Skip to content

Conversation

sverker
Copy link
Contributor

@sverker sverker commented Oct 8, 2025

SLH-DSA-SHAKE-128s
SLH-DSA-SHAKE-128f
SLH-DSA-SHA2-128s
SLH-DSA-SHA2-128f

SLH-DSA-SHAKE-192s
SLH-DSA-SHAKE-192f
SLH-DSA-SHA2-192s
SLH-DSA-SHA2-192f

SLH-DSA-SHAKE-256s
SLH-DSA-SHAKE-256f
SLH-DSA-SHA2-256s
SLH-DSA-SHA2-256f

Supported by OpenSSL 3.5.0.

SLH-DSA-SHAKE-256s
SLH-DSA-SHAKE-256f
SLH-DSA-SHA2-256s
SLH-DSA-SHA2-256f
@sverker sverker self-assigned this Oct 8, 2025
@sverker sverker added team:VM Assigned to OTP team VM feature testing currently being tested, tag is used by OTP internal CI labels Oct 8, 2025
Copy link
Contributor

github-actions bot commented Oct 8, 2025

CT Test Results

  3 files   20 suites   5m 22s ⏱️
251 tests 230 ✅  21 💤 0 ❌
540 runs  394 ✅ 146 💤 0 ❌

Results for commit 000f058.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@sverker sverker added testing currently being tested, tag is used by OTP internal CI and removed testing currently being tested, tag is used by OTP internal CI labels Oct 8, 2025
@sverker sverker requested a review from Copilot October 9, 2025 10:53
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for SLH-DSA (Stateless Hash-based Digital Signature Algorithm) to the crypto library, expanding signature/verification capabilities with four new algorithm variants supported by OpenSSL 3.5.0.

  • Adds four SLH-DSA variants: SHAKE-256s/f and SHA2-256s/f
  • Implements heavy computation routing for performance-intensive SLH-DSA operations
  • Refactors pkey type management using a unified struct-based approach

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
lib/crypto/src/crypto.erl Adds SLH-DSA types, heavy NIF routing, and type definitions
lib/crypto/test/crypto_SUITE.erl Extends test coverage to include SLH-DSA algorithms
lib/crypto/c_src/pkey.h Updates function signatures and adds pkey type management
lib/crypto/c_src/pkey.c Implements SLH-DSA support and refactors type handling
lib/crypto/c_src/openssl_config.h Adds OpenSSL version checks for SLH-DSA support
lib/crypto/c_src/evp.c Updates key generation to use new pkey type system
lib/crypto/c_src/crypto.c Registers heavy NIF and updates initialization
lib/crypto/c_src/atoms.h Removes ML-DSA specific atom declarations
lib/crypto/c_src/atoms.c Removes ML-DSA specific atom definitions
lib/crypto/c_src/algorithms.c Updates pubkey algorithm listing to use new type system

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

}
}
else if (tpl_array[0] != atom_expandedkey) {
assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Invalid MLDSA key tuple"));
Copy link

Copilot AI Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message 'Invalid MLDSA key tuple' is misleading since this code now handles both ML-DSA and SLH-DSA keys. Consider using a more generic message like 'Invalid key tuple format'.

Suggested change
assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Invalid MLDSA key tuple"));
assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Invalid key tuple format"));

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feature team:VM Assigned to OTP team VM testing currently being tested, tag is used by OTP internal CI

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant