From 42cceddc23987d2b7490e1c47a1a42f5849fec62 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Wed, 13 Aug 2025 17:47:37 +0200
Subject: [PATCH 1/2] crypto: support SLH-DSA KeyObject, sign, and verify

---
 deps/ncrypto/ncrypto.cc                       | 24 +++++
 doc/api/crypto.md                             | 61 ++++++++----
 lib/internal/crypto/keygen.js                 | 51 ++++++----
 src/crypto/crypto_keys.cc                     | 36 +++++++
 src/env_properties.h                          | 12 +++
 test/fixtures/keys/Makefile                   | 96 +++++++++++++++++++
 .../keys/slh_dsa_sha2_128f_private.pem        |  4 +
 .../keys/slh_dsa_sha2_128f_public.pem         |  4 +
 .../keys/slh_dsa_sha2_128s_private.pem        |  4 +
 .../keys/slh_dsa_sha2_128s_public.pem         |  4 +
 .../keys/slh_dsa_sha2_192f_private.pem        |  5 +
 .../keys/slh_dsa_sha2_192f_public.pem         |  4 +
 .../keys/slh_dsa_sha2_192s_private.pem        |  5 +
 .../keys/slh_dsa_sha2_192s_public.pem         |  4 +
 .../keys/slh_dsa_sha2_256f_private.pem        |  6 ++
 .../keys/slh_dsa_sha2_256f_public.pem         |  4 +
 .../keys/slh_dsa_sha2_256s_private.pem        |  6 ++
 .../keys/slh_dsa_sha2_256s_public.pem         |  4 +
 .../keys/slh_dsa_shake_128f_private.pem       |  4 +
 .../keys/slh_dsa_shake_128f_public.pem        |  4 +
 .../keys/slh_dsa_shake_128s_private.pem       |  4 +
 .../keys/slh_dsa_shake_128s_public.pem        |  4 +
 .../keys/slh_dsa_shake_192f_private.pem       |  5 +
 .../keys/slh_dsa_shake_192f_public.pem        |  4 +
 .../keys/slh_dsa_shake_192s_private.pem       |  5 +
 .../keys/slh_dsa_shake_192s_public.pem        |  4 +
 .../keys/slh_dsa_shake_256f_private.pem       |  6 ++
 .../keys/slh_dsa_shake_256f_public.pem        |  4 +
 .../keys/slh_dsa_shake_256s_private.pem       |  6 ++
 .../keys/slh_dsa_shake_256s_public.pem        |  4 +
 .../test-crypto-pqc-key-objects-slh-dsa.js    | 74 ++++++++++++++
 .../test-crypto-pqc-keygen-slh-dsa.js         | 54 +++++++++++
 .../test-crypto-pqc-sign-verify-slh-dsa.mjs   | 63 ++++++++++++
 33 files changed, 542 insertions(+), 37 deletions(-)
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_128f_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_128f_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_128s_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_128s_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_192f_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_192f_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_192s_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_192s_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_256f_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_256f_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_256s_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_sha2_256s_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_128f_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_128f_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_128s_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_128s_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_192f_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_192f_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_192s_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_192s_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_256f_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_256f_public.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_256s_private.pem
 create mode 100644 test/fixtures/keys/slh_dsa_shake_256s_public.pem
 create mode 100644 test/parallel/test-crypto-pqc-key-objects-slh-dsa.js
 create mode 100644 test/parallel/test-crypto-pqc-keygen-slh-dsa.js
 create mode 100644 test/pummel/test-crypto-pqc-sign-verify-slh-dsa.mjs

diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
index 290c3a816fe310..419824b3891f38 100644
--- a/deps/ncrypto/ncrypto.cc
+++ b/deps/ncrypto/ncrypto.cc
@@ -25,6 +25,18 @@ constexpr static PQCMapping pqc_mappings[] = {
     {"ML-KEM-512", EVP_PKEY_ML_KEM_512},
     {"ML-KEM-768", EVP_PKEY_ML_KEM_768},
     {"ML-KEM-1024", EVP_PKEY_ML_KEM_1024},
+    {"SLH-DSA-SHA2-128f", EVP_PKEY_SLH_DSA_SHA2_128F},
+    {"SLH-DSA-SHA2-128s", EVP_PKEY_SLH_DSA_SHA2_128S},
+    {"SLH-DSA-SHA2-192f", EVP_PKEY_SLH_DSA_SHA2_192F},
+    {"SLH-DSA-SHA2-192s", EVP_PKEY_SLH_DSA_SHA2_192S},
+    {"SLH-DSA-SHA2-256f", EVP_PKEY_SLH_DSA_SHA2_256F},
+    {"SLH-DSA-SHA2-256s", EVP_PKEY_SLH_DSA_SHA2_256S},
+    {"SLH-DSA-SHAKE-128f", EVP_PKEY_SLH_DSA_SHAKE_128F},
+    {"SLH-DSA-SHAKE-128s", EVP_PKEY_SLH_DSA_SHAKE_128S},
+    {"SLH-DSA-SHAKE-192f", EVP_PKEY_SLH_DSA_SHAKE_192F},
+    {"SLH-DSA-SHAKE-192s", EVP_PKEY_SLH_DSA_SHAKE_192S},
+    {"SLH-DSA-SHAKE-256f", EVP_PKEY_SLH_DSA_SHAKE_256F},
+    {"SLH-DSA-SHAKE-256s", EVP_PKEY_SLH_DSA_SHAKE_256S},
 };
 
 #endif
@@ -2545,6 +2557,18 @@ bool EVPKeyPointer::isOneShotVariant() const {
     case EVP_PKEY_ML_DSA_44:
     case EVP_PKEY_ML_DSA_65:
     case EVP_PKEY_ML_DSA_87:
+    case EVP_PKEY_SLH_DSA_SHA2_128F:
+    case EVP_PKEY_SLH_DSA_SHA2_128S:
+    case EVP_PKEY_SLH_DSA_SHA2_192F:
+    case EVP_PKEY_SLH_DSA_SHA2_192S:
+    case EVP_PKEY_SLH_DSA_SHA2_256F:
+    case EVP_PKEY_SLH_DSA_SHA2_256S:
+    case EVP_PKEY_SLH_DSA_SHAKE_128F:
+    case EVP_PKEY_SLH_DSA_SHAKE_128S:
+    case EVP_PKEY_SLH_DSA_SHAKE_192F:
+    case EVP_PKEY_SLH_DSA_SHAKE_192S:
+    case EVP_PKEY_SLH_DSA_SHAKE_256F:
+    case EVP_PKEY_SLH_DSA_SHAKE_256S:
 #endif
       return true;
     default:
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index a95a2a4173f32f..765b3d505e6f0c 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -77,23 +77,35 @@ try {
 
 The following table lists the asymmetric key types recognized by the [`KeyObject`][] API:
 
