Module: PQCrypto

Defined in:: lib/pq_crypto.rb,
lib/pq_crypto/kem.rb,
lib/pq_crypto/spki.rb,
lib/pq_crypto/pkcs8.rb,
lib/pq_crypto/errors.rb,
lib/pq_crypto/version.rb,
lib/pq_crypto/signature.rb,
lib/pq_crypto/hybrid_kem.rb,
lib/pq_crypto/serialization.rb,
lib/pq_crypto/algorithm_registry.rb,
ext/pqcrypto/pqcrypto_ruby_secure.c

Defined Under Namespace

Modules: AlgorithmRegistry, HybridKEM, KEM, NativeBindings, PKCS8, SPKI, Serialization, Signature, Testing Classes: Error, InvalidCiphertextError, InvalidKeyError, SerializationError, UnsupportedAlgorithmError, VerificationError

Constant Summary collapse

SUITES =

{
  kem: AlgorithmRegistry.supported_kems,
  hybrid_kem: AlgorithmRegistry.supported_hybrid_kems,
  signature: AlgorithmRegistry.supported_signatures,
}.freeze

NATIVE_EXTENSION_LOADED =

true

VERSION =

"0.4.0"

ML_KEM_512_PUBLIC_KEY_BYTES =

INT2NUM(MLKEM512_PUBLICKEYBYTES)

ML_KEM_512_SECRET_KEY_BYTES =

INT2NUM(MLKEM512_SECRETKEYBYTES)

ML_KEM_512_CIPHERTEXT_BYTES =

INT2NUM(MLKEM512_CIPHERTEXTBYTES)

ML_KEM_512_SHARED_SECRET_BYTES =

INT2NUM(MLKEM512_SHAREDSECRETBYTES)

ML_KEM_PUBLIC_KEY_BYTES =

INT2NUM(PQ_MLKEM_PUBLICKEYBYTES)

ML_KEM_SECRET_KEY_BYTES =

INT2NUM(PQ_MLKEM_SECRETKEYBYTES)

ML_KEM_CIPHERTEXT_BYTES =

INT2NUM(PQ_MLKEM_CIPHERTEXTBYTES)

ML_KEM_SHARED_SECRET_BYTES =

INT2NUM(PQ_MLKEM_SHAREDSECRETBYTES)

ML_KEM_1024_PUBLIC_KEY_BYTES =

INT2NUM(MLKEM1024_PUBLICKEYBYTES)

ML_KEM_1024_SECRET_KEY_BYTES =

INT2NUM(MLKEM1024_SECRETKEYBYTES)

ML_KEM_1024_CIPHERTEXT_BYTES =

INT2NUM(MLKEM1024_CIPHERTEXTBYTES)

ML_KEM_1024_SHARED_SECRET_BYTES =

INT2NUM(MLKEM1024_SHAREDSECRETBYTES)

HYBRID_KEM_PUBLIC_KEY_BYTES =

INT2NUM(PQ_HYBRID_PUBLICKEYBYTES)

HYBRID_KEM_SECRET_KEY_BYTES =

INT2NUM(PQ_HYBRID_SECRETKEYBYTES)

HYBRID_KEM_CIPHERTEXT_BYTES =

INT2NUM(PQ_HYBRID_CIPHERTEXTBYTES)

HYBRID_KEM_SHARED_SECRET_BYTES =

INT2NUM(PQ_HYBRID_SHAREDSECRETBYTES)

SIGN_44_PUBLIC_KEY_BYTES =

INT2NUM(MLDSA44_PUBLICKEYBYTES)

SIGN_44_SECRET_KEY_BYTES =

INT2NUM(MLDSA44_SECRETKEYBYTES)

SIGN_44_BYTES =

INT2NUM(MLDSA44_BYTES)

SIGN_PUBLIC_KEY_BYTES =

INT2NUM(PQ_MLDSA_PUBLICKEYBYTES)

SIGN_SECRET_KEY_BYTES =

INT2NUM(PQ_MLDSA_SECRETKEYBYTES)

SIGN_BYTES =

INT2NUM(PQ_MLDSA_BYTES)

SIGN_87_PUBLIC_KEY_BYTES =

INT2NUM(MLDSA87_PUBLICKEYBYTES)

SIGN_87_SECRET_KEY_BYTES =

INT2NUM(MLDSA87_SECRETKEYBYTES)

SIGN_87_BYTES =

INT2NUM(MLDSA87_BYTES)

