ssl: Add SLH-DSA support

Also remove white space errors and too long lines and
no longer needed deprecation supressions.

Author: IngelaAndin

lib/ssl/src/ssl.erl

@@ -424,6 +424,7 @@ still disallow sha1 use in the TLS protocol, since 27.0.1 and 26.2.5.2.
                                  | ecdsa_brainpoolP512r1tls13_sha512
                                  | ecdsa_brainpoolP384r1tls13_sha384
                                  | ecdsa_brainpoolP256r1tls13_sha256
+                                 | post_quantum_schemes()
                                  | rsassa_pss_scheme()
                                  | legacy_sign_scheme() . % exported
 
@@ -439,6 +440,13 @@ Supported in TLS-1.3 and TLS-1.2.
                                  | rsa_pss_pss_sha384
                                  | rsa_pss_pss_sha256.
 
+-doc(#{group => <<"Algorithms">>}).
+-doc """
+Supported in TLS-1.3 only. ML-DSA since 28.1 SLH-DSA since 28.3
+""".
+-type post_quantum_schemes()       :: crypto:mldsa() | crypto:slh_dsa().
+
+
 -doc(#{group => <<"Algorithms Legacy">>}).
 -doc """
 This is only used for certificate signatures if TLS-1.2 is negotiated,
@@ -3051,19 +3059,21 @@ rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256]
 %%--------------------------------------------------------------------
 
 signature_algs(default, 'tlsv1.3') ->
-    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'), 
+    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'),
                                    tls_record:protocol_version_name('tlsv1.2')]);
 signature_algs(default, 'tlsv1.2') ->
     tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]);
 signature_algs(all, 'tlsv1.3') ->
     tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'),
                                    tls_record:protocol_version_name('tlsv1.2')]) ++
-        [ecdsa_sha1, rsa_pkcs1_sha1 | tls_v1:legacy_signature_algs_pre_13()] -- [{sha, ecdsa}, {sha, rsa}];
+        [ecdsa_sha1, rsa_pkcs1_sha1 | tls_v1:legacy_signature_algs_pre_13()] --
+        [{sha, ecdsa}, {sha, rsa}];
 signature_algs(all, 'tlsv1.2') ->
-    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]) ++ 
+    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]) ++
         tls_v1:legacy_signature_algs_pre_13();
 signature_algs(exclusive, 'tlsv1.3') ->
-    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3')]);
+    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3')] ++
+                                      tls_v1:slh_dsa_schemes());
 signature_algs(exclusive, 'tlsv1.2') ->
     Algs = tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]),
     Algs ++ tls_v1:legacy_signature_algs_pre_13();

lib/ssl/src/ssl_certificate.erl

@@ -361,7 +361,7 @@ available_cert_key_pairs(CertKeyGroups) ->
 %% Create the prioritized list of cert key pairs that
 %% are availble for use in the negotiated version
 available_cert_key_pairs(CertKeyGroups, ?TLS_1_3) ->
-    RevAlgos = [mldsa, rsa, rsa_pss_pss, ecdsa, eddsa],
+    RevAlgos = [slhdsa, mldsa, rsa, rsa_pss_pss, ecdsa, eddsa],
     cert_key_group_to_list(RevAlgos, CertKeyGroups, []);
 available_cert_key_pairs(CertKeyGroups, ?TLS_1_2) ->
      RevAlgos = [dsa, rsa, rsa_pss_pss, ecdsa],

lib/ssl/src/ssl_cipher.erl

@@ -599,6 +599,18 @@ signature_scheme(ecdsa_sha1) -> ?ECDSA_SHA1;
 signature_scheme(mldsa44) -> ?MLDSA44;
 signature_scheme(mldsa65) -> ?MLDSA65;
 signature_scheme(mldsa87) -> ?MLDSA87;
+signature_scheme(slh_dsa_sha2_128f) -> ?SLHDSA_SHA2_128F;
+signature_scheme(slh_dsa_sha2_128s) -> ?SLHDSA_SHA2_128S;
+signature_scheme(slh_dsa_sha2_192f) -> ?SLHDSA_SHA2_192F;
+signature_scheme(slh_dsa_sha2_192s) -> ?SLHDSA_SHA2_192S;
+signature_scheme(slh_dsa_sha2_256f) -> ?SLHDSA_SHA2_256F;
+signature_scheme(slh_dsa_sha2_256s) -> ?SLHDSA_SHA2_256S;
+signature_scheme(slh_dsa_shake_128f) -> ?SLHDSA_SHAKE_128F;
+signature_scheme(slh_dsa_shake_128s) -> ?SLHDSA_SHAKE_128S;
+signature_scheme(slh_dsa_shake_192f) -> ?SLHDSA_SHAKE_192F;
+signature_scheme(slh_dsa_shake_192s) -> ?SLHDSA_SHAKE_192S;
+signature_scheme(slh_dsa_shake_256f) -> ?SLHDSA_SHAKE_256F;
+signature_scheme(slh_dsa_shake_256s) -> ?SLHDSA_SHAKE_256S;
 
