crypto: support SLH-DSA KeyObject, sign, and verify

deps/ncrypto/ncrypto.cc

@@ -25,6 +25,18 @@ constexpr static PQCMapping pqc_mappings[] = {
     {"ML-KEM-512", EVP_PKEY_ML_KEM_512},
     {"ML-KEM-768", EVP_PKEY_ML_KEM_768},
     {"ML-KEM-1024", EVP_PKEY_ML_KEM_1024},
+    {"SLH-DSA-SHA2-128f", EVP_PKEY_SLH_DSA_SHA2_128F},
+    {"SLH-DSA-SHA2-128s", EVP_PKEY_SLH_DSA_SHA2_128S},
+    {"SLH-DSA-SHA2-192f", EVP_PKEY_SLH_DSA_SHA2_192F},
+    {"SLH-DSA-SHA2-192s", EVP_PKEY_SLH_DSA_SHA2_192S},
+    {"SLH-DSA-SHA2-256f", EVP_PKEY_SLH_DSA_SHA2_256F},
+    {"SLH-DSA-SHA2-256s", EVP_PKEY_SLH_DSA_SHA2_256S},
+    {"SLH-DSA-SHAKE-128f", EVP_PKEY_SLH_DSA_SHAKE_128F},
+    {"SLH-DSA-SHAKE-128s", EVP_PKEY_SLH_DSA_SHAKE_128S},
+    {"SLH-DSA-SHAKE-192f", EVP_PKEY_SLH_DSA_SHAKE_192F},
+    {"SLH-DSA-SHAKE-192s", EVP_PKEY_SLH_DSA_SHAKE_192S},
+    {"SLH-DSA-SHAKE-256f", EVP_PKEY_SLH_DSA_SHAKE_256F},
+    {"SLH-DSA-SHAKE-256s", EVP_PKEY_SLH_DSA_SHAKE_256S},
 };
 
 #endif
@@ -2545,6 +2557,18 @@ bool EVPKeyPointer::isOneShotVariant() const {
     case EVP_PKEY_ML_DSA_44:
     case EVP_PKEY_ML_DSA_65:
     case EVP_PKEY_ML_DSA_87:
+    case EVP_PKEY_SLH_DSA_SHA2_128F:
+    case EVP_PKEY_SLH_DSA_SHA2_128S:
+    case EVP_PKEY_SLH_DSA_SHA2_192F:
+    case EVP_PKEY_SLH_DSA_SHA2_192S:
+    case EVP_PKEY_SLH_DSA_SHA2_256F:
+    case EVP_PKEY_SLH_DSA_SHA2_256S:
+    case EVP_PKEY_SLH_DSA_SHAKE_128F:
+    case EVP_PKEY_SLH_DSA_SHAKE_128S:
+    case EVP_PKEY_SLH_DSA_SHAKE_192F:
+    case EVP_PKEY_SLH_DSA_SHAKE_192S:
+    case EVP_PKEY_SLH_DSA_SHAKE_256F:
+    case EVP_PKEY_SLH_DSA_SHAKE_256S:
 #endif
       return true;
     default:

doc/api/crypto.md

@@ -77,23 +77,35 @@ try {
 
 The following table lists the asymmetric key types recognized by the [`KeyObject`][] API:
 
