ssl: Add SLH-DSA support

Also remove white space errors and too long lines and
no longer needed deprecation supressions.

Author: IngelaAndin

lib/ssl/src/ssl.erl

@@ -424,6 +424,7 @@ still disallow sha1 use in the TLS protocol, since 27.0.1 and 26.2.5.2.
                                  | ecdsa_brainpoolP512r1tls13_sha512
                                  | ecdsa_brainpoolP384r1tls13_sha384
                                  | ecdsa_brainpoolP256r1tls13_sha256
+                                 | post_quantum_schemes()
                                  | rsassa_pss_scheme()
                                  | legacy_sign_scheme() . % exported
 
@@ -439,6 +440,13 @@ Supported in TLS-1.3 and TLS-1.2.
                                  | rsa_pss_pss_sha384
                                  | rsa_pss_pss_sha256.
 
+-doc(#{group => <<"Algorithms">>}).
+-doc """
+Supported in TLS-1.3 only. ML-DSA since 28.1, SLH-DSA since 28.3.
+""".
+-type post_quantum_schemes()       :: crypto:mldsa() | crypto:slh_dsa().
+
+
 -doc(#{group => <<"Algorithms Legacy">>}).
 -doc """
 This is only used for certificate signatures if TLS-1.2 is negotiated,
@@ -3006,33 +3014,45 @@ Example:
 ```erlang
 1> ssl:signature_algs(default, 'tlsv1.3').
 [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,
-ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256,
-rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,
-rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,
-rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,
-{sha512,ecdsa},
-{sha384,ecdsa},
-{sha256,ecdsa}]
+ ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256,
+ ecdsa_brainpoolP512r1tls13_sha512,
+ ecdsa_brainpoolP384r1tls13_sha384,
+ ecdsa_brainpoolP256r1tls13_sha256,rsa_pss_pss_sha512,
+ rsa_pss_pss_sha384,rsa_pss_pss_sha256,rsa_pss_rsae_sha512,
+ rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,mldsa44,mldsa65,
+ mldsa87,rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,
+ {sha512,ecdsa},
+ {sha384,ecdsa},
+ {sha256,ecdsa}]
 
 2> ssl:signature_algs(all, 'tlsv1.3').
-[eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,
-ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256,
-rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,
-rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,
-rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,
-{sha512,ecdsa},
-{sha384,ecdsa},
-{sha256,ecdsa},
-{sha224,ecdsa},
-{sha224,rsa},
-{sha,rsa},
-{sha,dsa}]
-
-3> ssl:signature_algs(exclusive, 'tlsv1.3').
-[eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,
-ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256,
-rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,
-rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256]
+[eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,ecdsa_secp384r1_sha384,
+ ecdsa_secp256r1_sha256,ecdsa_brainpoolP512r1tls13_sha512,
+ ecdsa_brainpoolP384r1tls13_sha384,ecdsa_brainpoolP256r1tls13_sha256,
+ rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,rsa_pss_rsae_sha512,
+ rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,mldsa44,mldsa65,mldsa87,
+ rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,
+ {sha512,ecdsa},
+ {sha384,ecdsa},
+ {sha256,ecdsa},
+ slh_dsa_shake_256f,slh_dsa_shake_256s,slh_dsa_sha2_256f,slh_dsa_sha2_256s,
+ slh_dsa_shake_192f,slh_dsa_shake_192s,slh_dsa_sha2_192f,slh_dsa_sha2_192s,
+ slh_dsa_shake_128f,slh_dsa_shake_128s,slh_dsa_sha2_128f,slh_dsa_sha2_128s,
+ ecdsa_sha1,rsa_pkcs1_sha1,
+ {sha224,ecdsa},
+ {sha224,rsa},
+ {sha,dsa}]
+
+3> [ssl:signature_algs(exclusive, 'tlsv1.3').
+[eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,ecdsa_secp384r1_sha384,
+ ecdsa_secp256r1_sha256,ecdsa_brainpoolP512r1tls13_sha512,
+ ecdsa_brainpoolP384r1tls13_sha384,ecdsa_brainpoolP256r1tls13_sha256,
+ rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,rsa_pss_rsae_sha512,
+ rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,mldsa44,mldsa65,mldsa87,
+ rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,slh_dsa_shake_256f,
+ slh_dsa_shake_256s,slh_dsa_sha2_256f,slh_dsa_sha2_256s,slh_dsa_shake_192f,
+ slh_dsa_shake_192s,slh_dsa_sha2_192f,slh_dsa_sha2_192s,slh_dsa_shake_128f,
+ slh_dsa_shake_128s,slh_dsa_sha2_128f,slh_dsa_sha2_128s]
 ```
 
