dotnet
diff --git a/‎src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.SlhDsa.cs
Lines changed: 52 additions & 0 deletions b/‎src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.SlhDsa.cs
Lines changed: 52 additions & 0 deletions
diff --git a/‎src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
Lines changed: 307 additions & 7 deletions b/‎src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
Lines changed: 307 additions & 7 deletions
diff --git a/‎src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.NotSupported.cs
Lines changed: 6 additions & 0 deletions b/‎src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.NotSupported.cs
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.Windows.cs
Lines changed: 6 additions & 0 deletions b/‎src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.Windows.cs
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaContractTests.cs
Lines changed: 275 additions & 1 deletion b/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaContractTests.cs
Lines changed: 275 additions & 1 deletion
diff --git a/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaMockImplementation.cs
Lines changed: 103 additions & 0 deletions b/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaMockImplementation.cs
Lines changed: 103 additions & 0 deletions
diff --git a/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestData.cs
Lines changed: 300 additions & 3 deletions b/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestData.cs
Lines changed: 300 additions & 3 deletions
diff --git a/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestHelpers.cs
Lines changed: 16 additions & 0 deletions b/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestHelpers.cs
Lines changed: 16 additions & 0 deletions
@@ -131,6 +131,58 @@ internal static bool SlhDsaVerifyPure(
             }
         }
 
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial int CryptoNative_SlhDsaSignPreEncoded(
+            SafeEvpPKeyHandle pkey, IntPtr extraHandle,
+            ReadOnlySpan<byte> msg, int msgLength,
+            Span<byte> destination, int destinationLength);
+
+        internal static void SlhDsaSignPreEncoded(
+            SafeEvpPKeyHandle pkey,
+            ReadOnlySpan<byte> msg,
+            Span<byte> destination)
+        {
+            int ret = CryptoNative_SlhDsaSignPreEncoded(
+                pkey, GetExtraHandle(pkey),
+                msg, msg.Length,
+                destination, destination.Length);
+
+            if (ret != 1)
+            {
+                throw Interop.Crypto.CreateOpenSslCryptographicException();
+            }
+        }
+
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial int CryptoNative_SlhDsaVerifyPreEncoded(
+            SafeEvpPKeyHandle pkey, IntPtr extraHandle,
+            ReadOnlySpan<byte> msg, int msgLength,
+            ReadOnlySpan<byte> signature, int signatureLength);
+
+        internal static bool SlhDsaVerifyPreEncoded(
+            SafeEvpPKeyHandle pkey,
+            ReadOnlySpan<byte> msg,
+            ReadOnlySpan<byte> signature)
+        {
+            int ret = CryptoNative_SlhDsaVerifyPreEncoded(
+                pkey, GetExtraHandle(pkey),
+                msg, msg.Length,
+                signature, signature.Length);
+
+            if (ret == 1)
+            {
+                return true;
+            }
+            else if (ret == 0)
+            {
+                return false;
+            }
+            else
+            {
+                throw Interop.Crypto.CreateOpenSslCryptographicException();
+            }
+        }
+
         [LibraryImport(Libraries.CryptoNative)]
         private static partial int CryptoNative_SlhDsaExportSecretKey(SafeEvpPKeyHandle pkey, Span<byte> destination, int destinationLength);
 
 
@@ -23,6 +23,12 @@ protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
         protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature) =>
             throw new PlatformNotSupportedException();
 
+        protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            throw new PlatformNotSupportedException();
+
+        protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            throw new PlatformNotSupportedException();
+
         protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
 
 
@@ -23,6 +23,12 @@ protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
         protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature) =>
             throw new PlatformNotSupportedException();
 
+        protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            throw new PlatformNotSupportedException();
+
+        protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            throw new PlatformNotSupportedException();
+
         protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
 
