wc_mlkem.h
Functions
| Name | |
|---|---|
| MlKemKey * | wc_MlKemKey_New(int type, void * heap, int devId) Allocates and initializes a new MlKemKey on the heap. The returned pointer must be released with wc_MlKemKey_Delete(). |
| int | wc_MlKemKey_Delete(MlKemKey * key, MlKemKey ** key_p) Frees and zeros a heap_allocated MlKemKey previously returned by wc_MlKemKey_New(). On success the caller's pointer variable is set to NULL via key_p when key_p is not NULL. |
| int | wc_MlKemKey_Init(MlKemKey * key, int type, void * heap, int devId) Initializes an MlKemKey object in place. The type parameter selects the ML-KEM variant and must be one of WC_ML_KEM_512, WC_ML_KEM_768 or WC_ML_KEM_1024. |
| int | wc_MlKemKey_Free(MlKemKey * key) Releases resources held by an MlKemKey. After this call the object must be re_initialized with wc_MlKemKey_Init() before it can be used again. Safe to call with a NULL pointer. |
| int | wc_MlKemKey_Init_Id(MlKemKey * key, int type, const unsigned char * id, int len, void * heap, int devId) Initializes an MlKemKey with a device_side key identifier. Equivalent to wc_MlKemKey_Init() but also stashes a binary id that a crypto callback can use to look up the underlying key material on the device. Only available when wolfSSL is built with WOLF_PRIVATE_KEY_ID. |
| int | wc_MlKemKey_Init_Label(MlKemKey * key, int type, const char * label, void * heap, int devId) Initializes an MlKemKey with a device_side key label. Equivalent to wc_MlKemKey_Init() but also stashes a label string that a crypto callback can use to look up the underlying key material on the device. Only available when wolfSSL is built with WOLF_PRIVATE_KEY_ID. |
| int | wc_MlKemKey_MakeKey(MlKemKey * key, WC_RNG * rng) Generates a new ML-KEM key pair using the provided RNG. Both the public and private components are populated on success. |
| int | wc_MlKemKey_MakeKeyWithRandom(MlKemKey * key, const unsigned char * rand, int len) Deterministic key generation: produces an ML-KEM key pair from the supplied 64 bytes of randomness instead of an RNG. Useful for known-answer tests and for applications that derive key randomness from another secret. |
| int | wc_MlKemKey_CipherTextSize(MlKemKey * key, word32 * len) Returns the ciphertext size in bytes for the variant selected on this key. |
| int | wc_MlKemKey_SharedSecretSize(MlKemKey * key, word32 * len) Returns the shared_secret size in bytes for ML_KEM. The value is the same (32 bytes) across all parameter sets but is queried programmatically for symmetry with wc_MlKemKey_CipherTextSize(). |
| int | wc_MlKemKey_Encapsulate(MlKemKey * key, unsigned char * ct, unsigned char * ss, WC_RNG * rng) Encapsulates a fresh shared secret against the public key held in key. Produces a ciphertext that the holder of the corresponding private key can pass to wc_MlKemKey_Decapsulate() to recover the same shared secret. |
| int | wc_MlKemKey_EncapsulateWithRandom(MlKemKey * key, unsigned char * ct, unsigned char * ss, const unsigned char * rand, int len) Deterministic variant of wc_MlKemKey_Encapsulate(). Uses the supplied 32 bytes of randomness instead of consuming output from an RNG. |
| int | wc_MlKemKey_Decapsulate(MlKemKey * key, unsigned char * ss, const unsigned char * ct, word32 len) Decapsulates a ciphertext using the private key held in key and recovers the shared secret produced by wc_MlKemKey_Encapsulate(). ML_KEM decapsulation is constant time and includes an implicit_rejection check on malformed ciphertexts (an attacker cannot learn the validity of ct from the runtime). |
