Top Level Namespace

Defined Under Namespace

Modules: PQCrypto

Constant Summary

VENDOR_ONLY_CFLAGS =

"-Wno-unused-parameter -Wno-unused-function -Wno-strict-prototypes -Wno-pedantic -Wno-c23-extensions -Wno-undef"

SANITIZE =

ENV["PQCRYPTO_SANITIZE"]

NATIVE_ASM =

(ENV["PQCRYPTO_NATIVE_ASM"] || "0") == "1"

Instance Method Summary

• #configure_compiler_environment ⇒ Object
• #configure_openssl! ⇒ Object
• #find_vendor_dir ⇒ Object
• #generate_version_header! ⇒ Object
• #inject_native_sources!(config) ⇒ Object
• #native_flags(kind, level, shared:) ⇒ Object
• #native_vendor_config(vendor_dir) ⇒ Object
• #native_vendor_ready?(vendor_dir) ⇒ Boolean
• #native_vendor_sources_for(vendor_dir) ⇒ Object
• #recursive_include_dirs(root) ⇒ Object
• #run_vendor_script!(vendor_dir) ⇒ Object
• #vendor_script_path ⇒ Object

Instance Method Details

#configure_compiler_environment ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 44

def configure_compiler_environment
  return unless RUBY_PLATFORM.include?("darwin")

  dir_config("homebrew", "/opt/homebrew")
  $CPPFLAGS << " -I/opt/homebrew/include"
  $LDFLAGS << " -L/opt/homebrew/lib"
end

#configure_openssl! ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 122

def configure_openssl!
  configure_compiler_environment

  abort "OpenSSL libcrypto is required" unless have_library("crypto")
  abort "OpenSSL libssl is required" unless have_library("ssl")
  abort "openssl/evp.h is required" unless have_header("openssl/evp.h")
  abort "openssl/rand.h is required" unless have_header("openssl/rand.h")
  abort "openssl/crypto.h is required" unless have_header("openssl/crypto.h")

  version_check = <<~SRC
    #include <openssl/opensslv.h>
    #if OPENSSL_VERSION_NUMBER < 0x30000000L
    #error "OpenSSL 3.0 or later is required"
    #endif
    int main(void) { return 0; }
  SRC
  abort "OpenSSL 3.0 or later is required" unless try_compile(version_check)

  sha3_check = <<~SRC
    #include <openssl/evp.h>
    int main(void) {
        const EVP_MD *md = EVP_sha3_256();
        return md == NULL ? 1 : 0;
    }
  SRC
  abort "OpenSSL SHA3-256 is required (X-Wing combiner)" unless try_compile(sha3_check)

  shake_check = <<~SRC
    #include <openssl/evp.h>
    int main(void) {
        const EVP_MD *md = EVP_shake256();
        return md == NULL ? 1 : 0;
    }
  SRC
  abort "OpenSSL SHAKE256 is required (X-Wing key expansion / ML-DSA streaming mu)" unless try_compile(shake_check)

  $CFLAGS << " -DHAVE_OPENSSL_EVP_H -DHAVE_OPENSSL_RAND_H"
end

#find_vendor_dir ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 100

def find_vendor_dir
  candidates = [
    File.join(__dir__, "vendor"),
    File.expand_path("../../ext/pqcrypto/vendor", __dir__),
    File.join(Dir.pwd, "ext", "pqcrypto", "vendor")
  ]

  dir = __dir__
  6.times do
    candidates << File.join(dir, "ext", "pqcrypto", "vendor")
    dir = File.dirname(dir)
  end

  candidates.map! { |path| File.expand_path(path) }
  candidates.uniq!