 > #### Note {: .info }
@@ -3051,19 +3071,22 @@ rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256]
 %%--------------------------------------------------------------------
 
 signature_algs(default, 'tlsv1.3') ->
-    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'), 
+    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'),
                                    tls_record:protocol_version_name('tlsv1.2')]);
 signature_algs(default, 'tlsv1.2') ->
     tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]);
 signature_algs(all, 'tlsv1.3') ->
     tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'),
                                    tls_record:protocol_version_name('tlsv1.2')]) ++
-        [ecdsa_sha1, rsa_pkcs1_sha1 | tls_v1:legacy_signature_algs_pre_13()] -- [{sha, ecdsa}, {sha, rsa}];
+        tls_v1:slh_dsa_schemes() ++
+        [ecdsa_sha1, rsa_pkcs1_sha1 | tls_v1:legacy_signature_algs_pre_13()] --
+        [{sha, ecdsa}, {sha, rsa}];
 signature_algs(all, 'tlsv1.2') ->
-    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]) ++ 
+    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]) ++
         tls_v1:legacy_signature_algs_pre_13();
 signature_algs(exclusive, 'tlsv1.3') ->
-    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3')]);
+    tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3')]) ++
+        tls_v1:slh_dsa_schemes();
 signature_algs(exclusive, 'tlsv1.2') ->
     Algs = tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]),
     Algs ++ tls_v1:legacy_signature_algs_pre_13();

lib/ssl/src/ssl_certificate.erl

@@ -361,7 +361,7 @@ available_cert_key_pairs(CertKeyGroups) ->
 %% Create the prioritized list of cert key pairs that
 %% are availble for use in the negotiated version
 available_cert_key_pairs(CertKeyGroups, ?TLS_1_3) ->
-    RevAlgos = [mldsa, rsa, rsa_pss_pss, ecdsa, eddsa],
+    RevAlgos = [slhdsa, mldsa, rsa, rsa_pss_pss, ecdsa, eddsa],
     cert_key_group_to_list(RevAlgos, CertKeyGroups, []);
 available_cert_key_pairs(CertKeyGroups, ?TLS_1_2) ->
      RevAlgos = [dsa, rsa, rsa_pss_pss, ecdsa],

lib/ssl/src/ssl_cipher.erl

@@ -599,6 +599,18 @@ signature_scheme(ecdsa_sha1) -> ?ECDSA_SHA1;
 signature_scheme(mldsa44) -> ?MLDSA44;
 signature_scheme(mldsa65) -> ?MLDSA65;
 signature_scheme(mldsa87) -> ?MLDSA87;
+signature_scheme(slh_dsa_sha2_128f) -> ?SLHDSA_SHA2_128F;
+signature_scheme(slh_dsa_sha2_128s) -> ?SLHDSA_SHA2_128S;
+signature_scheme(slh_dsa_sha2_192f) -> ?SLHDSA_SHA2_192F;
+signature_scheme(slh_dsa_sha2_192s) -> ?SLHDSA_SHA2_192S;
+signature_scheme(slh_dsa_sha2_256f) -> ?SLHDSA_SHA2_256F;
+signature_scheme(slh_dsa_sha2_256s) -> ?SLHDSA_SHA2_256S;
+signature_scheme(slh_dsa_shake_128f) -> ?SLHDSA_SHAKE_128F;
+signature_scheme(slh_dsa_shake_128s) -> ?SLHDSA_SHAKE_128S;
+signature_scheme(slh_dsa_shake_192f) -> ?SLHDSA_SHAKE_192F;
+signature_scheme(slh_dsa_shake_192s) -> ?SLHDSA_SHAKE_192S;
+signature_scheme(slh_dsa_shake_256f) -> ?SLHDSA_SHAKE_256F;
+signature_scheme(slh_dsa_shake_256s) -> ?SLHDSA_SHAKE_256S;
 
