Add support for all 12 SLH-DSA parameter sets.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)

diff --git a/crypto/slh_dsa/slh_adrs.c b/crypto/slh_dsa/slh_adrs.c
index 29b0882746ffcccdf44a339e2856294a79bbd122..3292d3928bfee3a2c9c8f720e6e0384d3f20d986 100644 (file)
--- a/crypto/slh_dsa/slh_adrs.c
+++ b/crypto/slh_dsa/slh_adrs.c
@@ -34,9 +34,22 @@
 #define SLH_ADRSC_SIZE_TYPECLEAR    SLH_ADRS_SIZE_TYPECLEAR
 #define SLH_ADRSC_SIZE_KEYPAIR_ADDR SLH_ADRS_SIZE_KEYPAIR_ADDR
 
+#define slh_adrs_set_tree_height slh_adrs_set_chain_address
+#define slh_adrs_set_tree_index slh_adrs_set_hash_address
+
 #define slh_adrsc_set_tree_height slh_adrsc_set_chain_address
 #define slh_adrsc_set_tree_index slh_adrsc_set_hash_address
 
+static OSSL_SLH_ADRS_FUNC_set_layer_address slh_adrs_set_layer_address;
+static OSSL_SLH_ADRS_FUNC_set_tree_address slh_adrs_set_tree_address;
+static OSSL_SLH_ADRS_FUNC_set_type_and_clear slh_adrs_set_type_and_clear;
+static OSSL_SLH_ADRS_FUNC_set_keypair_address slh_adrs_set_keypair_address;
+static OSSL_SLH_ADRS_FUNC_copy_keypair_address slh_adrs_copy_keypair_address;
+static OSSL_SLH_ADRS_FUNC_set_chain_address slh_adrs_set_chain_address;
+static OSSL_SLH_ADRS_FUNC_set_hash_address slh_adrs_set_hash_address;
+static OSSL_SLH_ADRS_FUNC_zero slh_adrs_zero;
+static OSSL_SLH_ADRS_FUNC_copy slh_adrs_copy;
+
 static OSSL_SLH_ADRS_FUNC_set_layer_address slh_adrsc_set_layer_address;
 static OSSL_SLH_ADRS_FUNC_set_tree_address slh_adrsc_set_tree_address;
 static OSSL_SLH_ADRS_FUNC_set_type_and_clear slh_adrsc_set_type_and_clear;
@@ -71,6 +84,55 @@ static ossl_inline void U64TOSTR(unsigned char *out, uint64_t in)
     out[0] = (unsigned char)((in >> 56) & 0xff);
 }
 
+/*
+ * The non compressed versions of the ADRS functions use 32 bytes
+ * This is only used by SHAKE.
+ */
+static void slh_adrs_set_layer_address(SLH_ADRS adrs, uint32_t layer)
+{
+    U32TOSTR(adrs + SLH_ADRS_OFF_LAYER_ADR, layer);
+}
+static void slh_adrs_set_tree_address(SLH_ADRS adrs, uint64_t address)
+{
+    /*
+     * There are 12 bytes reserved for this - but the largest number
+     * used by the parameter sets is only 64 bits. Because this is BE the
+     * first 4 of the 12 bytes will be zeros. This assumes that the 4 bytes
+     * are zero initially.
+     */
+    U64TOSTR(adrs + SLH_ADRS_OFF_TREE_ADR + 4, address);
+}
+static void slh_adrs_set_type_and_clear(SLH_ADRS adrs, uint32_t type)
+{
+    U32TOSTR(adrs + SLH_ADRS_OFF_TYPE, type);
+    memset(adrs + SLH_ADRS_OFF_TYPE + SLH_ADRS_SIZE_TYPE, 0, SLH_ADRS_SIZE_TYPECLEAR);
+}
+static void slh_adrs_set_keypair_address(SLH_ADRS adrs, uint32_t in)
+{
+    U32TOSTR(adrs + SLH_ADRS_OFF_KEYPAIR_ADDR, in);
+}
+static void slh_adrs_copy_keypair_address(SLH_ADRS dst, const SLH_ADRS src)
+{
+    memcpy(dst + SLH_ADRS_OFF_KEYPAIR_ADDR, src + SLH_ADRS_OFF_KEYPAIR_ADDR,
+           SLH_ADRS_SIZE_KEYPAIR_ADDR);
+}
+static void slh_adrs_set_chain_address(SLH_ADRS adrs, uint32_t in)
+{
+    U32TOSTR(adrs + SLH_ADRS_OFF_CHAIN_ADDR, in);
+}
+static void slh_adrs_set_hash_address(SLH_ADRS adrs, uint32_t in)
+{
+    U32TOSTR(adrs + SLH_ADRS_OFF_HASH_ADDR, in);
+}
+static void slh_adrs_zero(SLH_ADRS adrs)
+{
+    memset(adrs, 0, SLH_ADRS_SIZE);
+}
+static void slh_adrs_copy(SLH_ADRS dst, const SLH_ADRS src)
+{
+    memcpy(dst, src, SLH_ADRS_SIZE);
+}
+
 /* Compressed versions of ADRS functions See Table 3 */
 static void slh_adrsc_set_layer_address(SLH_ADRS adrsc, uint32_t layer)
 {
@@ -114,6 +176,19 @@ static void slh_adrsc_copy(SLH_ADRS dst, const SLH_ADRS src)
 const SLH_ADRS_FUNC *ossl_slh_get_adrs_fn(int is_compressed)
 {
     static const SLH_ADRS_FUNC methods[] = {
+        {
+            slh_adrs_set_layer_address,
+            slh_adrs_set_tree_address,
+            slh_adrs_set_type_and_clear,
+            slh_adrs_set_keypair_address,
+            slh_adrs_copy_keypair_address,
+            slh_adrs_set_chain_address,
+            slh_adrs_set_tree_height,
+            slh_adrs_set_hash_address,
+            slh_adrs_set_tree_index,
+            slh_adrs_zero,
+            slh_adrs_copy,
+        },
         {
             slh_adrsc_set_layer_address,
             slh_adrsc_set_tree_address,
@@ -128,5 +203,5 @@ const SLH_ADRS_FUNC *ossl_slh_get_adrs_fn(int is_compressed)
             slh_adrsc_copy,
         }
     };
-    return &methods[0];
+    return &methods[is_compressed == 0 ? 0 : 1];
 }

diff --git a/crypto/slh_dsa/slh_hash.c b/crypto/slh_dsa/slh_hash.c
index dab5218c31fb7f954a67bdcd5630b7d5d1332f9b..d0f2d29da4b0f5df16ff82f7acdc9c0de93ef896 100644 (file)
--- a/crypto/slh_dsa/slh_hash.c
+++ b/crypto/slh_dsa/slh_hash.c
@@ -32,6 +32,13 @@ static OSSL_SLH_HASHFUNC_F slh_f_sha2;
 static OSSL_SLH_HASHFUNC_H slh_h_sha2;
 static OSSL_SLH_HASHFUNC_T slh_t_sha2;
 
+static OSSL_SLH_HASHFUNC_H_MSG slh_hmsg_shake;
+static OSSL_SLH_HASHFUNC_PRF slh_prf_shake;
+static OSSL_SLH_HASHFUNC_PRF_MSG slh_prf_msg_shake;
+static OSSL_SLH_HASHFUNC_F slh_f_shake;
+static OSSL_SLH_HASHFUNC_H slh_h_shake;
+static OSSL_SLH_HASHFUNC_T slh_t_shake;
+
 static EVP_MAC_CTX *hmac_ctx_new(OSSL_LIB_CTX *lib_ctx, const char *propq)
 {
     EVP_MAC_CTX *mctx = NULL;
@@ -121,6 +128,92 @@ void ossl_slh_hash_ctx_cleanup(SLH_HASH_CTX *ctx)
     EVP_MD_CTX_free(ctx->md_ctx);
 }
 
