported_signatures ⇒ Object
• .verify(message, signature, public_key) ⇒ Object
• .version ⇒ Object

Class Method Details

.__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 543

static VALUE pqcrypto__test_ml_kem_encapsulate_from_seed(VALUE self, VALUE public_key, VALUE seed) {
    (void)self;
    pq_validate_bytes_argument(public_key, PQ_MLKEM_PUBLICKEYBYTES, "public key");
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 32) {
        rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
    }

    kem_encapsulate_call_t call = {0};
    size_t public_key_len = 0;
    size_t seed_len = 0;
    call.public_key = pq_copy_ruby_string(public_key, &public_key_len);
    call.ciphertext = pq_alloc_buffer(PQ_MLKEM_CIPHERTEXTBYTES);
    call.shared_secret = pq_alloc_buffer(PQ_MLKEM_SHAREDSECRETBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_ml_kem_encapsulate_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.public_key, public_key_len);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES);
        free(call.ciphertext);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.ciphertext, PQ_MLKEM_CIPHERTEXTBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES));

    free(call.ciphertext);
    pq_wipe_and_free(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES);
    return result;
}

.__test_ml_kem_keypair_from_seed(seed) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 510

static VALUE pqcrypto__test_ml_kem_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 64) {
        rb_raise(rb_eArgError, "Deterministic ML-KEM test seed must be 64 bytes (FIPS 203 d||z)");
    }

    kem_keypair_call_t call = {0};
    size_t seed_len = 0;
    call.public_key = pq_alloc_buffer(PQ_MLKEM_PUBLICKEYBYTES);
    call.secret_key = pq_alloc_buffer(PQ_MLKEM_SECRETKEYBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_ml_kem_keypair_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
        free(call.public_key);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLKEM_PUBLICKEYBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLKEM_SECRETKEYBYTES));

    free(call.public_key);
    pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
    return result;
}

.__test_sign_from_seed(message, secret_key, seed) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 613

static VALUE pqcrypto__test_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
                                           VALUE seed) {
    (void)self;
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 32) {
        rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
    }

    sign_call_t call = {0};
    size_t secret_key_len = 0;
    size_t seed_len = 0;
    call.secret_key = pq_copy_ruby_string(secret_key, &secret_key_len);
    call.signature_len = PQ_MLDSA_BYTES;
    call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);
    call.message = pq_copy_ruby_string(message, &call.message_len);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_sign_nogvl, &call, NULL, NULL);

    pq_free_buffer(call.message);
    pq_wipe_and_free((uint8_t *)call.secret_key, secret_key_len);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_free_buffer(call.signature);
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
    pq_free_buffer(call.signature);
    return result;
}

.__test_sign_keypair_from_seed(seed) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 580

static VALUE pqcrypto__test_sign_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 32) {
        rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
    }

    sign_keypair_call_t call = {0};
    size_t seed_len = 0;
    call.public_key = pq_alloc_buffer(PQ_MLDSA_PUBLICKEYBYTES);
    call.secret_key = pq_alloc_buffer(PQ_MLDSA_SECRETKEYBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_sign_keypair_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.secret_key, PQ_MLDSA_SECRETKEYBYTES);
        free(call.public_key);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLDSA_PUBLICKEYBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLDSA_SECRETKEYBYTES));

    free(call.public_key);
    pq_wipe_and_free(call.secret_key, PQ_MLDSA_SECRETKEYBYTES);
    return result;
}

._native_mldsa_compute_tr(public_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 819

static VALUE pqcrypto__native_mldsa_compute_tr(VALUE self, VALUE public_key) {
    (void)self;
    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");

    uint8_t tr[PQ_MLDSA_TRBYTES];
    int rc = pq_mldsa_compute_tr_from_public_key(tr, (const uint8_t *)RSTRING_PTR(public_key));
    if (rc != PQ_SUCCESS) {
        pq_raise_general_error(rc);
    }
    return pq_string_from_buffer(tr, sizeof(tr));
}

._native_mldsa_extract_tr(secret_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 804

static VALUE pqcrypto__native_mldsa_extract_tr(VALUE self, VALUE secret_key) {
    (void)self;
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");

    uint8_t tr[PQ_MLDSA_TRBYTES];
    int rc = pq_mldsa_extract_tr_from_secret_key(tr, (const uint8_t *)RSTRING_PTR(secret_key));
    if (rc != PQ_SUCCESS) {
        pq_secure_wipe(tr, sizeof(tr));
        pq_raise_general_error(rc);
    }
    VALUE result = pq_string_from_buffer(tr, sizeof(tr));
    pq_secure_wipe(tr, sizeof(tr));
    return result;
}

