(D)TLS: JcaTlsCrypto dynamically checks ML-DSA, SLH-DSA support

peterdettman · peterdettman · commit aab0448cc211 · 2025-10-08T01:02:22.000+07:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java
@@ -93,6 +93,7 @@ public class JcaTlsCrypto
     private final Hashtable supportedEncryptionAlgorithms = new Hashtable();
     private final Hashtable supportedNamedGroups = new Hashtable();
     private final Hashtable supportedOther = new Hashtable();
+    private final Hashtable supportedSignatureSchemes = new Hashtable();
 
     /**
      * Base constructor.
@@ -795,43 +796,35 @@ public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHash
 
     public boolean hasSignatureScheme(int signatureScheme)
     {
-        switch (signatureScheme)
+        final Integer key = Integers.valueOf(signatureScheme);
+        synchronized (supportedSignatureSchemes)
+        {
+            Boolean cached = (Boolean)supportedSignatureSchemes.get(key);
+            if (cached != null)
+            {
+                return cached.booleanValue();
+            }
+        }
+
+        Boolean supported = isSupportedSignatureScheme(signatureScheme);
+        if (null == supported)
         {
-        case SignatureScheme.sm2sig_sm3:
             return false;
-        // TODO[tls] Dynamic detection of the signature algorithm
-        case SignatureScheme.mldsa44:
-        case SignatureScheme.mldsa65:
-        case SignatureScheme.mldsa87:
-        case SignatureScheme.DRAFT_slhdsa_sha2_128s:
-        case SignatureScheme.DRAFT_slhdsa_sha2_128f:
-        case SignatureScheme.DRAFT_slhdsa_sha2_192s:
-        case SignatureScheme.DRAFT_slhdsa_sha2_192f:
-        case SignatureScheme.DRAFT_slhdsa_sha2_256s:
-        case SignatureScheme.DRAFT_slhdsa_sha2_256f:
-        case SignatureScheme.DRAFT_slhdsa_shake_128s:
-        case SignatureScheme.DRAFT_slhdsa_shake_128f:
-        case SignatureScheme.DRAFT_slhdsa_shake_192s:
-        case SignatureScheme.DRAFT_slhdsa_shake_192f:
-        case SignatureScheme.DRAFT_slhdsa_shake_256s:
-        case SignatureScheme.DRAFT_slhdsa_shake_256f:
-            return true;
-        default:
+        }
+
+        synchronized (supportedSignatureSchemes)
         {
-            short signature = SignatureScheme.getSignatureAlgorithm(signatureScheme);
+            Boolean cached = (Boolean)supportedSignatureSchemes.put(key, supported);
 
-            switch (SignatureScheme.getCryptoHashAlgorithm(signatureScheme))
+            // Unlikely, but we want a consistent result
+            if (null != cached && supported != cached)
             {
-            case CryptoHashAlgorithm.md5:
-                return SignatureAlgorithm.rsa == signature && hasSignatureAlgorithm(signature);
-            case CryptoHashAlgorithm.sha224:
-                // Somewhat overkill, but simpler for now. It's also consistent with SunJSSE behaviour.
-                return !JcaUtils.isSunMSCAPIProviderActive() && hasSignatureAlgorithm(signature);
-            default:
-                return hasSignatureAlgorithm(signature);
+                supportedSignatureSchemes.put(key, cached);
+                supported = cached;
             }
         }
-        }
+
+        return supported.booleanValue();
     }
 
     public boolean hasSRPAuthentication()
@@ -1267,6 +1260,50 @@ else if (NamedGroup.refersToASpecificFiniteField(namedGroup))
         return null;
     }
 
+    protected Boolean isSupportedSignatureScheme(int signatureScheme)
+    {
+        try
+        {
+            if (SignatureScheme.isMLDSA(signatureScheme))
+            {
+                helper.createSignature("ML-DSA");
+                return Boolean.TRUE;
+            }
+
+            if (SignatureScheme.isSLHDSA(signatureScheme))
+            {
+                helper.createSignature("SLH-DSA");
+                return Boolean.TRUE;
+            }
+
+            switch (signatureScheme)
+            {
+            case SignatureScheme.sm2sig_sm3:
+                return Boolean.FALSE;
+
+            default:
+            {
+                short signature = SignatureScheme.getSignatureAlgorithm(signatureScheme);
+    
+                switch (SignatureScheme.getCryptoHashAlgorithm(signatureScheme))
+                {
+                case CryptoHashAlgorithm.md5:
+                    return Boolean.valueOf(SignatureAlgorithm.rsa == signature && hasSignatureAlgorithm(signature));
+                case CryptoHashAlgorithm.sha224:
+                    // Somewhat overkill, but simpler for now. It's also consistent with SunJSSE behaviour.
+                    return Boolean.valueOf(!JcaUtils.isSunMSCAPIProviderActive() && hasSignatureAlgorithm(signature));
+                default:
+                    return Boolean.valueOf(hasSignatureAlgorithm(signature));
+                }
+            }
+            }
+        }
+        catch (GeneralSecurityException e)
+        {
+            return Boolean.FALSE;
+        }
+    }
+
     protected boolean isUsableCipher(String cipherAlgorithm, int keySize)
     {
         try