-| Key Type                    | Description    | OID                     |
-| --------------------------- | -------------- | ----------------------- |
-| `'dh'`                      | Diffie-Hellman | 1.2.840.113549.1.3.1    |
-| `'dsa'`                     | DSA            | 1.2.840.10040.4.1       |
-| `'ec'`                      | Elliptic curve | 1.2.840.10045.2.1       |
-| `'ed25519'`                 | Ed25519        | 1.3.101.112             |
-| `'ed448'`                   | Ed448          | 1.3.101.113             |
-| `'ml-dsa-44'`[^openssl35]   | ML-DSA-44      | 2.16.840.1.101.3.4.3.17 |
-| `'ml-dsa-65'`[^openssl35]   | ML-DSA-65      | 2.16.840.1.101.3.4.3.18 |
-| `'ml-dsa-87'`[^openssl35]   | ML-DSA-87      | 2.16.840.1.101.3.4.3.19 |
-| `'ml-kem-1024'`[^openssl35] | ML-KEM-1024    | 2.16.840.1.101.3.4.4.3  |
-| `'ml-kem-512'`[^openssl35]  | ML-KEM-512     | 2.16.840.1.101.3.4.4.1  |
-| `'ml-kem-768'`[^openssl35]  | ML-KEM-768     | 2.16.840.1.101.3.4.4.2  |
-| `'rsa-pss'`                 | RSA PSS        | 1.2.840.113549.1.1.10   |
-| `'rsa'`                     | RSA            | 1.2.840.113549.1.1.1    |
-| `'x25519'`                  | X25519         | 1.3.101.110             |
-| `'x448'`                    | X448           | 1.3.101.111             |
+| Key Type                           | Description        | OID                     |
+| ---------------------------------- | ------------------ | ----------------------- |
+| `'dh'`                             | Diffie-Hellman     | 1.2.840.113549.1.3.1    |
+| `'dsa'`                            | DSA                | 1.2.840.10040.4.1       |
+| `'ec'`                             | Elliptic curve     | 1.2.840.10045.2.1       |
+| `'ed25519'`                        | Ed25519            | 1.3.101.112             |
+| `'ed448'`                          | Ed448              | 1.3.101.113             |
+| `'ml-dsa-44'`[^openssl35]          | ML-DSA-44          | 2.16.840.1.101.3.4.3.17 |
+| `'ml-dsa-65'`[^openssl35]          | ML-DSA-65          | 2.16.840.1.101.3.4.3.18 |
+| `'ml-dsa-87'`[^openssl35]          | ML-DSA-87          | 2.16.840.1.101.3.4.3.19 |
+| `'ml-kem-1024'`[^openssl35]        | ML-KEM-1024        | 2.16.840.1.101.3.4.4.3  |
+| `'ml-kem-512'`[^openssl35]         | ML-KEM-512         | 2.16.840.1.101.3.4.4.1  |
+| `'ml-kem-768'`[^openssl35]         | ML-KEM-768         | 2.16.840.1.101.3.4.4.2  |
+| `'rsa-pss'`                        | RSA PSS            | 1.2.840.113549.1.1.10   |
+| `'rsa'`                            | RSA                | 1.2.840.113549.1.1.1    |
+| `'slh-dsa-sha2-128f'`[^openssl35]  | SLH-DSA-SHA2-128f  | 2.16.840.1.101.3.4.3.21 |
+| `'slh-dsa-sha2-128s'`[^openssl35]  | SLH-DSA-SHA2-128s  | 2.16.840.1.101.3.4.3.22 |
+| `'slh-dsa-sha2-192f'`[^openssl35]  | SLH-DSA-SHA2-192f  | 2.16.840.1.101.3.4.3.23 |
+| `'slh-dsa-sha2-192s'`[^openssl35]  | SLH-DSA-SHA2-192s  | 2.16.840.1.101.3.4.3.24 |
+| `'slh-dsa-sha2-256f'`[^openssl35]  | SLH-DSA-SHA2-256f  | 2.16.840.1.101.3.4.3.25 |
+| `'slh-dsa-sha2-256s'`[^openssl35]  | SLH-DSA-SHA2-256s  | 2.16.840.1.101.3.4.3.26 |
+| `'slh-dsa-shake-128f'`[^openssl35] | SLH-DSA-SHAKE-128f | 2.16.840.1.101.3.4.3.27 |
+| `'slh-dsa-shake-128s'`[^openssl35] | SLH-DSA-SHAKE-128s | 2.16.840.1.101.3.4.3.28 |
+| `'slh-dsa-shake-192f'`[^openssl35] | SLH-DSA-SHAKE-192f | 2.16.840.1.101.3.4.3.29 |
+| `'slh-dsa-shake-192s'`[^openssl35] | SLH-DSA-SHAKE-192s | 2.16.840.1.101.3.4.3.30 |
+| `'slh-dsa-shake-256f'`[^openssl35] | SLH-DSA-SHAKE-256f | 2.16.840.1.101.3.4.3.31 |
+| `'slh-dsa-shake-256s'`[^openssl35] | SLH-DSA-SHAKE-256s | 2.16.840.1.101.3.4.3.32 |
+| `'x25519'`                         | X25519             | 1.3.101.110             |
+| `'x448'`                           | X448               | 1.3.101.111             |
 
