TLS: ML-DSA support in JcaTlsCrypto (still disabled)

Author: yu-2h

tls/src/main/java/org/bouncycastle/jsse/provider/ProvX509KeyManager.java

@@ -158,6 +158,10 @@ private static Map<String, PublicKeyFilter> createFiltersClient()
         addFilter(filters, "Ed25519");
         addFilter(filters, "Ed448");
 
+        addFilter(filters, "ML-DSA-44");
+        addFilter(filters, "ML-DSA-65");
+        addFilter(filters, "ML-DSA-87");
+
         addECFilter13(filters, NamedGroup.brainpoolP256r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP384r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP512r1tls13);
@@ -183,6 +187,10 @@ private static Map<String, PublicKeyFilter> createFiltersServer()
         addFilter(filters, "Ed25519");
         addFilter(filters, "Ed448");
 
+        addFilter(filters, "ML-DSA-44");
+        addFilter(filters, "ML-DSA-65");
+        addFilter(filters, "ML-DSA-87");
+
         addECFilter13(filters, NamedGroup.brainpoolP256r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP384r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP512r1tls13);

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsMLDSASigner.java

@@ -27,6 +27,11 @@ private BcTlsMLDSASigner(BcTlsCrypto crypto, MLDSAPrivateKeyParameters privateKe
     {
         super(crypto, privateKey);
 
+        if (!SignatureScheme.isMLDSA(signatureScheme))
+        {
+            throw new IllegalArgumentException("signatureScheme");
+        }
+
         this.signatureScheme = signatureScheme;
     }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaDefaultTlsCredentialedSigner.java

@@ -66,6 +66,18 @@ else if ("Ed448".equalsIgnoreCase(algorithm))
         {
             signer = new JcaTlsEd448Signer(crypto, privateKey);
         }
+        else if ("ML-DSA-44".equalsIgnoreCase(algorithm))
+        {
+            signer = new JcaTlsMLDSASigner(crypto, privateKey, SignatureScheme.DRAFT_mldsa44);
+        }
+        else if ("ML-DSA-65".equalsIgnoreCase(algorithm))
+        {
+            signer = new JcaTlsMLDSASigner(crypto, privateKey, SignatureScheme.DRAFT_mldsa65);
+        }
+        else if ("ML-DSA-87".equalsIgnoreCase(algorithm))
+        {
+            signer = new JcaTlsMLDSASigner(crypto, privateKey, SignatureScheme.DRAFT_mldsa87);
+        }
         else
         {
             throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java

@@ -277,6 +277,7 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException
         case SignatureScheme.DRAFT_mldsa44:
         case SignatureScheme.DRAFT_mldsa65:
         case SignatureScheme.DRAFT_mldsa87:
+            return crypto.createTls13Verifier("ML-DSA", null, getPubKeyMLDSA());
 
         default:
             throw new TlsFatalAlert(AlertDescription.internal_error);
@@ -396,6 +397,11 @@ PublicKey getPubKeyRSA() throws IOException
         return getPublicKey();
     }
 
+    PublicKey getPubKeyMLDSA() throws IOException
+    {
+        return getPublicKey();
+    }
+
     public short getLegacySignatureAlgorithm() throws IOException
     {
         PublicKey publicKey = getPublicKey();

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsMLDSASigner.java

@@ -0,0 +1,52 @@
+package org.bouncycastle.tls.crypto.impl.jcajce;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+
+import org.bouncycastle.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.tls.SignatureScheme;
+import org.bouncycastle.tls.crypto.TlsSigner;
+import org.bouncycastle.tls.crypto.TlsStreamSigner;
+
+public class JcaTlsMLDSASigner
+    implements TlsSigner
+{
+    private final JcaTlsCrypto crypto;
+    private final PrivateKey privateKey;
+    private final int signatureScheme;
+
+    public JcaTlsMLDSASigner(JcaTlsCrypto crypto, PrivateKey privateKey, int signatureScheme)
+    {
+        if (null == crypto)
+        {
+            throw new NullPointerException("crypto");
+        }
+        if (null == privateKey)
+        {
+            throw new NullPointerException("privateKey");
+        }
+        if (!SignatureScheme.isMLDSA(signatureScheme))
+        {
+            throw new IllegalArgumentException("signatureScheme");
+        }
+
+        this.crypto = crypto;
+        this.privateKey = privateKey;
+        this.signatureScheme = signatureScheme;
+    }
+
+    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
+    {
+        throw new UnsupportedOperationException();
+    }
+
+    public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm) throws IOException
+    {
+        if (algorithm == null || SignatureScheme.from(algorithm) != signatureScheme)
+        {
+            throw new IllegalStateException("Invalid algorithm: " + algorithm);
+        }
+
+        return crypto.createStreamSigner("ML-DSA", null, privateKey, false);
+    }
+}

