TLS: Cleanup KEM tests

peterdettman · peterdettman · commit 1ac8c027b4cf · 2025-05-26T22:46:55.000+07:00
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemClient.java
@@ -2,12 +2,10 @@
 
 import java.io.IOException;
 import java.io.PrintStream;
-import java.security.SecureRandom;
 import java.util.Hashtable;
 import java.util.Vector;
 
 import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.tls.AlertDescription;
 import org.bouncycastle.tls.AlertLevel;
 import org.bouncycastle.tls.CertificateRequest;
@@ -29,8 +27,6 @@
 import org.bouncycastle.tls.TlsUtils;
 import org.bouncycastle.tls.crypto.TlsCertificate;
 import org.bouncycastle.tls.crypto.TlsCrypto;
-import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
-import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.encoders.Hex;
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemServer.java
@@ -2,13 +2,11 @@
 
 import java.io.IOException;
 import java.io.PrintStream;
-import java.security.SecureRandom;
 import java.util.Hashtable;
 import java.util.Vector;
 
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.tls.AlertDescription;
 import org.bouncycastle.tls.AlertLevel;
 import org.bouncycastle.tls.CertificateRequest;
@@ -26,9 +24,6 @@
 import org.bouncycastle.tls.TlsUtils;
 import org.bouncycastle.tls.crypto.TlsCertificate;
 import org.bouncycastle.tls.crypto.TlsCrypto;
-import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
-import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
-import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;
 import org.bouncycastle.util.encoders.Hex;
 
 class MockTlsKemServer
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/TlsProtocolKemTest.java b/tls/src/test/java/org/bouncycastle/tls/test/TlsProtocolKemTest.java
@@ -23,8 +23,9 @@ protected TlsProtocolKemTest(TlsCrypto crypto)
     {
         this.crypto = crypto;
     }
-    // mismatched ML-KEM strengths w/o classical crypto
-    public void testMismatchStrength() throws Exception
+
+    // mismatched ML-KEM groups w/o classical crypto
+    public void testMismatchedGroups() throws Exception
     {
         PipedInputStream clientRead = TlsTestUtils.createPipedInputStream();
         PipedInputStream serverRead = TlsTestUtils.createPipedInputStream();
@@ -42,6 +43,7 @@ public void testMismatchStrength() throws Exception
         catch (Exception ignored)
         {
         }
+
         MockTlsKemClient client = new MockTlsKemClient(crypto, null);
         client.setNamedGroups(new int[]{ NamedGroup.MLKEM512 });
         try
@@ -56,7 +58,22 @@ public void testMismatchStrength() throws Exception
         serverThread.join();
     }
 
-    public void testClientServer() throws Exception
+    public void testMLKEM512() throws Exception
+    {
+        implTestClientServer(NamedGroup.MLKEM512);
+    }
+
+    public void testMLKEM768() throws Exception
+    {
+        implTestClientServer(NamedGroup.MLKEM768);
+    }
+
+    public void testMLKEM1024() throws Exception
+    {
+        implTestClientServer(NamedGroup.MLKEM1024);
+    }
+
+    private void implTestClientServer(int kemGroup) throws Exception
     {
         PipedInputStream clientRead = TlsTestUtils.createPipedInputStream();
         PipedInputStream serverRead = TlsTestUtils.createPipedInputStream();
@@ -66,10 +83,12 @@ public void testClientServer() throws Exception
         TlsClientProtocol clientProtocol = new TlsClientProtocol(clientRead, clientWrite);
         TlsServerProtocol serverProtocol = new TlsServerProtocol(serverRead, serverWrite);
 
-        ServerThread serverThread = new ServerThread(crypto, serverProtocol, null, false);
+        ServerThread serverThread = new ServerThread(crypto, serverProtocol, new int[]{ kemGroup }, false);
         serverThread.start();
 
         MockTlsKemClient client = new MockTlsKemClient(crypto, null);
+        client.setNamedGroups(new int[]{ kemGroup });
+
         clientProtocol.connect(client);
 
         // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