 %% New algorithms on legacy format
 signature_scheme({sha512, rsa_pss_pss}) ->
@@ -641,6 +653,18 @@ signature_scheme(?ECDSA_SHA1) -> ecdsa_sha1;
 signature_scheme(?MLDSA44) -> mldsa44;
 signature_scheme(?MLDSA65) -> mldsa65;
 signature_scheme(?MLDSA87) -> mldsa87;
+signature_scheme(?SLHDSA_SHA2_128F) -> slh_dsa_sha2_128f;
+signature_scheme(?SLHDSA_SHA2_128S) -> slh_dsa_sha2_128s;
+signature_scheme(?SLHDSA_SHA2_192F) -> slh_dsa_sha2_192f;
+signature_scheme(?SLHDSA_SHA2_192S) -> slh_dsa_sha2_192s;
+signature_scheme(?SLHDSA_SHA2_256F) -> slh_dsa_sha2_256f;
+signature_scheme(?SLHDSA_SHA2_256S) -> slh_dsa_sha2_256s;
+signature_scheme(?SLHDSA_SHAKE_128F) -> slh_dsa_shake_128f;
+signature_scheme(?SLHDSA_SHAKE_128S) -> slh_dsa_shake_128s;
+signature_scheme(?SLHDSA_SHAKE_192F) -> slh_dsa_shake_192f;
+signature_scheme(?SLHDSA_SHAKE_192S) -> slh_dsa_shake_192s;
+signature_scheme(?SLHDSA_SHAKE_256F) -> slh_dsa_shake_256f;
+signature_scheme(?SLHDSA_SHAKE_256S) -> slh_dsa_shake_256s;
 
 %% Handling legacy signature algorithms for logging purposes. These algorithms
 %% cannot be used in TLS 1.3 handshakes.
@@ -712,6 +736,18 @@ scheme_to_components(ecdsa_sha1) -> {sha, ecdsa, undefined};
 scheme_to_components(mldsa44) -> {none, mldsa44, undefined};
 scheme_to_components(mldsa65) -> {none, mldsa65, undefined};
 scheme_to_components(mldsa87) -> {none, mldsa87, undefined};
+scheme_to_components(slh_dsa_sha2_128f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_128s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_192f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_192s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_256f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_sha2_256s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_128f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_128s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_192f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_192s = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_256f = Scheme) -> {Scheme, slhdsa, undefined};
+scheme_to_components(slh_dsa_shake_256s = Scheme) -> {Scheme, slhdsa, undefined};
 %% Handling legacy signature algorithms
 scheme_to_components({Hash,Sign}) -> {Hash, Sign, undefined}.
 
@@ -890,6 +926,30 @@ signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-ml-dsa-65'}
     mldsa65;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-ml-dsa-87'}) ->
     mldsa87;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-256f'}) ->
+    slh_dsa_shake_256f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-192f'}) ->
+    slh_dsa_shake_192f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-128f'}) ->
+    slh_dsa_shake_128f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-256s'}) ->
+    slh_dsa_shake_256s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-192s'}) ->
+    slh_dsa_shake_192s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-shake-128s'}) ->
+    slh_dsa_shake_128s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-256f'}) ->
+    slh_dsa_sha2_256f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-192f'}) ->
+    slh_dsa_sha2_192f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-128f'}) ->
+    slh_dsa_sha2_128f;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-256s'}) ->
+    slh_dsa_sha2_256s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-192s'}) ->
+    slh_dsa_sha2_192s;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?'id-slh-dsa-sha2-128s'}) ->
+    slh_dsa_sha2_128s;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha256WithRSAEncryption}) ->
     rsa_pkcs1_sha256;
 signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha384WithRSAEncryption}) ->

lib/ssl/src/ssl_config.erl

@@ -162,6 +162,7 @@ group_pairs([#{certs := []}]) ->
       rsa_pss_pss => [],
       rsa => [],
       mldsa => [],
+      slhdsa => [],
       dsa => []
      };
 group_pairs(Pairs) ->
@@ -170,6 +171,7 @@ group_pairs(Pairs) ->
                          rsa_pss_pss => [],
                          rsa => [],
                          mldsa => [],
+                         slhdsa => [],
                          dsa => []
                         }).
 