tls/src/test/java/org/bouncycastle/jsse/provider/test/AllTests.java

@@ -4,6 +4,7 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
+
 import org.bouncycastle.test.PrintTestResult;
 
 public class AllTests
@@ -25,6 +26,7 @@ public static Test suite()
         suite.addTestSuite(ConfigTest.class);
         suite.addTestSuite(ECDSACredentialsTest.class);
         suite.addTestSuite(EdDSACredentialsTest.class);
+        suite.addTestSuite(MLDSACredentialsTest.class);
         suite.addTestSuite(InstanceTest.class);
         suite.addTestSuite(KeyManagerFactoryTest.class);
         suite.addTestSuite(PSSCredentialsTest.class);

tls/src/test/java/org/bouncycastle/jsse/provider/test/MLDSACredentialsTest.java

@@ -0,0 +1,226 @@
+package org.bouncycastle.jsse.provider.test;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.concurrent.CountDownLatch;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+
+import junit.framework.TestCase;
+
+public class MLDSACredentialsTest
+    extends TestCase
+{
+    protected void setUp()
+    {
+        ProviderUtils.setupLowPriority(false);
+    }
+
+    private static final String HOST = "localhost";
+    private static final int PORT_NO_13_MLDSA44 = 9060;
+    private static final int PORT_NO_13_MLDSA65 = 9061;
+    private static final int PORT_NO_13_MLDSA87 = 9062;
+
+    static class MLDSAClient
+        implements TestProtocolUtil.BlockingCallable
+    {
+        private final int port;
+        private final String protocol;
+        private final KeyStore trustStore;
+        private final KeyStore clientStore;
+        private final char[] clientKeyPass;
+        private final CountDownLatch latch;
+
+        MLDSAClient(int port, String protocol, KeyStore clientStore, char[] clientKeyPass,
+            X509Certificate trustAnchor) throws GeneralSecurityException, IOException
+        {
+            KeyStore trustStore = createKeyStore();
+            trustStore.setCertificateEntry("server", trustAnchor);
+
+            this.port = port;
+            this.protocol = protocol;
+            this.trustStore = trustStore;
+            this.clientStore = clientStore;
+            this.clientKeyPass = clientKeyPass;
+            this.latch = new CountDownLatch(1);
+        }
+
+        public Exception call() throws Exception
+        {
+            try
+            {
+                TrustManagerFactory trustMgrFact = TrustManagerFactory.getInstance("PKIX",
+                    ProviderUtils.PROVIDER_NAME_BCJSSE);
+                trustMgrFact.init(trustStore);
+
+                KeyManagerFactory keyMgrFact = KeyManagerFactory.getInstance("PKIX",
+                    ProviderUtils.PROVIDER_NAME_BCJSSE);
+                keyMgrFact.init(clientStore, clientKeyPass);
+
+                SSLContext clientContext = SSLContext.getInstance("TLS", ProviderUtils.PROVIDER_NAME_BCJSSE);
+                clientContext.init(keyMgrFact.getKeyManagers(), trustMgrFact.getTrustManagers(),
+                    SecureRandom.getInstance("DEFAULT", ProviderUtils.PROVIDER_NAME_BC));
+
+                SSLSocketFactory fact = clientContext.getSocketFactory();
+                SSLSocket cSock = (SSLSocket)fact.createSocket(HOST, port);
+                cSock.setEnabledProtocols(new String[]{ protocol });
+
+                SSLSession session = cSock.getSession();
+                assertNotNull(session);
+                assertFalse("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite()));
+                assertEquals("CN=Test CA Certificate", session.getLocalPrincipal().getName());
+                assertEquals("CN=Test CA Certificate", session.getPeerPrincipal().getName());
+
+                TestProtocolUtil.doClientProtocol(cSock, "Hello");
+            }
+            finally
+            {
+                latch.countDown();
+            }
+
+            return null;
+        }
+
+        public void await()
+            throws InterruptedException
+        {
+            latch.await();
+        }
+    }
+
+    static class MLDSAServer
+        implements TestProtocolUtil.BlockingCallable
+    {
+        private final int port;
+        private final String protocol;
+        private final KeyStore serverStore;
+        private final char[] keyPass;
+        private final KeyStore trustStore;
+        private final CountDownLatch latch;
+
+        MLDSAServer(int port, String protocol, KeyStore serverStore, char[] keyPass, X509Certificate trustAnchor)
