add ML-KEM/ML-DSA support for C# wrapper#9994
add ML-KEM/ML-DSA support for C# wrapper#9994tamasan238 wants to merge 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds post-quantum ML-KEM (KEM) and ML-DSA (Dilithium) support to the wolfSSL C# wrapper, enabling consumers to generate/import/export keys and perform encapsulation/decapsulation and signing/verification from managed code.
Changes:
- Expose
wolfSSL_UseKeyShare()and add a C#NamedGroupenum for selecting PQ/hybrid TLS key shares. - Add C# P/Invoke bindings and managed helper APIs for ML-KEM and ML-DSA (Dilithium) operations in
wolfCrypt.cs. - Extend the C# wrapper test app with ML-KEM and ML-DSA exercise tests; enable required build flags in
user_settings.h.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 12 comments.
| File | Description |
|---|---|
| wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | Adds TLS 1.3 key share API and a named-group enum including ML-KEM-related IDs. |
| wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | Introduces ML-KEM and ML-DSA P/Invoke declarations and managed convenience wrappers. |
| wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | Adds basic ML-KEM and ML-DSA test flows to the C# test runner. |
| wrapper/CSharp/user_settings.h | Enables ML-KEM/ML-DSA-related compile-time options for the wrapper build. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Adds post-quantum ML-KEM (key encapsulation) and ML-DSA / Dilithium (signatures) support to the C# wrapper layer, including TLS NamedGroup IDs for hybrid/PQ key shares, and enables the required wolfSSL build flags for the C# wrapper build.
Changes:
- Add
wolfSSL_UseKeyShare()P/Invoke plus aNamedGroupenum for (hybrid) PQ key share selection in the C# wolfSSL wrapper. - Add ML-KEM and ML-DSA (Dilithium) P/Invoke bindings and higher-level convenience wrappers in
wolfCrypt.cs. - Add C# wrapper tests for ML-KEM encapsulation/decapsulation and ML-DSA key export/import + sign/verify, and enable required build macros in
user_settings.h.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | Adds wolfSSL_UseKeyShare binding and a NamedGroup enum including ML-KEM/hybrid group IDs. |
| wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | Adds ML-KEM and ML-DSA/Dilithium bindings and managed helper APIs. |
| wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | Adds ML-KEM and ML-DSA test routines and wires them into the test runner. |
| wrapper/CSharp/user_settings.h | Enables ML-KEM/ML-DSA and SHAKE options for the C# wrapper build. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Adds post-quantum (PQC) ML-KEM and ML-DSA support to the wolfSSL C# wrapper, aligning the wrapper with upstream functionality (referenced from PR #9040) and enabling PQC usage in both TLS (key shares) and wolfCrypt APIs.
Changes:
- Add
wolfSSL_UseKeyShare()P/Invoke + aNamedGroupenum to support ML-KEM (and other) TLS key share selection from C#. - Add ML-KEM and Dilithium (ML-DSA) P/Invokes and managed wrapper APIs to
wolfCrypt.cs. - Add C# wrapper test coverage for ML-KEM encaps/decaps and ML-DSA sign/verify; enable needed features in
user_settings.h.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | Adds TLS 1.3 key share selection API (UseKeyShare) and NamedGroup IDs including ML-KEM/hybrid groups. |
| wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | Introduces ML-KEM key management/encode/decode/encaps/decaps and Dilithium (ML-DSA) key/sign/verify wrapper APIs and related P/Invokes. |
| wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | Adds ML-KEM and ML-DSA tests and wires them into the test main flow. |
| wrapper/CSharp/user_settings.h | Enables ML-KEM / Dilithium and SHAKE for the C# wrapper build configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Adds ML-KEM (key encapsulation) and ML-DSA/Dilithium (sign/verify) support to the C# wrapper, and exposes TLS key share configuration to enable PQ/hybrid named groups in TLS 1.3 handshakes.
Changes:
- Add
NamedGroupenum +UseKeyShare()wrapper inwolfSSL.csto request specific TLS 1.3 key shares (incl. ML-KEM / hybrid groups). - Add ML-KEM and ML-DSA (Dilithium) P/Invoke declarations and managed convenience APIs in
wolfCrypt.cs. - Enable ML-KEM/ML-DSA in the C# wrapper build settings and add C# wrapper tests covering ML-KEM and ML-DSA flows.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | Exposes TLS 1.3 key share selection and adds a named-group enum (incl. PQ/hybrid IDs). |
| wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | Adds ML-KEM and ML-DSA/Dilithium native bindings plus C# helper APIs. |
| wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | Adds test coverage for ML-KEM shared-secret agreement and ML-DSA sign/verify. |
| wrapper/CSharp/user_settings.h | Turns on build flags needed for ML-KEM/ML-DSA in the C# wrapper build. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Adds post-quantum algorithm support to the C# wrapper layer by exposing ML-KEM (key encapsulation) and ML-DSA (Dilithium signing) APIs, plus TLS 1.3 key-share selection for PQ/hybrid groups. This aligns the wrapper with the underlying wolfSSL/wolfCrypt capabilities referenced by PR #9040.