Class Method Summary collapse

.__test_ml_dsa_44_keypair_from_seed(seed) ⇒ Object
.__test_ml_dsa_44_sign_from_seed(message, secret_key, seed) ⇒ Object
.__test_ml_dsa_87_keypair_from_seed(seed) ⇒ Object
.__test_ml_dsa_87_sign_from_seed(message, secret_key, seed) ⇒ Object
.__test_ml_kem_1024_encapsulate_from_seed(public_key, seed) ⇒ Object
.__test_ml_kem_512_encapsulate_from_seed(public_key, seed) ⇒ Object
.__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ Object
.__test_ml_kem_keypair_from_seed(seed) ⇒ Object
.__test_sign_from_seed(message, secret_key, seed) ⇒ Object
.__test_sign_keypair_from_seed(seed) ⇒ Object
._native_mldsa_compute_tr(public_key) ⇒ Object
._native_mldsa_extract_tr(secret_key) ⇒ Object
._native_mldsa_mu_builder_finalize(builder_obj) ⇒ Object
._native_mldsa_mu_builder_new(tr, ctx) ⇒ Object
._native_mldsa_mu_builder_release(builder_obj) ⇒ Object
._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ Object
._native_mldsa_sign_mu(mu, secret_key) ⇒ Object
._native_mldsa_verify_mu(mu, signature, public_key) ⇒ Object
.backend ⇒ Object
.ct_equals(a, b) ⇒ Object
.hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ Object
.hybrid_kem_encapsulate(public_key) ⇒ Object
.hybrid_kem_keypair ⇒ Object
.ml_dsa_44_keypair ⇒ Object
.ml_dsa_44_keypair_from_seed(seed) ⇒ Object
.ml_dsa_44_sign(message, secret_key) ⇒ Object
.ml_dsa_44_verify(message, signature, public_key) ⇒ Object
.ml_dsa_87_keypair ⇒ Object
.ml_dsa_87_keypair_from_seed(seed) ⇒ Object
.ml_dsa_87_sign(message, secret_key) ⇒ Object
.ml_dsa_87_verify(message, signature, public_key) ⇒ Object
.ml_dsa_keypair_from_seed(seed) ⇒ Object
.ml_kem_1024_decapsulate(ciphertext, secret_key) ⇒ Object
.ml_kem_1024_encapsulate(public_key) ⇒ Object
.ml_kem_1024_keypair ⇒ Object
.ml_kem_1024_keypair_from_seed(seed) ⇒ Object
.ml_kem_512_decapsulate(ciphertext, secret_key) ⇒ Object
.ml_kem_512_encapsulate(public_key) ⇒ Object
.ml_kem_512_keypair ⇒ Object
.ml_kem_512_keypair_from_seed(seed) ⇒ Object
.ml_kem_decapsulate(ciphertext, secret_key) ⇒ Object
.ml_kem_encapsulate(public_key) ⇒ Object
.ml_kem_keypair ⇒ Object
.ml_kem_keypair_from_seed(seed) ⇒ Object
.native_extension_loaded? ⇒ Boolean
.public_key_from_pqc_container_der(der) ⇒ Object
.public_key_from_pqc_container_pem(pem) ⇒ Object
.public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
.public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
.secret_key_from_pqc_container_der(der) ⇒ Object
.secret_key_from_pqc_container_pem(pem) ⇒ Object
.secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
.secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
.secure_wipe(str) ⇒ Object
.sign(message, secret_key) ⇒ Object
.sign_keypair ⇒ Object
.supported_hybrid_kems ⇒ Object
.supported_kems ⇒ Object
.supported_signatures ⇒ Object
.verify(message, signature, public_key) ⇒ Object
.version ⇒ Object

Class Method Details

.__test_ml_dsa_44_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1013

static VALUE pqcrypto__test_ml_dsa_44_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_test_sign_keypair_from_seed(pq_testing_mldsa_44_keypair_nogvl, seed,
                                              MLDSA44_PUBLICKEYBYTES, MLDSA44_SECRETKEYBYTES);
}

.__test_ml_dsa_44_sign_from_seed(message, secret_key, seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1078

static VALUE pqcrypto__test_ml_dsa_44_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
                                                     VALUE seed) {
    (void)self;
    return pq_run_test_sign_from_seed(pq_testing_mldsa_44_sign_nogvl, message, secret_key, seed,
                                      MLDSA44_SECRETKEYBYTES, MLDSA44_BYTES);
}

.__test_ml_dsa_87_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1019

static VALUE pqcrypto__test_ml_dsa_87_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_test_sign_keypair_from_seed(pq_testing_mldsa_87_keypair_nogvl, seed,
                                              MLDSA87_PUBLICKEYBYTES, MLDSA87_SECRETKEYBYTES);
}

.__test_ml_dsa_87_sign_from_seed(message, secret_key, seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1085

static VALUE pqcrypto__test_ml_dsa_87_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
                                                     VALUE seed) {
    (void)self;
    return pq_run_test_sign_from_seed(pq_testing_mldsa_87_sign_nogvl, message, secret_key, seed,
                                      MLDSA87_SECRETKEYBYTES, MLDSA87_BYTES);
}