 ## Class: `Certificate`
 
@@ -2046,6 +2058,9 @@ Other key details might be exposed via this API using additional attributes.
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA keys.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59461
     description: Add support for ML-KEM keys.
@@ -3675,6 +3690,9 @@ underlying hash function. See [`crypto.createHmac()`][] for more information.
 <!-- YAML
 added: v10.12.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA key pairs.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59461
     description: Add support for ML-KEM key pairs.
@@ -3800,6 +3818,9 @@ a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
 <!-- YAML
 added: v10.12.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA key pairs.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59461
     description: Add support for ML-KEM key pairs.
@@ -5455,6 +5476,9 @@ Throws an error if FIPS mode is not available.
 <!-- YAML
 added: v12.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA signing.
   - version: v24.6.0
     pr-url: https://github.com/nodejs/node/pull/59259
     description: Add support for ML-DSA signing.
@@ -5571,6 +5595,9 @@ not introduce timing vulnerabilities.
 <!-- YAML
 added: v12.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA signature verification.
   - version: v24.6.0
     pr-url: https://github.com/nodejs/node/pull/59259
     description: Add support for ML-DSA signature verification.

lib/internal/crypto/keygen.js

@@ -25,6 +25,18 @@ const {
   EVP_PKEY_ML_KEM_1024,
   EVP_PKEY_ML_KEM_512,
   EVP_PKEY_ML_KEM_768,
+  EVP_PKEY_SLH_DSA_SHA2_128F,
+  EVP_PKEY_SLH_DSA_SHA2_128S,
+  EVP_PKEY_SLH_DSA_SHA2_192F,
+  EVP_PKEY_SLH_DSA_SHA2_192S,
+  EVP_PKEY_SLH_DSA_SHA2_256F,
+  EVP_PKEY_SLH_DSA_SHA2_256S,
+  EVP_PKEY_SLH_DSA_SHAKE_128F,
+  EVP_PKEY_SLH_DSA_SHAKE_128S,
+  EVP_PKEY_SLH_DSA_SHAKE_192F,
+  EVP_PKEY_SLH_DSA_SHAKE_192S,
+  EVP_PKEY_SLH_DSA_SHAKE_256F,
+  EVP_PKEY_SLH_DSA_SHAKE_256S,
   EVP_PKEY_X25519,
   EVP_PKEY_X448,
   OPENSSL_EC_NAMED_CURVE,
@@ -168,7 +180,7 @@ function parseKeyEncoding(keyType, options = kEmptyObject) {
   ];
 }
 
-const ids = {
+const nidOnlyKeyPairs = {
   'ed25519': EVP_PKEY_ED25519,
   'ed448': EVP_PKEY_ED448,
   'x25519': EVP_PKEY_X25519,
@@ -179,6 +191,18 @@ const ids = {
   'ml-kem-512': EVP_PKEY_ML_KEM_512,
   'ml-kem-768': EVP_PKEY_ML_KEM_768,
   'ml-kem-1024': EVP_PKEY_ML_KEM_1024,
+  'slh-dsa-sha2-128f': EVP_PKEY_SLH_DSA_SHA2_128F,
+  'slh-dsa-sha2-128s': EVP_PKEY_SLH_DSA_SHA2_128S,
+  'slh-dsa-sha2-192f': EVP_PKEY_SLH_DSA_SHA2_192F,
+  'slh-dsa-sha2-192s': EVP_PKEY_SLH_DSA_SHA2_192S,
+  'slh-dsa-sha2-256f': EVP_PKEY_SLH_DSA_SHA2_256F,
+  'slh-dsa-sha2-256s': EVP_PKEY_SLH_DSA_SHA2_256S,
+  'slh-dsa-shake-128f': EVP_PKEY_SLH_DSA_SHAKE_128F,
+  'slh-dsa-shake-128s': EVP_PKEY_SLH_DSA_SHAKE_128S,
+  'slh-dsa-shake-192f': EVP_PKEY_SLH_DSA_SHAKE_192F,
+  'slh-dsa-shake-192s': EVP_PKEY_SLH_DSA_SHAKE_192S,
+  'slh-dsa-shake-256f': EVP_PKEY_SLH_DSA_SHAKE_256F,
+  'slh-dsa-shake-256s': EVP_PKEY_SLH_DSA_SHAKE_256S,
 };
 
