Module: PQCrypto
- Defined in:
- lib/pq_crypto.rb,
lib/pq_crypto/kem.rb,
lib/pq_crypto/spki.rb,
lib/pq_crypto/pkcs8.rb,
lib/pq_crypto/errors.rb,
lib/pq_crypto/version.rb,
lib/pq_crypto/signature.rb,
lib/pq_crypto/hybrid_kem.rb,
lib/pq_crypto/serialization.rb,
lib/pq_crypto/algorithm_registry.rb,
ext/pqcrypto/pqcrypto_ruby_secure.c
Defined Under Namespace
Modules: AlgorithmRegistry, HybridKEM, KEM, NativeBindings, PKCS8, SPKI, Serialization, Signature, Testing
Classes: Error, InvalidCiphertextError, InvalidKeyError, SerializationError, UnsupportedAlgorithmError, VerificationError
Constant Summary
collapse
- SUITES =
{
kem: AlgorithmRegistry.supported_kems,
hybrid_kem: AlgorithmRegistry.supported_hybrid_kems,
signature: AlgorithmRegistry.supported_signatures,
}.freeze- NATIVE_EXTENSION_LOADED =
true
- VERSION =
"0.4.1"
- ML_KEM_512_PUBLIC_KEY_BYTES =
INT2NUM(MLKEM512_PUBLICKEYBYTES)
- ML_KEM_512_SECRET_KEY_BYTES =
INT2NUM(MLKEM512_SECRETKEYBYTES)
- ML_KEM_512_CIPHERTEXT_BYTES =
INT2NUM(MLKEM512_CIPHERTEXTBYTES)
- ML_KEM_512_SHARED_SECRET_BYTES =
INT2NUM(MLKEM512_SHAREDSECRETBYTES)
- ML_KEM_PUBLIC_KEY_BYTES =
INT2NUM(PQ_MLKEM_PUBLICKEYBYTES)
- ML_KEM_SECRET_KEY_BYTES =
INT2NUM(PQ_MLKEM_SECRETKEYBYTES)
- ML_KEM_CIPHERTEXT_BYTES =
INT2NUM(PQ_MLKEM_CIPHERTEXTBYTES)
- ML_KEM_SHARED_SECRET_BYTES =
INT2NUM(PQ_MLKEM_SHAREDSECRETBYTES)
- ML_KEM_1024_PUBLIC_KEY_BYTES =
INT2NUM(MLKEM1024_PUBLICKEYBYTES)
- ML_KEM_1024_SECRET_KEY_BYTES =
INT2NUM(MLKEM1024_SECRETKEYBYTES)
- ML_KEM_1024_CIPHERTEXT_BYTES =
INT2NUM(MLKEM1024_CIPHERTEXTBYTES)
- ML_KEM_1024_SHARED_SECRET_BYTES =
INT2NUM(MLKEM1024_SHAREDSECRETBYTES)
- HYBRID_KEM_PUBLIC_KEY_BYTES =
INT2NUM(PQ_HYBRID_PUBLICKEYBYTES)
- HYBRID_KEM_SECRET_KEY_BYTES =
INT2NUM(PQ_HYBRID_SECRETKEYBYTES)
- HYBRID_KEM_CIPHERTEXT_BYTES =
INT2NUM(PQ_HYBRID_CIPHERTEXTBYTES)
- HYBRID_KEM_SHARED_SECRET_BYTES =
INT2NUM(PQ_HYBRID_SHAREDSECRETBYTES)
- SIGN_44_PUBLIC_KEY_BYTES =
INT2NUM(MLDSA44_PUBLICKEYBYTES)
- SIGN_44_SECRET_KEY_BYTES =
INT2NUM(MLDSA44_SECRETKEYBYTES)
- SIGN_44_BYTES =
INT2NUM(MLDSA44_BYTES)
- SIGN_PUBLIC_KEY_BYTES =
INT2NUM(PQ_MLDSA_PUBLICKEYBYTES)
- SIGN_SECRET_KEY_BYTES =
INT2NUM(PQ_MLDSA_SECRETKEYBYTES)
- SIGN_BYTES =
INT2NUM(PQ_MLDSA_BYTES)
- SIGN_87_PUBLIC_KEY_BYTES =
INT2NUM(MLDSA87_PUBLICKEYBYTES)
- SIGN_87_SECRET_KEY_BYTES =
INT2NUM(MLDSA87_SECRETKEYBYTES)
- SIGN_87_BYTES =
INT2NUM(MLDSA87_BYTES)
Class Method Summary
collapse
-
.__test_ml_dsa_44_keypair_from_seed(seed) ⇒ Object
-
.__test_ml_dsa_44_sign_from_seed(message, secret_key, seed) ⇒ Object
-
.__test_ml_dsa_87_keypair_from_seed(seed) ⇒ Object
-
.__test_ml_dsa_87_sign_from_seed(message, secret_key, seed) ⇒ Object
-
.__test_ml_kem_1024_encapsulate_from_seed(public_key, seed) ⇒ Object
-
.__test_ml_kem_512_encapsulate_from_seed(public_key, seed) ⇒ Object
-
.__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ Object
-
.__test_ml_kem_keypair_from_seed(seed) ⇒ Object
