dotnet · PranavSenthilnathan · Jun 9, 2025 · May 13, 2025 · May 16, 2025 · May 16, 2025
diff --git a/...ies/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.SlhDsa.cs b/...ies/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.SlhDsa.cs
@@ -131,6 +131,59 @@ internal static bool SlhDsaVerifyPure(
             }
         }
 
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial int CryptoNative_SlhDsaSignPreHash(
+            SafeEvpPKeyHandle pkey, IntPtr extraHandle,
+            ReadOnlySpan<byte> msg, int msgLength,
+            Span<byte> destination, int destinationLength);
+
+        internal static void SlhDsaSignPreHash(
+            SafeEvpPKeyHandle pkey,
+            ReadOnlySpan<byte> msg,
+            Span<byte> destination)
+        {
+            int ret = CryptoNative_SlhDsaSignPreHash(
+                pkey, GetExtraHandle(pkey),
+                msg, msg.Length,
+                destination, destination.Length);
+
+            if (ret != 1)
+            {
+                throw Interop.Crypto.CreateOpenSslCryptographicException();
+            }
+        }
+
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial int CryptoNative_SlhDsaVerifyPreHash(
+            SafeEvpPKeyHandle pkey, IntPtr extraHandle,
+            ReadOnlySpan<byte> msg, int msgLength,
+            ReadOnlySpan<byte> signature, int signatureLength);
+
+        internal static bool SlhDsaVerifyPreHash(
+            SafeEvpPKeyHandle pkey,
+            ReadOnlySpan<byte> msg,
+            ReadOnlySpan<byte> signature)
+        {
+            int ret = CryptoNative_SlhDsaVerifyPreHash(
+                pkey, GetExtraHandle(pkey),
+                msg, msg.Length,
+                signature, signature.Length);
+
+            if (ret == 1)
+            {
+                return true;
+            }
+            else if (ret == 0)
+            {
+                return false;
+            }
+            else
+            {
+                throw Interop.Crypto.CreateOpenSslCryptographicException();
+            }
+        }
+
+
         [LibraryImport(Libraries.CryptoNative)]
         private static partial int CryptoNative_SlhDsaExportSecretKey(SafeEvpPKeyHandle pkey, Span<byte> destination, int destinationLength);
 

diff --git a/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs b/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.Formats.Asn1;
 using System.Runtime.CompilerServices;
@@ -142,6 +143,61 @@ Oids.EcPublicKey or
             };
         }
 
+        internal static string? GetOidFromHashAlgorithm(HashAlgorithmName algName)
+        {
+            if (algName == HashAlgorithmName.MD5)
+                return Oids.Md5;
+            if (algName == HashAlgorithmName.SHA1)
+                return Oids.Sha1;
+            if (algName == HashAlgorithmName.SHA256)
+                return Oids.Sha256;
+            if (algName == HashAlgorithmName.SHA384)
+                return Oids.Sha384;
+            if (algName == HashAlgorithmName.SHA512)
+                return Oids.Sha512;
+#if NET8_0_OR_GREATER
+            if (algName == HashAlgorithmName.SHA3_256)
+                return Oids.Sha3_256;
+            if (algName == HashAlgorithmName.SHA3_384)
+                return Oids.Sha3_384;
+            if (algName == HashAlgorithmName.SHA3_512)
+                return Oids.Sha3_512;
+
+            // SHAKE is parametrized by the output length, but only the 256-bit (shake-128) and
+            // 512-bit (shake-256) variants have an assigned OID.
+            // TODO add HashAlgorithmName.SHAKE256 and SHAKE512
+            if (algName.Name == "SHAKE128")
+                return Oids.Shake128;
+            if (algName.Name == "SHAKE256")
+                return Oids.Shake256;
+#endif
+
+            return null;
+        }
+
+        private static Dictionary<HashAlgorithmName, int> s_hashOutputSize = new Dictionary<HashAlgorithmName, int>
+        {
+            { HashAlgorithmName.SHA256, 256 / 8 },
+            { HashAlgorithmName.SHA384, 384 / 8 },
+            { HashAlgorithmName.SHA512, 512 / 8 },
+
+#if NET8_0_OR_GREATER
+            { HashAlgorithmName.SHA3_256, SHA3_256.HashSizeInBytes },
+            { HashAlgorithmName.SHA3_384, SHA3_384.HashSizeInBytes },
+            { HashAlgorithmName.SHA3_512, SHA3_512.HashSizeInBytes },
+
+            // Technically, SHAKE128 and SHAKE256 are not fixed-size hashes,
+            // but when are used as algorithm identifiers, they have the following
+            // fixed lengths.
+            // TODO add HashAlgorithmName.SHAKE256 and SHAKE512
+            { new HashAlgorithmName("SHAKE128"), 256 / 8 },
+            { new HashAlgorithmName("SHAKE256"), 512 / 8 },
+#endif
+        };
+
+        internal static bool TryGetHashOutputSize(HashAlgorithmName algName, out int hashSizeInBytes) =>
+            s_hashOutputSize.TryGetValue(algName, out hashSizeInBytes);
+
         internal static CryptographicException CreateAlgorithmUnknownException(AsnWriter encodedId)
         {
 #if NET10_0_OR_GREATER

diff --git a/src/libraries/Common/src/System/Security/Cryptography/Oids.cs b/src/libraries/Common/src/System/Security/Cryptography/Oids.cs
@@ -74,6 +74,8 @@ internal static partial class Oids
         internal const string Sha3_256 = "2.16.840.1.101.3.4.2.8";
         internal const string Sha3_384 = "2.16.840.1.101.3.4.2.9";
         internal const string Sha3_512 = "2.16.840.1.101.3.4.2.10";
+        internal const string Shake128 = "2.16.840.1.101.3.4.2.11";
+        internal const string Shake256 = "2.16.840.1.101.3.4.2.12";
 