| int | wc_MlKemKey_DecodePrivateKey(MlKemKey * key, const unsigned char * in, word32 len) Decodes a raw ML_KEM private key into key. The variant must already be selected on the key (typically via wc_MlKemKey_Init() or wc_MlKemKey_New()) and len must match the private key size for that variant. |
| int | wc_MlKemKey_DecodePublicKey(MlKemKey * key, const unsigned char * in, word32 len) Decodes a raw ML-KEM public key into key. The variant must already be selected on the key and len must match the public key size for that variant. |
| int | wc_MlKemKey_PrivateKeySize(MlKemKey * key, word32 * len) Returns the encoded private key size in bytes for the variant selected on this key. |
| int | wc_MlKemKey_PublicKeySize(MlKemKey * key, word32 * len) Returns the encoded public key size in bytes for the variant selected on this key. |
| int | wc_MlKemKey_EncodePrivateKey(MlKemKey * key, unsigned char * out, word32 len) Encodes the ML_KEM private key into out. The out buffer length must be exactly wc_MlKemKey_PrivateKeySize() bytes. |
| int | wc_MlKemKey_EncodePublicKey(MlKemKey * key, unsigned char * out, word32 len) Encodes the ML_KEM public key into out. The out buffer length must be exactly wc_MlKemKey_PublicKeySize() bytes. |
Functions Documentation
function wc_MlKemKey_New
MlKemKey * wc_MlKemKey_New(
int type,
void * heap,
int devId
)
Allocates and initializes a new MlKemKey on the heap. The returned pointer must be released with wc_MlKemKey_Delete().
Parameters:
- type ML-KEM variant: WC_ML_KEM_512, WC_ML_KEM_768 or WC_ML_KEM_1024.
- heap Heap hint for dynamic memory allocation. May be NULL.
- devId Device identifier for hardware crypto callbacks. Use INVALID_DEVID for software-only.
See:
Return:
- Pointer to a freshly allocated MlKemKey on success.
- NULL on allocation failure or if type is invalid.
ML-KEM (FIPS 203) is a quantum-resistant key encapsulation mechanism. The type parameter selects the variant: WC_ML_KEM_512 (NIST security level 1), WC_ML_KEM_768 (level 3) or WC_ML_KEM_1024 (level 5).
Example
MlKemKey* key = wc_MlKemKey_New(WC_ML_KEM_768, NULL,
INVALID_DEVID);
if (key == NULL) {
// allocation failed
}
// ... use key ...
wc_MlKemKey_Delete(key, &key);
function wc_MlKemKey_Delete
int wc_MlKemKey_Delete(
MlKemKey * key,
MlKemKey ** key_p
)
Frees and zeros a heap-allocated MlKemKey previously returned by wc_MlKemKey_New(). On success the caller's pointer variable is set to NULL via key_p when key_p is not NULL.
Parameters:
- key The MlKemKey to free.
- key_p Optional address of the caller's pointer variable; when not NULL, it is set to NULL on success.
See: wc_MlKemKey_New
Return:
- 0 on success.
- BAD_FUNC_ARG if key is NULL.
function wc_MlKemKey_Init
int wc_MlKemKey_Init(
MlKemKey * key,
int type,
void * heap,
int devId
)
Initializes an MlKemKey object in place. The type parameter selects the ML-KEM variant and must be one of WC_ML_KEM_512, WC_ML_KEM_768 or WC_ML_KEM_1024.
Parameters:
- key Pointer to the MlKemKey to initialize.
- type ML-KEM variant: WC_ML_KEM_512, WC_ML_KEM_768 or WC_ML_KEM_1024.
- heap Heap hint for dynamic memory allocation. May be NULL.
- devId Device identifier for hardware crypto callbacks.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if key is NULL or type is invalid.
- NOT_COMPILED_IN if type names a variant that was disabled at build time.
Example
MlKemKey key;
int ret;
ret = wc_MlKemKey_Init(&key, WC_ML_KEM_768, NULL, INVALID_DEVID);
if (ret != 0) {
// error initializing key
}
// ... use key ...
wc_MlKemKey_Free(&key);
function wc_MlKemKey_Free
int wc_MlKemKey_Free(
MlKemKey * key
)
Releases resources held by an MlKemKey. After this call the object must be re-initialized with wc_MlKemKey_Init() before it can be used again. Safe to call with a NULL pointer.