-| Key Type                    | Description    | OID                     |
-| --------------------------- | -------------- | ----------------------- |
-| `'dh'`                      | Diffie-Hellman | 1.2.840.113549.1.3.1    |
-| `'dsa'`                     | DSA            | 1.2.840.10040.4.1       |
-| `'ec'`                      | Elliptic curve | 1.2.840.10045.2.1       |
-| `'ed25519'`                 | Ed25519        | 1.3.101.112             |
-| `'ed448'`                   | Ed448          | 1.3.101.113             |
-| `'ml-dsa-44'`[^openssl35]   | ML-DSA-44      | 2.16.840.1.101.3.4.3.17 |
-| `'ml-dsa-65'`[^openssl35]   | ML-DSA-65      | 2.16.840.1.101.3.4.3.18 |
-| `'ml-dsa-87'`[^openssl35]   | ML-DSA-87      | 2.16.840.1.101.3.4.3.19 |
-| `'ml-kem-1024'`[^openssl35] | ML-KEM-1024    | 2.16.840.1.101.3.4.4.3  |
-| `'ml-kem-512'`[^openssl35]  | ML-KEM-512     | 2.16.840.1.101.3.4.4.1  |
-| `'ml-kem-768'`[^openssl35]  | ML-KEM-768     | 2.16.840.1.101.3.4.4.2  |
-| `'rsa-pss'`                 | RSA PSS        | 1.2.840.113549.1.1.10   |
-| `'rsa'`                     | RSA            | 1.2.840.113549.1.1.1    |
-| `'x25519'`                  | X25519         | 1.3.101.110             |
-| `'x448'`                    | X448           | 1.3.101.111             |
+| Key Type                           | Description        | OID                         |
+| ---------------------------------- | ------------------ | --------------------------- |
+| `'dh'`                             | Diffie-Hellman     | 1.2.840.113549.1.3.1        |
+| `'dsa'`                            | DSA                | 1.2.840.10040.4.1           |
+| `'ec'`                             | Elliptic curve     | 1.2.840.10045.2.1           |
+| `'ed25519'`                        | Ed25519            | 1.3.101.112                 |
+| `'ed448'`                          | Ed448              | 1.3.101.113                 |
+| `'ml-dsa-44'`[^openssl35]          | ML-DSA-44          | 2.16.840.1.101.3.4.3.17     |
+| `'ml-dsa-65'`[^openssl35]          | ML-DSA-65          | 2.16.840.1.101.3.4.3.18     |
+| `'ml-dsa-87'`[^openssl35]          | ML-DSA-87          | 2.16.840.1.101.3.4.3.19     |
+| `'ml-kem-1024'`[^openssl35]        | ML-KEM-1024        | 2.16.840.1.101.3.4.4.3      |
+| `'ml-kem-512'`[^openssl35]         | ML-KEM-512         | 2.16.840.1.101.3.4.4.1      |
+| `'ml-kem-768'`[^openssl35]         | ML-KEM-768         | 2.16.840.1.101.3.4.4.2      |
+| `'rsa-pss'`                        | RSA PSS            | 1.2.840.113549.1.1.10       |
+| `'rsa'`                            | RSA                | 1.2.840.113549.1.1.1        |
+| `'slh-dsa-sha2-128f'`[^openssl35]  | SLH-DSA-SHA2-128f  | OID 2.16.840.1.101.3.4.3.21 |
+| `'slh-dsa-sha2-128s'`[^openssl35]  | SLH-DSA-SHA2-128s  | OID 2.16.840.1.101.3.4.3.22 |
+| `'slh-dsa-sha2-192f'`[^openssl35]  | SLH-DSA-SHA2-192f  | OID 2.16.840.1.101.3.4.3.23 |
+| `'slh-dsa-sha2-192s'`[^openssl35]  | SLH-DSA-SHA2-192s  | OID 2.16.840.1.101.3.4.3.24 |
+| `'slh-dsa-sha2-256f'`[^openssl35]  | SLH-DSA-SHA2-256f  | OID 2.16.840.1.101.3.4.3.25 |
+| `'slh-dsa-sha2-256s'`[^openssl35]  | SLH-DSA-SHA2-256s  | OID 2.16.840.1.101.3.4.3.26 |
+| `'slh-dsa-shake-128f'`[^openssl35] | SLH-DSA-SHAKE-128f | OID 2.16.840.1.101.3.4.3.27 |
+| `'slh-dsa-shake-128s'`[^openssl35] | SLH-DSA-SHAKE-128s | OID 2.16.840.1.101.3.4.3.28 |
+| `'slh-dsa-shake-192f'`[^openssl35] | SLH-DSA-SHAKE-192f | OID 2.16.840.1.101.3.4.3.29 |
+| `'slh-dsa-shake-192s'`[^openssl35] | SLH-DSA-SHAKE-192s | OID 2.16.840.1.101.3.4.3.30 |
+| `'slh-dsa-shake-256f'`[^openssl35] | SLH-DSA-SHAKE-256f | OID 2.16.840.1.101.3.4.3.31 |
+| `'slh-dsa-shake-256s'`[^openssl35] | SLH-DSA-SHAKE-256s | OID 2.16.840.1.101.3.4.3.32 |
+| `'x25519'`                         | X25519             | 1.3.101.110                 |
+| `'x448'`                           | X448               | 1.3.101.111                 |
 
 ## Class: `Certificate`
 
@@ -2046,6 +2058,9 @@ Other key details might be exposed via this API using additional attributes.
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA keys.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59461
     description: Add support for ML-KEM keys.
@@ -3675,6 +3690,9 @@ underlying hash function. See [`crypto.createHmac()`][] for more information.
 <!-- YAML
 added: v10.12.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA key pairs.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59461
     description: Add support for ML-KEM key pairs.
@@ -3800,6 +3818,9 @@ a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
 <!-- YAML
 added: v10.12.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA key pairs.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59461
     description: Add support for ML-KEM key pairs.
@@ -5455,6 +5476,9 @@ Throws an error if FIPS mode is not available.
 <!-- YAML
 added: v12.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA signing.
   - version: v24.6.0
     pr-url: https://github.com/nodejs/node/pull/59259
     description: Add support for ML-DSA signing.
@@ -5571,6 +5595,9 @@ not introduce timing vulnerabilities.
 <!-- YAML
 added: v12.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59537
+    description: Add support for SLH-DSA signature verification.
   - version: v24.6.0
     pr-url: https://github.com/nodejs/node/pull/59259
     description: Add support for ML-DSA signature verification.
diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js
index 7e11dd9d98b98a..a612430af86db5 100644
--- a/lib/internal/crypto/keygen.js
+++ b/lib/internal/crypto/keygen.js
@@ -25,6 +25,18 @@ const {
   EVP_PKEY_ML_KEM_1024,
   EVP_PKEY_ML_KEM_512,
   EVP_PKEY_ML_KEM_768,
+  EVP_PKEY_SLH_DSA_SHA2_128F,
+  EVP_PKEY_SLH_DSA_SHA2_128S,
+  EVP_PKEY_SLH_DSA_SHA2_192F,
+  EVP_PKEY_SLH_DSA_SHA2_192S,
+  EVP_PKEY_SLH_DSA_SHA2_256F,
+  EVP_PKEY_SLH_DSA_SHA2_256S,
+  EVP_PKEY_SLH_DSA_SHAKE_128F,
+  EVP_PKEY_SLH_DSA_SHAKE_128S,
+  EVP_PKEY_SLH_DSA_SHAKE_192F,
+  EVP_PKEY_SLH_DSA_SHAKE_192S,
+  EVP_PKEY_SLH_DSA_SHAKE_256F,
+  EVP_PKEY_SLH_DSA_SHAKE_256S,
   EVP_PKEY_X25519,
   EVP_PKEY_X448,
   OPENSSL_EC_NAMED_CURVE,
@@ -168,7 +180,7 @@ function parseKeyEncoding(keyType, options = kEmptyObject) {
   ];
 }
 