._native_mldsa_mu_builder_finalize(builder_obj) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 899

static VALUE pqcrypto__native_mldsa_mu_builder_finalize(VALUE self, VALUE builder_obj) {
    (void)self;
    mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);

    uint8_t mu[PQ_MLDSA_MUBYTES];

    mu_finalize_call_t call = {0};
    call.builder = wrapper->builder;
    call.mu_out = mu;

    rb_nogvl(pq_mu_finalize_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);

    if (call.result != PQ_SUCCESS) {
        pq_mu_builder_release(wrapper->builder);
    }
    wrapper->builder = NULL;

    if (call.result != PQ_SUCCESS) {
        pq_secure_wipe(mu, sizeof(mu));
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(mu, sizeof(mu));
    pq_secure_wipe(mu, sizeof(mu));
    return result;
}

._native_mldsa_mu_builder_new(tr, ctx) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 831

static VALUE pqcrypto__native_mldsa_mu_builder_new(VALUE self, VALUE tr, VALUE ctx) {
    (void)self;
    pq_validate_bytes_argument(tr, PQ_MLDSA_TRBYTES, "tr");
    StringValue(ctx);

    size_t ctxlen = (size_t)RSTRING_LEN(ctx);
    if (ctxlen > 255) {
        rb_raise(rb_eArgError, "ML-DSA context length must be <= 255 bytes");
    }

    void *builder = pq_mu_builder_new();
    if (builder == NULL) {
        rb_raise(rb_eNoMemError, "Memory allocation failed (mu builder)");
    }

    int rc = pq_mu_builder_init(builder, (const uint8_t *)RSTRING_PTR(tr),
                                (const uint8_t *)RSTRING_PTR(ctx), ctxlen);
    if (rc != PQ_SUCCESS) {
        pq_mu_builder_release(builder);
        pq_raise_general_error(rc);
    }

    mu_builder_wrapper_t *wrapper;
    VALUE obj =
        TypedData_Make_Struct(rb_cObject, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
    wrapper->builder = builder;
    return obj;
}

._native_mldsa_mu_builder_release(builder_obj) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 926

static VALUE pqcrypto__native_mldsa_mu_builder_release(VALUE self, VALUE builder_obj) {
    (void)self;
    mu_builder_wrapper_t *wrapper;
    TypedData_Get_Struct(builder_obj, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
    if (wrapper != NULL && wrapper->builder != NULL) {
        pq_mu_builder_release(wrapper->builder);
        wrapper->builder = NULL;
    }
    return Qnil;
}

._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 866

static VALUE pqcrypto__native_mldsa_mu_builder_update(VALUE self, VALUE builder_obj, VALUE chunk) {
    (void)self;
    mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);
    StringValue(chunk);

    size_t chunk_len = (size_t)RSTRING_LEN(chunk);
    if (chunk_len == 0) {
        return Qnil;
    }

    uint8_t *copy = pq_alloc_buffer(chunk_len);
    memcpy(copy, RSTRING_PTR(chunk), chunk_len);

    mu_absorb_call_t call = {0};
    call.builder = wrapper->builder;
    call.chunk = copy;
    call.chunk_len = chunk_len;

    rb_nogvl(pq_mu_absorb_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
    free(copy);

    if (call.result != PQ_SUCCESS) {
        pq_raise_general_error(call.result);
    }
    return Qnil;
}

._native_mldsa_sign_mu(mu, secret_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 943

static VALUE pqcrypto__native_mldsa_sign_mu(VALUE self, VALUE mu, VALUE secret_key) {
    (void)self;
    pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");

    sign_mu_call_t call = {0};
    size_t secret_key_len = 0;
    size_t mu_len = 0;
    uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
    uint8_t *sk_copy = pq_copy_ruby_string(secret_key, &secret_key_len);

    call.mu = mu_copy;
    call.secret_key = sk_copy;
    call.signature_len = PQ_MLDSA_BYTES;
    call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);

    rb_nogvl(pq_sign_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);

    pq_wipe_and_free(mu_copy, mu_len);
    pq_wipe_and_free(sk_copy, secret_key_len);

    if (call.result != PQ_SUCCESS) {
        pq_free_buffer(call.signature);
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
    pq_free_buffer(call.signature);
    return result;
}