-
.__test_sign_from_seed(message, secret_key, seed) ⇒ Object
-
.__test_sign_keypair_from_seed(seed) ⇒ Object
-
._native_mldsa_compute_tr(public_key) ⇒ Object
-
._native_mldsa_extract_tr(secret_key) ⇒ Object
-
._native_mldsa_mu_builder_finalize(builder_obj) ⇒ Object
-
._native_mldsa_mu_builder_new(tr, ctx) ⇒ Object
-
._native_mldsa_mu_builder_release(builder_obj) ⇒ Object
-
._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ Object
-
._native_mldsa_sign_mu(mu, secret_key) ⇒ Object
-
._native_mldsa_verify_mu(mu, signature, public_key) ⇒ Object
-
.backend ⇒ Object
-
.ct_equals ⇒ Object
-
.hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ Object
-
.hybrid_kem_encapsulate(public_key) ⇒ Object
-
.hybrid_kem_keypair ⇒ Object
-
.ml_dsa_44_keypair ⇒ Object
-
.ml_dsa_44_keypair_from_seed ⇒ Object
-
.ml_dsa_44_sign ⇒ Object
-
.ml_dsa_44_verify ⇒ Object
-
.ml_dsa_87_keypair ⇒ Object
-
.ml_dsa_87_keypair_from_seed ⇒ Object
-
.ml_dsa_87_sign ⇒ Object
-
.ml_dsa_87_verify ⇒ Object
-
.ml_dsa_keypair_from_seed ⇒ Object
-
.ml_kem_1024_decapsulate ⇒ Object
-
.ml_kem_1024_encapsulate ⇒ Object
-
.ml_kem_1024_keypair ⇒ Object
-
.ml_kem_1024_keypair_from_seed ⇒ Object
-
.ml_kem_512_decapsulate ⇒ Object
-
.ml_kem_512_encapsulate ⇒ Object
-
.ml_kem_512_keypair ⇒ Object
-
.ml_kem_512_keypair_from_seed ⇒ Object
-
.ml_kem_decapsulate ⇒ Object
-
.ml_kem_encapsulate ⇒ Object
-
.ml_kem_keypair ⇒ Object
-
.ml_kem_keypair_from_seed ⇒ Object
-
.native_extension_loaded? ⇒ Boolean
-
.public_key_from_pqc_container_der(der) ⇒ Object
-
.public_key_from_pqc_container_pem(pem) ⇒ Object
-
.public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
-
.public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
-
.secret_key_from_pqc_container_der(der) ⇒ Object
-
.secret_key_from_pqc_container_pem(pem) ⇒ Object
-
.secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
-
.secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
-
.secure_wipe(str) ⇒ Object
-
.sign ⇒ Object
-
.sign_keypair ⇒ Object
-
.supported_hybrid_kems ⇒ Object
-
.supported_kems ⇒ Object
-
.supported_signatures ⇒ Object
-
.verify ⇒ Object
-
.version ⇒ Object
Class Method Details
.__test_ml_dsa_44_keypair_from_seed(seed) ⇒ Object
877
878
879
880
881
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 877
static VALUE pqcrypto__test_ml_dsa_44_keypair_from_seed(VALUE self, VALUE seed) {
(void)self;
return pq_run_test_sign_keypair_from_seed(pq_testing_mldsa_44_keypair_nogvl, seed,
MLDSA44_PUBLICKEYBYTES, MLDSA44_SECRETKEYBYTES);
}
|
.__test_ml_dsa_44_sign_from_seed(message, secret_key, seed) ⇒ Object
940
941
942
943
944
945
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 940
static VALUE pqcrypto__test_ml_dsa_44_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
VALUE seed) {
(void)self;
return pq_run_test_sign_from_seed(pq_testing_mldsa_44_sign_nogvl, message, secret_key, seed,
MLDSA44_SECRETKEYBYTES, MLDSA44_BYTES);