         // DSA CMS uses the combined signature+digest OID
         internal const string DsaWithSha1 = "1.2.840.10040.4.3";

diff --git a/src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs b/src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
@@ -270,6 +270,93 @@ public bool VerifyData(byte[] data, byte[] signature, byte[]? context = default)
             return VerifyData(new ReadOnlySpan<byte>(data), new ReadOnlySpan<byte>(signature), new ReadOnlySpan<byte>(context));
         }
 
+        /// <summary>
+        /// TODO
+        /// </summary>
+        /// <param name="hash"></param>
+        /// <param name="destination"></param>
+        /// <param name="preHashAlgorithm"></param>
+        /// <param name="context"></param>
+        /// <exception cref="ArgumentOutOfRangeException"></exception>
+        /// <exception cref="ArgumentException"></exception>
+        public void SignPreHash(ReadOnlySpan<byte> hash, Span<byte> destination, HashAlgorithmName preHashAlgorithm, ReadOnlySpan<byte> context = default)
+        {
+            ValidateHashAlgorithm(hash, preHashAlgorithm);
+
+            if (destination.Length != Algorithm.SignatureSizeInBytes)
+            {
+                throw new ArgumentException(
+                    SR.Format(SR.Argument_DestinationImprecise, Algorithm.SignatureSizeInBytes),
+                    nameof(destination));
+            }
+
+            if (context.Length > MaxContextLength)
+            {
+                throw new ArgumentOutOfRangeException(
+                    nameof(context),
+                    context.Length,
+                    SR.Argument_SignatureContextTooLong255);
+            }
+
+            SignPreHashCore(hash, context, preHashAlgorithm, destination);
+        }
+
+        /// <summary>
+        /// TODO
+        /// </summary>
+        /// <param name="hash"></param>
+        /// <param name="context"></param>
+        /// <param name="preHashAlgorithm"></param>
+        /// <param name="destination"></param>
+        protected abstract void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, HashAlgorithmName preHashAlgorithm, Span<byte> destination);
+
+        /// <summary>
+        /// TODO
+        /// </summary>
+        /// <param name="hash"></param>
+        /// <param name="signature"></param>
+        /// <param name="preHashAlgorithm"></param>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        /// <exception cref="ArgumentOutOfRangeException"></exception>
+        public bool VerifyPreHash(
+            ReadOnlySpan<byte> hash,
+            ReadOnlySpan<byte> signature,
+            HashAlgorithmName preHashAlgorithm,
+            ReadOnlySpan<byte> context = default)
+        {
+            ValidateHashAlgorithm(hash, preHashAlgorithm);
+
+            if (context.Length > MaxContextLength)
+            {
+                throw new ArgumentOutOfRangeException(
+                    nameof(context),
+                    context.Length,
+                    SR.Argument_SignatureContextTooLong255);
+            }
+
+            if (signature.Length != Algorithm.SignatureSizeInBytes)
+            {
+                return false;
+            }
+
+            return VerifyPreHashCore(hash, context, preHashAlgorithm, signature);
+        }
+
+        /// <summary>
+        /// TODO
+        /// </summary>
+        /// <param name="hash"></param>
+        /// <param name="context"></param>
+        /// <param name="preHashAlgorithm"></param>
+        /// <param name="signature"></param>
+        /// <returns></returns>
+        protected abstract bool VerifyPreHashCore(
+            ReadOnlySpan<byte> hash,
+            ReadOnlySpan<byte> context,
+            HashAlgorithmName preHashAlgorithm,
+            ReadOnlySpan<byte> signature);
+
         /// <summary>
         ///   Exports the public-key portion of the current key in the X.509 SubjectPublicKeyInfo format.
         /// </summary>
@@ -1733,6 +1820,24 @@ private static SlhDsaAlgorithm GetAlgorithmIdentifier(ref readonly AlgorithmIden
             return algorithm;
         }
 
+        private static void ValidateHashAlgorithm(ReadOnlySpan<byte> hash, HashAlgorithmName hashAlgorithm)
+        {
+            if (Helpers.TryGetHashOutputSize(hashAlgorithm, out int hashSizeInBytes))
+            {
+                if (hash.Length != hashSizeInBytes)
+                {
+                    throw new ArgumentException(
+                        SR.Format(SR.Argument_HashImprecise, hashSizeInBytes),
+                        nameof(hash));
+                }
+            }
+            else
+            {
+                throw new CryptographicException(
+                    SR.Format(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithm.Name));
+            }
+        }
+
         private static void ThrowIfNotSupported()
         {
             if (!IsSupported)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.NotSupported.cs b/src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.NotSupported.cs
@@ -23,6 +23,12 @@ protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
         protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature) =>
             throw new PlatformNotSupportedException();
 
+        protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, HashAlgorithmName preHashAlgorithm, Span<byte> destination) =>
+            throw new PlatformNotSupportedException();
+
+        protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, HashAlgorithmName preHashAlgorithm, ReadOnlySpan<byte> signature) =>
+            throw new PlatformNotSupportedException();
+
         protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
 

diff --git a/src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.Windows.cs b/src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.Windows.cs
@@ -23,6 +23,12 @@ protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
         protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature) =>
             throw new PlatformNotSupportedException();
 
+        protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, HashAlgorithmName preHashAlgorithm, Span<byte> destination) =>
+            throw new PlatformNotSupportedException();
+
+        protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, HashAlgorithmName preHashAlgorithm, ReadOnlySpan<byte> signature) =>
+            throw new PlatformNotSupportedException();
+
         protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();