+static ossl_inline int xof_digest_3(EVP_MD_CTX *ctx,
+                                      const uint8_t *in1, size_t in1_len,
+                                      const uint8_t *in2, size_t in2_len,
+                                      const uint8_t *in3, size_t in3_len,
+                                      uint8_t *out, size_t out_len)
+{
+    return (EVP_DigestInit_ex2(ctx, NULL, NULL) == 1
+        && EVP_DigestUpdate(ctx, in1, in1_len) == 1
+        && EVP_DigestUpdate(ctx, in2, in2_len) == 1
+        && EVP_DigestUpdate(ctx, in3, in3_len) == 1
+        && EVP_DigestFinalXOF(ctx, out, out_len) == 1);
+}
+
+static ossl_inline int xof_digest_4(EVP_MD_CTX *ctx,
+                                      const uint8_t *in1, size_t in1_len,
+                                      const uint8_t *in2, size_t in2_len,
+                                      const uint8_t *in3, size_t in3_len,
+                                      const uint8_t *in4, size_t in4_len,
+                                      uint8_t *out, size_t out_len)
+{
+    return (EVP_DigestInit_ex2(ctx, NULL, NULL) == 1
+        && EVP_DigestUpdate(ctx, in1, in1_len) == 1
+        && EVP_DigestUpdate(ctx, in2, in2_len) == 1
+        && EVP_DigestUpdate(ctx, in3, in3_len) == 1
+        && EVP_DigestUpdate(ctx, in4, in4_len) == 1
+        && EVP_DigestFinalXOF(ctx, out, out_len) == 1);
+}
+
+/* See FIPS 205 Section 11.1 */
+static void
+slh_hmsg_shake(SLH_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed,
+               const uint8_t *pk_root, const uint8_t *msg, size_t msg_len,
+               uint8_t *out)
+{
+    size_t m = hctx->m;
+    size_t n = hctx->n;
+
+    xof_digest_4(hctx->md_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len, out, m);
+}
+
+static void
+slh_prf_shake(SLH_HASH_CTX *hctx, const uint8_t *pk_seed, const uint8_t *sk_seed,
+              const SLH_ADRS adrs, uint8_t *out)
+{
+    size_t n = hctx->n;
+
+    xof_digest_3(hctx->md_ctx, pk_seed, n, adrs, SLH_ADRS_SIZE, sk_seed, n, out, n);
+}
+
+static void
+slh_prf_msg_shake(SLH_HASH_CTX *hctx, const uint8_t *sk_prf,
+                  const uint8_t *opt_rand, const uint8_t *msg, size_t msg_len,
+                  uint8_t *out)
+{
+    size_t n = hctx->n;
+
+    xof_digest_3(hctx->md_ctx, sk_prf, n, opt_rand, n, msg, msg_len, out, n);
+}
+
+static void
+slh_f_shake(SLH_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+            const uint8_t *m1, size_t m1_len, uint8_t *out)
+{
+    size_t n = hctx->n;
+
+    xof_digest_3(hctx->md_ctx, pk_seed, n, adrs, SLH_ADRS_SIZE, m1, m1_len, out, n);
+}
+
+static void
+slh_h_shake(SLH_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+            const uint8_t *m1, const uint8_t *m2, uint8_t *out)
+{
+    size_t n = hctx->n;
+
+    xof_digest_4(hctx->md_ctx, pk_seed, n, adrs, SLH_ADRS_SIZE, m1, n, m2, n, out, n);
+}
+
+static void
+slh_t_shake(SLH_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+            const uint8_t *ml, size_t ml_len, uint8_t *out)
+{
+    size_t n = hctx->n;
+
+    xof_digest_3(hctx->md_ctx, pk_seed, n, adrs, SLH_ADRS_SIZE, ml, ml_len, out, n);
+}
+
 static ossl_inline int
 digest_4(EVP_MD_CTX *ctx,
          const uint8_t *in1, size_t in1_len, const uint8_t *in2, size_t in2_len,
@@ -249,6 +342,14 @@ slh_t_sha2(SLH_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
 const SLH_HASH_FUNC *ossl_slh_get_hash_fn(int is_shake)
 {
     static const SLH_HASH_FUNC methods[] = {
+        {
+            slh_hmsg_shake,
+            slh_prf_shake,
+            slh_prf_msg_shake,
+            slh_f_shake,
+            slh_h_shake,
+            slh_t_shake
+        },
         {
             slh_hmsg_sha2,
             slh_prf_sha2,
@@ -258,5 +359,5 @@ const SLH_HASH_FUNC *ossl_slh_get_hash_fn(int is_shake)
             slh_t_sha2
         }
     };
-    return &methods[0];
+    return &methods[is_shake ? 0 : 1];
 }

diff --git a/crypto/slh_dsa/slh_params.c b/crypto/slh_dsa/slh_params.c
index 5034f8547cf838687f5612f50e1f3541210c3111..39d9e5fb194a2c367bb29380cb9dc914c4e72095 100644 (file)
--- a/crypto/slh_dsa/slh_params.c
+++ b/crypto/slh_dsa/slh_params.c
@@ -15,9 +15,25 @@
  *                         n  h    d  hm  a   k  m  sc  pk   sig
  */
 #define OSSL_SLH_DSA_128S 16, 63,  7, 9, 12, 14, 30, 1, 32,  7856
+#define OSSL_SLH_DSA_128F 16, 66, 22, 3,  6, 33, 34, 1, 32, 17088
+#define OSSL_SLH_DSA_192S 24, 63,  7, 9, 14, 17, 39, 3, 48, 16224
+#define OSSL_SLH_DSA_192F 24, 66, 22, 3,  8, 33, 42, 3, 48, 35664
+#define OSSL_SLH_DSA_256S 32, 64,  8, 8, 14, 22, 47, 5, 64, 29792
+#define OSSL_SLH_DSA_256F 32, 68, 17, 4,  9, 35, 49, 5, 64, 49856
 
 static const SLH_DSA_PARAMS slh_dsa_params[] = {
     {"SLH-DSA-SHA2-128s",  0, OSSL_SLH_DSA_128S},
+    {"SLH-DSA-SHAKE-128s", 1, OSSL_SLH_DSA_128S},
+    {"SLH-DSA-SHA2-128f",  0, OSSL_SLH_DSA_128F},
+    {"SLH-DSA-SHAKE-128f", 1, OSSL_SLH_DSA_128F},
+    {"SLH-DSA-SHA2-192s",  0, OSSL_SLH_DSA_192S},
+    {"SLH-DSA-SHAKE-192s", 1, OSSL_SLH_DSA_192S},
+    {"SLH-DSA-SHA2-192f",  0, OSSL_SLH_DSA_192F},
+    {"SLH-DSA-SHAKE-192f", 1, OSSL_SLH_DSA_192F},
+    {"SLH-DSA-SHA2-256s",  0, OSSL_SLH_DSA_256S},
+    {"SLH-DSA-SHAKE-256s", 1, OSSL_SLH_DSA_256S},
+    {"SLH-DSA-SHA2-256f",  0, OSSL_SLH_DSA_256F},
+    {"SLH-DSA-SHAKE-256f", 1, OSSL_SLH_DSA_256F},
     {NULL},
 };
 

diff --git a/providers/defltprov.c b/providers/defltprov.c
index 9924a01131f277d969612fbafb173a1e1eba46d8..81cdf21c825435d69638080e9cd9f981f0d20fd8 100644 (file)
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -465,6 +465,28 @@ static const OSSL_ALGORITHM deflt_signature[] = {
 #ifndef OPENSSL_NO_SLH_DSA
     { PROV_NAMES_SLH_DSA_SHA2_128S, "provider=default", ossl_slh_dsa_sha2_128s_signature_functions,
       PROV_DESCS_SLH_DSA_SHA2_128S },
+    { PROV_NAMES_SLH_DSA_SHA2_128F, "provider=default", ossl_slh_dsa_sha2_128f_signature_functions,
+      PROV_DESCS_SLH_DSA_SHA2_128F },
+    { PROV_NAMES_SLH_DSA_SHA2_192S, "provider=default", ossl_slh_dsa_sha2_192s_signature_functions,
+      PROV_DESCS_SLH_DSA_SHA2_192S },
+    { PROV_NAMES_SLH_DSA_SHA2_192F, "provider=default", ossl_slh_dsa_sha2_192f_signature_functions,
+      PROV_DESCS_SLH_DSA_SHA2_192F },
+    { PROV_NAMES_SLH_DSA_SHA2_256S, "provider=default", ossl_slh_dsa_sha2_256s_signature_functions,
+      PROV_DESCS_SLH_DSA_SHA2_256S },
+    { PROV_NAMES_SLH_DSA_SHA2_256F, "provider=default", ossl_slh_dsa_sha2_256f_signature_functions,
+      PROV_DESCS_SLH_DSA_SHA2_256F },
+    { PROV_NAMES_SLH_DSA_SHAKE_128S, "provider=default", ossl_slh_dsa_shake_128s_signature_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_128S },
+    { PROV_NAMES_SLH_DSA_SHAKE_128F, "provider=default", ossl_slh_dsa_shake_128f_signature_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_128F },
+    { PROV_NAMES_SLH_DSA_SHAKE_192S, "provider=default", ossl_slh_dsa_shake_192s_signature_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_192S },
+    { PROV_NAMES_SLH_DSA_SHAKE_192F, "provider=default", ossl_slh_dsa_shake_192f_signature_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_192F },
+    { PROV_NAMES_SLH_DSA_SHAKE_256S, "provider=default", ossl_slh_dsa_shake_256s_signature_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_256S },
+    { PROV_NAMES_SLH_DSA_SHAKE_256F, "provider=default", ossl_slh_dsa_shake_256f_signature_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_256F },
 #endif /* OPENSSL_NO_SLH_DSA */
     { NULL, NULL, NULL }
 };
@@ -584,6 +606,28 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
 #ifndef OPENSSL_NO_SLH_DSA
     { PROV_NAMES_SLH_DSA_SHA2_128S, "provider=default", ossl_slh_dsa_sha2_128s_keymgmt_functions,
       PROV_DESCS_SLH_DSA_SHA2_128S },
+    { PROV_NAMES_SLH_DSA_SHA2_128F, "provider=default", ossl_slh_dsa_sha2_128f_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHA2_128F },
+    { PROV_NAMES_SLH_DSA_SHA2_192S, "provider=default", ossl_slh_dsa_sha2_192s_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHA2_192S },
+    { PROV_NAMES_SLH_DSA_SHA2_192F, "provider=default", ossl_slh_dsa_sha2_192f_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHA2_192F },
+    { PROV_NAMES_SLH_DSA_SHA2_256S, "provider=default", ossl_slh_dsa_sha2_256s_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHA2_256S },
+    { PROV_NAMES_SLH_DSA_SHA2_256F, "provider=default", ossl_slh_dsa_sha2_256f_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHA2_256F },
+    { PROV_NAMES_SLH_DSA_SHAKE_128S, "provider=default", ossl_slh_dsa_shake_128s_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_128S },
+    { PROV_NAMES_SLH_DSA_SHAKE_128F, "provider=default", ossl_slh_dsa_shake_128f_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_128F },
+    { PROV_NAMES_SLH_DSA_SHAKE_192S, "provider=default", ossl_slh_dsa_shake_192s_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_192S },
+    { PROV_NAMES_SLH_DSA_SHAKE_192F, "provider=default", ossl_slh_dsa_shake_192f_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_192F },
+    { PROV_NAMES_SLH_DSA_SHAKE_256S, "provider=default", ossl_slh_dsa_shake_256s_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_256S },
+    { PROV_NAMES_SLH_DSA_SHAKE_256F, "provider=default", ossl_slh_dsa_shake_256f_keymgmt_functions,
+      PROV_DESCS_SLH_DSA_SHAKE_256F },
 #endif /* OPENSSL_NO_SLH_DSA */
     { NULL, NULL, NULL }
 };

diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index e73fee2c8fbf0bf6af433cc9853d2794c871b01c..b0281e5686b6950db13643af2fcc0ba2731f342f 100644 (file)
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -341,6 +341,17 @@ extern const OSSL_DISPATCH ossl_mlx_p384_kem_kmgmt_functions[];
 #endif
 #ifndef OPENSSL_NO_SLH_DSA
 extern const OSSL_DISPATCH ossl_slh_dsa_sha2_128s_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_128f_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_192s_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_192f_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_256s_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_256f_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_128s_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_128f_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_192s_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_192f_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_256s_keymgmt_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_256f_keymgmt_functions[];
 #endif /* OPENSSL_NO_SLH_DSA */
 
 /* Key Exchange */
@@ -413,6 +424,17 @@ extern const OSSL_DISPATCH ossl_ml_dsa_65_signature_functions[];
 extern const OSSL_DISPATCH ossl_ml_dsa_87_signature_functions[];
 #ifndef OPENSSL_NO_SLH_DSA
 extern const OSSL_DISPATCH ossl_slh_dsa_sha2_128s_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_128f_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_192s_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_192f_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_256s_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_sha2_256f_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_128s_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_128f_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_192s_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_192f_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_256s_signature_functions[];
+extern const OSSL_DISPATCH ossl_slh_dsa_shake_256f_signature_functions[];
 #endif /* OPENSSL_NO_SLH_DSA */
 
 /* Asym Cipher */

diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h
index 6ff25497f8a2897af8ca071b5093daa900049b33..1004d9264150deaf251e8492f0667cff7dc059c4 100644 (file)
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -410,4 +410,26 @@
 #define PROV_NAMES_SecP384r1MLKEM1024 "SecP384r1MLKEM1024"
 #define PROV_DESCS_SecP384r1MLKEM1024 "P-384+ML-KEM-1024 TLS hybrid implementation"
 #define PROV_NAMES_SLH_DSA_SHA2_128S "SLH-DSA-SHA2-128s:2.16.840.1.101.3.4.3.20"
+#define PROV_NAMES_SLH_DSA_SHA2_128F "SLH-DSA-SHA2-128f:2.16.840.1.101.3.4.3.21"
+#define PROV_NAMES_SLH_DSA_SHA2_192S "SLH-DSA-SHA2-192s:2.16.840.1.101.3.4.3.22"
+#define PROV_NAMES_SLH_DSA_SHA2_192F "SLH-DSA-SHA2-192f:2.16.840.1.101.3.4.3.23"
+#define PROV_NAMES_SLH_DSA_SHA2_256S "SLH-DSA-SHA2-256s:2.16.840.1.101.3.4.3.24"
+#define PROV_NAMES_SLH_DSA_SHA2_256F "SLH-DSA-SHA2-256f:2.16.840.1.101.3.4.3.25"
+#define PROV_NAMES_SLH_DSA_SHAKE_128S "SLH-DSA-SHAKE-128s:2.16.840.1.101.3.4.3.26"
+#define PROV_NAMES_SLH_DSA_SHAKE_128F "SLH-DSA-SHAKE-128f:2.16.840.1.101.3.4.3.27"
+#define PROV_NAMES_SLH_DSA_SHAKE_192S "SLH-DSA-SHAKE-192s:2.16.840.1.101.3.4.3.28"
+#define PROV_NAMES_SLH_DSA_SHAKE_192F "SLH-DSA-SHAKE-192f:2.16.840.1.101.3.4.3.29"
+#define PROV_NAMES_SLH_DSA_SHAKE_256S "SLH-DSA-SHAKE-256s:2.16.840.1.101.3.4.3.30"
+#define PROV_NAMES_SLH_DSA_SHAKE_256F "SLH-DSA-SHAKE-256f:2.16.840.1.101.3.4.3.31"
 #define PROV_DESCS_SLH_DSA_SHA2_128S "OpenSSL SLH-DSA-SHA2-128s implementation"
+#define PROV_DESCS_SLH_DSA_SHA2_128F "OpenSSL SLH-DSA-SHA2-128f implementation"
+#define PROV_DESCS_SLH_DSA_SHA2_192S "OpenSSL SLH-DSA-SHA2-192s implementation"
+#define PROV_DESCS_SLH_DSA_SHA2_192F "OpenSSL SLH-DSA-SHA2-192f implementation"
+#define PROV_DESCS_SLH_DSA_SHA2_256S "OpenSSL SLH-DSA-SHA2-256s implementation"
+#define PROV_DESCS_SLH_DSA_SHA2_256F "OpenSSL SLH-DSA-SHA2-256f implementation"
+#define PROV_DESCS_SLH_DSA_SHAKE_128S "OpenSSL SLH-DSA-SHAKE-128s implementation"
+#define PROV_DESCS_SLH_DSA_SHAKE_128F "OpenSSL SLH-DSA-SHAKE-128f implementation"
+#define PROV_DESCS_SLH_DSA_SHAKE_192S "OpenSSL SLH-DSA-SHAKE-192s implementation"
+#define PROV_DESCS_SLH_DSA_SHAKE_192F "OpenSSL SLH-DSA-SHAKE-192f implementation"
+#define PROV_DESCS_SLH_DSA_SHAKE_256S "OpenSSL SLH-DSA-SHAKE-256s implementation"
+#define PROV_DESCS_SLH_DSA_SHAKE_256F "OpenSSL SLH-DSA-SHAKE-256f implementation"

diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
index 00ecfa254c7224eae79b888fae395108796f9420..0d58543f0e8aee1934d86d5b939d22b3adec449b 100644 (file)
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -248,3 +248,14 @@ const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = {                \
 }
 
 MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
+MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

diff --git a/providers/implementations/signature/slh_dsa_sig.c b/providers/implementations/signature/slh_dsa_sig.c
index 011dc5512b83e0bc7021bc05ea08a11fee11b1cb..ddee41ca759e9a0c59ca641a097608324854c1d8 100644 (file)
--- a/providers/implementations/signature/slh_dsa_sig.c
+++ b/providers/implementations/signature/slh_dsa_sig.c
@@ -242,3 +242,14 @@ const OSSL_DISPATCH ossl_slh_dsa_##fn##_signature_functions[] = {              \
 }
 
 MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
+MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

diff --git a/test/slh_dsa.inc b/test/slh_dsa.inc
index b6df105b0ddc387ad23e3f182f04ac3e0e9ec758..1d8294f3549bd8575ba118912dd51c70f3dc4a6f 100644 (file)
--- a/test/slh_dsa.inc
+++ b/test/slh_dsa.inc
@@ -7,19 +7,26 @@
  * https://www.openssl.org/source/license.html
  */
 