.__test_ml_kem_1024_encapsulate_from_seed(public_key, seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 903

static VALUE pqcrypto__test_ml_kem_1024_encapsulate_from_seed(VALUE self, VALUE public_key,
                                                              VALUE seed) {
    (void)self;
    return pq_run_test_kem_encapsulate_from_seed(
        pq_testing_ml_kem_1024_encapsulate_nogvl, public_key, seed, MLKEM1024_PUBLICKEYBYTES,
        MLKEM1024_CIPHERTEXTBYTES, MLKEM1024_SHAREDSECRETBYTES);
}

.__test_ml_kem_512_encapsulate_from_seed(public_key, seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 895

static VALUE pqcrypto__test_ml_kem_512_encapsulate_from_seed(VALUE self, VALUE public_key,
                                                             VALUE seed) {
    (void)self;
    return pq_run_test_kem_encapsulate_from_seed(
        pq_testing_ml_kem_512_encapsulate_nogvl, public_key, seed, MLKEM512_PUBLICKEYBYTES,
        MLKEM512_CIPHERTEXTBYTES, MLKEM512_SHAREDSECRETBYTES);
}

.__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 819

static VALUE pqcrypto__test_ml_kem_encapsulate_from_seed(VALUE self, VALUE public_key, VALUE seed) {
    (void)self;
    pq_validate_bytes_argument(public_key, PQ_MLKEM_PUBLICKEYBYTES, "public key");
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 32) {
        rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
    }

    kem_encapsulate_call_t call = {0};
    size_t public_key_len = 0;
    size_t seed_len = 0;
    call.public_key = pq_copy_ruby_string(public_key, &public_key_len);
    call.ciphertext = pq_alloc_buffer(PQ_MLKEM_CIPHERTEXTBYTES);
    call.shared_secret = pq_alloc_buffer(PQ_MLKEM_SHAREDSECRETBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_ml_kem_encapsulate_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.public_key, public_key_len);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES);
        free(call.ciphertext);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.ciphertext, PQ_MLKEM_CIPHERTEXTBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES));

    free(call.ciphertext);
    pq_wipe_and_free(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES);
    return result;
}

.__test_ml_kem_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 786

static VALUE pqcrypto__test_ml_kem_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 64) {
        rb_raise(rb_eArgError, "Deterministic ML-KEM test seed must be 64 bytes (FIPS 203 d||z)");
    }

    kem_keypair_call_t call = {0};
    size_t seed_len = 0;
    call.public_key = pq_alloc_buffer(PQ_MLKEM_PUBLICKEYBYTES);
    call.secret_key = pq_alloc_buffer(PQ_MLKEM_SECRETKEYBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_ml_kem_keypair_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
        free(call.public_key);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLKEM_PUBLICKEYBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLKEM_SECRETKEYBYTES));

    free(call.public_key);
    pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
    return result;
}

.__test_sign_from_seed(message, secret_key, seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 944

static VALUE pqcrypto__test_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
                                           VALUE seed) {
    (void)self;
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 32) {
        rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
    }

    sign_call_t call = {0};
    size_t secret_key_len = 0;
    size_t seed_len = 0;
    call.secret_key = pq_copy_ruby_string(secret_key, &secret_key_len);
    call.signature_len = PQ_MLDSA_BYTES;
    call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);
    call.message = pq_copy_ruby_string(message, &call.message_len);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_sign_nogvl, &call, NULL, NULL);

    pq_free_buffer(call.message);
    pq_wipe_and_free((uint8_t *)call.secret_key, secret_key_len);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_free_buffer(call.signature);
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
    pq_free_buffer(call.signature);
    return result;
}

.__test_sign_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 911

static VALUE pqcrypto__test_sign_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 32) {
        rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
    }

    sign_keypair_call_t call = {0};
    size_t seed_len = 0;
    call.public_key = pq_alloc_buffer(PQ_MLDSA_PUBLICKEYBYTES);
    call.secret_key = pq_alloc_buffer(PQ_MLDSA_SECRETKEYBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_testing_sign_keypair_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.secret_key, PQ_MLDSA_SECRETKEYBYTES);
        free(call.public_key);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLDSA_PUBLICKEYBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLDSA_SECRETKEYBYTES));

    free(call.public_key);
    pq_wipe_and_free(call.secret_key, PQ_MLDSA_SECRETKEYBYTES);
    return result;
}

._native_mldsa_compute_tr(public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1318

static VALUE pqcrypto__native_mldsa_compute_tr(VALUE self, VALUE public_key) {
    (void)self;
    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");

    uint8_t tr[PQ_MLDSA_TRBYTES];
    int rc = pq_mldsa_compute_tr_from_public_key(tr, (const uint8_t *)RSTRING_PTR(public_key));
    if (rc != PQ_SUCCESS) {
        pq_raise_general_error(rc);
    }
    return pq_string_from_buffer(tr, sizeof(tr));
}