}
|
.__test_ml_dsa_87_keypair_from_seed(seed) ⇒ Object
883
884
885
886
887
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 883
static VALUE pqcrypto__test_ml_dsa_87_keypair_from_seed(VALUE self, VALUE seed) {
(void)self;
return pq_run_test_sign_keypair_from_seed(pq_testing_mldsa_87_keypair_nogvl, seed,
MLDSA87_PUBLICKEYBYTES, MLDSA87_SECRETKEYBYTES);
}
|
.__test_ml_dsa_87_sign_from_seed(message, secret_key, seed) ⇒ Object
947
948
949
950
951
952
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 947
static VALUE pqcrypto__test_ml_dsa_87_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
VALUE seed) {
(void)self;
return pq_run_test_sign_from_seed(pq_testing_mldsa_87_sign_nogvl, message, secret_key, seed,
MLDSA87_SECRETKEYBYTES, MLDSA87_BYTES);
}
|
.__test_ml_kem_1024_encapsulate_from_seed(public_key, seed) ⇒ Object
767
768
769
770
771
772
773
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 767
static VALUE pqcrypto__test_ml_kem_1024_encapsulate_from_seed(VALUE self, VALUE public_key,
VALUE seed) {
(void)self;
return pq_run_test_kem_encapsulate_from_seed(
pq_testing_ml_kem_1024_encapsulate_nogvl, public_key, seed, MLKEM1024_PUBLICKEYBYTES,
MLKEM1024_CIPHERTEXTBYTES, MLKEM1024_SHAREDSECRETBYTES);
}
|
.__test_ml_kem_512_encapsulate_from_seed(public_key, seed) ⇒ Object
759
760
761
762
763
764
765
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 759
static VALUE pqcrypto__test_ml_kem_512_encapsulate_from_seed(VALUE self, VALUE public_key,
VALUE seed) {
(void)self;
return pq_run_test_kem_encapsulate_from_seed(
pq_testing_ml_kem_512_encapsulate_nogvl, public_key, seed, MLKEM512_PUBLICKEYBYTES,
MLKEM512_CIPHERTEXTBYTES, MLKEM512_SHAREDSECRETBYTES);
}
|
.__test_ml_kem_encapsulate_from_seed(public_key, seed) ⇒ Object
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 683
static VALUE pqcrypto__test_ml_kem_encapsulate_from_seed(VALUE self, VALUE public_key, VALUE seed) {
(void)self;
pq_validate_bytes_argument(public_key, PQ_MLKEM_PUBLICKEYBYTES, "public key");
StringValue(seed);
if ((size_t)RSTRING_LEN(seed) != 32) {
rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
}
kem_encapsulate_call_t call = {0};
size_t public_key_len = 0;
size_t seed_len = 0;
call.public_key = pq_copy_ruby_string(public_key, &public_key_len);
call.ciphertext = pq_alloc_buffer(PQ_MLKEM_CIPHERTEXTBYTES);
call.shared_secret = pq_alloc_buffer(PQ_MLKEM_SHAREDSECRETBYTES);
call.seed = pq_copy_ruby_string(seed, &seed_len);
call.seed_len = seed_len;
rb_thread_call_without_gvl(pq_testing_ml_kem_encapsulate_nogvl, &call, NULL, NULL);
pq_wipe_and_free((uint8_t *)call.public_key, public_key_len);
pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);
if (call.result != PQ_SUCCESS) {
pq_wipe_and_free(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES);
free(call.ciphertext);
pq_raise_general_error(call.result);
}
VALUE result = rb_ary_new2(2);
