Add ML-KEM (FIPS 203) post-quantum KEM support

Implement full client-server ML-KEM (Module-Lattice-Based Key Encapsulation
Mechanism) support across all wolfHSM layers, enabling post-quantum key
exchange operations to be offloaded to the HSM.

Client API (wh_client_crypto):
- Key management: import, export, set/get key ID
- Key generation: MakeExportKey (ephemeral) and MakeCacheKey (server-cached)
- Encapsulation and decapsulation operations
- DMA variants for all operations

Server handling (wh_server_crypto):
- Request handlers for ML-KEM keygen, encapsulate, and decapsulate
- Auto-import with evict-after-use for uncached keys
- DMA request handlers

Crypto callback integration (wh_client_cryptocb):
- Register PQC KEM keygen/encaps/decaps handlers so wolfCrypt ML-KEM calls
  are transparently forwarded to the HSM via WH_DEV_ID

Message layer (wh_message_crypto):
- Define request/response structures for keygen, encapsulate, decapsulate
- Endian translation functions for cross-platform support

Shared utilities (wh_crypto):
- ML-KEM key serialization/deserialization with automatic level probing

Supports all three ML-KEM parameter sets (512, 768, 1024). Includes tests
for all operations and DMA paths, and benchmarks for keygen, encaps, and
decaps at each security level.

Also fixes key export response to use actual stored key length from NVM
metadata instead of the request size.

Author: Frauschi

benchmark/README.md

@@ -10,7 +10,7 @@ The wolfHSM benchmarks provide a framework for testing and measuring the perform
 - Hash functions (SHA-2, SHA-3)
 - Message Authentication Codes (HMAC, CMAC)
 - Public Key Cryptography (RSA, ECC, Curve25519)
-- Post-Quantum Cryptography (ML-DSA)
+- Post-Quantum Cryptography (ML-DSA, ML-KEM)
 - Basic communication (Echo)
 
 The benchmark system measures the runtime of registered operations, as well as reports the throughput in either operations per second or bytes per second depending on the algorithm.

benchmark/bench_modules/wh_bench_mod_all.h

@@ -379,4 +379,49 @@ int wh_Bench_Mod_MlDsa87KeyGen(whClientContext* client, whBenchOpContext* ctx,
 int wh_Bench_Mod_MlDsa87KeyGenDma(whClientContext*  client,
                                   whBenchOpContext* ctx, int id, void* params);
 
+/*
+ * ML-KEM benchmark module prototypes (wh_bench_mod_mlkem.c)
+ */
+int wh_Bench_Mod_MlKem512KeyGen(whClientContext* client, whBenchOpContext* ctx,
+                                int id, void* params);
+int wh_Bench_Mod_MlKem512KeyGenDma(whClientContext*  client,
+                                   whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem512Encaps(whClientContext* client, whBenchOpContext* ctx,
+                                int id, void* params);
+int wh_Bench_Mod_MlKem512EncapsDma(whClientContext*  client,
+                                   whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem512Decaps(whClientContext* client, whBenchOpContext* ctx,
+                                int id, void* params);
+int wh_Bench_Mod_MlKem512DecapsDma(whClientContext*  client,
+                                   whBenchOpContext* ctx, int id, void* params);
+
+int wh_Bench_Mod_MlKem768KeyGen(whClientContext* client, whBenchOpContext* ctx,
+                                int id, void* params);
+int wh_Bench_Mod_MlKem768KeyGenDma(whClientContext*  client,
+                                   whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem768Encaps(whClientContext* client, whBenchOpContext* ctx,
+                                int id, void* params);
+int wh_Bench_Mod_MlKem768EncapsDma(whClientContext*  client,
+                                   whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem768Decaps(whClientContext* client, whBenchOpContext* ctx,
+                                int id, void* params);
+int wh_Bench_Mod_MlKem768DecapsDma(whClientContext*  client,
+                                   whBenchOpContext* ctx, int id, void* params);
+
+int wh_Bench_Mod_MlKem1024KeyGen(whClientContext* client,
+                                 whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem1024KeyGenDma(whClientContext*  client,
+                                    whBenchOpContext* ctx, int id,
+                                    void* params);
+int wh_Bench_Mod_MlKem1024Encaps(whClientContext* client,
+                                 whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem1024EncapsDma(whClientContext*  client,
+                                    whBenchOpContext* ctx, int id,
+                                    void* params);
+int wh_Bench_Mod_MlKem1024Decaps(whClientContext* client,
+                                 whBenchOpContext* ctx, int id, void* params);
+int wh_Bench_Mod_MlKem1024DecapsDma(whClientContext*  client,
+                                    whBenchOpContext* ctx, int id,
+                                    void* params);
+
 #endif /* WH_BENCH_MOD_ALL_H_ */