Parameters:
- key Pointer to the MlKemKey to free.
See: wc_MlKemKey_Init
Return: 0 on success, including when key is NULL.
function wc_MlKemKey_Init_Id
int wc_MlKemKey_Init_Id(
MlKemKey * key,
int type,
const unsigned char * id,
int len,
void * heap,
int devId
)
Initializes an MlKemKey with a device-side key identifier. Equivalent to wc_MlKemKey_Init() but also stashes a binary id that a crypto callback can use to look up the underlying key material on the device. Only available when wolfSSL is built with WOLF_PRIVATE_KEY_ID.
Parameters:
- key Pointer to the MlKemKey to initialize.
- type ML-KEM variant identifier.
- id Pointer to the device-side key identifier bytes. May be NULL when len is 0.
- len Number of bytes in id. Must be in the range [0, MLKEM_MAX_ID_LEN].
- heap Heap hint for dynamic memory allocation.
- devId Device identifier for the crypto callback.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if key is NULL, if id is NULL while len is non-zero, or if type is invalid.
- BUFFER_E if len is negative or exceeds MLKEM_MAX_ID_LEN.
The id is copied into the key object; the caller may free its buffer immediately after this call returns.
function wc_MlKemKey_Init_Label
int wc_MlKemKey_Init_Label(
MlKemKey * key,
int type,
const char * label,
void * heap,
int devId
)
Initializes an MlKemKey with a device-side key label. Equivalent to wc_MlKemKey_Init() but also stashes a label string that a crypto callback can use to look up the underlying key material on the device. Only available when wolfSSL is built with WOLF_PRIVATE_KEY_ID.
Parameters:
- key Pointer to the MlKemKey to initialize.
- type ML-KEM variant identifier.
- label NUL-terminated device-side key label.
- heap Heap hint for dynamic memory allocation.
- devId Device identifier for the crypto callback.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if key or label is NULL or type is invalid.
function wc_MlKemKey_MakeKey
int wc_MlKemKey_MakeKey(
MlKemKey * key,
WC_RNG * rng
)
Generates a new ML-KEM key pair using the provided RNG. Both the public and private components are populated on success.
Parameters:
- key Pointer to an initialized MlKemKey.
- rng Pointer to an initialized WC_RNG.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if key or rng is NULL.
- MEMORY_E on allocation failure.
Example
MlKemKey key;
WC_RNG rng;
wc_MlKemKey_Init(&key, WC_ML_KEM_768, NULL, INVALID_DEVID);
wc_InitRng(&rng);
if (wc_MlKemKey_MakeKey(&key, &rng) != 0) {
// error generating key pair
}
function wc_MlKemKey_MakeKeyWithRandom
int wc_MlKemKey_MakeKeyWithRandom(
MlKemKey * key,
const unsigned char * rand,
int len
)
Deterministic key generation: produces an ML-KEM key pair from the supplied 64 bytes of randomness instead of an RNG. Useful for known-answer tests and for applications that derive key randomness from another secret.
Parameters:
- key Pointer to an initialized MlKemKey.
- rand Pointer to a buffer of randomness.
- len Length of rand in bytes; must be 64.
See: wc_MlKemKey_MakeKey
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL or len is not 64.
function wc_MlKemKey_CipherTextSize
int wc_MlKemKey_CipherTextSize(
MlKemKey * key,
word32 * len
)
Returns the ciphertext size in bytes for the variant selected on this key.
Parameters:
- key Pointer to an initialized MlKemKey.
- len Receives the ciphertext size in bytes.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if key or len is NULL.
function wc_MlKemKey_SharedSecretSize
int wc_MlKemKey_SharedSecretSize(
MlKemKey * key,
word32 * len
)
Returns the shared-secret size in bytes for ML-KEM. The value is the same (32 bytes) across all parameter sets but is queried programmatically for symmetry with wc_MlKemKey_CipherTextSize().