+            throws GeneralSecurityException, IOException
+        {
+            KeyStore trustStore = createKeyStore();
+            trustStore.setCertificateEntry("client", trustAnchor);
+
+            this.port = port;
+            this.protocol = protocol;
+            this.serverStore = serverStore;
+            this.keyPass = keyPass;
+            this.trustStore = trustStore;
+            this.latch = new CountDownLatch(1);
+        }
+
+        public Exception call() throws Exception
+        {
+            try
+            {
+                KeyManagerFactory keyMgrFact = KeyManagerFactory.getInstance("PKIX",
+                    ProviderUtils.PROVIDER_NAME_BCJSSE);
+                keyMgrFact.init(serverStore, keyPass);
+
+                TrustManagerFactory trustMgrFact = TrustManagerFactory.getInstance("PKIX",
+                    ProviderUtils.PROVIDER_NAME_BCJSSE);
+                trustMgrFact.init(trustStore);
+
+                SSLContext serverContext = SSLContext.getInstance("TLS", ProviderUtils.PROVIDER_NAME_BCJSSE);
+                serverContext.init(keyMgrFact.getKeyManagers(), trustMgrFact.getTrustManagers(),
+                    SecureRandom.getInstance("DEFAULT", ProviderUtils.PROVIDER_NAME_BC));
+
+                SSLServerSocketFactory fact = serverContext.getServerSocketFactory();
+                SSLServerSocket sSock = (SSLServerSocket)fact.createServerSocket(port);
+
+                SSLUtils.enableAll(sSock);
+                sSock.setNeedClientAuth(true);
+
+                latch.countDown();
+
+                SSLSocket sslSock = (SSLSocket)sSock.accept();
+                sslSock.setEnabledProtocols(new String[]{ protocol });
+
+                SSLSession session = sslSock.getSession();
+                assertNotNull(session);
+                assertFalse("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite()));
+                assertEquals("CN=Test CA Certificate", session.getLocalPrincipal().getName());
+                assertEquals("CN=Test CA Certificate", session.getPeerPrincipal().getName());
+
+                TestProtocolUtil.doServerProtocol(sslSock, "World");
+
+                sslSock.close();
+                sSock.close();
+            }
+            finally
+            {
+                latch.countDown();
+            }
+
+            return null;
+        }
+
+        public void await() throws InterruptedException
+        {
+            latch.await();
+        }
+    }
+
+    public void testDISABLED()
+    {
+        // TODO[tls-mldsa] Enable below tests once support enabled in implementation(s).
+    }
+
+//    public void test13_MLDSA44() throws Exception
+//    {
+//        implTestMLDSACredentials(PORT_NO_13_MLDSA44, "TLSv1.3", TestUtils.generateMLDSA44KeyPair());
+//    }
+//
+//    public void test13_MLDSA65() throws Exception
+//    {
+//        implTestMLDSACredentials(PORT_NO_13_MLDSA65, "TLSv1.3", TestUtils.generateMLDSA65KeyPair());
+//    }
+//
+//    public void test13_MLDSA87() throws Exception
+//    {
+//        implTestMLDSACredentials(PORT_NO_13_MLDSA87, "TLSv1.3", TestUtils.generateMLDSA87KeyPair());
+//    }
+
+    private void implTestMLDSACredentials(int port, String protocol, KeyPair caKeyPair) throws Exception
+    {
+        char[] keyPass = "keyPassword".toCharArray();
+
+        X509Certificate caCert = TestUtils.generateRootCert(caKeyPair);
+
+        KeyStore serverKs = createKeyStore();
+        serverKs.setKeyEntry("server", caKeyPair.getPrivate(), keyPass, new X509Certificate[]{ caCert });
+
+        KeyStore clientKs = createKeyStore();
+        clientKs.setKeyEntry("client", caKeyPair.getPrivate(), keyPass, new X509Certificate[]{ caCert });
+
+        TestProtocolUtil.runClientAndServer(new MLDSAServer(port, protocol, serverKs, keyPass, caCert),
+            new MLDSAClient(port, protocol, clientKs, keyPass, caCert));
+    }
+
+    private static KeyStore createKeyStore() throws GeneralSecurityException, IOException
+    {
+        /*
+         * NOTE: At the time of writing, default JKS implementation can't recover PKCS8 private keys
+         * with version != 0, which e.g. is the case when a public key is included, which the BC
+         * provider currently does for MLDSA.
+         */
+//        KeyStore keyStore = KeyStore.getInstance("JKS");
+        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
+        keyStore.load(null, null);
+        return keyStore;
+    }
+}