 %% New algorithms on legacy format
 signature_scheme({sha512, rsa_pss_pss}) ->
@@ -641,6 +653,18 @@ signature_scheme(?ECDSA_SHA1) -> ecdsa_sha1;
 signature_scheme(?MLDSA44) -> mldsa44;
 signature_scheme(?MLDSA65) -> mldsa65;
 signature_scheme(?MLDSA87) -> mldsa87;
+signature_scheme(?SLHDSA_SHA2_128F) -> slh_dsa_sha2_128f;
+signature_scheme(?SLHDSA_SHA2_128S) -> slh_dsa_sha2_128s;
+signature_scheme(?SLHDSA_SHA2_192F) -> slh_dsa_sha2_192f;
+signature_scheme(?SLHDSA_SHA2_192S) -> slh_dsa_sha2_192s;
+signature_scheme(?SLHDSA_SHA2_256F) -> slh_dsa_sha2_256f;
+signature_scheme(?SLHDSA_SHA2_256S) -> slh_dsa_sha2_256s;
+signature_scheme(?SLHDSA_SHAKE_128F) -> slh_dsa_shake_128f;
+signature_scheme(?SLHDSA_SHAKE_128S) -> slh_dsa_shake_128s;
+signature_scheme(?SLHDSA_SHAKE_192F) -> slh_dsa_shake_192f;
+signature_scheme(?SLHDSA_SHAKE_192S) -> slh_dsa_shake_192s;
+signature_scheme(?SLHDSA_SHAKE_256F) -> slh_dsa_shake_256f;
+signature_scheme(?SLHDSA_SHAKE_256S) -> slh_dsa_shake_256s;
 
 %% Handling legacy signature algorithms for logging purposes. These algorithms
 %% cannot be used in TLS 1.3 handshakes.
@@ -712,6 +736,18 @@ scheme_to_components(ecdsa_sha1) -> {sha, ecdsa, undefined};
 scheme_to_components(mldsa44) -> {none, mldsa44, undefined};
 scheme_to_components(mldsa65) -> {none, mldsa65, undefined};
 scheme_to_components(mldsa87) -> {none, mldsa87, undefined};
+scheme_to_components(slh_dsa_sha2_128f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_128s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_192f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_192s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_256f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_256s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_128f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_128s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_192f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_192s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_256f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_256s = Scheme) -> {Scheme, slhdsa, undefined};
 %% Handling legacy signature algorithms
 scheme_to_components({Hash,Sign}) -> {Hash, Sign, undefined}.
 
@@ -890,6 +926,30 @@ signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-ml-dsa-65'}
     mldsa65;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-ml-dsa-87'}) ->
     mldsa87;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-256f'}) ->
+    slh_dsa_shake_256f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-192f'}) ->
+    slh_dsa_shake_192f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-128f'}) ->
+    slh_dsa_shake_128f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-256s'}) ->
+    slh_dsa_shake_256s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-192s'}) ->
+    slh_dsa_shake_192s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-128s'}) ->
+    slh_dsa_shake_128s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-256f'}) ->
+    slh_dsa_sha2_256f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-192f'}) ->
+    slh_dsa_sha2_192f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-128f'}) ->
+    slh_dsa_sha2_128f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-256s'}) ->
+    slh_dsa_sha2_256s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-192s'}) ->
+    slh_dsa_sha2_192s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-128s'}) ->
+    slh_dsa_sha2_128s;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha256WithRSAEncryption}) ->
     rsa_pkcs1_sha256;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha384WithRSAEncryption}) ->

lib/ssl/src/ssl_config.erl

@@ -162,6 +162,7 @@ group_pairs([#{certs := []}]) ->
       rsa_pss_pss => [],
       rsa => [],
       mldsa => [],
+      slhdsa => [],
       dsa => []
      };
 group_pairs(Pairs) ->
@@ -170,6 +171,7 @@ group_pairs(Pairs) ->
                          rsa_pss_pss => [],
                          rsa => [],
                          mldsa => [],
+                         slhdsa => [],
                          dsa => []
                         }).
 
