PQC: SLH-DSA

[FAlbertDev]

PQC: SLH-DSA (Initial Public Draft)

Similar to PRs #3893 and #4270, this PR integrates the SLH-DSA IPD instances into our SPHINCS⁺ implementation. The difference to the current SPHINCS⁺ round 3.1 implementation is marginal. I also named all instances without the IPD suffix to make the transition to the final standard as smooth as possible.

Module Hierarchy

I added new modules to allow users to activate only the final SLH-DSA instances. Since the logic is almost the same, no new logic is added to these modules. However, I think it's quite handy for users to allow only SLH-DSA instances via modules (for example, using a policy).

State of this Pull Request

This PR is in a draft state since it won't be merged until the final standard is published. Applications that want to experiment with the IPD instances may work with this PR for now. However, the IPD instances (and temporary OIDs) are dropped before the final merge.

SLH-DSA Specification Release - TODOs

• X.509
  • [ ] Exchange IPD with SLH-DSA OIDs
  • [ ] Read through the IETF draft and validate that our X.509 implementation handles SLH-DSA keys correctly
• Check (and possibly adopt) SLH-DSA test vectors
  • [ ] ACVP Tests: #1, #2, #3
• [ ] Go through FIPS 205 again and see if all validations are implemented (add tests)
• [ ] ❔ Implement PrehashSLH-DSA depends on #4318
• [ ] Implement the new "context" parameter in signing/verifying depends on #4318