 
@@ -29,13 +29,17 @@ public SlhDsaMockImplementation(SlhDsaAlgorithm algorithm)
         public delegate bool TryExportPkcs8PrivateKeyCoreFunc(Span<byte> destination, out int bytesWritten);
         public delegate void SignDataCoreAction(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, Span<byte> s);
         public delegate bool VerifyDataCoreFunc(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature);
+        public delegate void SignPreHashCoreAction(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination);
+        public delegate bool VerifyPreHashCoreFunc(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature);
         public delegate void DisposeAction(bool disposing);
 
         public TryExportPkcs8PrivateKeyCoreFunc BaseTryExportPkcs8PrivateKeyCore =>
             base.TryExportPkcs8PrivateKeyCore;
 
         public int VerifyDataCoreCallCount = 0;
         public int SignDataCoreCallCount = 0;
+        public int VerifyPreHashCoreCallCount = 0;
+        public int SignPreHashCoreCallCount = 0;
         public int ExportSlhDsaPublicKeyCoreCallCount = 0;
         public int ExportSlhDsaSecretKeyCoreCallCount = 0;
         public int TryExportPkcs8PrivateKeyCoreCallCount = 0;
@@ -47,6 +51,8 @@ public SlhDsaMockImplementation(SlhDsaAlgorithm algorithm)
             (_, out bytesWritten) => { Assert.Fail(); bytesWritten = 0; return false; };
         public SignDataCoreAction SignDataCoreHook { get; set; } = (_, _, _) => Assert.Fail();
         public VerifyDataCoreFunc VerifyDataCoreHook { get; set; } = (_, _, _) => { Assert.Fail(); return false; };
+        public SignPreHashCoreAction SignPreHashCoreHook { get; set; } = (_, _, _, _) => Assert.Fail();
+        public VerifyPreHashCoreFunc VerifyPreHashCoreHook { get; set; } = (_, _, _, _) => { Assert.Fail(); return false; };
         public DisposeAction DisposeHook { get; set; } = _ => { };
 
         protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination)
@@ -85,6 +91,18 @@ protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byt
             return VerifyDataCoreHook(data, context, signature);
         }
 
+        protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination)
+        {
+            SignPreHashCoreCallCount++;
+            SignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
+        }
+
+        protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature)
+        {
+            VerifyPreHashCoreCallCount++;
+            return VerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
+        }
+
         public void AddLengthAssertion()
         {
             ExportSlhDsaPublicKeyCoreAction oldExportSlhDsaPublicKeyCoreHook = ExportSlhDsaPublicKeyCoreHook;
@@ -115,6 +133,21 @@ public void AddLengthAssertion()
                 Assert.Equal(Algorithm.SignatureSizeInBytes, signature.Length);
                 return ret;
             };
+
+            SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
+            SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            {
+                oldSignDataCoreHook(hash, context, destination);
+                Assert.Equal(Algorithm.SignatureSizeInBytes, destination.Length);
+            };
+
+            VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
+            VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            {
+                bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
+                Assert.Equal(Algorithm.SignatureSizeInBytes, signature.Length);
+                return ret;
+            };
         }
 
         public void AddDestinationBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
@@ -140,6 +173,13 @@ public void AddDestinationBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
                 AssertExtensions.Same(buffer.Span, destination);
             };
 
+            SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
+            SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            {
+                oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
+                AssertExtensions.Same(buffer.Span, destination);
+            };
+
             TryExportPkcs8PrivateKeyCoreFunc oldTryExportPkcs8PrivateKeyCoreHook = TryExportPkcs8PrivateKeyCoreHook;
             TryExportPkcs8PrivateKeyCoreHook = (Span<byte> destination, out int bytesWritten) =>
             {
@@ -165,6 +205,21 @@ public void AddContextBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
                 AssertExtensions.Same(buffer.Span, context);
                 return ret;
             };
+
+            SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
+            SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            {
+                oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
+                AssertExtensions.Same(buffer.Span, context);
+            };
+
+            VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
+            VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            {
+                bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
+                AssertExtensions.Same(buffer.Span, context);
+                return ret;
+            };
         }
 
