tls-mldsa updates from testing

Author: peterdettman

tls/src/main/java/org/bouncycastle/tls/SignatureAndHashAlgorithm.java

@@ -15,14 +15,15 @@ public class SignatureAndHashAlgorithm
         create(SignatureScheme.ecdsa_brainpoolP384r1tls13_sha384);
     public static final SignatureAndHashAlgorithm ecdsa_brainpoolP512r1tls13_sha512 =
         create(SignatureScheme.ecdsa_brainpoolP512r1tls13_sha512);
-    public static final SignatureAndHashAlgorithm ed25519 =
-        create(SignatureScheme.ed25519);
-    public static final SignatureAndHashAlgorithm ed448 =
-        create(SignatureScheme.ed448);
+    public static final SignatureAndHashAlgorithm ed25519 = create(SignatureScheme.ed25519);
+    public static final SignatureAndHashAlgorithm ed448 = create(SignatureScheme.ed448);
     public static final SignatureAndHashAlgorithm gostr34102012_256 =
         create(HashAlgorithm.Intrinsic, SignatureAlgorithm.gostr34102012_256);
     public static final SignatureAndHashAlgorithm gostr34102012_512 =
         create(HashAlgorithm.Intrinsic, SignatureAlgorithm.gostr34102012_512);
+    public static final SignatureAndHashAlgorithm DRAFT_mldsa44 = create(SignatureScheme.DRAFT_mldsa44);
+    public static final SignatureAndHashAlgorithm DRAFT_mldsa65 = create(SignatureScheme.DRAFT_mldsa65);
+    public static final SignatureAndHashAlgorithm DRAFT_mldsa87 = create(SignatureScheme.DRAFT_mldsa87);
     public static final SignatureAndHashAlgorithm rsa_pss_rsae_sha256 =
         create(SignatureScheme.rsa_pss_rsae_sha256);
     public static final SignatureAndHashAlgorithm rsa_pss_rsae_sha384 =

tls/src/main/java/org/bouncycastle/tls/SignatureScheme.java

@@ -227,9 +227,23 @@ public static short getSignatureAlgorithm(int signatureScheme)
 
     public static SignatureAndHashAlgorithm getSignatureAndHashAlgorithm(int signatureScheme)
     {
-        return SignatureAndHashAlgorithm.getInstance(
-            getHashAlgorithm(signatureScheme),
-            getSignatureAlgorithm(signatureScheme));
+        switch (signatureScheme)
+        {
+        case ed25519:
+            return SignatureAndHashAlgorithm.ed25519;
+        case ed448:
+            return SignatureAndHashAlgorithm.ed448;
+        case DRAFT_mldsa44:
+            return SignatureAndHashAlgorithm.DRAFT_mldsa44;
+        case DRAFT_mldsa65:
+            return SignatureAndHashAlgorithm.DRAFT_mldsa65;
+        case DRAFT_mldsa87:
+            return SignatureAndHashAlgorithm.DRAFT_mldsa87;
+        default:
+            return SignatureAndHashAlgorithm.getInstance(
+                getHashAlgorithm(signatureScheme),
+                getSignatureAlgorithm(signatureScheme));
+        }
     }
 
     public static String getText(int signatureScheme)

tls/src/main/java/org/bouncycastle/tls/TlsUtils.java

@@ -63,7 +63,7 @@ public class TlsUtils
     // Map OID strings to HashAlgorithm values
     private static final Hashtable CERT_SIG_ALG_OIDS = createCertSigAlgOIDs();
     private static final Vector DEFAULT_SUPPORTED_SIG_ALGS = createDefaultSupportedSigAlgs();
-
+    
     private static void addCertSigAlgOID(Hashtable h, ASN1ObjectIdentifier oid, SignatureAndHashAlgorithm sigAndHash)
     {
         h.put(oid.getId(), sigAndHash);
@@ -116,6 +116,10 @@ private static Hashtable createCertSigAlgOIDs()
         addCertSigAlgOID(h, EdECObjectIdentifiers.id_Ed25519, SignatureAndHashAlgorithm.ed25519);
         addCertSigAlgOID(h, EdECObjectIdentifiers.id_Ed448, SignatureAndHashAlgorithm.ed448);
 
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_44, SignatureAndHashAlgorithm.DRAFT_mldsa44);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_65, SignatureAndHashAlgorithm.DRAFT_mldsa65);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_87, SignatureAndHashAlgorithm.DRAFT_mldsa87);
+
         addCertSigAlgOID(h, RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256,
             SignatureAndHashAlgorithm.gostr34102012_256);
         addCertSigAlgOID(h, RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512,

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsCrypto.java

@@ -454,6 +454,13 @@ public boolean hasSignatureAlgorithm(short signatureAlgorithm)
 
     public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
     {
+        int signatureScheme = SignatureScheme.from(sigAndHashAlgorithm);
+        if (SignatureScheme.isMLDSA(signatureScheme))
+        {
+            // TODO[tls-mldsa] Finish ML-DSA support before enabling
+            return false;
+        }
+        
         short signature = sigAndHashAlgorithm.getSignature();
 
         switch (sigAndHashAlgorithm.getHash())
@@ -470,10 +477,11 @@ public boolean hasSignatureScheme(int signatureScheme)
         switch (signatureScheme)
         {
         case SignatureScheme.sm2sig_sm3:
-        // TODO[tls] Test coverage before adding
+            return false;
         case SignatureScheme.DRAFT_mldsa44:
         case SignatureScheme.DRAFT_mldsa65:
         case SignatureScheme.DRAFT_mldsa87:
+            // TODO[tls-mldsa] Finish ML-DSA support before enabling
             return false;
         default:
         {

