Top Level Namespace

Defined Under Namespace

Modules: PQCrypto

Constant Summary collapse

VENDOR_ONLY_CFLAGS = 
"-Wno-unused-parameter -Wno-unused-function -Wno-strict-prototypes -Wno-pedantic -Wno-c23-extensions -Wno-undef"
SANITIZE = 
ENV["PQCRYPTO_SANITIZE"]
NATIVE_ASM = 
env_bool("PQCRYPTO_NATIVE_ASM", native_asm_supported_by_default?)
NATIVE_ARITH = 
env_bool("PQCRYPTO_NATIVE_ARITH", NATIVE_ASM)
NATIVE_FIPS202 = 
env_bool("PQCRYPTO_NATIVE_FIPS202", NATIVE_ASM)
X86_VENDOR_ARCH_FLAGS = 
"-mavx2 -mbmi -mbmi2 -mpopcnt -maes -mssse3 -msse4.1 -msse4.2"
VENDOR_C_ARCH_FLAGS = 
+""
VENDOR_ASM_ARCH_FLAGS = 
+""

Instance Method Summary collapse

Instance Method Details

#aarch64_host?Boolean

Returns:

  • (Boolean) 


50
51
52
 
# File 'ext/pqcrypto/extconf.rb', line 50

def aarch64_host?
  host_cpu =~ /\A(?:arm64|aarch64)\z/i
end

#configure_compiler_environmentObject 



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'ext/pqcrypto/extconf.rb', line 97

def configure_compiler_environment
  if RUBY_PLATFORM.include?("darwin")
    dir_config("homebrew", "/opt/homebrew")
    $CPPFLAGS << " -I/opt/homebrew/include"
    $LDFLAGS << " -L/opt/homebrew/lib"
    return
  end

  openssl_root = ENV["OPENSSL_ROOT_DIR"] || ENV["OPENSSL_DIR"]
  if openssl_root && !openssl_root.strip.empty? && File.directory?(openssl_root)
    $CPPFLAGS << " -I#{openssl_root}/include"
    %w[lib64 lib].each do |suffix|
      libdir = File.join(openssl_root, suffix)
      next unless File.directory?(libdir)

      $LDFLAGS << " -L#{libdir} -Wl,-rpath,#{libdir}"
      break
    end
  elsif find_executable("pkg-config")
    cflags = `pkg-config --cflags openssl 2>/dev/null`.strip
    libs = `pkg-config --libs-only-L openssl 2>/dev/null`.strip
    $CPPFLAGS << " #{cflags}" unless cflags.empty?
    $LDFLAGS << " #{libs}" unless libs.empty?
  end
end

#configure_openssl!Object 



190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'ext/pqcrypto/extconf.rb', line 190

def configure_openssl!
  configure_compiler_environment

  abort "OpenSSL libcrypto is required" unless have_library("crypto")
  abort "OpenSSL libssl is required" unless have_library("ssl")
  abort "openssl/evp.h is required" unless have_header("openssl/evp.h")
  abort "openssl/rand.h is required" unless have_header("openssl/rand.h")
  abort "openssl/crypto.h is required" unless have_header("openssl/crypto.h")

  version_check = <<~SRC
    #include <openssl/opensslv.h>
    #if OPENSSL_VERSION_NUMBER < 0x30000000L
    #error "OpenSSL 3.0 or later is required"
    #endif
    int main(void) { return 0; }
  SRC
  abort "OpenSSL 3.0 or later is required" unless try_compile(version_check)

  sha3_check = <<~SRC
    #include <openssl/evp.h>
    int main(void) {
        const EVP_MD *md = EVP_sha3_256();
        return md == NULL ? 1 : 0;
    }
  SRC
  abort "OpenSSL SHA3-256 is required (X-Wing combiner)" unless try_compile(sha3_check)

  shake_check = <<~SRC
    #include <openssl/evp.h>
    int main(void) {
        const EVP_MD *md = EVP_shake256();
        return md == NULL ? 1 : 0;
    }
  SRC
  abort "OpenSSL SHAKE256 is required (X-Wing key expansion / ML-DSA streaming mu)" unless try_compile(shake_check)