@@ -188,6 +190,8 @@ group_pairs([#{private_key := #'RSAPrivateKey'{}} = Pair | Rest], #{rsa := RSA}
     group_pairs(Rest, Group#{rsa => [Pair | RSA]});
 group_pairs([#{private_key := #'ML-DSAPrivateKey'{}} = Pair | Rest], #{mldsa := MLDSA} = Group) ->
     group_pairs(Rest, Group#{mldsa => [Pair | MLDSA]});
+group_pairs([#{private_key := #'SLH-DSAPrivateKey'{}} = Pair | Rest], #{slhdsa := SLHDSA} = Group) ->
+    group_pairs(Rest, Group#{slhdsa => [Pair | SLHDSA]});
 group_pairs([#{private_key := #'DSAPrivateKey'{}} = Pair | Rest], #{dsa := DSA} = Group) ->
     group_pairs(Rest, Group#{dsa => [Pair | DSA]});
 group_pairs([#{private_key := #{algorithm := dss, engine := _}} = Pair | Rest], Group) ->
@@ -207,13 +211,15 @@ prioritize_groups(#{eddsa := EDDSA,
                     rsa_pss_pss := RSAPSS,
                     rsa := RSA,
                     mldsa := MLDSA,
+                    slhdsa := SLHDSA,
                     dsa := DSA} = CertKeyGroups, Opts) ->
     EC = ecdsa_support(Opts),
     CertKeyGroups#{eddsa => prio_eddsa(EDDSA),
                    ecdsa => prio_ecdsa(ECDSA, EC),
                    rsa_pss_pss => prio_rsa_pss(RSAPSS),
                    rsa => prio_rsa(RSA),
                    mldsa => prio_mldsa(MLDSA),
+                   slhdsa => prio_slhdsa(SLHDSA),
                    dsa => prio_dsa(DSA)}.
 prio_eddsa(EDDSA) ->
     %% Engine not supported yet
@@ -276,6 +282,12 @@ prio_mldsa(MLDSA) ->
     SignFunPairs
         ++ lists:keysort(#'ML-DSAPrivateKey'.algorithm, MLDSA -- SignFunPairs).
 
+prio_slhdsa(SLHDSA) ->
+    %% Engine not supported yet
+    SignFunPairs = [Pair || Pair = #{private_key := #{sign_fun := _}} <- SLHDSA],
+    SignFunPairs
+        ++ lists:keysort(#'SLH-DSAPrivateKey'.algorithm, SLHDSA -- SignFunPairs).
+
 prio_dsa(DSA) ->
     Order = fun(#{key := #'DSAPrivateKey'{q = N}},
                 #{key := #'DSAPrivateKey'{q = M}}) when M > N ->
@@ -309,6 +321,22 @@ private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
                                   #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-ml-dsa-87'},
                               privateKey = DerKey}) ->
     mldsa_priv_key_dec('ML-DSA-87-PrivateKey', DerKey,  #'ML-DSAPrivateKey'{algorithm = mldsa87});
+private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+                                  #'PrivateKeyInfo_privateKeyAlgorithm'{
+                                     algorithm = Algorithm},
+                              privateKey = DerKey}) when  Algorithm == ?'id-slh-dsa-sha2-128f';
+                                                          Algorithm == ?'id-slh-dsa-sha2-128s';
+                                                          Algorithm == ?'id-slh-dsa-sha2-192f';
+                                                          Algorithm == ?'id-slh-dsa-sha2-192s';
+                                                          Algorithm == ?'id-slh-dsa-sha2-256f';
+                                                          Algorithm == ?'id-slh-dsa-sha2-256s';
+                                                          Algorithm == ?'id-slh-dsa-shake-128f';
+                                                          Algorithm == ?'id-slh-dsa-shake-128s';
+                                                          Algorithm == ?'id-slh-dsa-shake-192f';
+                                                          Algorithm == ?'id-slh-dsa-shake-192s';
+                                                          Algorithm == ?'id-slh-dsa-shake-256f';
+                                                          Algorithm == ?'id-slh-dsa-shake-256s' ->
+    public_key:der_decode('SLH-DSA-PrivateKey', DerKey);
 private_key(#'PrivateKeyInfo'{privateKeyAlgorithm = 
                                   #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-ecPublicKey',
                                                                         parameters =  {asn1_OPENTYPE, Parameters}},
@@ -2240,6 +2268,8 @@ check_key(#'ECPrivateKey'{}) ->
     ok;
 check_key(#'ML-DSAPrivateKey'{}) ->
     ok;
+check_key(#'SLH-DSAPrivateKey'{}) ->
+    ok;
 check_key(NotKey) ->
     {error, {unexpected_content, NotKey}}.
 