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java

@@ -772,6 +772,13 @@ public boolean hasSignatureAlgorithm(short signatureAlgorithm)
 
     public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
     {
+        int signatureScheme = SignatureScheme.from(sigAndHashAlgorithm);
+        if (SignatureScheme.isMLDSA(signatureScheme))
+        {
+            // TODO[tls-mldsa] Finish ML-DSA support before enabling
+            return false;
+        }
+
         short signature = sigAndHashAlgorithm.getSignature();
 
         switch (sigAndHashAlgorithm.getHash())
@@ -791,10 +798,11 @@ public boolean hasSignatureScheme(int signatureScheme)
         switch (signatureScheme)
         {
         case SignatureScheme.sm2sig_sm3:
-        // TODO[tls] Implement before adding
+            return false;
         case SignatureScheme.DRAFT_mldsa44:
         case SignatureScheme.DRAFT_mldsa65:
         case SignatureScheme.DRAFT_mldsa87:
+            // TODO[tls-mldsa] Finish ML-DSA support before enabling
             return false;
         default:
         {

tls/src/test/java/org/bouncycastle/tls/test/MockDTLSClient.java

@@ -110,6 +110,7 @@ public void notifyServerCertificate(TlsServerCertificate serverCertificate) thro
 
                 String[] trustedCertResources = new String[]{ "x509-server-dsa.pem", "x509-server-ecdh.pem",
                     "x509-server-ecdsa.pem", "x509-server-ed25519.pem", "x509-server-ed448.pem",
+                    "x509-server-ml_dsa_44.pem", "x509-server-ml_dsa_65.pem", "x509-server-ml_dsa_87.pem",
                     "x509-server-rsa_pss_256.pem", "x509-server-rsa_pss_384.pem", "x509-server-rsa_pss_512.pem",
                     "x509-server-rsa-enc.pem", "x509-server-rsa-sign.pem" };
 

tls/src/test/java/org/bouncycastle/tls/test/MockDTLSServer.java

@@ -112,7 +112,8 @@ public void notifyClientCertificate(org.bouncycastle.tls.Certificate clientCerti
         }
 
         String[] trustedCertResources = new String[]{ "x509-client-dsa.pem", "x509-client-ecdh.pem",
-            "x509-client-ecdsa.pem", "x509-client-ed25519.pem", "x509-client-ed448.pem", "x509-client-rsa_pss_256.pem",
+            "x509-client-ecdsa.pem", "x509-client-ed25519.pem", "x509-client-ed448.pem", "x509-client-ml_dsa_44.pem",
+            "x509-client-ml_dsa_65.pem", "x509-client-ml_dsa_87.pem", "x509-client-rsa_pss_256.pem",
             "x509-client-rsa_pss_384.pem", "x509-client-rsa_pss_512.pem", "x509-client-rsa.pem" };
 
         TlsCertificate[] certPath = TlsTestUtils.getTrustedCertPath(context.getCrypto(), chain[0],

tls/src/test/java/org/bouncycastle/tls/test/MockTlsClient.java

@@ -128,6 +128,7 @@ public void notifyServerCertificate(TlsServerCertificate serverCertificate) thro
 
                 String[] trustedCertResources = new String[]{ "x509-server-dsa.pem", "x509-server-ecdh.pem",
                     "x509-server-ecdsa.pem", "x509-server-ed25519.pem", "x509-server-ed448.pem",
+                    "x509-server-ml_dsa_44.pem", "x509-server-ml_dsa_65.pem", "x509-server-ml_dsa_87.pem",
                     "x509-server-rsa_pss_256.pem", "x509-server-rsa_pss_384.pem", "x509-server-rsa_pss_512.pem",
                     "x509-server-rsa-enc.pem", "x509-server-rsa-sign.pem" };
 

tls/src/test/java/org/bouncycastle/tls/test/MockTlsHybridClient.java

@@ -154,6 +154,7 @@ public void notifyServerCertificate(TlsServerCertificate serverCertificate) thro
 
                 String[] trustedCertResources = new String[]{ "x509-server-dsa.pem", "x509-server-ecdh.pem",
                     "x509-server-ecdsa.pem", "x509-server-ed25519.pem", "x509-server-ed448.pem",
+                    "x509-server-ml_dsa_44.pem", "x509-server-ml_dsa_65.pem", "x509-server-ml_dsa_87.pem",
                     "x509-server-rsa_pss_256.pem", "x509-server-rsa_pss_384.pem", "x509-server-rsa_pss_512.pem",
                     "x509-server-rsa-enc.pem", "x509-server-rsa-sign.pem" };
 

tls/src/test/java/org/bouncycastle/tls/test/MockTlsHybridServer.java

@@ -162,7 +162,8 @@ public void notifyClientCertificate(org.bouncycastle.tls.Certificate clientCerti
         }
 
         String[] trustedCertResources = new String[]{ "x509-client-dsa.pem", "x509-client-ecdh.pem",
-            "x509-client-ecdsa.pem", "x509-client-ed25519.pem", "x509-client-ed448.pem", "x509-client-rsa_pss_256.pem",
+            "x509-client-ecdsa.pem", "x509-client-ed25519.pem", "x509-client-ed448.pem", "x509-client-ml_dsa_44.pem",
+            "x509-client-ml_dsa_65.pem", "x509-client-ml_dsa_87.pem", "x509-client-rsa_pss_256.pem",
             "x509-client-rsa_pss_384.pem", "x509-client-rsa_pss_512.pem", "x509-client-rsa.pem" };
 
         TlsCertificate[] certPath = TlsTestUtils.getTrustedCertPath(context.getCrypto(), chain[0],