Parameters:
- key Pointer to an initialized MlKemKey.
- len Receives the shared-secret size in bytes.
See: wc_MlKemKey_CipherTextSize
Return:
- 0 on success.
- BAD_FUNC_ARG if key or len is NULL.
function wc_MlKemKey_Encapsulate
int wc_MlKemKey_Encapsulate(
MlKemKey * key,
unsigned char * ct,
unsigned char * ss,
WC_RNG * rng
)
Encapsulates a fresh shared secret against the public key held in key. Produces a ciphertext that the holder of the corresponding private key can pass to wc_MlKemKey_Decapsulate() to recover the same shared secret.
Parameters:
- key Pointer to an MlKemKey containing a public key.
- ct Buffer that receives the ciphertext.
- ss Buffer that receives the 32-byte shared secret.
- rng Pointer to an initialized WC_RNG.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL.
- BAD_STATE_E if the public key has not been set.
- NOT_COMPILED_IN if wolfSSL was built with WC_NO_RNG.
- MEMORY_E on allocation failure inside the encapsulation routine.
The ct buffer must be at least wc_MlKemKey_CipherTextSize() bytes and ss must be at least wc_MlKemKey_SharedSecretSize() bytes.
Example
MlKemKey key;
unsigned char ct[WC_ML_KEM_768_CIPHER_TEXT_SIZE];
unsigned char ss[WC_ML_KEM_SS_SZ];
// ... key holds the recipient's public key ...
if (wc_MlKemKey_Encapsulate(&key, ct, ss, &rng) != 0) {
// error during encapsulation
}
// Send ct to the holder of the matching private key.
function wc_MlKemKey_EncapsulateWithRandom
int wc_MlKemKey_EncapsulateWithRandom(
MlKemKey * key,
unsigned char * ct,
unsigned char * ss,
const unsigned char * rand,
int len
)
Deterministic variant of wc_MlKemKey_Encapsulate(). Uses the supplied 32 bytes of randomness instead of consuming output from an RNG.
Parameters:
- key Pointer to an MlKemKey containing a public key.
- ct Buffer that receives the ciphertext.
- ss Buffer that receives the 32-byte shared secret.
- rand Buffer of randomness.
- len Length of rand in bytes; must be 32.
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL or len is not 32.
function wc_MlKemKey_Decapsulate
int wc_MlKemKey_Decapsulate(
MlKemKey * key,
unsigned char * ss,
const unsigned char * ct,
word32 len
)
Decapsulates a ciphertext using the private key held in key and recovers the shared secret produced by wc_MlKemKey_Encapsulate(). ML_KEM decapsulation is constant time and includes an implicit_rejection check on malformed ciphertexts (an attacker cannot learn the validity of ct from the runtime).
Parameters:
- key Pointer to an MlKemKey with the private key.
- ss Buffer that receives the 32-byte shared secret.
- ct The ciphertext to decapsulate.
- len Length of ct in bytes.
See:
Return:
- 0 on success (a shared secret was written to ss).
- BAD_FUNC_ARG if any required pointer is NULL.
- BAD_STATE_E if the private key has not been set.
- BUFFER_E if len does not match the expected ciphertext size for the configured ML-KEM variant.
- NOT_COMPILED_IN if the key's ML-KEM variant was disabled at build time.
- MEMORY_E on allocation failure.
The ss buffer must be at least wc_MlKemKey_SharedSecretSize() bytes and ct must be exactly wc_MlKemKey_CipherTextSize() bytes.
function wc_MlKemKey_DecodePrivateKey
int wc_MlKemKey_DecodePrivateKey(
MlKemKey * key,
const unsigned char * in,
word32 len
)
Decodes a raw ML-KEM private key into key. The variant must already be selected on the key (typically via wc_MlKemKey_Init() or wc_MlKemKey_New()) and len must match the private key size for that variant.
Parameters:
- key Pointer to an initialized MlKemKey.
