-
Notifications
You must be signed in to change notification settings - Fork 3k
crypto: Add SLH-DSA algorithms for sign/verify #10268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: maint
Are you sure you want to change the base?
Conversation
SLH-DSA-SHAKE-256s SLH-DSA-SHAKE-256f SLH-DSA-SHA2-256s SLH-DSA-SHA2-256f
CT Test Results 3 files 20 suites 5m 22s ⏱️ Results for commit 000f058. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR adds support for SLH-DSA (Stateless Hash-based Digital Signature Algorithm) to the crypto library, expanding signature/verification capabilities with four new algorithm variants supported by OpenSSL 3.5.0.
- Adds four SLH-DSA variants: SHAKE-256s/f and SHA2-256s/f
- Implements heavy computation routing for performance-intensive SLH-DSA operations
- Refactors pkey type management using a unified struct-based approach
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
File | Description |
---|---|
lib/crypto/src/crypto.erl | Adds SLH-DSA types, heavy NIF routing, and type definitions |
lib/crypto/test/crypto_SUITE.erl | Extends test coverage to include SLH-DSA algorithms |
lib/crypto/c_src/pkey.h | Updates function signatures and adds pkey type management |
lib/crypto/c_src/pkey.c | Implements SLH-DSA support and refactors type handling |
lib/crypto/c_src/openssl_config.h | Adds OpenSSL version checks for SLH-DSA support |
lib/crypto/c_src/evp.c | Updates key generation to use new pkey type system |
lib/crypto/c_src/crypto.c | Registers heavy NIF and updates initialization |
lib/crypto/c_src/atoms.h | Removes ML-DSA specific atom declarations |
lib/crypto/c_src/atoms.c | Removes ML-DSA specific atom definitions |
lib/crypto/c_src/algorithms.c | Updates pubkey algorithm listing to use new type system |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
} | ||
} | ||
else if (tpl_array[0] != atom_expandedkey) { | ||
assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Invalid MLDSA key tuple")); |
Copilot
AI
Oct 9, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The error message 'Invalid MLDSA key tuple' is misleading since this code now handles both ML-DSA and SLH-DSA keys. Consider using a more generic message like 'Invalid key tuple format'.
assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Invalid MLDSA key tuple")); | |
assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Invalid key tuple format")); |
Copilot uses AI. Check for mistakes.
SLH-DSA-SHAKE-128s
SLH-DSA-SHAKE-128f
SLH-DSA-SHA2-128s
SLH-DSA-SHA2-128f
SLH-DSA-SHAKE-192s
SLH-DSA-SHAKE-192f
SLH-DSA-SHA2-192s
SLH-DSA-SHA2-192f
SLH-DSA-SHAKE-256s
SLH-DSA-SHAKE-256f
SLH-DSA-SHA2-256s
SLH-DSA-SHA2-256f
Supported by OpenSSL 3.5.0.