-const ids = {
+const nidOnlyKeyPairs = {
   'ed25519': EVP_PKEY_ED25519,
   'ed448': EVP_PKEY_ED448,
   'x25519': EVP_PKEY_X25519,
@@ -179,6 +191,18 @@ const ids = {
   'ml-kem-512': EVP_PKEY_ML_KEM_512,
   'ml-kem-768': EVP_PKEY_ML_KEM_768,
   'ml-kem-1024': EVP_PKEY_ML_KEM_1024,
+  'slh-dsa-sha2-128f': EVP_PKEY_SLH_DSA_SHA2_128F,
+  'slh-dsa-sha2-128s': EVP_PKEY_SLH_DSA_SHA2_128S,
+  'slh-dsa-sha2-192f': EVP_PKEY_SLH_DSA_SHA2_192F,
+  'slh-dsa-sha2-192s': EVP_PKEY_SLH_DSA_SHA2_192S,
+  'slh-dsa-sha2-256f': EVP_PKEY_SLH_DSA_SHA2_256F,
+  'slh-dsa-sha2-256s': EVP_PKEY_SLH_DSA_SHA2_256S,
+  'slh-dsa-shake-128f': EVP_PKEY_SLH_DSA_SHAKE_128F,
+  'slh-dsa-shake-128s': EVP_PKEY_SLH_DSA_SHAKE_128S,
+  'slh-dsa-shake-192f': EVP_PKEY_SLH_DSA_SHAKE_192F,
+  'slh-dsa-shake-192s': EVP_PKEY_SLH_DSA_SHAKE_192S,
+  'slh-dsa-shake-256f': EVP_PKEY_SLH_DSA_SHAKE_256F,
+  'slh-dsa-shake-256s': EVP_PKEY_SLH_DSA_SHAKE_256S,
 };
 
 function createJob(mode, type, options) {
@@ -293,22 +317,6 @@ function createJob(mode, type, options) {
         paramEncoding,
         ...encoding);
     }
-    case 'ed25519':
-    case 'ed448':
-    case 'x25519':
-    case 'x448':
-    case 'ml-dsa-44':
-    case 'ml-dsa-65':
-    case 'ml-dsa-87':
-    case 'ml-kem-512':
-    case 'ml-kem-768':
-    case 'ml-kem-1024':
-    {
-      if (ids[type] === undefined) {
-        throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
-      }
-      return new NidKeyPairGenJob(mode, ids[type], ...encoding);
-    }
     case 'dh':
     {
       validateObject(options, 'options');
@@ -347,10 +355,13 @@ function createJob(mode, type, options) {
         generator == null ? 2 : generator,
         ...encoding);
     }
-    default:
-      // Fall through
+    default: {
+      if (nidOnlyKeyPairs[type] === undefined) {
+        throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
+      }
+      return new NidKeyPairGenJob(mode, nidOnlyKeyPairs[type], ...encoding);
+    }
   }
-  throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
 }
 
 // Symmetric Key Generation
diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
index 6f319eddefd570..c0c37bfd3d4eaf 100644
--- a/src/crypto/crypto_keys.cc
+++ b/src/crypto/crypto_keys.cc
@@ -984,6 +984,30 @@ Local<Value> KeyObjectHandle::GetAsymmetricKeyType() const {
       return env()->crypto_ml_kem_768_string();
     case EVP_PKEY_ML_KEM_1024:
       return env()->crypto_ml_kem_1024_string();
+    case EVP_PKEY_SLH_DSA_SHA2_128F:
+      return env()->crypto_slh_dsa_sha2_128f_string();
+    case EVP_PKEY_SLH_DSA_SHA2_128S:
+      return env()->crypto_slh_dsa_sha2_128s_string();
+    case EVP_PKEY_SLH_DSA_SHA2_192F:
+      return env()->crypto_slh_dsa_sha2_192f_string();
+    case EVP_PKEY_SLH_DSA_SHA2_192S:
+      return env()->crypto_slh_dsa_sha2_192s_string();
+    case EVP_PKEY_SLH_DSA_SHA2_256F:
+      return env()->crypto_slh_dsa_sha2_256f_string();
+    case EVP_PKEY_SLH_DSA_SHA2_256S:
+      return env()->crypto_slh_dsa_sha2_256s_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_128F:
+      return env()->crypto_slh_dsa_shake_128f_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_128S:
+      return env()->crypto_slh_dsa_shake_128s_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_192F:
+      return env()->crypto_slh_dsa_shake_192f_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_192S:
+      return env()->crypto_slh_dsa_shake_192s_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_256F:
+      return env()->crypto_slh_dsa_shake_256f_string();
+    case EVP_PKEY_SLH_DSA_SHAKE_256S:
+      return env()->crypto_slh_dsa_shake_256s_string();
 #endif
     default:
       return Undefined(env()->isolate());
@@ -1267,6 +1291,18 @@ void Initialize(Environment* env, Local<Object> target) {
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_KEM_512);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_KEM_768);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_KEM_1024);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_128F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_128S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_192F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_192S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_256F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHA2_256S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_128F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_128S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_192F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_192S);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_256F);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SLH_DSA_SHAKE_256S);
 #endif
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X25519);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X448);
diff --git a/src/env_properties.h b/src/env_properties.h
index 3687027c8ae939..945f4ffae4d97a 100644
--- a/src/env_properties.h
+++ b/src/env_properties.h
@@ -121,6 +121,18 @@
   V(crypto_ml_kem_512_string, "ml-kem-512")                                    \
   V(crypto_ml_kem_768_string, "ml-kem-768")                                    \
   V(crypto_ml_kem_1024_string, "ml-kem-1024")                                  \
+  V(crypto_slh_dsa_sha2_128f_string, "slh-dsa-sha2-128f")                      \
+  V(crypto_slh_dsa_sha2_128s_string, "slh-dsa-sha2-128s")                      \
+  V(crypto_slh_dsa_sha2_192f_string, "slh-dsa-sha2-192f")                      \
+  V(crypto_slh_dsa_sha2_192s_string, "slh-dsa-sha2-192s")                      \
+  V(crypto_slh_dsa_sha2_256f_string, "slh-dsa-sha2-256f")                      \
+  V(crypto_slh_dsa_sha2_256s_string, "slh-dsa-sha2-256s")                      \
+  V(crypto_slh_dsa_shake_128f_string, "slh-dsa-shake-128f")                    \
+  V(crypto_slh_dsa_shake_128s_string, "slh-dsa-shake-128s")                    \
+  V(crypto_slh_dsa_shake_192f_string, "slh-dsa-shake-192f")                    \
+  V(crypto_slh_dsa_shake_192s_string, "slh-dsa-shake-192s")                    \
+  V(crypto_slh_dsa_shake_256f_string, "slh-dsa-shake-256f")                    \
+  V(crypto_slh_dsa_shake_256s_string, "slh-dsa-shake-256s")                    \
   V(crypto_x25519_string, "x25519")                                            \
   V(crypto_x448_string, "x448")                                                \
   V(crypto_rsa_string, "rsa")                                                  \
diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
index e0d488e56a1533..b78bea659628c5 100644
--- a/test/fixtures/keys/Makefile
+++ b/test/fixtures/keys/Makefile
@@ -122,6 +122,30 @@ all: \
   ml_kem_1024_private_seed_only.pem \
   ml_kem_1024_private_priv_only.pem \
   ml_kem_1024_public.pem \
+  slh_dsa_sha2_128s_private.pem \
+  slh_dsa_sha2_128s_public.pem \
+  slh_dsa_sha2_128f_private.pem \
+  slh_dsa_sha2_128f_public.pem \
+  slh_dsa_sha2_192s_private.pem \
+  slh_dsa_sha2_192s_public.pem \
+  slh_dsa_sha2_192f_private.pem \
+  slh_dsa_sha2_192f_public.pem \
+  slh_dsa_sha2_256s_private.pem \
+  slh_dsa_sha2_256s_public.pem \
+  slh_dsa_sha2_256f_private.pem \
+  slh_dsa_sha2_256f_public.pem \
+  slh_dsa_shake_128s_private.pem \
+  slh_dsa_shake_128s_public.pem \
+  slh_dsa_shake_128f_private.pem \
+  slh_dsa_shake_128f_public.pem \
+  slh_dsa_shake_192s_private.pem \
+  slh_dsa_shake_192s_public.pem \
+  slh_dsa_shake_192f_private.pem \
+  slh_dsa_shake_192f_public.pem \
+  slh_dsa_shake_256s_private.pem \
+  slh_dsa_shake_256s_public.pem \
+  slh_dsa_shake_256f_private.pem \
+  slh_dsa_shake_256f_public.pem \
 