._native_mldsa_verify_mu(mu, signature, public_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 980

static VALUE pqcrypto__native_mldsa_verify_mu(VALUE self, VALUE mu, VALUE signature,
                                              VALUE public_key) {
    (void)self;
    StringValue(signature);
    pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");

    verify_mu_call_t call = {0};
    size_t public_key_len = 0;
    size_t signature_len = 0;
    size_t mu_len = 0;
    uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
    uint8_t *pk_copy = pq_copy_ruby_string(public_key, &public_key_len);
    uint8_t *sig_copy = pq_copy_ruby_string(signature, &signature_len);

    call.mu = mu_copy;
    call.public_key = pk_copy;
    call.signature = sig_copy;
    call.signature_len = signature_len;

    rb_nogvl(pq_verify_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
    pq_wipe_and_free(mu_copy, mu_len);
    pq_free_buffer(pk_copy);
    pq_free_buffer(sig_copy);

    if (call.result == PQ_SUCCESS) {
        return Qtrue;
    }
    if (call.result == PQ_ERROR_VERIFY) {
        return Qfalse;
    }
    pq_raise_general_error(call.result);
}

.backend ⇒ Object

# File 'lib/pq_crypto.rb', line 101

def backend
  :native_pqclean
end

.ct_equals(a, b) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 709

static VALUE pqcrypto_ct_equals(VALUE self, VALUE a, VALUE b) {
    (void)self;
    StringValue(a);
    StringValue(b);
    if (RSTRING_LEN(a) != RSTRING_LEN(b)) {
        return Qfalse;
    }
    if (RSTRING_LEN(a) == 0) {
        return Qtrue;
    }
    if (CRYPTO_memcmp(RSTRING_PTR(a), RSTRING_PTR(b), (size_t)RSTRING_LEN(a)) == 0) {
        return Qtrue;
    }
    return Qfalse;
}

.hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 503

static VALUE pqcrypto_hybrid_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
    (void)self;
    return pq_run_kem_decapsulate(pq_hybrid_kem_decapsulate_nogvl, ciphertext,
                                  PQ_HYBRID_CIPHERTEXTBYTES, secret_key, PQ_HYBRID_SECRETKEYBYTES,
                                  PQ_HYBRID_SHAREDSECRETBYTES);
}

.hybrid_kem_encapsulate(public_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 496

static VALUE pqcrypto_hybrid_kem_encapsulate(VALUE self, VALUE public_key) {
    (void)self;
    return pq_run_kem_encapsulate(pq_hybrid_kem_encapsulate_nogvl, public_key,
                                  PQ_HYBRID_PUBLICKEYBYTES, PQ_HYBRID_CIPHERTEXTBYTES,
                                  PQ_HYBRID_SHAREDSECRETBYTES);
}

.hybrid_kem_keypair ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 490

static VALUE pqcrypto_hybrid_kem_keypair(VALUE self) {
    (void)self;
    return pq_run_kem_keypair(pq_hybrid_kem_keypair_nogvl, PQ_HYBRID_PUBLICKEYBYTES,
                              PQ_HYBRID_SECRETKEYBYTES);
}

.ml_kem_decapsulate(ciphertext, secret_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 484

static VALUE pqcrypto_ml_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
    (void)self;
    return pq_run_kem_decapsulate(pq_ml_kem_decapsulate_nogvl, ciphertext, PQ_MLKEM_CIPHERTEXTBYTES,
                                  secret_key, PQ_MLKEM_SECRETKEYBYTES, PQ_MLKEM_SHAREDSECRETBYTES);
}

.ml_kem_encapsulate(public_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 478

static VALUE pqcrypto_ml_kem_encapsulate(VALUE self, VALUE public_key) {
    (void)self;
    return pq_run_kem_encapsulate(pq_ml_kem_encapsulate_nogvl, public_key, PQ_MLKEM_PUBLICKEYBYTES,
                                  PQ_MLKEM_CIPHERTEXTBYTES, PQ_MLKEM_SHAREDSECRETBYTES);
}

.ml_kem_keypair ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 472

static VALUE pqcrypto_ml_kem_keypair(VALUE self) {
    (void)self;
    return pq_run_kem_keypair(pq_ml_kem_keypair_nogvl, PQ_MLKEM_PUBLICKEYBYTES,
                              PQ_MLKEM_SECRETKEYBYTES);
}

.native_extension_loaded? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pq_crypto.rb', line 105

def native_extension_loaded?
  true
end

.public_key_from_pqc_container_der(der) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1053

static VALUE pqcrypto_public_key_from_pqc_container_der(VALUE self, VALUE der) {
    (void)self;
    return pq_import_container_der(der, pq_public_key_from_pqc_container_der);
}