._native_mldsa_extract_tr(secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1303

static VALUE pqcrypto__native_mldsa_extract_tr(VALUE self, VALUE secret_key) {
    (void)self;
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");

    uint8_t tr[PQ_MLDSA_TRBYTES];
    int rc = pq_mldsa_extract_tr_from_secret_key(tr, (const uint8_t *)RSTRING_PTR(secret_key));
    if (rc != PQ_SUCCESS) {
        pq_secure_wipe(tr, sizeof(tr));
        pq_raise_general_error(rc);
    }
    VALUE result = pq_string_from_buffer(tr, sizeof(tr));
    pq_secure_wipe(tr, sizeof(tr));
    return result;
}

._native_mldsa_mu_builder_finalize(builder_obj) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1398

static VALUE pqcrypto__native_mldsa_mu_builder_finalize(VALUE self, VALUE builder_obj) {
    (void)self;
    mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);

    uint8_t mu[PQ_MLDSA_MUBYTES];

    mu_finalize_call_t call = {0};
    call.builder = wrapper->builder;
    call.mu_out = mu;

    rb_nogvl(pq_mu_finalize_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);

    if (call.result != PQ_SUCCESS) {
        pq_mu_builder_release(wrapper->builder);
    }
    wrapper->builder = NULL;

    if (call.result != PQ_SUCCESS) {
        pq_secure_wipe(mu, sizeof(mu));
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(mu, sizeof(mu));
    pq_secure_wipe(mu, sizeof(mu));
    return result;
}

._native_mldsa_mu_builder_new(tr, ctx) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1330

static VALUE pqcrypto__native_mldsa_mu_builder_new(VALUE self, VALUE tr, VALUE ctx) {
    (void)self;
    pq_validate_bytes_argument(tr, PQ_MLDSA_TRBYTES, "tr");
    StringValue(ctx);

    size_t ctxlen = (size_t)RSTRING_LEN(ctx);
    if (ctxlen > 255) {
        rb_raise(rb_eArgError, "ML-DSA context length must be <= 255 bytes");
    }

    void *builder = pq_mu_builder_new();
    if (builder == NULL) {
        rb_raise(rb_eNoMemError, "Memory allocation failed (mu builder)");
    }

    int rc = pq_mu_builder_init(builder, (const uint8_t *)RSTRING_PTR(tr),
                                (const uint8_t *)RSTRING_PTR(ctx), ctxlen);
    if (rc != PQ_SUCCESS) {
        pq_mu_builder_release(builder);
        pq_raise_general_error(rc);
    }

    mu_builder_wrapper_t *wrapper;
    VALUE obj =
        TypedData_Make_Struct(rb_cObject, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
    wrapper->builder = builder;
    return obj;
}

._native_mldsa_mu_builder_release(builder_obj) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1425

static VALUE pqcrypto__native_mldsa_mu_builder_release(VALUE self, VALUE builder_obj) {
    (void)self;
    mu_builder_wrapper_t *wrapper;
    TypedData_Get_Struct(builder_obj, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
    if (wrapper != NULL && wrapper->builder != NULL) {
        pq_mu_builder_release(wrapper->builder);
        wrapper->builder = NULL;
    }
    return Qnil;
}

._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1365

static VALUE pqcrypto__native_mldsa_mu_builder_update(VALUE self, VALUE builder_obj, VALUE chunk) {
    (void)self;
    mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);
    StringValue(chunk);

    size_t chunk_len = (size_t)RSTRING_LEN(chunk);
    if (chunk_len == 0) {
        return Qnil;
    }

    uint8_t *copy = pq_alloc_buffer(chunk_len);
    memcpy(copy, RSTRING_PTR(chunk), chunk_len);

    mu_absorb_call_t call = {0};
    call.builder = wrapper->builder;
    call.chunk = copy;
    call.chunk_len = chunk_len;

    rb_nogvl(pq_mu_absorb_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
    free(copy);

    if (call.result != PQ_SUCCESS) {
        pq_raise_general_error(call.result);
    }
    return Qnil;
}

._native_mldsa_sign_mu(mu, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1442

static VALUE pqcrypto__native_mldsa_sign_mu(VALUE self, VALUE mu, VALUE secret_key) {
    (void)self;
    pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
    pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");

    sign_mu_call_t call = {0};
    size_t secret_key_len = 0;
    size_t mu_len = 0;
    uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
    uint8_t *sk_copy = pq_copy_ruby_string(secret_key, &secret_key_len);

    call.mu = mu_copy;
    call.secret_key = sk_copy;
    call.signature_len = PQ_MLDSA_BYTES;
    call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);

    rb_nogvl(pq_sign_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);

    pq_wipe_and_free(mu_copy, mu_len);
    pq_wipe_and_free(sk_copy, secret_key_len);

    if (call.result != PQ_SUCCESS) {
        pq_free_buffer(call.signature);
        pq_raise_general_error(call.result);
    }

    VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
    pq_free_buffer(call.signature);
    return result;
}