 #
 # Create Certificate Authority: ca1
@@ -879,6 +903,78 @@ ed448_private.pem:
 ed448_public.pem: ed448_private.pem
 	openssl pkey -in ed448_private.pem -pubout -out ed448_public.pem
 
+slh_dsa_sha2_128s_private.pem:
+	openssl genpkey -algorithm slh-dsa-sha2-128s -out slh_dsa_sha2_128s_private.pem
+
+slh_dsa_sha2_128s_public.pem: slh_dsa_sha2_128s_private.pem
+	openssl pkey -in slh_dsa_sha2_128s_private.pem -pubout -out slh_dsa_sha2_128s_public.pem
+
+slh_dsa_sha2_128f_private.pem:
+	openssl genpkey -algorithm slh-dsa-sha2-128f -out slh_dsa_sha2_128f_private.pem
+
+slh_dsa_sha2_128f_public.pem: slh_dsa_sha2_128f_private.pem
+	openssl pkey -in slh_dsa_sha2_128f_private.pem -pubout -out slh_dsa_sha2_128f_public.pem
+
+slh_dsa_sha2_192s_private.pem:
+	openssl genpkey -algorithm slh-dsa-sha2-192s -out slh_dsa_sha2_192s_private.pem
+
+slh_dsa_sha2_192s_public.pem: slh_dsa_sha2_192s_private.pem
+	openssl pkey -in slh_dsa_sha2_192s_private.pem -pubout -out slh_dsa_sha2_192s_public.pem
+
+slh_dsa_sha2_192f_private.pem:
+	openssl genpkey -algorithm slh-dsa-sha2-192f -out slh_dsa_sha2_192f_private.pem
+
+slh_dsa_sha2_192f_public.pem: slh_dsa_sha2_192f_private.pem
+	openssl pkey -in slh_dsa_sha2_192f_private.pem -pubout -out slh_dsa_sha2_192f_public.pem
+
+slh_dsa_sha2_256s_private.pem:
+	openssl genpkey -algorithm slh-dsa-sha2-256s -out slh_dsa_sha2_256s_private.pem
+
+slh_dsa_sha2_256s_public.pem: slh_dsa_sha2_256s_private.pem
+	openssl pkey -in slh_dsa_sha2_256s_private.pem -pubout -out slh_dsa_sha2_256s_public.pem
+
+slh_dsa_sha2_256f_private.pem:
+	openssl genpkey -algorithm slh-dsa-sha2-256f -out slh_dsa_sha2_256f_private.pem
+
+slh_dsa_sha2_256f_public.pem: slh_dsa_sha2_256f_private.pem
+	openssl pkey -in slh_dsa_sha2_256f_private.pem -pubout -out slh_dsa_sha2_256f_public.pem
+
+slh_dsa_shake_128s_private.pem:
+	openssl genpkey -algorithm slh-dsa-shake-128s -out slh_dsa_shake_128s_private.pem
+
+slh_dsa_shake_128s_public.pem: slh_dsa_shake_128s_private.pem
+	openssl pkey -in slh_dsa_shake_128s_private.pem -pubout -out slh_dsa_shake_128s_public.pem
+
+slh_dsa_shake_128f_private.pem:
+	openssl genpkey -algorithm slh-dsa-shake-128f -out slh_dsa_shake_128f_private.pem
+
+slh_dsa_shake_128f_public.pem: slh_dsa_shake_128f_private.pem
+	openssl pkey -in slh_dsa_shake_128f_private.pem -pubout -out slh_dsa_shake_128f_public.pem
+
+slh_dsa_shake_192s_private.pem:
+	openssl genpkey -algorithm slh-dsa-shake-192s -out slh_dsa_shake_192s_private.pem
+
+slh_dsa_shake_192s_public.pem: slh_dsa_shake_192s_private.pem
+	openssl pkey -in slh_dsa_shake_192s_private.pem -pubout -out slh_dsa_shake_192s_public.pem
+
+slh_dsa_shake_192f_private.pem:
+	openssl genpkey -algorithm slh-dsa-shake-192f -out slh_dsa_shake_192f_private.pem
+
+slh_dsa_shake_192f_public.pem: slh_dsa_shake_192f_private.pem
+	openssl pkey -in slh_dsa_shake_192f_private.pem -pubout -out slh_dsa_shake_192f_public.pem
+
+slh_dsa_shake_256s_private.pem:
+	openssl genpkey -algorithm slh-dsa-shake-256s -out slh_dsa_shake_256s_private.pem
+
+slh_dsa_shake_256s_public.pem: slh_dsa_shake_256s_private.pem
+	openssl pkey -in slh_dsa_shake_256s_private.pem -pubout -out slh_dsa_shake_256s_public.pem
+
+slh_dsa_shake_256f_private.pem:
+	openssl genpkey -algorithm slh-dsa-shake-256f -out slh_dsa_shake_256f_private.pem
+
+slh_dsa_shake_256f_public.pem: slh_dsa_shake_256f_private.pem
+	openssl pkey -in slh_dsa_shake_256f_private.pem -pubout -out slh_dsa_shake_256f_public.pem
+
 ml_dsa_44_private.pem:
 	openssl genpkey -algorithm ml-dsa-44 -out ml_dsa_44_private.pem
 