  primary = File.expand_path(File.join(__dir__, "vendor"))
  run_vendor_script!(primary) unless native_vendor_ready?(primary)

  candidates.find { |path| native_vendor_ready?(path) }
end

#generate_version_header! ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 8

def generate_version_header!
  version = PQCrypto::VERSION
  unless version.match?(/\A[0-9A-Za-z][0-9A-Za-z._+-]*\z/)
    abort "Invalid PQCrypto::VERSION for C header: #{version.inspect}"
  end

  header = File.join(__dir__, "pqcrypto_version.h")
  File.write(header, <<~C)
    /* Generated by extconf.rb from lib/pq_crypto/version.rb. Do not edit. */
    #ifndef PQCRYPTO_VERSION_H
    #define PQCRYPTO_VERSION_H

    #define PQCRYPTO_VERSION #{version.dump}

    #endif
  C
end

#inject_native_sources!(config) ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 220

def inject_native_sources!(config)
  makefile = File.read("Makefile")

  vendor_objects = []
  build_rules = []

  [
    [:mlkem, "512", config[:mlkem_c], true],
    [:mlkem, "768", config[:mlkem_c], false],
    [:mlkem, "1024", config[:mlkem_c], false],
    [:mldsa, "44", config[:mldsa_c], true],
    [:mldsa, "65", config[:mldsa_c], false],
    [:mldsa, "87", config[:mldsa_c], false]
  ].each do |kind, level, source, shared|
    object = "pqnative_#{kind}_#{level}.o"
    flags = native_flags(kind, level, shared: shared)
    vendor_objects << object
    build_rules << <<~RULE
      #{object}: #{source}
      	$(ECHO) compiling #{source} [#{kind}-#{level}]
      	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
    RULE
  end

  if NATIVE_ASM
    [
      [:mlkem, "512", config[:mlkem_asm], true],
      [:mlkem, "768", config[:mlkem_asm], false],
      [:mlkem, "1024", config[:mlkem_asm], false],
      [:mldsa, "44", config[:mldsa_asm], true],
      [:mldsa, "65", config[:mldsa_asm], false],
      [:mldsa, "87", config[:mldsa_asm], false]
    ].each do |kind, level, source, shared|
      next unless File.exist?(source)

      object = "pqnative_#{kind}_#{level}_asm.o"
      flags = native_flags(kind, level, shared: shared)
      vendor_objects << object
      build_rules << <<~RULE
        #{object}: #{source}
        	$(ECHO) assembling #{source} [#{kind}-#{level}]
        	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) #{VENDOR_ONLY_CFLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
      RULE
    end
  end

  objects_line = makefile.lines.find { |line| line.start_with?("OBJS = ") }
  raise "Could not find OBJS line in generated Makefile" unless objects_line

  makefile.sub!(objects_line, objects_line.chomp + " #{vendor_objects.join(' ')}\n")

  unless makefile.include?("# vendored pq-code-package objects")
    rules_block = "\n# vendored pq-code-package objects\n" + build_rules.join("\n") + "\n"
    anchor = "$(OBJS): $(HDRS) $(ruby_headers)\n"
    raise "Could not find OBJS dependency anchor in generated Makefile" unless makefile.include?(anchor)

    makefile.sub!(anchor, anchor + rules_block)
  end

  File.write("Makefile", makefile)
end

#native_flags(kind, level, shared:) ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 204

def native_flags(kind, level, shared:)
  prefix = kind == :mlkem ? "MLK" : "MLD"
  ns = kind == :mlkem ? "pqcr_mlkem" : "pqcr_mldsa"
  flags = []
  flags << "-D#{prefix}_CONFIG_MULTILEVEL_BUILD"
  flags << "-D#{prefix}_CONFIG_PARAMETER_SET=#{level}"
  flags << "-D#{prefix}_CONFIG_NAMESPACE_PREFIX=#{ns}"
  flags << "-D#{prefix}_CONFIG_NO_SUPERCOP"
  flags << (shared ? "-D#{prefix}_CONFIG_MULTILEVEL_WITH_SHARED" : "-D#{prefix}_CONFIG_MULTILEVEL_NO_SHARED")
  if NATIVE_ASM
    flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_ARITH"
    flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_FIPS202"
  end
  flags.join(" ")
end

#native_vendor_config(vendor_dir) ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 165

def native_vendor_config(vendor_dir)
  abort <<~MSG unless vendor_dir
    PQ Code Package vendored sources are required.