rb_ary_push(result, pq_string_from_buffer(call.ciphertext, PQ_MLKEM_CIPHERTEXTBYTES));
rb_ary_push(result, pq_string_from_buffer(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES));
free(call.ciphertext);
pq_wipe_and_free(call.shared_secret, PQ_MLKEM_SHAREDSECRETBYTES);
return result;
}
|
.__test_ml_kem_keypair_from_seed(seed) ⇒ Object
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 650
static VALUE pqcrypto__test_ml_kem_keypair_from_seed(VALUE self, VALUE seed) {
(void)self;
StringValue(seed);
if ((size_t)RSTRING_LEN(seed) != 64) {
rb_raise(rb_eArgError, "Deterministic ML-KEM test seed must be 64 bytes (FIPS 203 d||z)");
}
kem_keypair_call_t call = {0};
size_t seed_len = 0;
call.public_key = pq_alloc_buffer(PQ_MLKEM_PUBLICKEYBYTES);
call.secret_key = pq_alloc_buffer(PQ_MLKEM_SECRETKEYBYTES);
call.seed = pq_copy_ruby_string(seed, &seed_len);
call.seed_len = seed_len;
rb_thread_call_without_gvl(pq_testing_ml_kem_keypair_nogvl, &call, NULL, NULL);
pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);
if (call.result != PQ_SUCCESS) {
pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
free(call.public_key);
pq_raise_general_error(call.result);
}
VALUE result = rb_ary_new2(2);
rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLKEM_PUBLICKEYBYTES));
rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLKEM_SECRETKEYBYTES));
free(call.public_key);
pq_wipe_and_free(call.secret_key, PQ_MLKEM_SECRETKEYBYTES);
return result;
}
|
.__test_sign_from_seed(message, secret_key, seed) ⇒ Object
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 808
static VALUE pqcrypto__test_sign_from_seed(VALUE self, VALUE message, VALUE secret_key,
VALUE seed) {
(void)self;
pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
StringValue(seed);
if ((size_t)RSTRING_LEN(seed) != 32) {
rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
}
sign_call_t call = {0};
size_t secret_key_len = 0;
size_t seed_len = 0;
call.secret_key = pq_copy_ruby_string(secret_key, &secret_key_len);
call.signature_len = PQ_MLDSA_BYTES;
call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);
call.message = pq_copy_ruby_string(message, &call.message_len);
call.seed = pq_copy_ruby_string(seed, &seed_len);
call.seed_len = seed_len;
rb_thread_call_without_gvl(pq_testing_sign_nogvl, &call, NULL, NULL);
pq_free_buffer(call.message);
pq_wipe_and_free((uint8_t *)call.secret_key, secret_key_len);
pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);
if (call.result != PQ_SUCCESS) {
pq_free_buffer(call.signature);
pq_raise_general_error(call.result);
}
VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
pq_free_buffer(call.signature);
return result;
}
|
.__test_sign_keypair_from_seed(seed) ⇒ Object
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 775
static VALUE pqcrypto__test_sign_keypair_from_seed(VALUE self, VALUE seed) {
(void)self;
StringValue(seed);
if ((size_t)RSTRING_LEN(seed) != 32) {