Changes:
- Expose
wolfSSL_UseKeyShare()via a newUseKeyShare()wrapper and aNamedGroupenum inwolfSSL.cs. - Add ML-KEM key management/encode/decode/encapsulate/decapsulate APIs and Dilithium (ML-DSA) key/sign/verify APIs in
wolfCrypt.cs. - Add C# wrapper tests for ML-KEM shared secret agreement and ML-DSA sign/verify, and enable the required build flags in
user_settings.h.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | Adds TLS 1.3 UseKeyShare() P/Invoke and NamedGroup constants for PQ/hybrid groups. |
| wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | Introduces ML-KEM and ML-DSA (Dilithium) P/Invokes, higher-level helper APIs, and a missing error constant. |
| wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | Adds test coverage for ML-KEM encaps/decaps shared secrets and ML-DSA key export/import + sign/verify. |
| wrapper/CSharp/user_settings.h | Enables ML-KEM/Dilithium and SHAKE support needed by the new wrapper APIs/tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
This PR extends the wolfSSL C# wrapper to expose post-quantum cryptography support, adding ML-KEM (key encapsulation) and ML-DSA (Dilithium signature) APIs and enabling the required build settings for the C# wrapper configuration.
Changes:
- Add
wolfSSL_UseKeyShare()P/Invoke plus a C#UseKeyShare()wrapper andNamedGroupIDs for selecting ML-KEM/hybrid key shares in TLS 1.3. - Add ML-KEM and ML-DSA (Dilithium) P/Invokes and managed helper APIs to generate keys, encode/decode keys, encapsulate/decapsulate, and sign/verify.
- Add C# wrapper tests for ML-KEM and ML-DSA, and enable the needed wolfSSL/wolfCrypt build macros in
user_settings.h.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | Adds NamedGroup constants and UseKeyShare() wrapper to drive ML-KEM/hybrid key shares in TLS 1.3. |
| wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | Introduces ML-KEM + ML-DSA (Dilithium) P/Invoke declarations and managed helper APIs. |
| wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | Adds functional tests covering ML-KEM KEM flow and ML-DSA keygen/sign/verify. |
| wrapper/CSharp/user_settings.h | Enables ML-KEM/ML-DSA and required dependencies (SHAKE, DTLS CH fragmentation for DTLS 1.3 PQ). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Jenkins retest this please: "PRB-multi-test-script #9800" |
| } | ||
| catch (Exception ex) | ||
| { | ||
| Console.WriteLine($"ML-KEM test failed: {ex.Message}"); |
There was a problem hiding this comment.
./autogen.sh
cp wrapper/CSharp/user_settings.h .
./configure --enable-usersettings
make
cd wrapper/CSharp
mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:wolfcrypttest.exe
mono wolfcrypttest.exe
Testing ML-KEM Key Generation...
Generate Key Pair A...
MlKem key creation exception: System.EntryPointNotFoundException: wc_MlKemKey_New assembly:<unknown assembly> type:<unknown type> member:(null)
at (wrapper managed-to-native) wolfSSL.CSharp.wolfcrypt.wc_MlKemKey_New(int,intptr,int)
at wolfSSL.CSharp.wolfcrypt.MlKemMakeKey (wolfSSL.CSharp.wolfcrypt+MlKemTypes type, System.IntPtr heap, System.Int32 devId) [0x00010] in <19b282451d9f4a87bc3d7c440f76d98a>:0
Failed to generate key pair A.
ML-KEM test failed: ML-KEM test failed.
An error occurred: ML-KEM test failed.
There was a problem hiding this comment.
This is strange. This API has already been added in #9039 .
Also, this doesn't happen when building with Visual Studio, etc.
There might be an issue with the DLL reference or build flag settings. I'll check it immediately.
There was a problem hiding this comment.
1️⃣
cp wrapper/CSharp/user_settings.h .
./configure --enable-usersettingsI confirmed that ML-KEM/ML-DSA is not enabled in the above steps.
I will continue to investigate why this is happening.
2️⃣
And, in wolfSSL 5.9.0 (unchanged),
cp wrapper/CSharp/user_settings.h .
./configure --enable-usersettings
make
make checkI confirmed that this fails.
Specifically, the following two items fail:
- testsuite/testsuite.test
- scripts/unit.test
I would like to investigate these as well, but my knowledge in these areas is not extensive.
If you have any information, I would appreciate any advice you can offer.
Implementing ML-KEM and ML-DSA APIs in the C# wrapper.
This PR was written based on #9040.