+#define SLH_DSA_SIG_TEST_DET_ITEM(name, alg) {                                 \
+    alg,                                                                       \
+    name##_pub, sizeof(name##_pub),                                            \
+    name##_priv, sizeof(name##_priv),                                          \
+    name##_msg, sizeof(name##_msg),                                            \
+    name##_sig_digest, sizeof(name##_sig_digest),                              \
+}
+
 #define SLH_DSA_SIG_TEST_ITEM(name, alg) {                                     \
     alg,                                                                       \
     name##_pub, sizeof(name##_pub),                                            \
     name##_priv, sizeof(name##_priv),                                          \
     name##_msg, sizeof(name##_msg),                                            \
-    name##_sig_digest, sizeof(name##_sig_digest)                               \
+    name##_sig_digest, sizeof(name##_sig_digest),                              \
+    name##_add_random, sizeof(name##_add_random),                              \
 }
 
 #define SLH_DSA_KEYGEN_TEST_ITEM(name, alg) {                                  \
     alg,                                                                       \
     name##_keygen_priv, sizeof(name##_keygen_priv),                            \
-    name##_keygen_pub_seed, sizeof(name##_keygen_pub_seed),                    \
-    name##_keygen_pub_expected, sizeof(name##_keygen_pub_expected)             \
 }
 
 typedef struct slh_dsa_sig_test_data_st {
@@ -33,16 +40,14 @@ typedef struct slh_dsa_sig_test_data_st {
     /* This is the sha256 digest of the signature, to reduce its size */
     const unsigned char *sig_digest;
     size_t sig_digest_len;
+    const unsigned char *add_random;
+    size_t add_random_len;
 } SLH_DSA_SIG_TEST_DATA;
 
 typedef struct slh_dsa_keygen_test_data_st {
     const char *name;
     const uint8_t *priv;
     size_t priv_len;
-    const uint8_t *pub_seed;
-    size_t pub_seed_len;
-    const uint8_t *pub_expected;
-    size_t pub_expected_len;
 } SLH_DSA_KEYGEN_TEST_DATA;
 
 /*
@@ -69,30 +74,224 @@ static const uint8_t slh_dsa_sha2_128s_0_sig_digest[] = {
     0x65, 0x98, 0x91, 0x23, 0x17, 0x52, 0x9a, 0x61, 0xda, 0xe4, 0x32, 0x9b, 0xf1, 0x49, 0xef, 0x8b
 };
 
