Peer review fixes

Author: dgarske

wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs

@@ -703,12 +703,12 @@ private static void mlkem_test(wolfcrypt.MlKemTypes type)
             }
             if (ret == 0)
             {
-                Console.WriteLine("Generate Key Pair B...");
-                keyB = wolfcrypt.MlKemMakeKey(type, heap, devId);
+                Console.WriteLine("Initialize Key B for decode...");
+                keyB = wolfcrypt.MlKemNew(type, heap, devId);
                 if (keyB == IntPtr.Zero)
                 {
                     ret = -1;
-                    Console.Error.WriteLine("Failed to generate key pair B.");
+                    Console.Error.WriteLine("Failed to initialize key B for decode.");
                 }
             }
             if (ret == 0)
@@ -769,7 +769,7 @@ private static void mlkem_test(wolfcrypt.MlKemTypes type)
                 ret = wolfcrypt.MlKemDecodePublicKey(keyB, pubA);
                 if (ret != 0)
                 {
-                    Console.Error.WriteLine($"Failed to decode public key of B. Error code: {ret}");
+                    Console.Error.WriteLine($"Failed to decode public key of A. Error code: {ret}");
                 }
             }
             if (ret == 0)

wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs

@@ -445,22 +445,14 @@ public class wolfcrypt
         [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_Delete(IntPtr key, IntPtr key_p);
         [DllImport(wolfssl_dll)]
-        private static extern int wc_MlKemKey_Init(IntPtr key, int type, IntPtr heap, int devId);
-        [DllImport(wolfssl_dll)]
-        private static extern int wc_MlKemKey_Free(IntPtr key);
-        [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_MakeKey(IntPtr key, IntPtr rng);
         [DllImport(wolfssl_dll)]
-        private static extern int wc_MlKemKey_MakeKeyWithRandom(IntPtr key, byte[] rand, int len);
-        [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_EncodePublicKey(IntPtr key, byte[] output, uint len);
         [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_DecodePublicKey(IntPtr key, byte[] input, uint len);
         [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_Encapsulate(IntPtr key, byte[] ct, byte[] ss, IntPtr rng);
         [DllImport(wolfssl_dll)]
-        private static extern int wc_MlKemKey_EncapsulateWithRandom(IntPtr key, byte[] ct, byte[] ss, byte[] rand, int len);
-        [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_Decapsulate(IntPtr key, byte[] ss, byte[] ct, uint len);
         [DllImport(wolfssl_dll)]
         private static extern int wc_MlKemKey_EncodePrivateKey(IntPtr key, byte[] output, uint len);
@@ -480,22 +472,14 @@ public class wolfcrypt
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_Delete(IntPtr key, IntPtr key_p);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
-        private static extern int wc_MlKemKey_Init(IntPtr key, int type, IntPtr heap, int devId);
-        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
-        private static extern int wc_MlKemKey_Free(IntPtr key);
-        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_MakeKey(IntPtr key, IntPtr rng);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
-        private static extern int wc_MlKemKey_MakeKeyWithRandom(IntPtr key, byte[] rand, int len);
-        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_EncodePublicKey(IntPtr key, byte[] output, uint len);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_DecodePublicKey(IntPtr key, byte[] input, uint len);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_Encapsulate(IntPtr key, byte[] ct, byte[] ss, IntPtr rng);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
-        private static extern int wc_MlKemKey_EncapsulateWithRandom(IntPtr key, byte[] ct, byte[] ss, byte[] rand, int len);
-        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_Decapsulate(IntPtr key, byte[] ss, byte[] ct, uint len);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_MlKemKey_EncodePrivateKey(IntPtr key, byte[] output, uint len);
@@ -512,12 +496,8 @@ public class wolfcrypt
         [DllImport(wolfssl_dll)]
         private static extern int wc_dilithium_delete(IntPtr key, IntPtr key_p);
         [DllImport(wolfssl_dll)]
-        private static extern int wc_dilithium_init_ex(IntPtr key, IntPtr heap, int devId);
-        [DllImport(wolfssl_dll)]
         private static extern int wc_dilithium_set_level(IntPtr key, byte level);
         [DllImport(wolfssl_dll)]
-        private static extern void wc_dilithium_free(IntPtr key);
-        [DllImport(wolfssl_dll)]
         private static extern int wc_dilithium_make_key(IntPtr key, IntPtr rng);
         [DllImport(wolfssl_dll)]
         private static extern int wc_dilithium_export_private(IntPtr key, byte[] output, ref uint outLen);
@@ -543,12 +523,8 @@ public class wolfcrypt
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_dilithium_delete(IntPtr key, IntPtr key_p);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
-        private static extern int wc_dilithium_init_ex(IntPtr key, IntPtr heap, int devId);
-        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_dilithium_set_level(IntPtr key, byte level);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
-        private static extern void wc_dilithium_free(IntPtr key);
-        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_dilithium_make_key(IntPtr key, IntPtr rng);
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private static extern int wc_dilithium_export_private(IntPtr key, byte[] output, ref uint outLen);
@@ -2864,6 +2840,33 @@ public static void Curve25519ExportKeyRaw(IntPtr key, out byte[] privateKey, out
         // These APIs work by adding several options to wolfCrypt.
         // Please refer to `../user_settings.h`.
 