.public_key_from_pqc_container_pem(pem) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1058

static VALUE pqcrypto_public_key_from_pqc_container_pem(VALUE self, VALUE pem) {
    (void)self;
    return pq_import_container_pem(pem, pq_public_key_from_pqc_container_pem);
}

.public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1029

static VALUE pqcrypto_public_key_to_pqc_container_der(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_der(algorithm, key_bytes, pq_public_key_to_pqc_container_der);
}

.public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1035

static VALUE pqcrypto_public_key_to_pqc_container_pem(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_pem(algorithm, key_bytes, pq_public_key_to_pqc_container_pem);
}

.secret_key_from_pqc_container_der(der) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1063

static VALUE pqcrypto_secret_key_from_pqc_container_der(VALUE self, VALUE der) {
    (void)self;
    return pq_import_container_der(der, pq_secret_key_from_pqc_container_der);
}

.secret_key_from_pqc_container_pem(pem) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1068

static VALUE pqcrypto_secret_key_from_pqc_container_pem(VALUE self, VALUE pem) {
    (void)self;
    return pq_import_container_pem(pem, pq_secret_key_from_pqc_container_pem);
}

.secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1041

static VALUE pqcrypto_secret_key_to_pqc_container_der(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_der(algorithm, key_bytes, pq_secret_key_to_pqc_container_der);
}

.secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1047

static VALUE pqcrypto_secret_key_to_pqc_container_pem(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_pem(algorithm, key_bytes, pq_secret_key_to_pqc_container_pem);
}

.secure_wipe(str) ⇒ Object

Raises:

• (ArgumentError)

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 725

def secure_wipe(string)
  string = String(string)
  raise ArgumentError, "secure_wipe requires a mutable String" if string.frozen?

  native_secure_wipe(string)
end

.sign(message, secret_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 655

static VALUE pqcrypto_sign(VALUE self, VALUE message, VALUE secret_key) {
    (void)self;
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");

    sign_call_t call = {0};
    size_t secret_key_len = 0;
    call.secret_key = pq_copy_ruby_string(secret_key, &secret_key_len);
    call.signature_len = PQ_MLDSA_BYTES;
    call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);
    call.message = pq_copy_ruby_string(message, &call.message_len);

    rb_nogvl(pq_sign_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);

    pq_free_buffer(call.message);
    pq_wipe_and_free((uint8_t *)call.secret_key, secret_key_len);

    if (call.result != PQ_SUCCESS) {
        pq_free_buffer(call.signature);
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
    pq_free_buffer(call.signature);
    return result;
}

.sign_keypair ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 649

static VALUE pqcrypto_sign_keypair(VALUE self) {
    (void)self;
    return pq_run_sign_keypair(pq_sign_keypair_nogvl, PQ_MLDSA_PUBLICKEYBYTES,
                               PQ_MLDSA_SECRETKEYBYTES);
}

.supported_hybrid_kems ⇒ Object

# File 'lib/pq_crypto.rb', line 113

def supported_hybrid_kems
  SUITES.fetch(:hybrid_kem).dup
end

.supported_kems ⇒ Object

# File 'lib/pq_crypto.rb', line 109

def supported_kems
  SUITES.fetch(:kem).dup
end

.supported_signatures ⇒ Object

# File 'lib/pq_crypto.rb', line 117

def supported_signatures
  SUITES.fetch(:signature).dup
end

.verify(message, signature, public_key) ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 681

static VALUE pqcrypto_verify(VALUE self, VALUE message, VALUE signature, VALUE public_key) {
    (void)self;
    StringValue(signature);
    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");

    verify_call_t call = {0};
    size_t public_key_len = 0;
    size_t signature_len = 0;
    call.public_key = pq_copy_ruby_string(public_key, &public_key_len);
    call.signature = pq_copy_ruby_string(signature, &signature_len);
    call.signature_len = signature_len;
    call.message = pq_copy_ruby_string(message, &call.message_len);

    rb_nogvl(pq_verify_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);

    pq_free_buffer(call.message);
    pq_free_buffer((uint8_t *)call.public_key);
    pq_free_buffer((uint8_t *)call.signature);

    if (call.result == PQ_SUCCESS) {
        return Qtrue;
    }
    if (call.result == PQ_ERROR_VERIFY) {
        return Qfalse;
    }
    pq_raise_general_error(call.result);
}

.version ⇒ Object

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 733

def version
  native_version
end