._native_mldsa_verify_mu(mu, signature, public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1479

static VALUE pqcrypto__native_mldsa_verify_mu(VALUE self, VALUE mu, VALUE signature,
                                              VALUE public_key) {
    (void)self;
    StringValue(signature);
    pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
    pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");

    verify_mu_call_t call = {0};
    size_t public_key_len = 0;
    size_t signature_len = 0;
    size_t mu_len = 0;
    uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
    uint8_t *pk_copy = pq_copy_ruby_string(public_key, &public_key_len);
    uint8_t *sig_copy = pq_copy_ruby_string(signature, &signature_len);

    call.mu = mu_copy;
    call.public_key = pk_copy;
    call.signature = sig_copy;
    call.signature_len = signature_len;

    rb_nogvl(pq_verify_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
    pq_wipe_and_free(mu_copy, mu_len);
    pq_free_buffer(pk_copy);
    pq_free_buffer(sig_copy);

    if (call.result == PQ_SUCCESS) {
        return Qtrue;
    }
    if (call.result == PQ_ERROR_VERIFY) {
        return Qfalse;
    }
    pq_raise_general_error(call.result);
}

.backend ⇒ `Object`



131
132
133

# File 'lib/pq_crypto.rb', line 131

def backend
  :native_pqclean
end

.ct_equals(a, b) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1200

static VALUE pqcrypto_ct_equals(VALUE self, VALUE a, VALUE b) {
    (void)self;
    StringValue(a);
    StringValue(b);
    if (RSTRING_LEN(a) != RSTRING_LEN(b)) {
        return Qfalse;
    }
    if (RSTRING_LEN(a) == 0) {
        return Qtrue;
    }
    if (CRYPTO_memcmp(RSTRING_PTR(a), RSTRING_PTR(b), (size_t)RSTRING_LEN(a)) == 0) {
        return Qtrue;
    }
    return Qfalse;
}

.hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 779

static VALUE pqcrypto_hybrid_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
    (void)self;
    return pq_run_kem_decapsulate(pq_hybrid_kem_decapsulate_nogvl, ciphertext,
                                  PQ_HYBRID_CIPHERTEXTBYTES, secret_key, PQ_HYBRID_SECRETKEYBYTES,
                                  PQ_HYBRID_SHAREDSECRETBYTES);
}

.hybrid_kem_encapsulate(public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 772

static VALUE pqcrypto_hybrid_kem_encapsulate(VALUE self, VALUE public_key) {
    (void)self;
    return pq_run_kem_encapsulate(pq_hybrid_kem_encapsulate_nogvl, public_key,
                                  PQ_HYBRID_PUBLICKEYBYTES, PQ_HYBRID_CIPHERTEXTBYTES,
                                  PQ_HYBRID_SHAREDSECRETBYTES);
}

.hybrid_kem_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 766

static VALUE pqcrypto_hybrid_kem_keypair(VALUE self) {
    (void)self;
    return pq_run_kem_keypair(pq_hybrid_kem_keypair_nogvl, PQ_HYBRID_PUBLICKEYBYTES,
                              PQ_HYBRID_SECRETKEYBYTES);
}

.ml_dsa_44_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1098

static VALUE pqcrypto_ml_dsa_44_keypair(VALUE self) {
    (void)self;
    return pq_run_sign_keypair(pq_mldsa_44_sign_keypair_nogvl, MLDSA44_PUBLICKEYBYTES,
                               MLDSA44_SECRETKEYBYTES);
}

.ml_dsa_44_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1025

static VALUE pqcrypto_ml_dsa_44_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_test_sign_keypair_from_seed(pq_mldsa_44_keypair_from_seed_nogvl, seed,
                                              MLDSA44_PUBLICKEYBYTES, MLDSA44_SECRETKEYBYTES);
}

.ml_dsa_44_sign(message, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1141

static VALUE pqcrypto_ml_dsa_44_sign(VALUE self, VALUE message, VALUE secret_key) {
    (void)self;
    return pq_run_sign(pq_mldsa_44_sign_nogvl, message, secret_key, MLDSA44_SECRETKEYBYTES,
                       MLDSA44_BYTES);
}

.ml_dsa_44_verify(message, signature, public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1186

static VALUE pqcrypto_ml_dsa_44_verify(VALUE self, VALUE message, VALUE signature,
                                       VALUE public_key) {
    (void)self;
    return pq_run_verify(pq_mldsa_44_verify_nogvl, message, signature, public_key,
                         MLDSA44_PUBLICKEYBYTES);
}

.ml_dsa_87_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1104

static VALUE pqcrypto_ml_dsa_87_keypair(VALUE self) {
    (void)self;
    return pq_run_sign_keypair(pq_mldsa_87_sign_keypair_nogvl, MLDSA87_PUBLICKEYBYTES,
                               MLDSA87_SECRETKEYBYTES);
}