rb_raise(rb_eArgError, "Deterministic test seed must be 32 bytes");
}
sign_keypair_call_t call = {0};
size_t seed_len = 0;
call.public_key = pq_alloc_buffer(PQ_MLDSA_PUBLICKEYBYTES);
call.secret_key = pq_alloc_buffer(PQ_MLDSA_SECRETKEYBYTES);
call.seed = pq_copy_ruby_string(seed, &seed_len);
call.seed_len = seed_len;
rb_thread_call_without_gvl(pq_testing_sign_keypair_nogvl, &call, NULL, NULL);
pq_wipe_and_free((uint8_t *)call.seed, call.seed_len);
if (call.result != PQ_SUCCESS) {
pq_wipe_and_free(call.secret_key, PQ_MLDSA_SECRETKEYBYTES);
free(call.public_key);
pq_raise_general_error(call.result);
}
VALUE result = rb_ary_new2(2);
rb_ary_push(result, pq_string_from_buffer(call.public_key, PQ_MLDSA_PUBLICKEYBYTES));
rb_ary_push(result, pq_string_from_buffer(call.secret_key, PQ_MLDSA_SECRETKEYBYTES));
free(call.public_key);
pq_wipe_and_free(call.secret_key, PQ_MLDSA_SECRETKEYBYTES);
return result;
}
|
._native_mldsa_compute_tr(public_key) ⇒ Object
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1166
static VALUE pqcrypto__native_mldsa_compute_tr(VALUE self, VALUE public_key) {
(void)self;
pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");
uint8_t tr[PQ_MLDSA_TRBYTES];
int rc = pq_mldsa_compute_tr_from_public_key(tr, (const uint8_t *)RSTRING_PTR(public_key));
if (rc != PQ_SUCCESS) {
pq_raise_general_error(rc);
}
return pq_string_from_buffer(tr, sizeof(tr));
}
|
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1151
static VALUE pqcrypto__native_mldsa_extract_tr(VALUE self, VALUE secret_key) {
(void)self;
pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
uint8_t tr[PQ_MLDSA_TRBYTES];
int rc = pq_mldsa_extract_tr_from_secret_key(tr, (const uint8_t *)RSTRING_PTR(secret_key));
if (rc != PQ_SUCCESS) {
pq_secure_wipe(tr, sizeof(tr));
pq_raise_general_error(rc);
}
VALUE result = pq_string_from_buffer(tr, sizeof(tr));
pq_secure_wipe(tr, sizeof(tr));
return result;
}
|
._native_mldsa_mu_builder_finalize(builder_obj) ⇒ Object
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1246
static VALUE pqcrypto__native_mldsa_mu_builder_finalize(VALUE self, VALUE builder_obj) {
(void)self;
mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);
uint8_t mu[PQ_MLDSA_MUBYTES];
mu_finalize_call_t call = {0};
call.builder = wrapper->builder;
call.mu_out = mu;
rb_nogvl(pq_mu_finalize_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
if (call.result != PQ_SUCCESS) {
pq_mu_builder_release(wrapper->builder);
}
wrapper->builder = NULL;
if (call.result != PQ_SUCCESS) {
pq_secure_wipe(mu, sizeof(mu));
pq_raise_general_error(call.result);
}
VALUE result = pq_string_from_buffer(mu, sizeof(mu));
pq_secure_wipe(mu, sizeof(mu));
return result;
}
|
._native_mldsa_mu_builder_new(tr, ctx) ⇒ Object
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1178
static VALUE pqcrypto__native_mldsa_mu_builder_new(VALUE self, VALUE tr, VALUE ctx) {
(void)self;