+static const uint8_t slh_dsa_sha2_192f_0_priv[] = {
+    0xc1, 0x0a, 0xdc, 0x69, 0x2b, 0x76, 0xff, 0x6f, 0x34, 0xa6, 0xf0, 0xc8, 0xff, 0xe2, 0xbb, 0x88,
+    0xe8, 0x41, 0xeb, 0xd9, 0x2d, 0xa7, 0xff, 0xec, 0xdd, 0x3b, 0xf6, 0xc1, 0x05, 0x66, 0xa0, 0xcf,
+    0x69, 0x8e, 0x39, 0x3d, 0xfb, 0x84, 0x58, 0x7d, 0x3b, 0xc8, 0xc7, 0xde, 0x58, 0x69, 0x66, 0x8c,
+};
+static const uint8_t slh_dsa_sha2_192f_0_pub[] = {
+    0x36, 0xf7, 0xaa, 0x6b, 0x6f, 0x82, 0xa7, 0xf3, 0xc1, 0x09, 0xe8, 0x81, 0x73, 0xa1, 0xe5, 0xf4,
+    0x0f, 0xa5, 0x29, 0xa2, 0x9f, 0x48, 0x5c, 0xcb, 0x40, 0xbb, 0x24, 0x7b, 0x9c, 0xba, 0xda, 0x95,
+    0x83, 0x92, 0x42, 0x5b, 0xff, 0x8b, 0x20, 0x28, 0x9b, 0x0f, 0x11, 0xaa, 0x3a, 0x51, 0x4e, 0x54,
+};
+static const uint8_t slh_dsa_sha2_192f_0_add_random[] = {
+    0xe6, 0xe7, 0x1a, 0x97, 0x57, 0x07, 0x75, 0xb3, 0x54, 0x98, 0x28, 0x7f, 0x81, 0x8d, 0x8c, 0x2a,
+    0x96, 0x00, 0x05, 0x76, 0xc8, 0x5c, 0x0c, 0x71,
+};
+static const uint8_t slh_dsa_sha2_192f_0_msg[] = { 0x0E, 0x54 };
+static const uint8_t slh_dsa_sha2_192f_0_sig_digest[] = {
+    0xd0, 0x5e, 0xec, 0x26, 0xb1, 0x2e, 0x21, 0x9b, 0x83, 0xe2, 0x96, 0x84, 0xff, 0x88, 0xa8, 0x2a,
+    0x49, 0xe4, 0xd2, 0xc5, 0x2e, 0x43, 0x8b, 0xcf, 0x15, 0xa5, 0xf6, 0x18, 0x10, 0x51, 0x6c, 0x2e,
+};
+static const uint8_t slh_dsa_sha2_256f_0_priv[] = {
+    0x1a, 0x5a, 0x6a, 0x0c, 0x8a, 0xae, 0x35, 0x9c, 0xda, 0xce, 0x45, 0x67, 0x42, 0xc3, 0x71, 0x23,
+    0xe8, 0xc5, 0xad, 0x9c, 0xfe, 0xab, 0x75, 0x1b, 0x1d, 0x92, 0x11, 0x6c, 0x81, 0xd6, 0xf5, 0x2c,
+    0xb0, 0x10, 0x08, 0x63, 0x37, 0xe5, 0xfb, 0x27, 0xe6, 0x74, 0xc7, 0xf6, 0xee, 0x14, 0x4c, 0xec,
+    0x10, 0xee, 0xf8, 0x87, 0x80, 0xf1, 0x0f, 0x0c, 0xf3, 0xf7, 0x43, 0xc8, 0xb7, 0xdb, 0x15, 0xce,
+};
+static const uint8_t slh_dsa_sha2_256f_0_pub[] = {
+    0x03, 0x90, 0xbf, 0x5e, 0xcc, 0x8f, 0xf5, 0xa0, 0x07, 0x23, 0x6c, 0x56, 0xbf, 0x9d, 0x9d, 0x46,
+    0xa3, 0x53, 0x4e, 0x54, 0x58, 0x36, 0xcf, 0x7a, 0xdf, 0x20, 0x0d, 0xd2, 0x86, 0x2f, 0x91, 0x1b,
+    0x74, 0x09, 0x5e, 0x73, 0xe6, 0x36, 0x41, 0xfa, 0xb2, 0x6b, 0xd7, 0x17, 0xab, 0x29, 0xbb, 0x1e,
+    0xd8, 0x73, 0x5c, 0x53, 0x61, 0x32, 0xa1, 0x9e, 0xac, 0x5d, 0xae, 0xd8, 0xa0, 0x7c, 0xf3, 0xb5,
+};
+static const uint8_t slh_dsa_sha2_256f_0_msg[] = {
+    0xDC, 0x09
+};
+static const uint8_t slh_dsa_sha2_256f_0_sig_digest[] = {
+    0x13, 0xb7, 0x78, 0xcd, 0x29, 0xf4, 0x55, 0x35, 0xcc, 0xe4, 0x56, 0xad, 0x36, 0xff, 0xad, 0x50,
+    0x54, 0xc3, 0x14, 0xbe, 0x5f, 0x59, 0xa5, 0x9a, 0xcf, 0xa5, 0x18, 0xb1, 0x6a, 0x6f, 0x57, 0xf0,
+};
+
+static const uint8_t slh_dsa_shake_128s_0_priv[] = {
+    0x4c, 0xf2, 0xbb, 0xc4, 0x7b, 0x14, 0x51, 0x80, 0xd1, 0xee, 0xa2, 0x98, 0x0c, 0xfb, 0xe2, 0xdc,
+    0xc4, 0xf0, 0x70, 0xaf, 0x5b, 0xaf, 0x81, 0xab, 0x2e, 0xae, 0x38, 0x14, 0x4c, 0x35, 0x76, 0xa5,
+};
+static const uint8_t slh_dsa_shake_128s_0_pub[] = {
+    0x10, 0x96, 0xaa, 0x01, 0x4c, 0x35, 0x03, 0x02, 0xe1, 0x96, 0x31, 0x7e, 0x0d, 0xbf, 0xb2, 0x91,
+    0xd2, 0x4e, 0x52, 0x92, 0x09, 0xde, 0xb4, 0x97, 0x03, 0xcc, 0x3a, 0xd2, 0x9d, 0xfc, 0xe2, 0x4d,
+};
+static const uint8_t slh_dsa_shake_128s_0_msg[] = { 0xD3, 0x7C };
+static const uint8_t slh_dsa_shake_128s_0_sig_digest[] = {
+    0xcb, 0xc5, 0xbc, 0x43, 0x51, 0xa1, 0x16, 0xcb, 0x7b, 0x38, 0x28, 0x2c, 0xf9, 0xc9, 0x95, 0x56,
+    0x2b, 0x73, 0x6e, 0x85, 0xdc, 0xa6, 0xad, 0xda, 0x42, 0xce, 0x39, 0x90, 0xb8, 0x91, 0xa4, 0x13,
+};
+
+static const uint8_t slh_dsa_shake_256f_0_priv[] = {
+    0xf7, 0x1d, 0x42, 0xf7, 0x34, 0xb0, 0x73, 0x93, 0x88, 0x74, 0x38, 0xfc, 0x47, 0xc8, 0x5e, 0x60,
+    0x23, 0x92, 0x9d, 0xae, 0xeb, 0x86, 0x44, 0xe7, 0xe5, 0xbd, 0xb9, 0x4d, 0xf0, 0x0a, 0x8e, 0x48,
+    0xa4, 0xee, 0x88, 0x08, 0xd9, 0x5d, 0x81, 0x1a, 0x10, 0x55, 0xe0, 0xb1, 0xba, 0x89, 0xe0, 0x8b,
+    0xbd, 0xf7, 0x2b, 0xe2, 0x91, 0x2e, 0x2b, 0x7f, 0x6b, 0xf9, 0x73, 0xa6, 0x55, 0xcd, 0x5b, 0x1b,
+};
+static const uint8_t slh_dsa_shake_256f_0_pub[] = {
+    0xf6, 0x62, 0x20, 0x15, 0x24, 0x3a, 0xbd, 0x05, 0x3b, 0x45, 0x63, 0xb9, 0x16, 0xa8, 0xf3, 0x7c,
+    0x67, 0xa6, 0xe3, 0x0a, 0xd1, 0xc8, 0x5d, 0x65, 0xed, 0x7d, 0x3c, 0xcf, 0x53, 0xd0, 0x8f, 0x27,
+    0xde, 0xea, 0x9d, 0x3e, 0x58, 0xe4, 0xc1, 0x86, 0xb3, 0x75, 0x70, 0x11, 0x0f, 0x35, 0xd5, 0xd4,
+    0xe4, 0xcf, 0x36, 0xbc, 0x9e, 0x5b, 0x26, 0xa4, 0x75, 0xbe, 0x3f, 0x36, 0x26, 0xd5, 0x3e, 0xcb,
+};
+static const uint8_t slh_dsa_shake_256f_0_msg[] = { 0x52 };
+static const uint8_t slh_dsa_shake_256f_0_sig_digest[] = {
+    0x83, 0x30, 0x10, 0x89, 0x2d, 0x88, 0xfe, 0xf0, 0xf6, 0x6a, 0x81, 0x46, 0xab, 0x8d, 0x8f, 0x73,
+    0xfe, 0xe5, 0xf8, 0xec, 0xea, 0xad, 0x8c, 0xdc, 0x36, 0xfc, 0xb8, 0x9a, 0xf5, 0xaa, 0x9c, 0x41,
+};
+
+static const uint8_t slh_dsa_shake_128f_0_priv[] = {
+    0x75, 0x10, 0x49, 0x1b, 0x47, 0x0a, 0xe3, 0x65, 0x8e, 0xd5, 0x0a, 0xd7, 0xa4, 0xe6, 0xc5, 0x8c,
+    0x86, 0x33, 0x67, 0x42, 0xc3, 0x24, 0x4b, 0x95, 0xaa, 0x33, 0x8b, 0x70, 0x89, 0xdf, 0x84, 0xb8,
+};
+static const uint8_t slh_dsa_shake_128f_0_pub[] = {
+    0x3d, 0x17, 0x30, 0x69, 0x3a, 0xdd, 0xc8, 0x9b, 0xf7, 0xb8, 0x1e, 0x32, 0x13, 0x6a, 0x28, 0xc6,
+    0xec, 0x8d, 0x96, 0xc4, 0x6d, 0x3b, 0xbe, 0x28, 0x12, 0xa5, 0x5b, 0x98, 0xe3, 0x89, 0x26, 0xae,
+};
+static const uint8_t slh_dsa_shake_128f_0_add_random[] = {
+    0xfe, 0x4b, 0x12, 0xe6, 0x8b, 0x0e, 0x3b, 0x91, 0x01, 0xb2, 0x0c, 0x17, 0xc5, 0x71, 0x1c, 0x59,
+};
+static const uint8_t slh_dsa_shake_128f_0_msg[] = {
+    0x23, 0x95, 0xf6, 0x4a, 0x2a, 0x92, 0x69, 0x86, 0x32, 0x77, 0x73, 0x1e, 0x43, 0x57, 0x70, 0x01,
+    0x8f, 0xc3, 0x18, 0xd8, 0xf6, 0x4b, 0x5b, 0x7d, 0x7d, 0x91, 0xd5, 0x2d, 0xaa, 0x7e, 0x0d, 0x1e,
+    0x51, 0xcf, 0xc8, 0xf9, 0xe1, 0x14, 0x7b, 0x8e, 0xe9, 0x40, 0x67, 0xa3, 0x87, 0x61, 0xf7, 0x64,
+    0x02, 0xb5, 0x55, 0xb1, 0x04, 0x17, 0x5b, 0xeb, 0x8f, 0xd8, 0x5e, 0xa5, 0x20, 0x52, 0xc6, 0x99,
+    0x1a, 0xfb, 0x7f, 0x3b, 0xbb, 0x72, 0xb6, 0xe5, 0x75, 0x1d, 0xef, 0x52, 0x37, 0xeb, 0x55, 0xdc,
+    0x37, 0xf5, 0x7f, 0x71, 0x17, 0x28, 0x19, 0xd1, 0x0a, 0x84, 0x6c, 0x97, 0xf9, 0xf0, 0xab, 0xd9,
+    0x92, 0x9e, 0x8e, 0xdd, 0x3e, 0x2f, 0x5a, 0x82, 0x26, 0x6d, 0xda, 0x1e, 0xe8, 0x66, 0x6f, 0xfc,
+    0x6f, 0x58, 0x96, 0xcc, 0x2c, 0x59, 0x37, 0xa9, 0xd8, 0xbe, 0x6a, 0x16, 0xf5, 0xdd, 0x52, 0x4f,
+    0x3b, 0xd8, 0xb9, 0xa6, 0xe7, 0xc5, 0x34, 0xcd, 0xc1, 0xac, 0xcb, 0x4f, 0xd1, 0xf1, 0x90, 0x75,
+    0x9a, 0x61, 0x74, 0x4b, 0x3f, 0xe7, 0xb1, 0x4c, 0x44, 0x76, 0xa2, 0x73, 0xfd, 0x1c, 0x2e, 0xf1,
+    0xbd, 0xab, 0x0f, 0x78, 0xdc, 0x09, 0x5e, 0xe4, 0xa3,
+};
+static const uint8_t slh_dsa_shake_128f_0_sig_digest[] = {
+    0xd9, 0xee, 0x15, 0x31, 0xeb, 0xab, 0x30, 0xd5, 0xd9, 0xb1, 0x0f, 0x43, 0x74, 0xbd, 0xf9, 0xf6,
+    0xc0, 0xb5, 0x87, 0xd0, 0xa2, 0x19, 0x0c, 0x9e, 0x2c, 0x98, 0xc7, 0xa3, 0x71, 0x17, 0x4a, 0x41,
+};
+
 static SLH_DSA_SIG_TEST_DATA slh_dsa_sig_testdata[] = {
-    SLH_DSA_SIG_TEST_ITEM(slh_dsa_sha2_128s_0, "SLH-DSA-SHA2-128s"),
+    SLH_DSA_SIG_TEST_DET_ITEM(slh_dsa_sha2_128s_0, "SLH-DSA-SHA2-128s"),
+    SLH_DSA_SIG_TEST_ITEM(slh_dsa_sha2_192f_0, "SLH-DSA-SHA2-192f"),
+    SLH_DSA_SIG_TEST_DET_ITEM(slh_dsa_sha2_256f_0, "SLH-DSA-SHA2-256f"),
+    SLH_DSA_SIG_TEST_DET_ITEM(slh_dsa_shake_128s_0, "SLH-DSA-SHAKE-128s"),
+    SLH_DSA_SIG_TEST_ITEM(slh_dsa_shake_128f_0, "SLH-DSA-SHAKE-128f"),
+    SLH_DSA_SIG_TEST_DET_ITEM(slh_dsa_shake_256f_0, "SLH-DSA-SHAKE-256f"),
 };
 