.ml_dsa_87_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1037

static VALUE pqcrypto_ml_dsa_87_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_test_sign_keypair_from_seed(pq_mldsa_87_keypair_from_seed_nogvl, seed,
                                              MLDSA87_PUBLICKEYBYTES, MLDSA87_SECRETKEYBYTES);
}

.ml_dsa_87_sign(message, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1147

static VALUE pqcrypto_ml_dsa_87_sign(VALUE self, VALUE message, VALUE secret_key) {
    (void)self;
    return pq_run_sign(pq_mldsa_87_sign_nogvl, message, secret_key, MLDSA87_SECRETKEYBYTES,
                       MLDSA87_BYTES);
}

.ml_dsa_87_verify(message, signature, public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1193

static VALUE pqcrypto_ml_dsa_87_verify(VALUE self, VALUE message, VALUE signature,
                                       VALUE public_key) {
    (void)self;
    return pq_run_verify(pq_mldsa_87_verify_nogvl, message, signature, public_key,
                         MLDSA87_PUBLICKEYBYTES);
}

.ml_dsa_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1031

static VALUE pqcrypto_ml_dsa_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_test_sign_keypair_from_seed(pq_mldsa_keypair_from_seed_nogvl, seed,
                                              PQ_MLDSA_PUBLICKEYBYTES, PQ_MLDSA_SECRETKEYBYTES);
}

.ml_kem_1024_decapsulate(ciphertext, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 759

static VALUE pqcrypto_ml_kem_1024_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
    (void)self;
    return pq_run_kem_decapsulate(pq_ml_kem_1024_decapsulate_nogvl, ciphertext,
                                  MLKEM1024_CIPHERTEXTBYTES, secret_key, MLKEM1024_SECRETKEYBYTES,
                                  MLKEM1024_SHAREDSECRETBYTES);
}

.ml_kem_1024_encapsulate(public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 752

static VALUE pqcrypto_ml_kem_1024_encapsulate(VALUE self, VALUE public_key) {
    (void)self;
    return pq_run_kem_encapsulate(pq_ml_kem_1024_encapsulate_nogvl, public_key,
                                  MLKEM1024_PUBLICKEYBYTES, MLKEM1024_CIPHERTEXTBYTES,
                                  MLKEM1024_SHAREDSECRETBYTES);
}

.ml_kem_1024_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 740

static VALUE pqcrypto_ml_kem_1024_keypair(VALUE self) {
    (void)self;
    return pq_run_kem_keypair(pq_ml_kem_1024_keypair_nogvl, MLKEM1024_PUBLICKEYBYTES,
                              MLKEM1024_SECRETKEYBYTES);
}

.ml_kem_1024_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 746

static VALUE pqcrypto_ml_kem_1024_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_kem_keypair_from_seed(pq_ml_kem_1024_keypair_from_seed_nogvl, seed,
                                        MLKEM1024_PUBLICKEYBYTES, MLKEM1024_SECRETKEYBYTES);
}

.ml_kem_512_decapsulate(ciphertext, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 733

static VALUE pqcrypto_ml_kem_512_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
    (void)self;
    return pq_run_kem_decapsulate(pq_ml_kem_512_decapsulate_nogvl, ciphertext,
                                  MLKEM512_CIPHERTEXTBYTES, secret_key, MLKEM512_SECRETKEYBYTES,
                                  MLKEM512_SHAREDSECRETBYTES);
}

.ml_kem_512_encapsulate(public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 726

static VALUE pqcrypto_ml_kem_512_encapsulate(VALUE self, VALUE public_key) {
    (void)self;
    return pq_run_kem_encapsulate(pq_ml_kem_512_encapsulate_nogvl, public_key,
                                  MLKEM512_PUBLICKEYBYTES, MLKEM512_CIPHERTEXTBYTES,
                                  MLKEM512_SHAREDSECRETBYTES);
}

.ml_kem_512_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 714

static VALUE pqcrypto_ml_kem_512_keypair(VALUE self) {
    (void)self;
    return pq_run_kem_keypair(pq_ml_kem_512_keypair_nogvl, MLKEM512_PUBLICKEYBYTES,
                              MLKEM512_SECRETKEYBYTES);
}

.ml_kem_512_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 720

static VALUE pqcrypto_ml_kem_512_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    return pq_run_kem_keypair_from_seed(pq_ml_kem_512_keypair_from_seed_nogvl, seed,
                                        MLKEM512_PUBLICKEYBYTES, MLKEM512_SECRETKEYBYTES);
}

.ml_kem_decapsulate(ciphertext, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 708

static VALUE pqcrypto_ml_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
    (void)self;
    return pq_run_kem_decapsulate(pq_ml_kem_decapsulate_nogvl, ciphertext, PQ_MLKEM_CIPHERTEXTBYTES,
                                  secret_key, PQ_MLKEM_SECRETKEYBYTES, PQ_MLKEM_SHAREDSECRETBYTES);
}