lib/ssl/src/ssl_handshake.erl

@@ -50,15 +50,6 @@
 			 #client_key_exchange{} | #finished{} | #certificate_verify{} |
 			 #hello_request{} | #next_protocol{} | #end_of_early_data{}.
 
-%% Needed for legacy TLS-1.0 and TLS-1.1 functionality
--compile({nowarn_deprecated_function, [{crypto, private_encrypt, 4},
-                                       {crypto, private_decrypt, 4},
-                                       {public_key, encrypt_private, 3},
-                                       {public_key, decrypt_private, 3},
-                                       {public_key, encrypt_public, 3},
-                                       {public_key, decrypt_public, 3}
-                                      ]}).
-
 %% Create handshake messages
 -export([hello_request/0,
          server_hello/4,
@@ -462,6 +453,8 @@ verify_signature(?TLS_1_3, Msg, {_, mldsa65}, Signature,
 verify_signature(?TLS_1_3, Msg, {_, mldsa87}, Signature,
                  {?'id-ml-dsa-87', #'ML-DSAPublicKey'{algorithm = mldsa87} = PubKey,_}) ->
     public_key:verify(Msg, none, Signature, PubKey);
+verify_signature(?TLS_1_3, Msg, {_ , slhdsa}, Signature, {_, #'SLH-DSAPublicKey'{} = PubKey,_}) ->
+    public_key:verify(Msg, none, Signature, PubKey);
 verify_signature(?TLS_1_3, Msg, {_, eddsa}, Signature, {?'id-Ed25519', PubKey, PubKeyParams}) ->
     public_key:verify(Msg, none, Signature, {PubKey, PubKeyParams});
 verify_signature(?TLS_1_3, Msg, {_, eddsa}, Signature, {?'id-Ed448', PubKey, PubKeyParams}) ->
@@ -2220,6 +2213,11 @@ do_digitally_signed(Version, Msg, HashAlgo, #'ML-DSAPrivateKey'{}= Key,
                                     SignAlgo == mldsa65 orelse
                                     SignAlgo == mldsa87) ->
     public_key:sign(Msg, HashAlgo, Key);
+do_digitally_signed(Version, Msg, _, #'SLH-DSAPrivateKey'{}= Key,
+                    slhdsa) when ?TLS_GTE(Version, ?TLS_1_3) ->
+    %% HashAlgo will in this case be the full scheme that public_key/crypto deduces from the key.
+    %% and none should be used for second argument.
+    public_key:sign(Msg, none, Key);
 do_digitally_signed(Version, Msg, HashAlgo, {#'RSAPrivateKey'{} = Key,
                                              #'RSASSA-PSS-params'{}},
                     SignAlgo) when ?TLS_GTE(Version, ?TLS_1_2) ->
@@ -2286,6 +2284,8 @@ bad_key(#'ECPrivateKey'{}) ->
     unacceptable_ecdsa_key;
 bad_key(#'ML-DSAPrivateKey'{}) ->
     unacceptable_mldsa_key;
+bad_key(#'SLH-DSAPrivateKey'{}) ->
+    unacceptable_slhdsa_key;
 bad_key(#{algorithm := rsa}) ->
     unacceptable_rsa_key;
 bad_key(#{algorithm := rsa_pss_pss}) ->