-/* skSeed || skPrf */
 static const uint8_t slh_dsa_sha2_128s_0_keygen_priv[] = {
-    0x2F, 0x89, 0x6D, 0x61, 0xD9, 0xCD, 0x90, 0x38,
-    0xCA, 0x30, 0x33, 0x94, 0xFA, 0xDA, 0xA2, 0x2A,
-    0x24, 0xAC, 0x5E, 0xC1, 0xD8, 0x6A, 0x98, 0x9C,
-    0xA2, 0x19, 0x6C, 0x3C, 0x86, 0x32, 0x41, 0x9C,
-};
-/* pkSeed */
-static const uint8_t slh_dsa_sha2_128s_0_keygen_pub_seed[] = {
-    0x1A, 0x05, 0xA4, 0x2F, 0xE3, 0x00, 0xE8, 0x7B,
-    0x16, 0xAE, 0xE1, 0x16, 0xCB, 0x2E, 0x23, 0x63,
-};
-/* pkSeed || pkRoot */
-static const uint8_t slh_dsa_sha2_128s_0_keygen_pub_expected[] = {
-    0x1A, 0x05, 0xA4, 0x2F, 0xE3, 0x00, 0xE8, 0x7B,
-    0x16, 0xAE, 0xE1, 0x16, 0xCB, 0x2E, 0x23, 0x63,
-    0x58, 0xE2, 0xC3, 0xE6, 0x26, 0x32, 0xC9, 0xDE,
-    0x03, 0xD0, 0x8A, 0x53, 0x5A, 0x0E, 0xB7, 0xE7,
+    0xaa, 0x9c, 0xc7, 0xdc, 0xa4, 0x91, 0xfc, 0x86, 0xbc, 0xb1, 0x5a, 0x70, 0x9a, 0x15, 0xe9, 0xb3,
+    0x90, 0x5c, 0x80, 0x0b, 0x6e, 0x2f, 0xb9, 0xb5, 0x4b, 0x6b, 0x05, 0x0e, 0xe5, 0xe4, 0xde, 0x9a,
+    0xfa, 0x54, 0x64, 0xd1, 0xc6, 0x61, 0xfe, 0xd3, 0x8b, 0x2a, 0x51, 0xca, 0x3e, 0xae, 0x71, 0xba,
+    0xca, 0xe3, 0xd1, 0x86, 0x52, 0x15, 0xe3, 0xd3, 0x85, 0x0e, 0x8c, 0x1b, 0x82, 0x92, 0xbf, 0x42,
+};
+static const uint8_t slh_dsa_sha2_128f_0_keygen_priv[] = {
+    0xe2, 0xbd, 0xaa, 0x37, 0xc8, 0xcf, 0xfe, 0x5e, 0x8d, 0x56, 0x76, 0xc2, 0x32, 0x67, 0x89, 0x0c,
+    0x31, 0x44, 0x17, 0x58, 0xf5, 0x73, 0x28, 0x58, 0x81, 0xcd, 0xc8, 0x2a, 0xb9, 0x11, 0xdd, 0x84,
+    0x72, 0xdc, 0x8d, 0x26, 0xdf, 0x6e, 0xf7, 0x08, 0xf4, 0xc4, 0x1a, 0xf9, 0xfd, 0x04, 0xb6, 0x5a,
+    0x89, 0x27, 0x92, 0x72, 0x29, 0x89, 0x1d, 0x47, 0xa6, 0x0d, 0x67, 0xec, 0xef, 0x3d, 0x2c, 0x17,
+};
+static const uint8_t slh_dsa_sha2_192s_0_keygen_priv[] = {
+    0x44, 0x2e, 0x44, 0x6e, 0x73, 0x33, 0x0a, 0xfb, 0x98, 0x70, 0x46, 0x56, 0x32, 0x8f, 0x4d, 0xd7,
+    0x33, 0x4f, 0x8a, 0x9a, 0xb4, 0xd9, 0x2c, 0xbe, 0x79, 0x0f, 0x91, 0xc2, 0xe9, 0x2a, 0x81, 0xaf,
+    0xee, 0x0a, 0x7e, 0xc4, 0x5a, 0x3d, 0x60, 0x93, 0x46, 0x27, 0x6f, 0x5a, 0x32, 0x87, 0x55, 0xa1,
+    0x7d, 0xd4, 0x16, 0x08, 0xf5, 0x9e, 0x49, 0x26, 0x68, 0xd8, 0x1d, 0x03, 0x44, 0x13, 0x94, 0xfe,
+    0x7a, 0x8e, 0x7e, 0x58, 0x70, 0x5d, 0x76, 0x32, 0xba, 0x8b, 0xc6, 0x6d, 0x04, 0xc9, 0x9e, 0xe5,
+    0xc7, 0x21, 0xe4, 0xff, 0x4b, 0xbe, 0x78, 0x15, 0xcc, 0xf9, 0x23, 0xe8, 0x1e, 0x10, 0xc4, 0x75,
+};
+static const uint8_t slh_dsa_sha2_192f_0_keygen_priv[] = {
+    0x94, 0x2d, 0xd5, 0x88, 0xb0, 0xe0, 0x63, 0x60, 0x60, 0xb1, 0x02, 0x3b, 0xaf, 0x1d, 0xf3, 0x60,
+    0x02, 0xb9, 0xd3, 0xc7, 0x25, 0x69, 0x04, 0xf9, 0x48, 0x59, 0x6f, 0x0f, 0x2f, 0x17, 0x50, 0x55,
+    0x85, 0xf0, 0x22, 0x42, 0x34, 0x33, 0xb3, 0xa3, 0xef, 0x50, 0x97, 0x7b, 0x98, 0xb0, 0x1e, 0x8e,
+    0x3e, 0x1d, 0x7d, 0xcf, 0x88, 0x0c, 0x2e, 0xa3, 0xc8, 0x87, 0x21, 0x22, 0xa9, 0x96, 0xd5, 0xd6,
+    0x23, 0x3b, 0xdf, 0xbd, 0x57, 0xfa, 0x64, 0x1f, 0xad, 0x3c, 0x81, 0xbb, 0xe6, 0x77, 0x8b, 0x1f,
+    0x78, 0x81, 0x95, 0x13, 0x1b, 0x3f, 0xca, 0x91, 0x85, 0x4f, 0xf3, 0xb0, 0x75, 0xbf, 0x00, 0x09,
+};
+static const uint8_t slh_dsa_sha2_256s_0_keygen_priv[] = {
+    0xae, 0x6c, 0xa8, 0x66, 0x4e, 0xc0, 0xb9, 0x17, 0x9d, 0x4e, 0x33, 0xc4, 0xde, 0xfe, 0x01, 0xfc,
+    0xd5, 0x89, 0xf6, 0x0b, 0xa4, 0x50, 0x2f, 0xe7, 0x41, 0x6f, 0x2a, 0xcd, 0x96, 0xe1, 0x39, 0xf1,
+    0x3f, 0xda, 0x20, 0x69, 0x14, 0x7f, 0x44, 0xea, 0xbd, 0x5b, 0xbf, 0x29, 0xc7, 0x4a, 0x20, 0xcb,
+    0x0f, 0x0c, 0xc2, 0xa1, 0x2b, 0xab, 0x58, 0x34, 0xb7, 0x73, 0x53, 0x0a, 0xf5, 0x04, 0x90, 0x0a,
+    0x13, 0x4d, 0x5e, 0xd3, 0xc6, 0x0b, 0x46, 0x34, 0x4a, 0x84, 0xa4, 0x5d, 0x46, 0x83, 0xb1, 0xac,
+    0x55, 0xfb, 0x22, 0x88, 0x6b, 0xa9, 0x47, 0x8e, 0xa9, 0xca, 0x93, 0xf2, 0x7b, 0x9a, 0xa2, 0xc2,
+    0x7c, 0x5c, 0x99, 0x08, 0xf0, 0x86, 0xe5, 0x79, 0x56, 0xf8, 0x5d, 0xe8, 0x4b, 0x43, 0x8e, 0xf1,
+    0xf0, 0x82, 0xcd, 0x17, 0x6d, 0xff, 0x3c, 0x5b, 0x8b, 0xe7, 0x10, 0xbc, 0x86, 0x99, 0xa1, 0x43,
+};
+static const uint8_t slh_dsa_sha2_256f_0_keygen_priv[] = {
+    0x37, 0xd1, 0x80, 0x6d, 0xd0, 0x90, 0x35, 0x30, 0x64, 0xa9, 0x82, 0x27, 0x6a, 0xeb, 0xd2, 0x0e,
+    0x73, 0x18, 0xf3, 0x6b, 0x17, 0xec, 0x52, 0x09, 0xd4, 0x00, 0x66, 0x51, 0x76, 0x0c, 0xa0, 0x43,
+    0x89, 0x66, 0x30, 0xd5, 0x1c, 0x45, 0xa8, 0xf7, 0xc1, 0xda, 0x31, 0x19, 0x2f, 0x41, 0x20, 0x4d,
+    0xeb, 0x71, 0xbb, 0xc4, 0xfb, 0x47, 0x70, 0x0a, 0x91, 0xec, 0x47, 0xbb, 0x4a, 0xcf, 0x3a, 0x38,