.ml_kem_encapsulate(public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 702

static VALUE pqcrypto_ml_kem_encapsulate(VALUE self, VALUE public_key) {
    (void)self;
    return pq_run_kem_encapsulate(pq_ml_kem_encapsulate_nogvl, public_key, PQ_MLKEM_PUBLICKEYBYTES,
                                  PQ_MLKEM_CIPHERTEXTBYTES, PQ_MLKEM_SHAREDSECRETBYTES);
}

.ml_kem_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 630

static VALUE pqcrypto_ml_kem_keypair(VALUE self) {
    (void)self;
    return pq_run_kem_keypair(pq_ml_kem_keypair_nogvl, PQ_MLKEM_PUBLICKEYBYTES,
                              PQ_MLKEM_SECRETKEYBYTES);
}

.ml_kem_keypair_from_seed(seed) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 669

static VALUE pqcrypto_ml_kem_keypair_from_seed(VALUE self, VALUE seed) {
    (void)self;
    StringValue(seed);

    if ((size_t)RSTRING_LEN(seed) != 64) {
        rb_raise(rb_eArgError, "ML-KEM seed must be 64 bytes (FIPS 203 d||z)");
    }

    kem_keypair_call_t call = {0};
    size_t seed_len = 0;
    call.public_key = pq_alloc_buffer(PQ_MLKEM_PUBLICKEYBYTES);
    call.secret_key = pq_alloc_buffer(PQ_MLKEM_SECRETKEYBYTES);
    call.seed = pq_copy_ruby_string(seed, &seed_len);
    call.seed_len = seed_len;

    rb_thread_call_without_gvl(pq_ml_kem_keypair_from_seed_nogvl, &call, NULL, NULL);
    pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);

    if (call.result != PQ_SUCCESS) {
        pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
        free(call.public_key);
        pq_raise_general_error(call.result);
    }

    VALUE result = rb_ary_new2(2);
    rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLKEM_PUBLICKEYBYTES));
    rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLKEM_SECRETKEYBYTES));

    free(call.public_key);
    pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
    return result;
}

.native_extension_loaded? ⇒ `Boolean`

Returns:

(Boolean)



135
136
137

# File 'lib/pq_crypto.rb', line 135

def native_extension_loaded?
  true
end

.public_key_from_pqc_container_der(der) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1568

static VALUE pqcrypto_public_key_from_pqc_container_der(VALUE self, VALUE der) {
    (void)self;
    return pq_import_container_der(der, pq_public_key_from_pqc_container_der);
}

.public_key_from_pqc_container_pem(pem) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1573

static VALUE pqcrypto_public_key_from_pqc_container_pem(VALUE self, VALUE pem) {
    (void)self;
    return pq_import_container_pem(pem, pq_public_key_from_pqc_container_pem);
}

.public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1544

static VALUE pqcrypto_public_key_to_pqc_container_der(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_der(algorithm, key_bytes, pq_public_key_to_pqc_container_der);
}

.public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1550

static VALUE pqcrypto_public_key_to_pqc_container_pem(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_pem(algorithm, key_bytes, pq_public_key_to_pqc_container_pem);
}

.secret_key_from_pqc_container_der(der) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1578

static VALUE pqcrypto_secret_key_from_pqc_container_der(VALUE self, VALUE der) {
    (void)self;
    return pq_import_container_der(der, pq_secret_key_from_pqc_container_der);
}

.secret_key_from_pqc_container_pem(pem) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1583

static VALUE pqcrypto_secret_key_from_pqc_container_pem(VALUE self, VALUE pem) {
    (void)self;
    return pq_import_container_pem(pem, pq_secret_key_from_pqc_container_pem);
}

.secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1556

static VALUE pqcrypto_secret_key_to_pqc_container_der(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_der(algorithm, key_bytes, pq_secret_key_to_pqc_container_der);
}

.secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1562

static VALUE pqcrypto_secret_key_to_pqc_container_pem(VALUE self, VALUE algorithm,
                                                      VALUE key_bytes) {
    (void)self;
    return pq_export_container_pem(algorithm, key_bytes, pq_secret_key_to_pqc_container_pem);
}

.secure_wipe(str) ⇒ `Object`

Raises:

(ArgumentError)

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1216

def secure_wipe(string)
  string = String(string)
  raise ArgumentError, "secure_wipe requires a mutable String" if string.frozen?

  native_secure_wipe(string)
end

.sign(message, secret_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1136

static VALUE pqcrypto_sign(VALUE self, VALUE message, VALUE secret_key) {
    (void)self;
    return pq_run_sign(pq_sign_nogvl, message, secret_key, PQ_MLDSA_SECRETKEYBYTES, PQ_MLDSA_BYTES);
}