+        /// <summary>
+        /// Allocate and initialize a new ML-KEM key without generating key
+        /// material. Use this when you intend to import or decode an existing
+        /// key (e.g., before calling MlKemDecodePublicKey/MlKemDecodePrivateKey).
+        /// </summary>
+        /// <param name="type">ML-KEM parameter set type</param>
+        /// <param name="heap">Heap pointer for memory allocation</param>
+        /// <param name="devId">Device ID (if applicable)</param>
+        /// <returns>Pointer to the MlKem key structure, or IntPtr.Zero on failure</returns>
+        public static IntPtr MlKemNew(MlKemTypes type, IntPtr heap, int devId)
+        {
+            try
+            {
+                IntPtr key = wc_MlKemKey_New((int)type, heap, devId);
+                if (key == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Failed to allocate or initialize MlKem key.");
+                }
+                return key;
+            }
+            catch (Exception ex)
+            {
+                log(ERROR_LOG, "MlKem key allocation exception: " + ex.ToString());
+                return IntPtr.Zero;
+            }
+        }
+
         /// <summary>
         /// Create a new ML-KEM key pair and initialize it with random values
         /// </summary>
@@ -3288,6 +3291,58 @@ public enum MlKemTypes
         // These APIs work by adding several options to wolfCrypt.
         // Please refer to `../user_settings.h`.
 
+        /// <summary>
+        /// Allocate and initialize a new Dilithium key (with level set) without
+        /// generating key material. Use this when you intend to import an
+        /// existing key (e.g., before calling DilithiumImportPublicKey or
+        /// DilithiumImportPrivateKey).
+        /// </summary>
+        /// <param name="heap">Heap pointer for memory allocation</param>
+        /// <param name="devId">Device ID (if applicable)</param>
+        /// <param name="level">Dilithium security level</param>
+        /// <returns>Pointer to the Dilithium key structure, or IntPtr.Zero on failure</returns>
+        public static IntPtr DilithiumNew(IntPtr heap, int devId, MlDsaLevels level)
+        {
+            IntPtr key = IntPtr.Zero;
+            bool success = false;
+
+            try
+            {
+                key = wc_dilithium_new(heap, devId);
+                if (key == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Failed to allocate and initialize Dilithium key.");
+                    return IntPtr.Zero;
+                }
+
+                int ret = wc_dilithium_set_level(key, (byte)level);
+                if (ret != 0)
+                {
+                    log(ERROR_LOG, "Failed to set Dilithium level. Error code: " + ret);
+                    return IntPtr.Zero;
+                }
+
+                success = true;
+                return key;
+            }
+            catch (Exception ex)
+            {
+                log(ERROR_LOG, "Dilithium key allocation exception: " + ex.ToString());
+                return IntPtr.Zero;
+            }
+            finally
+            {
+                if (!success && key != IntPtr.Zero)
+                {
+                    int ret = DilithiumFreeKey(ref key);
+                    if (ret != 0)
+                    {
+                        log(ERROR_LOG, "Failed to free Dilithium key. Error code: " + ret);
+                    }
+                }
+            }
+        }
+
         /// <summary>
         /// Create a new Dilithium key pair and initialize it with random values
         /// </summary>

wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs

@@ -767,16 +767,15 @@ public enum NamedGroup
             WOLFSSL_X25519_KYBER_LEVEL3   = 25497,
             WOLFSSL_P256_KYBER_LEVEL3     = 25498,
 
-            /* Taken from draft-connolly-tls-mlkem-key-agreement, see:
-             * https://github.com/dconnolly/draft-connolly-tls-mlkem-key-agreement/
+            /* Taken from draft-ietf-tls-mlkem, see:
+             * https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/
              */
             WOLFSSL_ML_KEM_512 = 512,
             WOLFSSL_ML_KEM_768 = 513,
             WOLFSSL_ML_KEM_1024 = 514,
 
-            /* Taken from draft-kwiatkowski-tls-ecdhe-mlkem. see:
-             * https://github.com/post-quantum-cryptography/
-             *      draft-kwiatkowski-tls-ecdhe-mlkem/
+            /* Taken from draft-ietf-tls-ecdhe-mlkem, see:
+             * https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/
              */
             WOLFSSL_SECP256R1MLKEM768     = 4587,
             WOLFSSL_X25519MLKEM768        = 4588,