diff --git a/test/fixtures/keys/slh_dsa_sha2_128f_private.pem b/test/fixtures/keys/slh_dsa_sha2_128f_private.pem
new file mode 100644
index 00000000000000..e8fd68044ca36f
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_128f_private.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MFICAQAwCwYJYIZIAWUDBAMVBECSzBw9GGOCapA9uSDmWwzK5By75k4dJZt9GEv7
+aWL4AaTAj1duAUPpfzUlsf0d8m4lfHy9jWFFVRm/lzWoT3XK
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_128f_public.pem b/test/fixtures/keys/slh_dsa_sha2_128f_public.pem
new file mode 100644
index 00000000000000..371dd35187cf72
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_128f_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDAwCwYJYIZIAWUDBAMVAyEApMCPV24BQ+l/NSWx/R3ybiV8fL2NYUVVGb+XNahP
+dco=
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_128s_private.pem b/test/fixtures/keys/slh_dsa_sha2_128s_private.pem
new file mode 100644
index 00000000000000..4a83e2b681bce5
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_128s_private.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MFICAQAwCwYJYIZIAWUDBAMUBEBW0ndyA81L0ztiRuOj7qOh5x71MsGmGPZuq1oP
+LhR+9pUy5kK0mnqETDzlxw84Inja0BQ5haLCB5dVeguERf4t
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_128s_public.pem b/test/fixtures/keys/slh_dsa_sha2_128s_public.pem
new file mode 100644
index 00000000000000..4b480cb5d81475
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_128s_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDAwCwYJYIZIAWUDBAMUAyEAlTLmQrSaeoRMPOXHDzgieNrQFDmFosIHl1V6C4RF
+/i0=
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_192f_private.pem b/test/fixtures/keys/slh_dsa_sha2_192f_private.pem
new file mode 100644
index 00000000000000..36690666224699
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_192f_private.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MHICAQAwCwYJYIZIAWUDBAMXBGCa6aZwUtiD3lIcwvnvIngLfDsybrGkVeTQF+Ta
+fgeeJ6qppaQyXSJ2BE51rxAriw3IBZ06mrxSNEBPxCPyzUvmNOVTnNOqxTUwoYJD
+xKpSz28YVVBlMB+VZiYuGwQEC+g=
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_192f_public.pem b/test/fixtures/keys/slh_dsa_sha2_192f_public.pem
new file mode 100644
index 00000000000000..fa3735fe5d3b28
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_192f_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEAwCwYJYIZIAWUDBAMXAzEAyAWdOpq8UjRAT8Qj8s1L5jTlU5zTqsU1MKGCQ8Sq
+Us9vGFVQZTAflWYmLhsEBAvo
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_192s_private.pem b/test/fixtures/keys/slh_dsa_sha2_192s_private.pem
new file mode 100644
index 00000000000000..bc7ed6151a1d46
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_192s_private.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MHICAQAwCwYJYIZIAWUDBAMWBGARGO8bI21ig1JwmC2xgePoYxMQUIBM3SJfTs9Z
+ZJ41JNSF5ZsWM4OOLcrGKBx1QOefWfKo1OaGEqC9gqzRPIg+piH7fv9Ih/QgcBgi
+V7bdV2bj3xngsvUBVpM8IA7tURw=
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_192s_public.pem b/test/fixtures/keys/slh_dsa_sha2_192s_public.pem
new file mode 100644
index 00000000000000..1f434c943ab829
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_192s_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEAwCwYJYIZIAWUDBAMWAzEAn1nyqNTmhhKgvYKs0TyIPqYh+37/SIf0IHAYIle2
+3Vdm498Z4LL1AVaTPCAO7VEc
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_256f_private.pem b/test/fixtures/keys/slh_dsa_sha2_256f_private.pem
new file mode 100644
index 00000000000000..315c38a36546fa
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_256f_private.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMAsGCWCGSAFlAwQDGQSBgBCFdBpSeL3EYeX8p3F0GiXz1ZDSd+cEZT8u
+XelMpqxBJvWcxXyvblXBQ1XJL1rLoZLc8xWxVf5sgGZ+FYoOlDjBRhE/W8QVDmJd
+kFiNYIjFxTWwgA1gJtBRVPoHCnqJPctJTPhIwWO+TIw1sCsncLyKB3BUQpp12Kki
+2UaE+TJ6
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_256f_public.pem b/test/fixtures/keys/slh_dsa_sha2_256f_public.pem
new file mode 100644
index 00000000000000..ccf905fb38165b
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_256f_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFAwCwYJYIZIAWUDBAMZA0EAwUYRP1vEFQ5iXZBYjWCIxcU1sIANYCbQUVT6Bwp6
+iT3LSUz4SMFjvkyMNbArJ3C8igdwVEKaddipItlGhPkyeg==
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_256s_private.pem b/test/fixtures/keys/slh_dsa_sha2_256s_private.pem
new file mode 100644
index 00000000000000..4f3e359a6a8744
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_256s_private.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMAsGCWCGSAFlAwQDGASBgFScSqBk+4TiYRxgk7Giwd1+MHdDH611bGsX
+SyPWfDJ2WbOg6DEy13bh7tJ7XlWmZlsYEclmv5i5bNwt09rX1iIavkJU5Hen/D+G
+yfaVjFeIpFykZ4/mYoGHF+2LBnj6K6IiGYoJGpuDnnPL5DAXhlK2/7qtDGM4c7C0
+9g86DDsD
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_sha2_256s_public.pem b/test/fixtures/keys/slh_dsa_sha2_256s_public.pem
new file mode 100644
index 00000000000000..b946742f9f4379
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_sha2_256s_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFAwCwYJYIZIAWUDBAMYA0EAGr5CVOR3p/w/hsn2lYxXiKRcpGeP5mKBhxftiwZ4
++iuiIhmKCRqbg55zy+QwF4ZStv+6rQxjOHOwtPYPOgw7Aw==
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_128f_private.pem b/test/fixtures/keys/slh_dsa_shake_128f_private.pem
new file mode 100644
index 00000000000000..3eb02856f44b78
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_128f_private.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MFICAQAwCwYJYIZIAWUDBAMbBEBnbtGLIm93IJMHZjnJRjTQw+3VjAGx6J9Z6GEW
+Cr+ptNQLvzRUPRKuqzwuwFzDFTopvp8fQbQ/ofTE74ebQaNX
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_128f_public.pem b/test/fixtures/keys/slh_dsa_shake_128f_public.pem
new file mode 100644
index 00000000000000..6d57a73ba897cb
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_128f_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDAwCwYJYIZIAWUDBAMbAyEA1Au/NFQ9Eq6rPC7AXMMVOim+nx9BtD+h9MTvh5tB
+o1c=
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_128s_private.pem b/test/fixtures/keys/slh_dsa_shake_128s_private.pem
new file mode 100644
index 00000000000000..55b987dcce2ad4