+    0xda, 0xbb, 0xd0, 0x01, 0x12, 0x52, 0x0e, 0x60, 0x06, 0x1d, 0xa2, 0x3f, 0x4c, 0x83, 0xa5, 0xc4,
+    0x75, 0xa0, 0xad, 0x3a, 0xb7, 0x5f, 0x59, 0xe5, 0xc7, 0xb8, 0xce, 0x24, 0x30, 0xde, 0xb4, 0x80,
+    0xc0, 0x78, 0x49, 0xdd, 0x9f, 0x8d, 0x99, 0x3d, 0xce, 0x56, 0x85, 0xd0, 0x84, 0x01, 0x34, 0xbd,
+    0x11, 0x59, 0x20, 0x55, 0xf7, 0x4c, 0xde, 0x3a, 0xa9, 0xe7, 0xd2, 0x5b, 0x33, 0xc3, 0x10, 0x67,
+};
+
+static const uint8_t slh_dsa_shake_128s_0_keygen_priv[] = {
+    0xec, 0xd0, 0xa0, 0x56, 0x96, 0xc2, 0xec, 0x6b, 0xfe, 0x85, 0xb8, 0xb1, 0xb2, 0x02, 0x24, 0x86,
+    0xbf, 0xd8, 0x73, 0x2b, 0x1a, 0x42, 0xce, 0xa2, 0x36, 0xe9, 0x82, 0x2a, 0xa9, 0xe7, 0x24, 0xe6,
+    0x37, 0xd6, 0x64, 0x79, 0x21, 0x98, 0x17, 0x6c, 0x12, 0xe8, 0x12, 0x1c, 0xcf, 0x69, 0xe6, 0x84,
+    0xfc, 0xf6, 0xff, 0xe2, 0xa0, 0x42, 0x43, 0xdc, 0x3e, 0x8e, 0xd3, 0xee, 0x6e, 0x44, 0xcd, 0xef,
+};
+static const uint8_t slh_dsa_shake_128f_0_keygen_priv[] = {
+    0xbb, 0xc7, 0x43, 0x06, 0xf7, 0x5d, 0xc2, 0xda, 0xf7, 0x37, 0x2b, 0x3c, 0x98, 0x41, 0xa4, 0xd6,
+    0x85, 0x2c, 0x17, 0xb4, 0x59, 0xf1, 0x69, 0x2b, 0x8e, 0x9a, 0x1a, 0x0d, 0xac, 0xe5, 0xba, 0x26,
+    0x38, 0x0c, 0x99, 0x30, 0x4a, 0x0d, 0xdd, 0x32, 0xf3, 0x44, 0xb9, 0x51, 0x44, 0xe1, 0xfd, 0xef,
+    0x60, 0xbb, 0xc2, 0x34, 0x0e, 0x08, 0x77, 0x0f, 0xb4, 0x1a, 0x80, 0xa7, 0x6c, 0xb0, 0x8e, 0x34,
+};
+static const uint8_t slh_dsa_shake_192s_0_keygen_priv[] = {
+    0x2d, 0x57, 0x48, 0xb1, 0xac, 0xda, 0x82, 0x99, 0xe2, 0xe9, 0x05, 0x54, 0x5d, 0x2e, 0x66, 0xdf,
+    0xce, 0xc0, 0x24, 0x61, 0xbc, 0x36, 0x73, 0xdd, 0x9d, 0x83, 0x04, 0x16, 0xb1, 0xb8, 0x2a, 0x66,
+    0x5d, 0xd4, 0x35, 0xa3, 0xf3, 0xa8, 0xe2, 0x12, 0x4d, 0xf5, 0x9a, 0x0e, 0x2b, 0xc2, 0xec, 0x73,
+    0x63, 0x3f, 0xf6, 0x5c, 0x72, 0x4a, 0xe1, 0x70, 0x45, 0xc0, 0x94, 0x61, 0x75, 0x49, 0x08, 0x1c,
+    0x94, 0x0f, 0x2e, 0xf4, 0xd4, 0xa1, 0x0e, 0x75, 0x59, 0xc7, 0x50, 0x3f, 0xe1, 0xe9, 0x6f, 0xb6,
+    0x7b, 0x0e, 0x32, 0xac, 0xdc, 0xf7, 0x12, 0xfb, 0xef, 0x61, 0x0f, 0x8d, 0x21, 0xda, 0xac, 0x86,
+};
+static const uint8_t slh_dsa_shake_192f_0_keygen_priv[] = {
+    0x3b, 0x78, 0x89, 0xd2, 0x54, 0xf5, 0xad, 0x87, 0x88, 0x2d, 0xac, 0xbf, 0x3c, 0x58, 0x49, 0x56,
+    0x67, 0x40, 0x16, 0x01, 0xec, 0x47, 0x39, 0x79, 0x7e, 0x93, 0x5c, 0xbc, 0x27, 0xf3, 0xd7, 0xcd,
+    0x62, 0x7b, 0x61, 0x1c, 0xbe, 0xf7, 0x54, 0x6c, 0x7f, 0x27, 0x75, 0x1e, 0x18, 0x15, 0x5c, 0xc4,
+    0x26, 0x6b, 0x6f, 0xb5, 0x6b, 0xd0, 0xd9, 0x22, 0xe0, 0x48, 0x27, 0x00, 0xa4, 0x28, 0x0c, 0xc1,
+    0xf0, 0x70, 0x52, 0x80, 0x4a, 0x8f, 0x46, 0xfd, 0xed, 0x39, 0x54, 0xba, 0x0a, 0x9d, 0xa4, 0x5d,
+    0x0d, 0x18, 0x86, 0x74, 0x37, 0x77, 0x7f, 0x60, 0x21, 0x1b, 0xb9, 0xcd, 0x03, 0xa6, 0x0d, 0x4b,
+};
+static const uint8_t slh_dsa_shake_256s_0_keygen_priv[] = {
+    0xa6, 0x53, 0x91, 0x8f, 0xa5, 0x57, 0xb5, 0x25, 0x0d, 0x11, 0xe9, 0x6a, 0x74, 0xf5, 0xd8, 0xc6,
+    0x2b, 0x5f, 0xf6, 0x71, 0x52, 0xac, 0xf2, 0x27, 0xaa, 0xf4, 0xbf, 0x52, 0x11, 0xaa, 0x60, 0x0e,
+    0x96, 0x1b, 0x4e, 0x67, 0x9c, 0xeb, 0x9d, 0x4e, 0x24, 0xdf, 0x86, 0xed, 0x22, 0xf4, 0x05, 0xd8,
+    0xed, 0xe5, 0x62, 0x36, 0x72, 0xf4, 0x73, 0x7f, 0xc2, 0xfb, 0x65, 0xf8, 0xbf, 0x3b, 0x55, 0x6c,
+    0x31, 0x5a, 0x5e, 0x79, 0x5b, 0x70, 0x16, 0x76, 0xe6, 0xb8, 0x30, 0x9c, 0x89, 0xcc, 0x6a, 0xd0,
+    0xc3, 0xd6, 0x9f, 0xf4, 0xf7, 0xf4, 0x32, 0xdc, 0x61, 0x32, 0x9f, 0xbb, 0x1b, 0xe6, 0x06, 0x9f,
+    0x08, 0x87, 0xb1, 0xa8, 0xf1, 0xb3, 0xa8, 0xb9, 0x77, 0x0a, 0x08, 0x71, 0x63, 0x0e, 0x46, 0xdd,
+    0x04, 0x79, 0xc5, 0xbd, 0x12, 0x3e, 0x8e, 0xeb, 0x6b, 0xe7, 0x0f, 0x29, 0x99, 0xc4, 0x66, 0xa1,
+};
+static const uint8_t slh_dsa_shake_256f_0_keygen_priv[] = {
+    0xd5, 0x0f, 0x77, 0x71, 0x3c, 0xf5, 0x91, 0x93, 0xfe, 0x5f, 0x10, 0xb8, 0xaa, 0xf1, 0x87, 0x6b,
+    0x0d, 0x3e, 0x7e, 0x41, 0x81, 0xed, 0x3f, 0xae, 0x34, 0x68, 0x76, 0x26, 0x98, 0x01, 0x75, 0x84,
+    0x36, 0xc2, 0x2b, 0x81, 0x94, 0x04, 0x03, 0x15, 0x74, 0x46, 0xd4, 0x4f, 0x04, 0xc0, 0x9f, 0xd2,
+    0x8d, 0xf7, 0x2c, 0x6d, 0x40, 0x21, 0xb2, 0x71, 0x54, 0x40, 0x55, 0x78, 0x30, 0x81, 0xb7, 0xc0,
+    0x46, 0xd2, 0xac, 0x50, 0x75, 0x1a, 0x0c, 0x71, 0xec, 0x85, 0x0b, 0xb7, 0xd1, 0x6a, 0x67, 0x9a,
+    0x66, 0x90, 0x1e, 0xee, 0x05, 0x38, 0x9d, 0x46, 0x15, 0x94, 0x0e, 0xfd, 0x89, 0xc0, 0x18, 0x2f,
+    0xde, 0xbc, 0xfb, 0xf3, 0x52, 0x7c, 0xc7, 0x68, 0xc5, 0xec, 0x6c, 0xb5, 0xb6, 0xcc, 0x10, 0xa6,
+    0x74, 0x39, 0x07, 0x45, 0xd8, 0x61, 0x2d, 0x09, 0x20, 0x18, 0x7d, 0xf6, 0x58, 0xd3, 0xb7, 0xef,
 };
 