  $CFLAGS << " -DHAVE_OPENSSL_EVP_H -DHAVE_OPENSSL_RAND_H"
end

#env_bool(name, default) ⇒ Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'ext/pqcrypto/extconf.rb', line 64

def env_bool(name, default)
  value = ENV[name]
  return default if value.nil? || value.strip.empty? || value.strip.downcase == "auto"

  case value.strip.downcase
  when "1", "true", "yes", "on"
    true
  when "0", "false", "no", "off"
    false
  else
    abort "Invalid #{name}=#{value.inspect}; use 1, 0, true, false, or auto"
  end
end

#find_vendor_dirObject 



168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
 
# File 'ext/pqcrypto/extconf.rb', line 168

def find_vendor_dir
  candidates = [
    File.join(__dir__, "vendor"),
    File.expand_path("../../ext/pqcrypto/vendor", __dir__),
    File.join(Dir.pwd, "ext", "pqcrypto", "vendor")
  ]

  dir = __dir__
  6.times do
    candidates << File.join(dir, "ext", "pqcrypto", "vendor")
    dir = File.dirname(dir)
  end

  candidates.map! { |path| File.expand_path(path) }
  candidates.uniq!

  primary = File.expand_path(File.join(__dir__, "vendor"))
  run_vendor_script!(primary) unless native_vendor_ready?(primary)

  candidates.find { |path| native_vendor_ready?(path) }
end

#generate_version_header!Object 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'ext/pqcrypto/extconf.rb', line 8

def generate_version_header!
  version = PQCrypto::VERSION
  unless version.match?(/\A[0-9A-Za-z][0-9A-Za-z._+-]*\z/)
    abort "Invalid PQCrypto::VERSION for C header: #{version.inspect}"
  end

  header = File.join(__dir__, "pqcrypto_version.h")
  File.write(header, <<~C)
    /* Generated by extconf.rb from lib/pq_crypto/version.rb. Do not edit. */
    #ifndef PQCRYPTO_VERSION_H
    #define PQCRYPTO_VERSION_H

    #define PQCRYPTO_VERSION #{version.dump}

    #endif
  C
end

#host_cpuObject 



42
43
44
 
# File 'ext/pqcrypto/extconf.rb', line 42

def host_cpu
  RbConfig::CONFIG.fetch("host_cpu", "")
end

#host_osObject 



46
47
48
 
# File 'ext/pqcrypto/extconf.rb', line 46

def host_os
  RbConfig::CONFIG.fetch("host_os", "")
end

#inject_native_sources!(config) ⇒ Object 



286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
 
# File 'ext/pqcrypto/extconf.rb', line 286

def inject_native_sources!(config)
  makefile = File.read("Makefile")

  vendor_objects = []
  build_rules = []

  [
    [:mlkem, "512", config[:mlkem_c], true],
    [:mlkem, "768", config[:mlkem_c], false],
    [:mlkem, "1024", config[:mlkem_c], false],
    [:mldsa, "44", config[:mldsa_c], true],
    [:mldsa, "65", config[:mldsa_c], false],
    [:mldsa, "87", config[:mldsa_c], false]
  ].each do |kind, level, source, shared|
    object = "pqnative_#{kind}_#{level}.o"
    flags = native_flags(kind, level, shared: shared)
    vendor_objects << object
    build_rules << <<~RULE
      #{object}: #{source}
      	$(ECHO) compiling #{source} [#{kind}-#{level}]
      	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(CCDLFLAGS) #{VENDOR_ONLY_CFLAGS} #{VENDOR_C_ARCH_FLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
    RULE
  end

