Merge branch 'tls-mldsa-test' into 'main'

Roy Basmacier · Roy Basmacier · commit 41d35f2bed80 · 2025-07-14T19:12:11.000Z
Added ML-DSA test to TlsCryptoTest.

See merge request root/bc-java!111
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRawKeyCertificate.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRawKeyCertificate.java
@@ -409,14 +409,27 @@ public MLDSAPublicKeyParameters getPubKeyMLDSA() throws IOException
     {
         try
         {
-            return (MLDSAPublicKeyParameters)getPublicKey();
+            return (MLDSAPublicKeyParameters)getPQCPublicKey();
         }
         catch (ClassCastException e)
         {
             throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not ML-DSA", e);
         }
     }
 
+    protected AsymmetricKeyParameter getPQCPublicKey() throws IOException
+    {
+        try
+        {
+            return org.bouncycastle.pqc.crypto.util.PublicKeyFactory.createKey(keyInfo);
+        }
+        catch (RuntimeException e)
+        {
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
+        }
+    }
+
+
     public RSAKeyParameters getPubKeyRSA() throws IOException
     {
         try
diff --git a/tls/src/test/java/org/bouncycastle/tls/crypto/test/TlsCryptoTest.java b/tls/src/test/java/org/bouncycastle/tls/crypto/test/TlsCryptoTest.java
@@ -187,6 +187,12 @@ protected TlsCredentialedSigner loadCredentialedSigner13(TlsCryptoParameters cry
         case SignatureScheme.rsa_pss_rsae_sha384:
         case SignatureScheme.rsa_pss_rsae_sha512:
             return loadCredentialedSigner(cryptoParams, "rsa-sign", signatureAndHashAlgorithm);
+        case SignatureScheme.DRAFT_mldsa44:
+            return loadCredentialedSigner(cryptoParams, "ml_dsa_44", signatureAndHashAlgorithm);
+        case SignatureScheme.DRAFT_mldsa65:
+            return loadCredentialedSigner(cryptoParams, "ml_dsa_65", signatureAndHashAlgorithm);
+        case SignatureScheme.DRAFT_mldsa87:
+            return loadCredentialedSigner(cryptoParams, "ml_dsa_87", signatureAndHashAlgorithm);
 
         // TODO[tls] Add test resources for these
         case SignatureScheme.ecdsa_brainpoolP256r1tls13_sha256:
@@ -195,9 +201,6 @@ protected TlsCredentialedSigner loadCredentialedSigner13(TlsCryptoParameters cry
         case SignatureScheme.ecdsa_secp384r1_sha384:
         case SignatureScheme.ecdsa_secp521r1_sha512:
         case SignatureScheme.sm2sig_sm3:
-        case SignatureScheme.DRAFT_mldsa44:
-        case SignatureScheme.DRAFT_mldsa65:
-        case SignatureScheme.DRAFT_mldsa87:
 
         default:
             return null;
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/TlsTestUtils.java b/tls/src/test/java/org/bouncycastle/tls/test/TlsTestUtils.java
@@ -417,7 +417,16 @@ static AsymmetricKeyParameter loadBcPrivateKeyResource(String resource)
         PemObject pem = loadPemResource(resource);
         if (pem.getType().equals("PRIVATE KEY"))
         {
-            return PrivateKeyFactory.createKey(pem.getContent());
+            AsymmetricKeyParameter kp;
+            try
+            {
+                kp = PrivateKeyFactory.createKey(pem.getContent());
+            }
+            catch (Exception e)
+            {
+                kp = org.bouncycastle.pqc.crypto.util.PrivateKeyFactory.createKey(pem.getContent());
+            }
+            return kp;
         }
         if (pem.getType().equals("ENCRYPTED PRIVATE KEY"))
         {

Original file line number	Diff line number	Diff line change
`@@ -409,14 +409,27 @@ public MLDSAPublicKeyParameters getPubKeyMLDSA() throws IOException`
`409`	`409`	`{`
`410`	`410`	`try`
`411`	`411`	`{`
`412`		`- return (MLDSAPublicKeyParameters)getPublicKey();`
	`412`	`+ return (MLDSAPublicKeyParameters)getPQCPublicKey();`
`413`	`413`	`}`
`414`	`414`	`catch (ClassCastException e)`
`415`	`415`	`{`
`416`	`416`	`throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not ML-DSA", e);`
`417`	`417`	`}`
`418`	`418`	`}`
`419`	`419`
	`420`	`+ protected AsymmetricKeyParameter getPQCPublicKey() throws IOException`
	`421`	`+ {`
	`422`	`+ try`
	`423`	`+ {`
	`424`	`+ return org.bouncycastle.pqc.crypto.util.PublicKeyFactory.createKey(keyInfo);`
	`425`	`+ }`
	`426`	`+ catch (RuntimeException e)`
	`427`	`+ {`
	`428`	`+ throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);`
	`429`	`+ }`
	`430`	`+ }`
	`431`	`+`
	`432`	`+`
`420`	`433`	`public RSAKeyParameters getPubKeyRSA() throws IOException`
`421`	`434`	`{`
`422`	`435`	`try`
Original file line number	Diff line number	Diff line change
`@@ -417,7 +417,16 @@ static AsymmetricKeyParameter loadBcPrivateKeyResource(String resource)`
`417`	`417`	`PemObject pem = loadPemResource(resource);`
`418`	`418`	`if (pem.getType().equals("PRIVATE KEY"))`
`419`	`419`	`{`
`420`		`- return PrivateKeyFactory.createKey(pem.getContent());`
	`420`	`+ AsymmetricKeyParameter kp;`
	`421`	`+ try`
	`422`	`+ {`
	`423`	`+ kp = PrivateKeyFactory.createKey(pem.getContent());`
	`424`	`+ }`
	`425`	`+ catch (Exception e)`
	`426`	`+ {`
	`427`	`+ kp = org.bouncycastle.pqc.crypto.util.PrivateKeyFactory.createKey(pem.getContent());`
	`428`	`+ }`
	`429`	`+ return kp;`
`421`	`430`	`}`
`422`	`431`	`if (pem.getType().equals("ENCRYPTED PRIVATE KEY"))`
`423`	`432`	`{`