@@ -188,6 +190,8 @@ group_pairs([#{private_key := #'RSAPrivateKey'{}} = Pair | Rest], #{rsa := RSA}
     group_pairs(Rest, Group#{rsa => [Pair | RSA]});
 group_pairs([#{private_key := #'ML-DSAPrivateKey'{}} = Pair | Rest], #{mldsa := MLDSA} = Group) ->
     group_pairs(Rest, Group#{mldsa => [Pair | MLDSA]});
+group_pairs([#{private_key := #'SLH-DSAPrivateKey'{}} = Pair | Rest], #{slhdsa := SLHDSA} = Group) ->
+    group_pairs(Rest, Group#{slhdsa => [Pair | SLHDSA]});
 group_pairs([#{private_key := #'DSAPrivateKey'{}} = Pair | Rest], #{dsa := DSA} = Group) ->
     group_pairs(Rest, Group#{dsa => [Pair | DSA]});
 group_pairs([#{private_key := #{algorithm := dss, engine := _}} = Pair | Rest], Group) ->
@@ -207,13 +211,15 @@ prioritize_groups(#{eddsa := EDDSA,
                     rsa_pss_pss := RSAPSS,
                     rsa := RSA,
                     mldsa := MLDSA,
+                    slhdsa := SLHDSA,
                     dsa := DSA} = CertKeyGroups, Opts) ->
     EC = ecdsa_support(Opts),
     CertKeyGroups#{eddsa => prio_eddsa(EDDSA),
                    ecdsa => prio_ecdsa(ECDSA, EC),
                    rsa_pss_pss => prio_rsa_pss(RSAPSS),
                    rsa => prio_rsa(RSA),
                    mldsa => prio_mldsa(MLDSA),
+                   slhdsa => prio_slhdsa(SLHDSA),
                    dsa => prio_dsa(DSA)}.
 prio_eddsa(EDDSA) ->
     %% Engine not supported yet
@@ -276,6 +282,12 @@ prio_mldsa(MLDSA) ->
     SignFunPairs
         ++ lists:keysort(#'ML-DSAPrivateKey'.algorithm, MLDSA -- SignFunPairs).
 
+prio_slhdsa(SLHDSA) ->
+    %% Engine not supported yet
+    SignFunPairs = [Pair || Pair = #{private_key := #{sign_fun := _}} <- SLHDSA],
+    SignFunPairs
+        ++ lists:keysort(#'SLH-DSAPrivateKey'.algorithm, SLHDSA -- SignFunPairs).
+
 prio_dsa(DSA) ->
     Order = fun(#{key := #'DSAPrivateKey'{q = N}},
                 #{key := #'DSAPrivateKey'{q = M}}) when M > N ->
@@ -309,6 +321,22 @@ private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
                                   #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-ml-dsa-87'},
                               privateKey = DerKey}) ->
     mldsa_priv_key_dec('ML-DSA-87-PrivateKey', DerKey,  #'ML-DSAPrivateKey'{algorithm = mldsa87});
+private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+                                  #'PrivateKeyInfo_privateKeyAlgorithm'{
+                                     algorithm = Algorithm},
+                              privateKey = DerKey}) when  Algorithm == ?'id-slh-dsa-sha2-128f';
+                                                          Algorithm == ?'id-slh-dsa-sha2-128s';
+                                                          Algorithm == ?'id-slh-dsa-sha2-192f';
+                                                          Algorithm == ?'id-slh-dsa-sha2-192s';
+                                                          Algorithm == ?'id-slh-dsa-sha2-256f';
+                                                          Algorithm == ?'id-slh-dsa-sha2-256s';
+                                                          Algorithm == ?'id-slh-dsa-shake-128f';
+                                                          Algorithm == ?'id-slh-dsa-shake-128s';
+                                                          Algorithm == ?'id-slh-dsa-shake-192f';
+                                                          Algorithm == ?'id-slh-dsa-shake-192s';
+                                                          Algorithm == ?'id-slh-dsa-shake-256f';
+                                                          Algorithm == ?'id-slh-dsa-shake-256s' ->
+    public_key:der_decode('SLH-DSA-PrivateKey', DerKey);
 private_key(#'PrivateKeyInfo'{privateKeyAlgorithm = 
                                   #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-ecPublicKey',
                                                                         parameters =  {asn1_OPENTYPE, Parameters}},
@@ -2240,6 +2268,8 @@ check_key(#'ECPrivateKey'{}) ->
     ok;
 check_key(#'ML-DSAPrivateKey'{}) ->
     ok;
+check_key(#'SLH-DSAPrivateKey'{}) ->
+    ok;
 check_key(NotKey) ->
     {error, {unexpected_content, NotKey}}.
 