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_128s_private.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MFICAQAwCwYJYIZIAWUDBAMaBECDrmpiOwpBED6azWOQRSEObqOqK/JsImpBx7ja
+xrpcca+mdL+BEs0AoaNnV84iHfNbjeO1ShFo6cyZhLkFAdtN
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_128s_public.pem b/test/fixtures/keys/slh_dsa_shake_128s_public.pem
new file mode 100644
index 00000000000000..031c003c848ac4
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_128s_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDAwCwYJYIZIAWUDBAMaAyEAr6Z0v4ESzQCho2dXziId81uN47VKEWjpzJmEuQUB
+200=
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_192f_private.pem b/test/fixtures/keys/slh_dsa_shake_192f_private.pem
new file mode 100644
index 00000000000000..238beb38f8d8d0
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_192f_private.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MHICAQAwCwYJYIZIAWUDBAMdBGBux3qxhbGNmd4H+yHoNA9G0ehpfLhOT0Izyb+s
+bX6P1IUQx+GLlHaYjUPSTlpk0ffnvIkK8T85hv9mARKU39jJuNhYXyHwhi/zpx8z
+ANRRGsxQnn1Sli+Csh0JVSiJbSA=
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_192f_public.pem b/test/fixtures/keys/slh_dsa_shake_192f_public.pem
new file mode 100644
index 00000000000000..0d7025376325eb
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_192f_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEAwCwYJYIZIAWUDBAMdAzEA57yJCvE/OYb/ZgESlN/YybjYWF8h8IYv86cfMwDU
+URrMUJ59UpYvgrIdCVUoiW0g
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_192s_private.pem b/test/fixtures/keys/slh_dsa_shake_192s_private.pem
new file mode 100644
index 00000000000000..15c18d4c773405
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_192s_private.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MHICAQAwCwYJYIZIAWUDBAMcBGAve0BGI+QeA9aqzT7g12NSpuIiLIUxKx0h5YuY
+D0maI297i0Fe/s7b+T10fLeXpBnzUJtcrtqg7nEbYTVCKas1rHSXA/AzWMwWLNpr
+hg93oNYIiHM+imgaYGCdL9km5xE=
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_192s_public.pem b/test/fixtures/keys/slh_dsa_shake_192s_public.pem
new file mode 100644
index 00000000000000..002ff57786117b
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_192s_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEAwCwYJYIZIAWUDBAMcAzEA81CbXK7aoO5xG2E1QimrNax0lwPwM1jMFizaa4YP
+d6DWCIhzPopoGmBgnS/ZJucR
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_256f_private.pem b/test/fixtures/keys/slh_dsa_shake_256f_private.pem
new file mode 100644
index 00000000000000..c74262c68018bd
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_256f_private.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMAsGCWCGSAFlAwQDHwSBgKuw/5AtSV/FEsUD3l0uyJQ/xPKNPoUdMtsR
+wDTGL2Il/8CqNQHVTaMOqgNJnx/gebXs7TgMEoeuMtzhHw+a/si8IGtFkLR6CFrQ
+wWfp+TU5MWH+8tw+z3jLxfxY9GFgdJAgOvjoQoEfWKP+8iCvYP9Aor+6kWvYepfx
+FGXL+vLc
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_256f_public.pem b/test/fixtures/keys/slh_dsa_shake_256f_public.pem
new file mode 100644
index 00000000000000..7461adb99598cc
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_256f_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFAwCwYJYIZIAWUDBAMfA0EAvCBrRZC0egha0MFn6fk1OTFh/vLcPs94y8X8WPRh
+YHSQIDr46EKBH1ij/vIgr2D/QKK/upFr2HqX8RRly/ry3A==
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_256s_private.pem b/test/fixtures/keys/slh_dsa_shake_256s_private.pem
new file mode 100644
index 00000000000000..3f3bf259622b4a
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_256s_private.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMAsGCWCGSAFlAwQDHgSBgFTySgpKJxiEngjbaXj/EzwYf8zCsk7BLG78
+g7kKwGpnRQ8smQvXKUAJs4CWbBIY0qRLV3gfAn+pEsxpHsUFX60jgFQC1MwUUlKo
+//QEjNMuQXILr7MIHTJ4UR1+lmoIpmmOc4OFK8P8APxP4tZwZ+DhEPHl94WjN/mX
+kAHSru+f
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/keys/slh_dsa_shake_256s_public.pem b/test/fixtures/keys/slh_dsa_shake_256s_public.pem
new file mode 100644
index 00000000000000..45b82b7eb25c4c
--- /dev/null
+++ b/test/fixtures/keys/slh_dsa_shake_256s_public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFAwCwYJYIZIAWUDBAMeA0EAI4BUAtTMFFJSqP/0BIzTLkFyC6+zCB0yeFEdfpZq
+CKZpjnODhSvD/AD8T+LWcGfg4RDx5feFozf5l5AB0q7vnw==
+-----END PUBLIC KEY-----
diff --git a/test/parallel/test-crypto-pqc-key-objects-slh-dsa.js b/test/parallel/test-crypto-pqc-key-objects-slh-dsa.js
new file mode 100644
index 00000000000000..1b612de8b2e582
--- /dev/null
+++ b/test/parallel/test-crypto-pqc-key-objects-slh-dsa.js
@@ -0,0 +1,74 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const { hasOpenSSL } = require('../common/crypto');
+
+const assert = require('assert');
+const {
+  createPublicKey,
+  createPrivateKey,
+} = require('crypto');
+
+const fixtures = require('../common/fixtures');
+
+function getKeyFileName(type, suffix) {
+  return `${type.replaceAll('-', '_')}_${suffix}.pem`;
+}
+
+for (const asymmetricKeyType of [
+  'slh-dsa-sha2-128f', 'slh-dsa-sha2-128s', 'slh-dsa-sha2-192f', 'slh-dsa-sha2-192s',
+  'slh-dsa-sha2-256f', 'slh-dsa-sha2-256s', 'slh-dsa-shake-128f', 'slh-dsa-shake-128s',
+  'slh-dsa-shake-192f', 'slh-dsa-shake-192s', 'slh-dsa-shake-256f', 'slh-dsa-shake-256s',
+]) {
+  const keys = {
+    public: fixtures.readKey(getKeyFileName(asymmetricKeyType, 'public'), 'ascii'),
+    private: fixtures.readKey(getKeyFileName(asymmetricKeyType, 'private'), 'ascii'),
+  };
+
+  function assertKey(key) {
+    assert.deepStrictEqual(key.asymmetricKeyDetails, {});
+    assert.strictEqual(key.asymmetricKeyType, asymmetricKeyType);
+    assert.strictEqual(key.equals(key), true);
+    assert.deepStrictEqual(key, key);
+  }
+
+  function assertPublicKey(key) {
+    assertKey(key);
+    assert.strictEqual(key.type, 'public');
+    assert.strictEqual(key.export({ format: 'pem', type: 'spki' }), keys.public);
+    key.export({ format: 'der', type: 'spki' });
+    assert.throws(() => key.export({ format: 'jwk' }),
+                  { code: 'ERR_CRYPTO_JWK_UNSUPPORTED_KEY_TYPE', message: 'Unsupported JWK Key Type.' });
+  }
+
+  function assertPrivateKey(key) {
+    assertKey(key);
+    assert.strictEqual(key.type, 'private');