 static const SLH_DSA_KEYGEN_TEST_DATA slh_dsa_keygen_testdata[] = {
     SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_sha2_128s_0, "SLH-DSA-SHA2-128s"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_sha2_128f_0, "SLH-DSA-SHA2-128f"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_sha2_192s_0, "SLH-DSA-SHA2-192s"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_sha2_192f_0, "SLH-DSA-SHA2-192f"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_sha2_256s_0, "SLH-DSA-SHA2-256s"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_sha2_256f_0, "SLH-DSA-SHA2-256f"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_shake_128s_0, "SLH-DSA-SHAKE-128s"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_shake_128f_0, "SLH-DSA-SHAKE-128f"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_shake_192s_0, "SLH-DSA-SHAKE-192s"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_shake_192f_0, "SLH-DSA-SHAKE-192f"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_shake_256s_0, "SLH-DSA-SHAKE-256s"),
+    SLH_DSA_KEYGEN_TEST_ITEM(slh_dsa_shake_256f_0, "SLH-DSA-SHAKE-256f"),
 };

diff --git a/test/slh_dsa_test.c b/test/slh_dsa_test.c
index 261161679fc4fc2ae02236e20b498b30a0d0c843..307791cfd4998873f693d087fb675cad7902045c 100644 (file)
--- a/test/slh_dsa_test.c
+++ b/test/slh_dsa_test.c
@@ -135,18 +135,20 @@ end:
 static int slh_dsa_key_eq_test(void)
 {
     int ret = 0;
-    EVP_PKEY *key[2] = { NULL, NULL };
+    EVP_PKEY *key[3] = { NULL, NULL, NULL };
     SLH_DSA_SIG_TEST_DATA *td1 = &slh_dsa_sig_testdata[0];
+    SLH_DSA_SIG_TEST_DATA *td2 = &slh_dsa_sig_testdata[1];
 #ifndef OPENSSL_NO_EC
     EVP_PKEY *eckey = NULL;
 #endif
 
     if (!TEST_ptr(key[0] = slh_dsa_pubkey_from_data(td1->alg, td1->pub, td1->pub_len))
-            || !TEST_ptr(key[1] = slh_dsa_pubkey_from_data(td1->alg, td1->pub, td1->pub_len)))
+            || !TEST_ptr(key[1] = slh_dsa_pubkey_from_data(td1->alg, td1->pub, td1->pub_len))
+            || !TEST_ptr(key[2] = slh_dsa_pubkey_from_data(td2->alg, td2->pub, td2->pub_len)))
         goto end;
 
-    ret = TEST_int_eq(EVP_PKEY_eq(key[0], key[1]), 1);
-    if (ret == 0)
+    if (!TEST_int_eq(EVP_PKEY_eq(key[0], key[1]), 1)
+            || !TEST_int_ne(EVP_PKEY_eq(key[0], key[2]), 1))
         goto end;
 
 #ifndef OPENSSL_NO_EC
@@ -156,6 +158,7 @@ static int slh_dsa_key_eq_test(void)
     EVP_PKEY_free(eckey);
 #endif
 end:
+    EVP_PKEY_free(key[2]);
     EVP_PKEY_free(key[1]);
     EVP_PKEY_free(key[0]);
     return ret;
@@ -216,14 +219,14 @@ err:
     return ret;
 }
 
-static int slh_dsa_sign_verify_test(void)
+static int slh_dsa_sign_verify_test(int tst_id)
 {
     int ret = 0;
-    SLH_DSA_SIG_TEST_DATA *td = &slh_dsa_sig_testdata[0];
+    SLH_DSA_SIG_TEST_DATA *td = &slh_dsa_sig_testdata[tst_id];
     EVP_PKEY_CTX *sctx = NULL;
     EVP_PKEY *pkey = NULL;
     EVP_SIGNATURE *sig_alg = NULL;
-    OSSL_PARAM params[3], *p = params;
+    OSSL_PARAM params[4], *p = params;
     uint8_t sig[64 * 1024];
     size_t sig_len = sizeof(sig);
     uint8_t digest[32];
@@ -232,6 +235,10 @@ static int slh_dsa_sign_verify_test(void)
 
     *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_DETERMINISTIC, &deterministic);
     *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING, &encode);
+    if (td->add_random != NULL)
+        *p++ = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ADD_RANDOM,
+                                                 (char *)td->add_random,
+                                                 td->add_random_len);
     *p = OSSL_PARAM_construct_end();
 
     /*
@@ -266,16 +273,18 @@ err:
     return ret;
 }
 
-static int slh_dsa_keygen_test(void)
+static int slh_dsa_keygen_test(int tst_id)
 {
     int ret = 0;
-    const SLH_DSA_KEYGEN_TEST_DATA *tst = &slh_dsa_keygen_testdata[0];
+    const SLH_DSA_KEYGEN_TEST_DATA *tst = &slh_dsa_keygen_testdata[tst_id];
     EVP_PKEY *pkey = NULL;
     uint8_t priv[32 * 2], pub[32 * 2];
     size_t priv_len, pub_len;
+    size_t key_len = tst->priv_len / 2;
+    size_t n = key_len / 2;
 
-    if (!TEST_true(set_entropy(tst->priv, tst->priv_len,
-                               tst->pub_seed, tst->pub_seed_len)))
+    if (!TEST_true(set_entropy(tst->priv, key_len,
+                               tst->priv + key_len, n)))
         goto err;
 
     fake_rand_set_callback(RAND_get0_private(NULL), &fake_rand_cb);
@@ -289,8 +298,10 @@ static int slh_dsa_keygen_test(void)
     if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
                                                    pub, sizeof(pub), &pub_len)))
         goto err;
-    if (!TEST_size_t_eq(priv_len, tst->priv_len)
-            || !TEST_size_t_eq(pub_len, tst->priv_len))
+    if (!TEST_size_t_eq(priv_len, key_len)
+            || !TEST_size_t_eq(pub_len, key_len))
+        goto err;
+    if (!TEST_mem_eq(pub, pub_len, tst->priv + key_len, key_len))
         goto err;
     ret = 1;
 err:
@@ -311,9 +322,11 @@ static int slh_dsa_pub_root_from_data_test(void)
     size_t priv_len = 0, pub_len = 0;
     EVP_PKEY *pkey = NULL;
     const SLH_DSA_KEYGEN_TEST_DATA *tst = &slh_dsa_keygen_testdata[0];
+    size_t key_len = tst->priv_len / 2;
+    size_t n = key_len / 2;
 
-    if (!slh_dsa_create_keypair(&pkey, tst->name, tst->priv, tst->priv_len,
-                                tst->pub_seed, tst->pub_seed_len))
+    if (!slh_dsa_create_keypair(&pkey, tst->name, tst->priv, key_len,
+                                tst->priv + key_len, n))
         goto err;
 
     if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
@@ -322,7 +335,7 @@ static int slh_dsa_pub_root_from_data_test(void)
     if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
                                                    pub, sizeof(pub), &pub_len)))
         goto err;
-    if (!TEST_mem_eq(pub, pub_len, tst->pub_expected, tst->pub_expected_len))
+    if (!TEST_mem_eq(pub, pub_len, tst->priv + key_len, key_len))
         goto err;
     ret = 1;
 err:
@@ -340,8 +353,8 @@ int setup_tests(void)
     ADD_TEST(slh_dsa_bad_pub_len_test);
     ADD_TEST(slh_dsa_key_validate_test);
     ADD_TEST(slh_dsa_key_eq_test);
-    ADD_TEST(slh_dsa_sign_verify_test);
-    ADD_TEST(slh_dsa_keygen_test);
+    ADD_ALL_TESTS(slh_dsa_sign_verify_test, OSSL_NELEM(slh_dsa_sig_testdata));
+    ADD_ALL_TESTS(slh_dsa_keygen_test, OSSL_NELEM(slh_dsa_keygen_testdata));
     ADD_TEST(slh_dsa_pub_root_from_data_test);
     return 1;
 }