pq_validate_bytes_argument(tr, PQ_MLDSA_TRBYTES, "tr");
StringValue(ctx);
size_t ctxlen = (size_t)RSTRING_LEN(ctx);
if (ctxlen > 255) {
rb_raise(rb_eArgError, "ML-DSA context length must be <= 255 bytes");
}
void *builder = pq_mu_builder_new();
if (builder == NULL) {
rb_raise(rb_eNoMemError, "Memory allocation failed (mu builder)");
}
int rc = pq_mu_builder_init(builder, (const uint8_t *)RSTRING_PTR(tr),
(const uint8_t *)RSTRING_PTR(ctx), ctxlen);
if (rc != PQ_SUCCESS) {
pq_mu_builder_release(builder);
pq_raise_general_error(rc);
}
mu_builder_wrapper_t *wrapper;
VALUE obj =
TypedData_Make_Struct(rb_cObject, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
wrapper->builder = builder;
return obj;
}
|
._native_mldsa_mu_builder_release(builder_obj) ⇒ Object
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1273
static VALUE pqcrypto__native_mldsa_mu_builder_release(VALUE self, VALUE builder_obj) {
(void)self;
mu_builder_wrapper_t *wrapper;
TypedData_Get_Struct(builder_obj, mu_builder_wrapper_t, &mu_builder_data_type, wrapper);
if (wrapper != NULL && wrapper->builder != NULL) {
pq_mu_builder_release(wrapper->builder);
wrapper->builder = NULL;
}
return Qnil;
}
|
._native_mldsa_mu_builder_update(builder_obj, chunk) ⇒ Object
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1213
static VALUE pqcrypto__native_mldsa_mu_builder_update(VALUE self, VALUE builder_obj, VALUE chunk) {
(void)self;
mu_builder_wrapper_t *wrapper = mu_builder_unwrap(builder_obj);
StringValue(chunk);
size_t chunk_len = (size_t)RSTRING_LEN(chunk);
if (chunk_len == 0) {
return Qnil;
}
uint8_t *copy = pq_alloc_buffer(chunk_len);
memcpy(copy, RSTRING_PTR(chunk), chunk_len);
mu_absorb_call_t call = {0};
call.builder = wrapper->builder;
call.chunk = copy;
call.chunk_len = chunk_len;
rb_nogvl(pq_mu_absorb_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
free(copy);
if (call.result != PQ_SUCCESS) {
pq_raise_general_error(call.result);
}
return Qnil;
}
|
._native_mldsa_sign_mu(mu, secret_key) ⇒ Object
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1290
static VALUE pqcrypto__native_mldsa_sign_mu(VALUE self, VALUE mu, VALUE secret_key) {
(void)self;
pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
pq_validate_bytes_argument(secret_key, PQ_MLDSA_SECRETKEYBYTES, "secret key");
sign_mu_call_t call = {0};
size_t secret_key_len = 0;
size_t mu_len = 0;
uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
uint8_t *sk_copy = pq_copy_ruby_string(secret_key, &secret_key_len);
call.mu = mu_copy;
call.secret_key = sk_copy;
call.signature_len = PQ_MLDSA_BYTES;
call.signature = pq_alloc_buffer(PQ_MLDSA_BYTES);
rb_nogvl(pq_sign_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
pq_wipe_and_free(mu_copy, mu_len);
pq_wipe_and_free(sk_copy, secret_key_len);
if (call.result != PQ_SUCCESS) {
pq_free_buffer(call.signature);
pq_raise_general_error(call.result);
}
VALUE result = pq_string_from_buffer(call.signature, call.signature_len);