+    assertPublicKey(createPublicKey(key));
+    key.export({ format: 'der', type: 'pkcs8' });
+    assert.strictEqual(key.export({ format: 'pem', type: 'pkcs8' }), keys.private);
+    assert.throws(() => key.export({ format: 'jwk' }),
+                  { code: 'ERR_CRYPTO_JWK_UNSUPPORTED_KEY_TYPE', message: 'Unsupported JWK Key Type.' });
+  }
+
+  if (!hasOpenSSL(3, 5)) {
+    assert.throws(() => createPublicKey(keys.public), {
+      code: hasOpenSSL(3) ? 'ERR_OSSL_EVP_DECODE_ERROR' : 'ERR_OSSL_EVP_UNSUPPORTED_ALGORITHM',
+    });
+
+    assert.throws(() => createPrivateKey(keys.private), {
+      code: hasOpenSSL(3) ? 'ERR_OSSL_UNSUPPORTED' : 'ERR_OSSL_EVP_UNSUPPORTED_ALGORITHM',
+    });
+  } else {
+    const publicKey = createPublicKey(keys.public);
+    assertPublicKey(publicKey);
+
+    const pubFromPriv = createPublicKey(keys.private);
+    assertPublicKey(pubFromPriv);
+    assertPrivateKey(createPrivateKey(keys.private));
+    assert.strictEqual(pubFromPriv.equals(publicKey), true);
+  }
+}
diff --git a/test/parallel/test-crypto-pqc-keygen-slh-dsa.js b/test/parallel/test-crypto-pqc-keygen-slh-dsa.js
new file mode 100644
index 00000000000000..78dde3bea4775e
--- /dev/null
+++ b/test/parallel/test-crypto-pqc-keygen-slh-dsa.js
@@ -0,0 +1,54 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const { hasOpenSSL } = require('../common/crypto');
+
+const assert = require('assert');
+const {
+  generateKeyPair,
+} = require('crypto');
+
+if (!hasOpenSSL(3, 5)) {
+  for (const asymmetricKeyType of [
+    'slh-dsa-sha2-128f', 'slh-dsa-sha2-128s', 'slh-dsa-sha2-192f', 'slh-dsa-sha2-192s',
+    'slh-dsa-sha2-256f', 'slh-dsa-sha2-256s', 'slh-dsa-shake-128f', 'slh-dsa-shake-128s',
+    'slh-dsa-shake-192f', 'slh-dsa-shake-192s', 'slh-dsa-shake-256f', 'slh-dsa-shake-256s',
+  ]) {
+    assert.throws(() => generateKeyPair(asymmetricKeyType, common.mustNotCall()), {
+      code: 'ERR_INVALID_ARG_VALUE',
+      message: /The argument 'type' must be a supported key type/
+    });
+  }
+} else {
+  for (const asymmetricKeyType of [
+    'slh-dsa-sha2-128f', 'slh-dsa-sha2-128s', 'slh-dsa-sha2-192f', 'slh-dsa-sha2-192s',
+    'slh-dsa-sha2-256f', 'slh-dsa-sha2-256s', 'slh-dsa-shake-128f', 'slh-dsa-shake-128s',
+    'slh-dsa-shake-192f', 'slh-dsa-shake-192s', 'slh-dsa-shake-256f', 'slh-dsa-shake-256s',
+  ]) {
+    for (const [publicKeyEncoding, validate] of [
+      [undefined, (publicKey) => {
+        assert.strictEqual(publicKey.type, 'public');
+        assert.strictEqual(publicKey.asymmetricKeyType, asymmetricKeyType);
+        assert.deepStrictEqual(publicKey.asymmetricKeyDetails, {});
+      }],
+      [{ format: 'pem', type: 'spki' }, (publicKey) => assert.strictEqual(typeof publicKey, 'string')],
+      [{ format: 'der', type: 'spki' }, (publicKey) => assert.strictEqual(Buffer.isBuffer(publicKey), true)],
+    ]) {
+      generateKeyPair(asymmetricKeyType, { publicKeyEncoding }, common.mustSucceed(validate));
+    }
+    for (const [privateKeyEncoding, validate] of [
+      [undefined, (_, privateKey) => {
+        assert.strictEqual(privateKey.type, 'private');
+        assert.strictEqual(privateKey.asymmetricKeyType, asymmetricKeyType);
+        assert.deepStrictEqual(privateKey.asymmetricKeyDetails, {});
+      }],
+      [{ format: 'pem', type: 'pkcs8' }, (_, privateKey) => assert.strictEqual(typeof privateKey, 'string')],
+      [{ format: 'der', type: 'pkcs8' }, (_, privateKey) => assert.strictEqual(Buffer.isBuffer(privateKey), true)],
+    ]) {
+      generateKeyPair(asymmetricKeyType, { privateKeyEncoding }, common.mustSucceed(validate));
+    }
+  }
+}
diff --git a/test/pummel/test-crypto-pqc-sign-verify-slh-dsa.mjs b/test/pummel/test-crypto-pqc-sign-verify-slh-dsa.mjs
new file mode 100644
index 00000000000000..772d9bab6f611a
--- /dev/null
+++ b/test/pummel/test-crypto-pqc-sign-verify-slh-dsa.mjs
@@ -0,0 +1,63 @@
+import * as common from '../common/index.mjs';
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+import { hasOpenSSL } from '../common/crypto.js';
+
+if (!hasOpenSSL(3, 5))
+  common.skip('requires OpenSSL >= 3.5');
+
+import * as assert from 'node:assert';
+import { promisify } from 'node:util';
+import { randomBytes, sign, verify } from 'node:crypto';
+import fixtures from '../common/fixtures.js';
+
+function getKeyFileName(type, suffix) {
+  return `${type.replaceAll('-', '_')}_${suffix}.pem`;
+}
+
+for (const [asymmetricKeyType, sigLen] of [
+  ['slh-dsa-sha2-128f', 17088],
+  ['slh-dsa-sha2-128s', 7856],
+  ['slh-dsa-sha2-192f', 35664],
+  ['slh-dsa-sha2-192s', 16224],
+  ['slh-dsa-sha2-256f', 49856],
+  ['slh-dsa-sha2-256s', 29792],
+  ['slh-dsa-shake-128f', 17088],
+  ['slh-dsa-shake-128s', 7856],
+  ['slh-dsa-shake-192f', 35664],
+  ['slh-dsa-shake-192s', 16224],
+  ['slh-dsa-shake-256f', 49856],
+  ['slh-dsa-shake-256s', 29792],
+]) {
+  const keys = {
+    public: fixtures.readKey(getKeyFileName(asymmetricKeyType, 'public'), 'ascii'),
+    private: fixtures.readKey(getKeyFileName(asymmetricKeyType, 'private'), 'ascii'),
+  };
+
+  const data = randomBytes(32);
+
+  // sync
+  {
+    const signature = sign(undefined, data, keys.private);
+    assert.strictEqual(signature.byteLength, sigLen);
+    assert.strictEqual(verify(undefined, randomBytes(32), keys.public, signature), false);
+    assert.strictEqual(verify(undefined, data, keys.public, signature), true);
+  }
+
+  // async
+  {
+    const pSign = promisify(sign);
+    const pVerify = promisify(verify);
+    const signature = await pSign(undefined, data, keys.private);
+    assert.strictEqual(signature.byteLength, sigLen);
+    assert.strictEqual(await pVerify(undefined, randomBytes(32), keys.public, signature), false);
+    assert.strictEqual(await pVerify(undefined, data, keys.public, signature), true);
+  }
+
+  assert.throws(() => sign('sha256', data, keys.private), { code: 'ERR_OSSL_INVALID_DIGEST' });
+  assert.throws(
+    () => verify('sha256', data, keys.public, Buffer.alloc(sigLen)),
+    { code: 'ERR_OSSL_INVALID_DIGEST' });
+}