    Expected:
      ext/pqcrypto/vendor/mlkem-native/mlkem/mlkem_native.c
      ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.c

    Run:
      bundle exec rake vendor
  MSG

  mlkem_dir = File.join(vendor_dir, "mlkem-native", "mlkem")
  mldsa_dir = File.join(vendor_dir, "mldsa-native", "mldsa")
  mlkem_c = File.join(mlkem_dir, "mlkem_native.c")
  mldsa_c = File.join(mldsa_dir, "mldsa_native.c")

  missing = [mlkem_c, mldsa_c].reject { |path| File.exist?(path) }
  abort <<~MSG unless missing.empty?
    Missing PQ Code Package native source files:
      #{missing.join("\n  ")}

    This build intentionally has no PQClean fallback. Auto-vendoring did not
    produce the required files. Vendor mlkem-native and mldsa-native, then rebuild.
  MSG

  include_dirs = [__dir__, mlkem_dir, mldsa_dir, *recursive_include_dirs(mlkem_dir), *recursive_include_dirs(mldsa_dir)].uniq
  include_dirs.each { |dir| $CPPFLAGS << " -I#{dir}" }

  {
    mlkem_dir: mlkem_dir,
    mldsa_dir: mldsa_dir,
    mlkem_c: mlkem_c,
    mldsa_c: mldsa_c,
    mlkem_asm: File.join(mlkem_dir, "mlkem_native_asm.S"),
    mldsa_asm: File.join(mldsa_dir, "mldsa_native_asm.S")
  }
end

#native_vendor_ready?(vendor_dir) ⇒ Boolean

Returns:

• (Boolean)

# File 'ext/pqcrypto/extconf.rb', line 59

def native_vendor_ready?(vendor_dir)
  File.exist?(File.join(vendor_dir, ".vendored")) &&
    native_vendor_sources_for(vendor_dir).all? { |path| File.exist?(path) }
end

#native_vendor_sources_for(vendor_dir) ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 52

def native_vendor_sources_for(vendor_dir)
  [
    File.join(vendor_dir, "mlkem-native", "mlkem", "mlkem_native.c"),
    File.join(vendor_dir, "mldsa-native", "mldsa", "mldsa_native.c")
  ]
end

#recursive_include_dirs(root) ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 161

def recursive_include_dirs(root)
  Dir.glob(File.join(root, "**", "*")).select { |p| File.directory?(p) }.map { |p| File.expand_path(p) }
end

#run_vendor_script!(vendor_dir) ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 68

def run_vendor_script!(vendor_dir)
  script = vendor_script_path
  abort <<~MSG unless File.exist?(script)
    PQ Code Package vendored sources are missing and script/vendor_libs.rb was not packaged.

    Expected:
      #{native_vendor_sources_for(vendor_dir).join("\n  ")}

    Rebuild the gem from a repository that includes script/vendor_libs.rb, or run
    script/vendor_libs.rb before building the gem package.
  MSG

  abort <<~MSG if ENV["PQCRYPTO_AUTO_VENDOR"] == "0"
    PQ Code Package vendored sources are missing and PQCRYPTO_AUTO_VENDOR=0 was set.

    Expected:
      #{native_vendor_sources_for(vendor_dir).join("\n  ")}

    Run:
      ruby script/vendor_libs.rb
  MSG

  puts "PQ Code Package native sources are missing; vendoring now..."
  ok = system(RbConfig.ruby, script)
  abort <<~MSG unless ok
    Failed to vendor PQ Code Package native sources.

    This build intentionally has no PQClean fallback. Install git/network access or
    vendor mlkem-native and mldsa-native before installing the gem.
  MSG
end

#vendor_script_path ⇒ Object

# File 'ext/pqcrypto/extconf.rb', line 64

def vendor_script_path
  File.expand_path("../../script/vendor_libs.rb", __dir__)
end