lib/ssl/src/tls_handshake_1_3.erl

@@ -1594,22 +1594,19 @@ select_sign_algo(_, _RSAKeySize, [], _, _) ->
 select_sign_algo(_, _RSAKeySize, undefined, _OwnSignAlgs, _) ->
     {error, ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_public_key)};
 select_sign_algo(PublicKeyAlgo, RSAKeySize, [CertSignAlg|CertSignAlgs], OwnSignAlgs, Curve) ->
-    {_, S, _} = ssl_cipher:scheme_to_components(CertSignAlg),
+    Sign = case ssl_cipher:scheme_to_components(CertSignAlg) of
+               {S, slhdsa, _} ->
+                   S;
+               {_, S, _} ->
+                   S
+           end,
     %% RSASSA-PKCS1-v1_5 and Legacy algorithms are not defined for use in signed
-    %% TLS handshake messages: filter sha-1 and rsa_pkcs1.
+    %% TLS handshake messages: Has been filtered out in get_signature_scheme_list
     %%
     %% RSASSA-PSS RSAE algorithms: If the public key is carried in an X.509
     %% certificate, it MUST use the rsaEncryption OID.
-    %% RSASSA-PSS PSS algorithms: If the public key is carried in an X.509 certificate,
-    %% it MUST use the RSASSA-PSS OID.
-    case ((PublicKeyAlgo =:= rsa andalso S =:= rsa_pss_rsae)
-          orelse (PublicKeyAlgo =:= rsa_pss_pss andalso S =:= rsa_pss_pss)
-          orelse (PublicKeyAlgo =:= ecdsa andalso S =:= ecdsa)
-          orelse (PublicKeyAlgo =:= eddsa andalso S =:= eddsa)
-          orelse (PublicKeyAlgo =:= mldsa44 andalso S =:= mldsa44)
-          orelse (PublicKeyAlgo =:= mldsa65 andalso S =:= mldsa65)
-          orelse (PublicKeyAlgo =:= mldsa87 andalso S =:= mldsa87)
-         )
+    case ((PublicKeyAlgo =:= rsa andalso Sign =:= rsa_pss_rsae)
+          orelse (PublicKeyAlgo  =:= Sign))
         andalso
         lists:member(CertSignAlg, OwnSignAlgs) of
         true ->
@@ -1685,6 +1682,8 @@ compare_sign_algos(rsa, Hash, Algo, Hash)
   when Algo =:= rsa_pss_rsae orelse
        Algo =:= rsa_pkcs1 ->
     true;
+compare_sign_algos(Algo, none, slhdsa, Algo) ->
+    true;
 compare_sign_algos(Algo, Hash, Algo, Hash) ->
     true;
 compare_sign_algos(_, _, _, _) ->
@@ -1705,25 +1704,17 @@ oids_to_atoms(?'id-RSASSA-PSS', #'RSASSA-PSS-params'{maskGenAlgorithm =
 oids_to_atoms(SignAlgo, _) ->
     public_key:pkix_sign_types(SignAlgo).
 
-%% Note: copied from ssl_handshake
 public_key_algo(?'id-RSASSA-PSS') ->
     rsa_pss_pss;
 public_key_algo(?rsaEncryption) ->
     rsa;
 public_key_algo(?'id-ecPublicKey') ->
     ecdsa;
-public_key_algo(?'id-Ed25519') ->
-    eddsa;
-public_key_algo(?'id-Ed448') ->
-    eddsa;
-public_key_algo(?'id-ml-dsa-44') ->
-    mldsa44;
-public_key_algo(?'id-ml-dsa-65') ->
-    mldsa65;
-public_key_algo(?'id-ml-dsa-87') ->
-    mldsa87;
 public_key_algo(?'id-dsa') ->
-    dsa.
+    dsa;
+public_key_algo(Oid) ->
+    {_, Algo } =public_key:pkix_sign_types(Oid),
+    Algo.
 
 get_signature_scheme_list(undefined) ->
     undefined;

lib/ssl/src/tls_handshake_1_3.hrl

@@ -166,6 +166,20 @@
 -define(MLDSA65, 16#0905).
 -define(MLDSA87, 16#0906).
 
+%% SLH-DSA
+-define(SLHDSA_SHA2_128S, 16#0911).
+-define(SLHDSA_SHA2_128F, 16#0912).
+-define(SLHDSA_SHA2_192S, 16#0913).
+-define(SLHDSA_SHA2_192F, 16#0914).
+-define(SLHDSA_SHA2_256S, 16#0915).
+-define(SLHDSA_SHA2_256F, 16#0916).
+-define(SLHDSA_SHAKE_128S, 16#0917).
+-define(SLHDSA_SHAKE_128F, 16#0918).
+-define(SLHDSA_SHAKE_192S, 16#0919).
+-define(SLHDSA_SHAKE_192F, 16#091A).
+-define(SLHDSA_SHAKE_256S, 16#091B).
+-define(SLHDSA_SHAKE_256F, 16#091C).
+
 %% Legacy algorithms
 -define(RSA_PKCS1_SHA1, 16#201).
 -define(ECDSA_SHA1, 16#0203).