 function createJob(mode, type, options) {
@@ -293,22 +317,6 @@ function createJob(mode, type, options) {
         paramEncoding,
         ...encoding);
     }
-    case 'ed25519':
-    case 'ed448':
-    case 'x25519':
-    case 'x448':
-    case 'ml-dsa-44':
-    case 'ml-dsa-65':
-    case 'ml-dsa-87':
-    case 'ml-kem-512':
-    case 'ml-kem-768':
-    case 'ml-kem-1024':
-    {
-      if (ids[type] === undefined) {
-        throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
-      }
-      return new NidKeyPairGenJob(mode, ids[type], ...encoding);
-    }
     case 'dh':
     {
       validateObject(options, 'options');
@@ -347,10 +355,13 @@ function createJob(mode, type, options) {
         generator == null ? 2 : generator,
         ...encoding);
     }
-    default:
-      // Fall through
+    default: {
+      if (nidOnlyKeyPairs[type] === undefined) {
+        throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
+      }
+      return new NidKeyPairGenJob(mode, nidOnlyKeyPairs[type], ...encoding);
+    }
   }
-  throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
 }
 
 // Symmetric Key Generation

src/crypto/crypto_keys.cc

@@ -984,6 +984,30 @@ Local<Value> KeyObjectHandle::GetAsymmetricKeyType() const {
       return env()->crypto_ml_kem_768_string();
     case EVP_PKEY_ML_KEM_1024:
       return env()->crypto_ml_kem_1024_string();
+    case EVP_PKEY_SLH_DSA_SHA2_128F:
+      return env()->crypto_slh_dsa_sha2_128f_string();
+    case EVP_PKEY_SLH_DSA_SHA2_128S:
+      return env()->crypto_slh_dsa_sha2_128s_string();
+    case EVP_PKEY_SLH_DSA_SHA2_192F:
+      return env()->crypto_slh_dsa_sha2_192f_string();
+    case EVP_PKEY_SLH_DSA_SHA2_192S:
+      return env()->crypto_slh_dsa_sha2_192s_string();
+    case EVP_PKEY_SLH_DSA_SHA2_256F:
+      return env()->crypto_slh_dsa_sha2_256f_string();
+    case EVP_PKEY_SLH_DSA_SHA2_256S:
+      return env()->crypto_slh_dsa_sha2_256s_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_128F:
+      return env()->crypto_slh_dsa_shake_128f_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_128S:
+      return env()->crypto_slh_dsa_shake_128s_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_192F:
+      return env()->crypto_slh_dsa_shake_192f_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_192S:
+      return env()->crypto_slh_dsa_shake_192s_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_256F:
+      return env()->crypto_slh_dsa_shake_256f_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_256S:
+      return env()->crypto_slh_dsa_shake_256s_string();
 #endif
     default:
       return Undefined(env()->isolate());
@@ -1267,6 +1291,18 @@ void Initialize(Environment* env, Local<Object> target) {
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_KEM_512);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_KEM_768);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_KEM_1024);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_128F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_128S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_192F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_192S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_256F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_256S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_128F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_128S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_192F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_192S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_256F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_256S);
 #endif
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X25519);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X448);

src/env_properties.h

@@ -121,6 +121,18 @@
   V(crypto_ml_kem_512_string, "ml-kem-512")                                    \
   V(crypto_ml_kem_768_string, "ml-kem-768")                                    \
   V(crypto_ml_kem_1024_string, "ml-kem-1024")                                  \
+  V(crypto_slh_dsa_sha2_128f_string, "slh-dsa-sha2-128f")                      \
+  V(crypto_slh_dsa_sha2_128s_string, "slh-dsa-sha2-128s")                      \
+  V(crypto_slh_dsa_sha2_192f_string, "slh-dsa-sha2-192f")                      \
+  V(crypto_slh_dsa_sha2_192s_string, "slh-dsa-sha2-192s")                      \
+  V(crypto_slh_dsa_sha2_256f_string, "slh-dsa-sha2-256f")                      \
+  V(crypto_slh_dsa_sha2_256s_string, "slh-dsa-sha2-256s")                      \
+  V(crypto_slh_dsa_shake_128f_string, "slh-dsa-shake-128f")                    \
+  V(crypto_slh_dsa_shake_128s_string, "slh-dsa-shake-128s")                    \
+  V(crypto_slh_dsa_shake_192f_string, "slh-dsa-shake-192f")                    \
+  V(crypto_slh_dsa_shake_192s_string, "slh-dsa-shake-192s")                    \
+  V(crypto_slh_dsa_shake_256f_string, "slh-dsa-shake-256f")                    \
+  V(crypto_slh_dsa_shake_256s_string, "slh-dsa-shake-256s")                    \
   V(crypto_x25519_string, "x25519")                                            \
   V(crypto_x448_string, "x448")                                                \
   V(crypto_rsa_string, "rsa")                                                  \