  if NATIVE_ARITH || NATIVE_FIPS202
    [
      [:mlkem, "512", config[:mlkem_asm], true],
      [:mlkem, "768", config[:mlkem_asm], false],
      [:mlkem, "1024", config[:mlkem_asm], false],
      [:mldsa, "44", config[:mldsa_asm], true],
      [:mldsa, "65", config[:mldsa_asm], false],
      [:mldsa, "87", config[:mldsa_asm], false]
    ].each do |kind, level, source, shared|
      next unless File.exist?(source)

      object = "pqnative_#{kind}_#{level}_asm.o"
      flags = native_flags(kind, level, shared: shared)
      vendor_objects << object
      build_rules << <<~RULE
        #{object}: #{source}
        	$(ECHO) assembling #{source} [#{kind}-#{level}]
        	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(CCDLFLAGS) #{VENDOR_ONLY_CFLAGS} #{VENDOR_ASM_ARCH_FLAGS} #{flags} $(COUTFLAG)$@ -c $(CSRCFLAG)$<
      RULE
    end
  end

  objects_line = makefile.lines.find { |line| line.start_with?("OBJS = ") }
  raise "Could not find OBJS line in generated Makefile" unless objects_line

  makefile.sub!(objects_line, objects_line.chomp + " #{vendor_objects.join(' ')}\n")

  unless makefile.include?("# vendored pq-code-package objects")
    rules_block = "\n# vendored pq-code-package objects\n" + build_rules.join("\n") + "\n"
    anchor = "$(OBJS): $(HDRS) $(ruby_headers)\n"
    raise "Could not find OBJS dependency anchor in generated Makefile" unless makefile.include?(anchor)

    makefile.sub!(anchor, anchor + rules_block)
  end

  File.write("Makefile", makefile)
end

#native_asm_supported_by_default?Boolean

Returns:

  • (Boolean) 


58
59
60
61
62
 
# File 'ext/pqcrypto/extconf.rb', line 58

def native_asm_supported_by_default?
  return false if host_os =~ /mswin|mingw|cygwin/i

  aarch64_host?
end

#native_flags(kind, level, shared:) ⇒ Object 



272
273
274
275
276
277
278
279
280
281
282
283
284
 
# File 'ext/pqcrypto/extconf.rb', line 272

def native_flags(kind, level, shared:)
  prefix = kind == :mlkem ? "MLK" : "MLD"
  ns = kind == :mlkem ? "pqcr_mlkem" : "pqcr_mldsa"
  flags = []
  flags << "-D#{prefix}_CONFIG_MULTILEVEL_BUILD"
  flags << "-D#{prefix}_CONFIG_PARAMETER_SET=#{level}"
  flags << "-D#{prefix}_CONFIG_NAMESPACE_PREFIX=#{ns}"
  flags << "-D#{prefix}_CONFIG_NO_SUPERCOP"
  flags << (shared ? "-D#{prefix}_CONFIG_MULTILEVEL_WITH_SHARED" : "-D#{prefix}_CONFIG_MULTILEVEL_NO_SHARED")
  flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_ARITH" if NATIVE_ARITH
  flags << "-D#{prefix}_CONFIG_USE_NATIVE_BACKEND_FIPS202" if NATIVE_FIPS202
  flags.join(" ")
end

#native_vendor_config(vendor_dir) ⇒ Object 



233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
 
# File 'ext/pqcrypto/extconf.rb', line 233

def native_vendor_config(vendor_dir)
  abort <<~MSG unless vendor_dir
    PQ Code Package vendored sources are required.