From ce2f9d907b437cf98df920c952d96d3e1c0d6b22 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Tue, 19 Aug 2025 22:10:28 +0200
Subject: [PATCH 2/2] fixup! crypto: support SLH-DSA KeyObject, sign, and
 verify

---
 doc/api/crypto.md | 58 +++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 765b3d505e6f0c..f09de06ace3dc5 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -77,35 +77,35 @@ try {
 
 The following table lists the asymmetric key types recognized by the [`KeyObject`][] API:
 
-| Key Type                           | Description        | OID                         |
-| ---------------------------------- | ------------------ | --------------------------- |
-| `'dh'`                             | Diffie-Hellman     | 1.2.840.113549.1.3.1        |
-| `'dsa'`                            | DSA                | 1.2.840.10040.4.1           |
-| `'ec'`                             | Elliptic curve     | 1.2.840.10045.2.1           |
-| `'ed25519'`                        | Ed25519            | 1.3.101.112                 |
-| `'ed448'`                          | Ed448              | 1.3.101.113                 |
-| `'ml-dsa-44'`[^openssl35]          | ML-DSA-44          | 2.16.840.1.101.3.4.3.17     |
-| `'ml-dsa-65'`[^openssl35]          | ML-DSA-65          | 2.16.840.1.101.3.4.3.18     |
-| `'ml-dsa-87'`[^openssl35]          | ML-DSA-87          | 2.16.840.1.101.3.4.3.19     |
-| `'ml-kem-1024'`[^openssl35]        | ML-KEM-1024        | 2.16.840.1.101.3.4.4.3      |
-| `'ml-kem-512'`[^openssl35]         | ML-KEM-512         | 2.16.840.1.101.3.4.4.1      |
-| `'ml-kem-768'`[^openssl35]         | ML-KEM-768         | 2.16.840.1.101.3.4.4.2      |
-| `'rsa-pss'`                        | RSA PSS            | 1.2.840.113549.1.1.10       |
-| `'rsa'`                            | RSA                | 1.2.840.113549.1.1.1        |
-| `'slh-dsa-sha2-128f'`[^openssl35]  | SLH-DSA-SHA2-128f  | OID 2.16.840.1.101.3.4.3.21 |
-| `'slh-dsa-sha2-128s'`[^openssl35]  | SLH-DSA-SHA2-128s  | OID 2.16.840.1.101.3.4.3.22 |
-| `'slh-dsa-sha2-192f'`[^openssl35]  | SLH-DSA-SHA2-192f  | OID 2.16.840.1.101.3.4.3.23 |
-| `'slh-dsa-sha2-192s'`[^openssl35]  | SLH-DSA-SHA2-192s  | OID 2.16.840.1.101.3.4.3.24 |
-| `'slh-dsa-sha2-256f'`[^openssl35]  | SLH-DSA-SHA2-256f  | OID 2.16.840.1.101.3.4.3.25 |
-| `'slh-dsa-sha2-256s'`[^openssl35]  | SLH-DSA-SHA2-256s  | OID 2.16.840.1.101.3.4.3.26 |
-| `'slh-dsa-shake-128f'`[^openssl35] | SLH-DSA-SHAKE-128f | OID 2.16.840.1.101.3.4.3.27 |
-| `'slh-dsa-shake-128s'`[^openssl35] | SLH-DSA-SHAKE-128s | OID 2.16.840.1.101.3.4.3.28 |
-| `'slh-dsa-shake-192f'`[^openssl35] | SLH-DSA-SHAKE-192f | OID 2.16.840.1.101.3.4.3.29 |
-| `'slh-dsa-shake-192s'`[^openssl35] | SLH-DSA-SHAKE-192s | OID 2.16.840.1.101.3.4.3.30 |
-| `'slh-dsa-shake-256f'`[^openssl35] | SLH-DSA-SHAKE-256f | OID 2.16.840.1.101.3.4.3.31 |
-| `'slh-dsa-shake-256s'`[^openssl35] | SLH-DSA-SHAKE-256s | OID 2.16.840.1.101.3.4.3.32 |
-| `'x25519'`                         | X25519             | 1.3.101.110                 |
-| `'x448'`                           | X448               | 1.3.101.111                 |
+| Key Type                           | Description        | OID                     |
+| ---------------------------------- | ------------------ | ----------------------- |
+| `'dh'`                             | Diffie-Hellman     | 1.2.840.113549.1.3.1    |
+| `'dsa'`                            | DSA                | 1.2.840.10040.4.1       |
+| `'ec'`                             | Elliptic curve     | 1.2.840.10045.2.1       |
+| `'ed25519'`                        | Ed25519            | 1.3.101.112             |
+| `'ed448'`                          | Ed448              | 1.3.101.113             |
+| `'ml-dsa-44'`[^openssl35]          | ML-DSA-44          | 2.16.840.1.101.3.4.3.17 |
+| `'ml-dsa-65'`[^openssl35]          | ML-DSA-65          | 2.16.840.1.101.3.4.3.18 |
+| `'ml-dsa-87'`[^openssl35]          | ML-DSA-87          | 2.16.840.1.101.3.4.3.19 |
+| `'ml-kem-1024'`[^openssl35]        | ML-KEM-1024        | 2.16.840.1.101.3.4.4.3  |
+| `'ml-kem-512'`[^openssl35]         | ML-KEM-512         | 2.16.840.1.101.3.4.4.1  |
+| `'ml-kem-768'`[^openssl35]         | ML-KEM-768         | 2.16.840.1.101.3.4.4.2  |
+| `'rsa-pss'`                        | RSA PSS            | 1.2.840.113549.1.1.10   |
+| `'rsa'`                            | RSA                | 1.2.840.113549.1.1.1    |
+| `'slh-dsa-sha2-128f'`[^openssl35]  | SLH-DSA-SHA2-128f  | 2.16.840.1.101.3.4.3.21 |
+| `'slh-dsa-sha2-128s'`[^openssl35]  | SLH-DSA-SHA2-128s  | 2.16.840.1.101.3.4.3.22 |
+| `'slh-dsa-sha2-192f'`[^openssl35]  | SLH-DSA-SHA2-192f  | 2.16.840.1.101.3.4.3.23 |
+| `'slh-dsa-sha2-192s'`[^openssl35]  | SLH-DSA-SHA2-192s  | 2.16.840.1.101.3.4.3.24 |
+| `'slh-dsa-sha2-256f'`[^openssl35]  | SLH-DSA-SHA2-256f  | 2.16.840.1.101.3.4.3.25 |
+| `'slh-dsa-sha2-256s'`[^openssl35]  | SLH-DSA-SHA2-256s  | 2.16.840.1.101.3.4.3.26 |
+| `'slh-dsa-shake-128f'`[^openssl35] | SLH-DSA-SHAKE-128f | 2.16.840.1.101.3.4.3.27 |
+| `'slh-dsa-shake-128s'`[^openssl35] | SLH-DSA-SHAKE-128s | 2.16.840.1.101.3.4.3.28 |
+| `'slh-dsa-shake-192f'`[^openssl35] | SLH-DSA-SHAKE-192f | 2.16.840.1.101.3.4.3.29 |
+| `'slh-dsa-shake-192s'`[^openssl35] | SLH-DSA-SHAKE-192s | 2.16.840.1.101.3.4.3.30 |
+| `'slh-dsa-shake-256f'`[^openssl35] | SLH-DSA-SHAKE-256f | 2.16.840.1.101.3.4.3.31 |
+| `'slh-dsa-shake-256s'`[^openssl35] | SLH-DSA-SHAKE-256s | 2.16.840.1.101.3.4.3.32 |
+| `'x25519'`                         | X25519             | 1.3.101.110             |
+| `'x448'`                           | X448               | 1.3.101.111             |
 
 ## Class: `Certificate`