Help Needed: wolfSSL Build Issue with Latest Version and Runtime Error with Dilithium Certificates

[SanzidaH]

Version

6af54d3de23598437b5455b934de55615b4f7a58

Description

I am stuck on the following issues with wolfSSL, and I would greatly appreciate any guidance or suggestions to resolve them.

1. Runtime Issue with an Older wolfSSL Version: With an earlier version of wolfSSL that successfully installed few days ago, I face a runtime error when using Dilithium-based certificates (i.e. dilithium2) generated using liboqs library.

wolfSSL Entering GetAlgoId Unknown or not compiled in key OID Decode to key failed wolfSSL Leaving ProcessBuffer, return -463 wolfSSL error: can't load server cert file, check file and run from wolfSSL home dir

It seems wolfSSL does not recognize the OID for dilithium2. For configure this is what I run: ./configure --enable-certreq --enable-certgen --enable-certext --enable-keygen --enable-cryptocb --with-liboqs --disable-psk --disable-shared --enable-intelasm --enable-aesni --enable-sp-math-all --enable-sp-asm --enable-experimental --enable-kyber CFLAGS="-Os"

2. Build Issue with Latest wolfSSL: When building the latest wolfSSL version, I get the following error -

   ./wolfssl/wolfcrypt/dilithium.h:515:39: error: ‘OQS_SIG_ml_dsa_87_ipd_length_public_key’ undeclared here (not in a function); did you mean ‘OQS_SIG_ml_dsa_87_length_public_key’? 515 | #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:515:39: note: in definition of macro ‘DILITHIUM_LEVEL5_PUB_KEY_SIZE’ 515 | #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:596:12: note: in expansion of macro ‘DILITHIUM_MAX_PUB_KEY_SIZE’ 596 | byte p[DILITHIUM_MAX_PUB_KEY_SIZE]; | ^~~~~~ ./wolfssl/wolfcrypt/dilithium.h:513:39: error: ‘OQS_SIG_ml_dsa_87_ipd_length_secret_key’ undeclared here (not in a function); did you mean ‘OQS_SIG_ml_dsa_87_length_secret_key’? 513 | #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:513:39: note: in definition of macro ‘DILITHIUM_LEVEL5_KEY_SIZE’ 513 | #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:597:12: note: in expansion of macro ‘DILITHIUM_MAX_KEY_SIZE’ 597 | byte k[DILITHIUM_MAX_KEY_SIZE]; | ^~~~~~ make[2]: [Makefile:7294: wolfcrypt/src/src_libwolfssl_la-sha.lo] Error 1 make[2]: Waiting for unfinished jobs.... In file included from ./wolfssl/wolfcrypt/cryptocb.h:83, from wolfcrypt/src/aes.c:63: ./wolfssl/wolfcrypt/dilithium.h:515:39: error: ‘OQS_SIG_ml_dsa_87_ipd_length_public_key’ undeclared here (not in a function); did you mean ‘OQS_SIG_ml_dsa_87_length_public_key’? 515 | #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:515:39: note: in definition of macro ‘DILITHIUM_LEVEL5_PUB_KEY_SIZE’ 515 | #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:596:12: note: in expansion of macro ‘DILITHIUM_MAX_PUB_KEY_SIZE’ 596 | byte p[DILITHIUM_MAX_PUB_KEY_SIZE]; | ^~~~~~ ./wolfssl/wolfcrypt/dilithium.h:513:39: error: ‘OQS_SIG_ml_dsa_87_ipd_length_secret_key’ undeclared here (not in a function); did you mean ‘OQS_SIG_ml_dsa_87_length_secret_key’? 513 | #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:513:39: note: in definition of macro ‘DILITHIUM_LEVEL5_KEY_SIZE’ 513 | #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key | ^~~~~~~~~~~ ./wolfssl/wolfcrypt/dilithium.h:597:12: note: in expansion of macro ‘DILITHIUM_MAX_KEY_SIZE’ 597 | byte k[DILITHIUM_MAX_KEY_SIZE]; | ^~~~~~ make[2]: [Makefile:7280: wolfcrypt/src/src_libwolfssl_la-aes.lo] Error 1 make[2]: Leaving directory '/home/sanzida-pqc/osp/oqs/wolfssl' make[1]: [Makefile:9027: install-recursive] Error 1 make[1]: Leaving directory '/home/sanzida-pqc/osp/oqs/wolfssl' make: *** [Makefile:9502: install] Error 2

It seems that some macros, such as OQS_SIG_ml_dsa_87_ipd_length_public_key, are undefined. Is this a compatibility issue between liboqs and wolfSSL, or am I missing some configuration steps?

I will really appreciate any suggestion/guidance to resolve these issues.

[SanzidaH]

Second one got resolved as I updated liboqs to 0.10.0. I will really appreciate any suggestion for first one. Please let me know if any additional info is required.

[anhu]

Hello @SanzidaH Thank you for your interest in our post-quantum implementations in wolfSSL! Note that we currently support both MLDSA and Dilithium. This particular snippet from asn.c might be of interest to you:

#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
    static const byte keyDilithium_Level2Oid[] =
        {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};

    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
    static const byte keyDilithium_Level3Oid[] =
        {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};

    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
    static const byte keyDilithium_Level5Oid[] =
        {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
#endif

    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
    static const byte keyMlDsa_Level2Oid[] =
        {96, 134, 72, 1, 101, 3, 4, 3, 17};

    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
    static const byte keyMlDsa_Level3Oid[] =
        {96, 134, 72, 1, 101, 3, 4, 3, 18};

    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
    static const byte keyMlDsa_Level5Oid[] =
        {96, 134, 72, 1, 101, 3, 4, 3, 19};
#endif /* HAVE_DILITHIUM */

can you please try using --enable-dilithium=fips204-draft and let us know if that helps?

Warm regards, Anthony

[anhu]

Here at wolfSSL we love learning about how the academic community is using our source code. Can you please tells more about yourself and your project?

• where are you located?
• what are the goals of your project?
• will there be a paper published based on your work on this project?
• is there a specific institution and/or professor associated to this project?
• any other relevant information you'd like to share.

If you are hesitant to share this information on a public platform, you can send me email at anthony@wolfssl.com.

Warm regards, Anthony