pq_free_buffer(call.signature);
return result;
}
|
._native_mldsa_verify_mu(mu, signature, public_key) ⇒ Object
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1327
static VALUE pqcrypto__native_mldsa_verify_mu(VALUE self, VALUE mu, VALUE signature,
VALUE public_key) {
(void)self;
StringValue(signature);
pq_validate_bytes_argument(mu, PQ_MLDSA_MUBYTES, "mu");
pq_validate_bytes_argument(public_key, PQ_MLDSA_PUBLICKEYBYTES, "public key");
verify_mu_call_t call = {0};
size_t public_key_len = 0;
size_t signature_len = 0;
size_t mu_len = 0;
uint8_t *mu_copy = pq_copy_ruby_string(mu, &mu_len);
uint8_t *pk_copy = pq_copy_ruby_string(public_key, &public_key_len);
uint8_t *sig_copy = pq_copy_ruby_string(signature, &signature_len);
call.mu = mu_copy;
call.public_key = pk_copy;
call.signature = sig_copy;
call.signature_len = signature_len;
rb_nogvl(pq_verify_mu_nogvl, &call, NULL, NULL, RB_NOGVL_OFFLOAD_SAFE);
pq_wipe_and_free(mu_copy, mu_len);
pq_free_buffer(pk_copy);
pq_free_buffer(sig_copy);
if (call.result == PQ_SUCCESS) {
return Qtrue;
}
if (call.result == PQ_ERROR_VERIFY) {
return Qfalse;
}
pq_raise_general_error(call.result);
}
|
.backend ⇒ Object
131
132
133
|
# File 'lib/pq_crypto.rb', line 131
def backend
:native_pqclean
end
|
.ct_equals ⇒ Object
.hybrid_kem_decapsulate(ciphertext, secret_key) ⇒ Object
643
644
645
646
647
648
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 643
static VALUE pqcrypto_hybrid_kem_decapsulate(VALUE self, VALUE ciphertext, VALUE secret_key) {
(void)self;
return pq_run_kem_decapsulate(pq_hybrid_kem_decapsulate_nogvl, ciphertext,
PQ_HYBRID_CIPHERTEXTBYTES, secret_key, PQ_HYBRID_SECRETKEYBYTES,
PQ_HYBRID_SHAREDSECRETBYTES);
}
|
.hybrid_kem_encapsulate(public_key) ⇒ Object
636
637
638
639
640
641
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 636
static VALUE pqcrypto_hybrid_kem_encapsulate(VALUE self, VALUE public_key) {
(void)self;
return pq_run_kem_encapsulate(pq_hybrid_kem_encapsulate_nogvl, public_key,
PQ_HYBRID_PUBLICKEYBYTES, PQ_HYBRID_CIPHERTEXTBYTES,
PQ_HYBRID_SHAREDSECRETBYTES);
}
|
.hybrid_kem_keypair ⇒ Object
.ml_dsa_44_keypair ⇒ Object
.ml_dsa_44_keypair_from_seed ⇒ Object
.ml_dsa_44_sign ⇒ Object
.ml_dsa_44_verify ⇒ Object
.ml_dsa_87_keypair ⇒ Object
.ml_dsa_87_keypair_from_seed ⇒ Object
.ml_dsa_87_sign ⇒ Object
.ml_dsa_87_verify ⇒ Object
.ml_dsa_keypair_from_seed ⇒ Object
.ml_kem_1024_decapsulate ⇒ Object
.ml_kem_1024_encapsulate ⇒ Object
.ml_kem_1024_keypair ⇒ Object
.ml_kem_1024_keypair_from_seed ⇒ Object
.ml_kem_512_decapsulate ⇒ Object
.ml_kem_512_encapsulate ⇒ Object
.ml_kem_512_keypair ⇒ Object
.ml_kem_512_keypair_from_seed ⇒ Object
.ml_kem_decapsulate ⇒ Object
.ml_kem_encapsulate ⇒ Object
.ml_kem_keypair ⇒ Object
.ml_kem_keypair_from_seed ⇒ Object
.native_extension_loaded? ⇒ Boolean
135
136
137
|
# File 'lib/pq_crypto.rb', line 135
def native_extension_loaded?
