Ingela/ssl/public key/pqa slh dsa/otp 19867

[IngelaAndin]

Add support in public_key and ssl for SLH-DSA

[github-actions]

CT Test Results

    4 files     75 suites   26m 7s ⏱️
1 107 tests   634 ✅   145 💤 328 ❌
4 797 runs  2 593 ✅ 1 491 💤 713 ❌

For more details on these failures, see this check.

Results for commit 3c26cd2.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

• Complete CT logs (Download Logs)
• No HTML docs found
• Windows Installer

// Erlang/OTP Github Action Bot

[Copilot]

Pull request overview

This pull request adds comprehensive support for SLH-DSA (Stateless Hash-Based Digital Signature Algorithm), a post-quantum cryptographic signature scheme, to both the public_key and ssl libraries in Erlang/OTP. The implementation follows patterns established by the existing ML-DSA support.

Key Changes

• Added 12 SLH-DSA algorithm variants (SHA2 and SHAKE variants with 128s/f, 192s/f, and 256s/f parameter sets)
• Implemented SLH-DSA key generation, signing, and verification in public_key module
• Extended SSL/TLS 1.3 handshake support for SLH-DSA signature schemes
• Added comprehensive test coverage including key encoding/decoding, signing/verification, and certificate tests

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
lib/ssl/test/ssl_test_lib.erl	Added test helper functions for SLH-DSA signature algorithms and key specifications
lib/ssl/test/ssl_cert_tests.erl	Added SLH-DSA SHA2 and SHAKE configuration functions and key generation utilities
lib/ssl/test/ssl_cert_SUITE.erl	Added SLH-DSA test groups to the test suite
lib/ssl/src/tls_v1.erl	Added slh_dsa_schemes/0 function and signature scheme handling for all 12 SLH-DSA variants
lib/ssl/src/tls_handshake_1_3.hrl	Defined signature scheme constants for all SLH-DSA variants
lib/ssl/src/tls_handshake_1_3.erl	Updated signature algorithm selection and verification logic for SLH-DSA
lib/ssl/src/ssl_handshake.erl	Added SLH-DSA signature verification and signing support
lib/ssl/src/ssl_config.erl	Added SLH-DSA private key handling and prioritization logic (with bug)
lib/ssl/src/ssl_cipher.erl	Added signature scheme encoding/decoding for all SLH-DSA variants
lib/ssl/src/ssl_certificate.erl	Added SLH-DSA to available certificate key pairs for TLS 1.3
lib/ssl/src/ssl.erl	Added post_quantum_schemes type and signature algorithm handling (with bug)
lib/public_key/test/public_key_SUITE_data/*.pem	Added test PEM files for SLH-DSA keys and certificates
lib/public_key/test/public_key_SUITE.erl	Added SLH-DSA key encoding/decoding and signing/verification tests
lib/public_key/src/public_key_internal.hrl	Defined SLH-DSAPrivateKey and SLH-DSAPublicKey records
lib/public_key/src/public_key.erl	Implemented key generation, encoding/decoding, signing, and verification for SLH-DSA
lib/public_key/src/pubkey_cert_records.erl	Added OID to algorithm mapping functions for SLH-DSA
lib/public_key/src/pubkey_cert.erl	Added SLH-DSA signature verification and encoding support
lib/public_key/include/public_key.hrl	Defined public SLH-DSA record types and OID macros
lib/public_key/asn1/SLH-DSA-Module-2024.asn1	Added complete ASN.1 module defining SLH-DSA structures per RFC specification
lib/public_key/asn1/Makefile	Added SLH-DSA-Module-2024 to ASN.1 compilation list
lib/crypto/src/crypto.erl	Exported slh_dsa/0 type

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 24 out of 24 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.