    Expected:
      ext/pqcrypto/vendor/mlkem-native/mlkem/mlkem_native.c
      ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.c

    Run:
      bundle exec rake vendor
  MSG

  mlkem_dir = File.join(vendor_dir, "mlkem-native", "mlkem")
  mldsa_dir = File.join(vendor_dir, "mldsa-native", "mldsa")
  mlkem_c = File.join(mlkem_dir, "mlkem_native.c")
  mldsa_c = File.join(mldsa_dir, "mldsa_native.c")

  missing = [mlkem_c, mldsa_c].reject { |path| File.exist?(path) }
  abort <<~MSG unless missing.empty?
    Missing PQ Code Package native source files:
      #{missing.join("\n  ")}

    This build intentionally has no PQClean fallback. Auto-vendoring did not
    produce the required files. Vendor mlkem-native and mldsa-native, then rebuild.
  MSG

  include_dirs = [__dir__, mlkem_dir, mldsa_dir, *recursive_include_dirs(mlkem_dir), *recursive_include_dirs(mldsa_dir)].uniq
  include_dirs.each { |dir| $CPPFLAGS << " -I#{dir}" }

  {
    mlkem_dir: mlkem_dir,
    mldsa_dir: mldsa_dir,
    mlkem_c: mlkem_c,
    mldsa_c: mldsa_c,
    mlkem_asm: File.join(mlkem_dir, "mlkem_native_asm.S"),
    mldsa_asm: File.join(mldsa_dir, "mldsa_native_asm.S")
  }
end

#native_vendor_ready?(vendor_dir) ⇒ Boolean

Returns:

  • (Boolean) 


130
131
132
133
 
# File 'ext/pqcrypto/extconf.rb', line 130

def native_vendor_ready?(vendor_dir)
  File.exist?(File.join(vendor_dir, ".vendored")) &&
    native_vendor_sources_for(vendor_dir).all? { |path| File.exist?(path) }
end

#native_vendor_sources_for(vendor_dir) ⇒ Object 



123
124
125
126
127
128
 
# File 'ext/pqcrypto/extconf.rb', line 123

def native_vendor_sources_for(vendor_dir)
  [
    File.join(vendor_dir, "mlkem-native", "mlkem", "mlkem_native.c"),
    File.join(vendor_dir, "mldsa-native", "mldsa", "mldsa_native.c")
  ]
end

#recursive_include_dirs(root) ⇒ Object 



229
230
231
 
# File 'ext/pqcrypto/extconf.rb', line 229

def recursive_include_dirs(root)
  Dir.glob(File.join(root, "**", "*")).select { |p| File.directory?(p) }.map { |p| File.expand_path(p) }
end

#run_vendor_script!(vendor_dir) ⇒ Object 



139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
 
# File 'ext/pqcrypto/extconf.rb', line 139

def run_vendor_script!(vendor_dir)
  abort <<~MSG if ENV["PQCRYPTO_AUTO_VENDOR"] != "1"
    PQ Code Package vendored sources are missing.

    Expected:
      #{native_vendor_sources_for(vendor_dir).join("\n  ")}

    The vendor tree is committed to the repository and shipped with the gem.
    If it is missing, the source tree is incomplete or corrupted.

    To fetch upstream sources at the pinned commits run:
      ruby script/vendor_libs.rb

    Or to allow extconf.rb to do this for you set PQCRYPTO_AUTO_VENDOR=1.
  MSG

  script = vendor_script_path
  abort "PQ Code Package vendored sources are missing and script/vendor_libs.rb was not packaged." unless File.exist?(script)

  puts "PQ Code Package native sources are missing; vendoring now (PQCRYPTO_AUTO_VENDOR=1)..."
  ok = system(RbConfig.ruby, script)
  abort <<~MSG unless ok
    Failed to vendor PQ Code Package native sources.

    This build intentionally has no PQClean fallback. Install git/network access or
    vendor mlkem-native and mldsa-native before installing the gem.
  MSG
end

#vendor_script_pathObject 



135
136
137
 
# File 'ext/pqcrypto/extconf.rb', line 135

def vendor_script_path
  File.expand_path("../../script/vendor_libs.rb", __dir__)
end

#x86_64_host?Boolean

Returns:

  • (Boolean) 


54
55
56
 
# File 'ext/pqcrypto/extconf.rb', line 54

def x86_64_host?
  host_cpu =~ /\A(?:x86_64|amd64|x64)\z/i
end