lib/ssl/src/ssl_connection.hrl

@@ -119,6 +119,7 @@
                           cert_key_alts  = undefined ::  #{eddsa => list(),
                                                            ecdsa => list(),
                                                            mldsa => list(),
+                                                           slhdsa => list(),
                                                            rsa_pss_pss => list(),
                                                            rsa => list(),
                                                            dsa => list()

lib/ssl/src/ssl_handshake.erl

@@ -50,15 +50,6 @@
 			 #client_key_exchange{} | #finished{} | #certificate_verify{} |
 			 #hello_request{} | #next_protocol{} | #end_of_early_data{}.
 
-%% Needed for legacy TLS-1.0 and TLS-1.1 functionality
--compile({nowarn_deprecated_function, [{crypto, private_encrypt, 4},
-                                       {crypto, private_decrypt, 4},
-                                       {public_key, encrypt_private, 3},
-                                       {public_key, decrypt_private, 3},
-                                       {public_key, encrypt_public, 3},
-                                       {public_key, decrypt_public, 3}
-                                      ]}).
-
 %% Create handshake messages
 -export([hello_request/0,
          server_hello/4,
@@ -462,6 +453,8 @@ verify_signature(?TLS_1_3, Msg, {_, mldsa65}, Signature,
 verify_signature(?TLS_1_3, Msg, {_, mldsa87}, Signature,
                  {?'id-ml-dsa-87', #'ML-DSAPublicKey'{algorithm = mldsa87} = PubKey,_}) ->
     public_key:verify(Msg, none, Signature, PubKey);
+verify_signature(?TLS_1_3, Msg, {_ , slhdsa}, Signature, {_, #'SLH-DSAPublicKey'{} = PubKey,_}) ->
+    public_key:verify(Msg, none, Signature, PubKey);
 verify_signature(?TLS_1_3, Msg, {_, eddsa}, Signature, {?'id-Ed25519', PubKey, PubKeyParams}) ->
     public_key:verify(Msg, none, Signature, {PubKey, PubKeyParams});
 verify_signature(?TLS_1_3, Msg, {_, eddsa}, Signature, {?'id-Ed448', PubKey, PubKeyParams}) ->
@@ -2220,6 +2213,11 @@ do_digitally_signed(Version, Msg, HashAlgo, #'ML-DSAPrivateKey'{}= Key,
                                     SignAlgo == mldsa65 orelse
                                     SignAlgo == mldsa87) ->
     public_key:sign(Msg, HashAlgo, Key);
+do_digitally_signed(Version, Msg, _, #'SLH-DSAPrivateKey'{}= Key,
+                    slhdsa) when ?TLS_GTE(Version, ?TLS_1_3) ->
+    %% HashAlgo will in this case be the full scheme that public_key/crypto deduces from the key.
+    %% and none should be used for second argument.
+    public_key:sign(Msg, none, Key);
 do_digitally_signed(Version, Msg, HashAlgo, {#'RSAPrivateKey'{} = Key,
                                              #'RSASSA-PSS-params'{}},
                     SignAlgo) when ?TLS_GTE(Version, ?TLS_1_2) ->
@@ -2286,6 +2284,8 @@ bad_key(#'ECPrivateKey'{}) ->
     unacceptable_ecdsa_key;
 bad_key(#'ML-DSAPrivateKey'{}) ->
     unacceptable_mldsa_key;
+bad_key(#'SLH-DSAPrivateKey'{}) ->
+    unacceptable_slhdsa_key;
 bad_key(#{algorithm := rsa}) ->
     unacceptable_rsa_key;
 bad_key(#{algorithm := rsa_pss_pss}) ->