- in Raw private key bytes.
- len Length of in in bytes.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL or len does not match the expected size.
function wc_MlKemKey_DecodePublicKey
int wc_MlKemKey_DecodePublicKey(
MlKemKey * key,
const unsigned char * in,
word32 len
)
Decodes a raw ML-KEM public key into key. The variant must already be selected on the key and len must match the public key size for that variant.
Parameters:
- key Pointer to an initialized MlKemKey.
- in Raw public key bytes.
- len Length of in in bytes.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL or len does not match the expected size.
function wc_MlKemKey_PrivateKeySize
int wc_MlKemKey_PrivateKeySize(
MlKemKey * key,
word32 * len
)
Returns the encoded private key size in bytes for the variant selected on this key.
Parameters:
- key Pointer to an initialized MlKemKey.
- len Receives the private key size in bytes.
See: wc_MlKemKey_PublicKeySize
Return:
- 0 on success.
- BAD_FUNC_ARG if key or len is NULL.
function wc_MlKemKey_PublicKeySize
int wc_MlKemKey_PublicKeySize(
MlKemKey * key,
word32 * len
)
Returns the encoded public key size in bytes for the variant selected on this key.
Parameters:
- key Pointer to an initialized MlKemKey.
- len Receives the public key size in bytes.
See: wc_MlKemKey_PrivateKeySize
Return:
- 0 on success.
- BAD_FUNC_ARG if key or len is NULL.
function wc_MlKemKey_EncodePrivateKey
int wc_MlKemKey_EncodePrivateKey(
MlKemKey * key,
unsigned char * out,
word32 len
)
Encodes the ML-KEM private key into out. The out buffer length must be exactly wc_MlKemKey_PrivateKeySize() bytes.
Parameters:
- key Pointer to an MlKemKey with a private key.
- out Buffer that receives the encoded private key.
- len Length of out in bytes.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL.
- BAD_STATE_E if the private and public keys are not both set on the key object.
- BUFFER_E if len does not exactly equal the encoded private key size for the configured ML-KEM variant.
- NOT_COMPILED_IN if the key's ML-KEM variant was disabled at build time.
function wc_MlKemKey_EncodePublicKey
int wc_MlKemKey_EncodePublicKey(
MlKemKey * key,
unsigned char * out,
word32 len
)
Encodes the ML-KEM public key into out. The out buffer length must be exactly wc_MlKemKey_PublicKeySize() bytes.
Parameters:
- key Pointer to an MlKemKey with a public key.
- out Buffer that receives the encoded public key.
- len Length of out in bytes.
See:
Return:
- 0 on success.
- BAD_FUNC_ARG if any required pointer is NULL.
- BAD_STATE_E if the public key has not been set.
- BUFFER_E if len does not exactly equal the encoded public key size for the configured ML-KEM variant.
- NOT_COMPILED_IN if the key's ML-KEM variant was disabled at build time.
Source code
MlKemKey* wc_MlKemKey_New(int type, void* heap, int devId);
int wc_MlKemKey_Delete(MlKemKey* key, MlKemKey** key_p);
int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, int devId);
int wc_MlKemKey_Free(MlKemKey* key);
int wc_MlKemKey_Init_Id(MlKemKey* key, int type, const unsigned char* id,
int len, void* heap, int devId);
int wc_MlKemKey_Init_Label(MlKemKey* key, int type, const char* label,
void* heap, int devId);
int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng);
int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand,
int len);
int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len);
int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len);
int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* ct,
unsigned char* ss, WC_RNG* rng);
int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key, unsigned char* ct,
unsigned char* ss, const unsigned char* rand, int len);
int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
const unsigned char* ct, word32 len);
int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, const unsigned char* in,
word32 len);
int wc_MlKemKey_DecodePublicKey(MlKemKey* key, const unsigned char* in,
word32 len);
int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len);
int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len);
int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out,
word32 len);
int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out,
word32 len);
Updated on 2026-07-17 at 01:11:29 +0000