true
end
|
.public_key_from_pqc_container_der(der) ⇒ Object
1416
1417
1418
1419
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1416
static VALUE pqcrypto_public_key_from_pqc_container_der(VALUE self, VALUE der) {
(void)self;
return pq_import_container_der(der, pq_public_key_from_pqc_container_der);
}
|
.public_key_from_pqc_container_pem(pem) ⇒ Object
1421
1422
1423
1424
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1421
static VALUE pqcrypto_public_key_from_pqc_container_pem(VALUE self, VALUE pem) {
(void)self;
return pq_import_container_pem(pem, pq_public_key_from_pqc_container_pem);
}
|
.public_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
1392
1393
1394
1395
1396
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1392
static VALUE pqcrypto_public_key_to_pqc_container_der(VALUE self, VALUE algorithm,
VALUE key_bytes) {
(void)self;
return pq_export_container_der(algorithm, key_bytes, pq_public_key_to_pqc_container_der);
}
|
.public_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
1398
1399
1400
1401
1402
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1398
static VALUE pqcrypto_public_key_to_pqc_container_pem(VALUE self, VALUE algorithm,
VALUE key_bytes) {
(void)self;
return pq_export_container_pem(algorithm, key_bytes, pq_public_key_to_pqc_container_pem);
}
|
.secret_key_from_pqc_container_der(der) ⇒ Object
1426
1427
1428
1429
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1426
static VALUE pqcrypto_secret_key_from_pqc_container_der(VALUE self, VALUE der) {
(void)self;
return pq_import_container_der(der, pq_secret_key_from_pqc_container_der);
}
|
.secret_key_from_pqc_container_pem(pem) ⇒ Object
1431
1432
1433
1434
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1431
static VALUE pqcrypto_secret_key_from_pqc_container_pem(VALUE self, VALUE pem) {
(void)self;
return pq_import_container_pem(pem, pq_secret_key_from_pqc_container_pem);
}
|
.secret_key_to_pqc_container_der(algorithm, key_bytes) ⇒ Object
1404
1405
1406
1407
1408
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1404
static VALUE pqcrypto_secret_key_to_pqc_container_der(VALUE self, VALUE algorithm,
VALUE key_bytes) {
(void)self;
return pq_export_container_der(algorithm, key_bytes, pq_secret_key_to_pqc_container_der);
}
|
.secret_key_to_pqc_container_pem(algorithm, key_bytes) ⇒ Object
1410
1411
1412
1413
1414
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1410
static VALUE pqcrypto_secret_key_to_pqc_container_pem(VALUE self, VALUE algorithm,
VALUE key_bytes) {
(void)self;
return pq_export_container_pem(algorithm, key_bytes, pq_secret_key_to_pqc_container_pem);
}
|
.secure_wipe(str) ⇒ Object
1064
1065
1066
1067
1068
1069
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1064
def secure_wipe(string)
string = String(string)
raise ArgumentError, "secure_wipe requires a mutable String" if string.frozen?
native_secure_wipe(string)
end
|
.sign ⇒ Object
.sign_keypair ⇒ Object
.supported_hybrid_kems ⇒ Object
143
144
145
|
# File 'lib/pq_crypto.rb', line 143
def supported_hybrid_kems
SUITES.fetch(:hybrid_kem).dup
end
|
.supported_kems ⇒ Object
139
140
141
|
# File 'lib/pq_crypto.rb', line 139
def supported_kems
SUITES.fetch(:kem).dup
end
|
.supported_signatures ⇒ Object
147
148
149
|
# File 'lib/pq_crypto.rb', line 147
def supported_signatures
SUITES.fetch(:signature).dup
end
|
.verify ⇒ Object
.version ⇒ Object
1072
1073
1074
|
# File 'ext/pqcrypto/pqcrypto_ruby_secure.c', line 1072
def version
native_version
end
|