.sign_keypair ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1092

static VALUE pqcrypto_sign_keypair(VALUE self) {
    (void)self;
    return pq_run_sign_keypair(pq_sign_keypair_nogvl, PQ_MLDSA_PUBLICKEYBYTES,
                               PQ_MLDSA_SECRETKEYBYTES);
}

.supported_hybrid_kems ⇒ `Object`



143
144
145

# File 'lib/pq_crypto.rb', line 143

def supported_hybrid_kems
  SUITES.fetch(:hybrid_kem).dup
end

.supported_kems ⇒ `Object`



139
140
141

# File 'lib/pq_crypto.rb', line 139

def supported_kems
  SUITES.fetch(:kem).dup
end

.supported_signatures ⇒ `Object`



147
148
149

# File 'lib/pq_crypto.rb', line 147

def supported_signatures
  SUITES.fetch(:signature).dup
end

.verify(message, signature, public_key) ⇒ `Object`

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1181

static VALUE pqcrypto_verify(VALUE self, VALUE message, VALUE signature, VALUE public_key) {
    (void)self;
    return pq_run_verify(pq_verify_nogvl, message, signature, public_key, PQ_MLDSA_PUBLICKEYBYTES);
}

.version ⇒ `Object`



1224
1225
1226

# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1224

def version
  native_version
end

Module: PQCrypto

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.__test_ml_dsa_44_keypair_from_seed(seed) ⇒ Object

.__test_ml_dsa_44_sign_from_seed(message, secret_key, seed) ⇒ Object

.__test_ml_dsa_87_keypair_from_seed(seed) ⇒ Object

.__test_ml_dsa_87_sign_from_seed(message, secret_key, seed) ⇒ Object

.__test_ml_kem_1024_encapsulate_from_seed(public_key, seed) ⇒ Object

.__test_ml_kem_512_encapsulate_from_seed(public_key, seed) ⇒ Object

.__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ Object

.__test_ml_kem_keypair_from_seed(seed) ⇒ Object

.__test_sign_from_seed(message, secret_key, seed) ⇒ Object

.__test_sign_keypair_from_seed(seed) ⇒ Object

._native_mldsa_compute_tr(public_key) ⇒ Object

._native_mldsa_extract_tr(secret_key) ⇒ Object

._native_mldsa_mu_builder_finalize(builder_obj) ⇒ Object

._native_mldsa_mu_builder_new(tr, ctx) ⇒ Object

._native_mldsa_mu_builder_release(builder_obj) ⇒ Object

._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ Object

._native_mldsa_sign_mu(mu, secret_key) ⇒ Object

._native_mldsa_verify_mu(mu, signature, public_key) ⇒ Object

.backend ⇒ Object

.ct_equals(a, b) ⇒ Object

.hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ Object

.hybrid_kem_encapsulate(public_key) ⇒ Object

.hybrid_kem_keypair ⇒ Object

.ml_dsa_44_keypair ⇒ Object

.ml_dsa_44_keypair_from_seed(seed) ⇒ Object

.ml_dsa_44_sign(message, secret_key) ⇒ Object

.ml_dsa_44_verify(message, signature, public_key) ⇒ Object

.ml_dsa_87_keypair ⇒ Object

.ml_dsa_87_keypair_from_seed(seed) ⇒ Object

.ml_dsa_87_sign(message, secret_key) ⇒ Object

.ml_dsa_87_verify(message, signature, public_key) ⇒ Object

.ml_dsa_keypair_from_seed(seed) ⇒ Object

.ml_kem_1024_decapsulate(ciphertext, secret_key) ⇒ Object

.ml_kem_1024_encapsulate(public_key) ⇒ Object

.ml_kem_1024_keypair ⇒ Object

.ml_kem_1024_keypair_from_seed(seed) ⇒ Object

.ml_kem_512_decapsulate(ciphertext, secret_key) ⇒ Object

.ml_kem_512_encapsulate(public_key) ⇒ Object

.ml_kem_512_keypair ⇒ Object

.ml_kem_512_keypair_from_seed(seed) ⇒ Object

.ml_kem_decapsulate(ciphertext, secret_key) ⇒ Object

.ml_kem_encapsulate(public_key) ⇒ Object

.ml_kem_keypair ⇒ Object

.ml_kem_keypair_from_seed(seed) ⇒ Object

.native_extension_loaded? ⇒ Boolean

.public_key_from_pqc_container_der(der) ⇒ Object

.public_key_from_pqc_container_pem(pem) ⇒ Object

.public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object

.public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object

.secret_key_from_pqc_container_der(der) ⇒ Object

.secret_key_from_pqc_container_pem(pem) ⇒ Object

.secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object

.secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object

.secure_wipe(str) ⇒ Object

.sign(message, secret_key) ⇒ Object

.sign_keypair ⇒ Object

.supported_hybrid_kems ⇒ Object

.supported_kems ⇒ Object

.supported_signatures ⇒ Object

.verify(message, signature, public_key) ⇒ Object

.version ⇒ Object