         public void AddSignatureBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
@@ -176,6 +231,14 @@ public void AddSignatureBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
                 AssertExtensions.Same(buffer.Span, signature);
                 return ret;
             };
+
+            VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
+            VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            {
+                bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
+                AssertExtensions.Same(buffer.Span, signature);
+                return ret;
+            };
         }
 
         public void AddDataBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
@@ -194,6 +257,39 @@ public void AddDataBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
                 AssertExtensions.Same(buffer.Span, data);
                 return ret;
             };
+
+            SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
+            SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            {
+                oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
+                AssertExtensions.Same(buffer.Span, hash);
+            };
+
+            VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
+            VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            {
+                bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
+                AssertExtensions.Same(buffer.Span, hash);
+                return ret;
+            };
+        }
+
+        public void AddHashAlgorithmIsSameAssertion(ReadOnlyMemory<char> buffer)
+        {
+            SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
+            SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            {
+                oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
+                AssertExtensions.Same(buffer.Span, hashAlgorithmOid);
+            };
+
+            VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
+            VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
+            {
+                bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
+                AssertExtensions.Same(buffer.Span, hashAlgorithmOid);
+                return ret;
+            };
         }
 
         public void AddFillDestination(byte b)
@@ -219,6 +315,13 @@ public void AddFillDestination(byte b)
                 destination.Fill(b);
             };
 
+            SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
+            SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
+            {
+                oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
+                destination.Fill(b);
+            };
+
             TryExportPkcs8PrivateKeyCoreFunc oldTryExportPkcs8PrivateKeyCoreHook = TryExportPkcs8PrivateKeyCoreHook;
             TryExportPkcs8PrivateKeyCoreHook = (Span<byte> destination, out int bytesWritten) =>
             {
 
@@ -28,6 +28,11 @@ internal static void VerifyDisposed(SlhDsa slhDsa)
             Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyData(ReadOnlySpan<byte>.Empty, tempBuffer.AsSpan(), ReadOnlySpan<byte>.Empty));
             Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyData(Array.Empty<byte>(), tempBuffer, Array.Empty<byte>()));
 
+            Assert.Throws<ObjectDisposedException>(() => slhDsa.SignPreHash(ReadOnlySpan<byte>.Empty, tempBuffer.AsSpan(), "1.0", ReadOnlySpan<byte>.Empty));
+            Assert.Throws<ObjectDisposedException>(() => slhDsa.SignPreHash(Array.Empty<byte>(), "1.0"));
+            Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyPreHash(ReadOnlySpan<byte>.Empty, tempBuffer.AsSpan(), "1.0", ReadOnlySpan<byte>.Empty));
+            Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyPreHash(Array.Empty<byte>(), tempBuffer.AsSpan(), "1.0", Array.Empty<byte>()));
+
             Assert.Throws<ObjectDisposedException>(() => slhDsa.ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte>.Empty, pbeParameters));
             Assert.Throws<ObjectDisposedException>(() => slhDsa.ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char>.Empty, pbeParameters));
             Assert.Throws<ObjectDisposedException>(() => slhDsa.ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<byte>.Empty, pbeParameters));
@@ -386,5 +391,16 @@ internal static byte[] DoTryUntilDone(TryExportFunc func)
                 _ => null,
             };
         }
+
+        internal const string Md5Oid = "1.2.840.113549.2.5";
+        internal const string Sha1Oid = "1.3.14.3.2.26";
+        internal const string Sha256Oid = "2.16.840.1.101.3.4.2.1";
+        internal const string Sha384Oid = "2.16.840.1.101.3.4.2.2";
+        internal const string Sha512Oid = "2.16.840.1.101.3.4.2.3";
+        internal const string Sha3_256Oid = "2.16.840.1.101.3.4.2.8";
+        internal const string Sha3_384Oid = "2.16.840.1.101.3.4.2.9";
+        internal const string Sha3_512Oid = "2.16.840.1.101.3.4.2.10";
+        internal const string Shake128Oid = "2.16.840.1.101.3.4.2.11";
+        internal const string Shake256Oid = "2.16.840.1.101.3.4.2.12";
     }
 }