diff --git a/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java b/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java index 67390586e..b2259ceff 100644 --- a/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java +++ b/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java @@ -152,6 +152,10 @@ private static List getKeySizes(String algorithm) throws Exception { putKeySize("EC", 521); putKeySize("XDH", 255); putKeySize("EdDSA", 255); + putKeySize("ML-KEM", -1); + putKeySize("ML-KEM-512", -1); + putKeySize("ML-KEM-768", -1); + putKeySize("ML-KEM-1024", -1); putKeySize("ML-DSA", -1); putKeySize("ML-DSA-44", -1); putKeySize("ML-DSA-65", -1); @@ -184,6 +188,11 @@ private void test_KeyPairGenerator(KeyPairGenerator kpg) throws Exception { List keySizes = getKeySizes(algorithm); for (int keySize : keySizes) { + if (algorithm.equals("ML-KEM")) { + // The generic ML-KEM generator in SunJCE doesn't support initialize(keySize). + // The specific named variants like "ML-KEM-512" are tested separately. + continue; + } // TODO(flooey): Remove when we don't support Java 6 anymore if ("DSA".equals(algorithm) && ("SUN".equalsIgnoreCase(kpg.getProvider().getName()) @@ -252,6 +261,11 @@ private void test_Key(KeyPairGenerator kpg, Key k) throws Exception { // which supported generation of Ed25519 keys before Conscrypt did. expectedAlgorithm = "1.3.101.112"; } + if (expectedAlgorithm.startsWith("ML-KEM")) { + // The KeyPairGenerator might be "ML-KEM-512", but the key it generates + // has the algorithm "ML-KEM". + expectedAlgorithm = "ML-KEM"; + } assertEquals(expectedAlgorithm, k.getAlgorithm().toUpperCase(Locale.ROOT)); if (expectedAlgorithm.equals("DH")) { if (k instanceof DHPublicKey) { @@ -274,6 +288,10 @@ private void test_Key(KeyPairGenerator kpg, Key k) throws Exception { // ML-DSA keys are not yet serializable, so just skip them. return; } + if (expectedAlgorithm.equals("ML-KEM")) { + // ML-KEM keys are not yet serializable, so just skip them. + return; + } if (expectedAlgorithm.equals("SLH-DSA-SHA2-128S")) { // SLH-DSA keys are not yet serializable, so just skip them. return; diff --git a/common/src/test/java/org/conscrypt/java/security/MessageDigestTest.java b/common/src/test/java/org/conscrypt/java/security/MessageDigestTest.java index fe53f7846..7e533840c 100644 --- a/common/src/test/java/org/conscrypt/java/security/MessageDigestTest.java +++ b/common/src/test/java/org/conscrypt/java/security/MessageDigestTest.java @@ -169,6 +169,13 @@ private static Map getExpectations(String algorithm) throws Exce TestUtils.decodeHex( "a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a6" + "15b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26")); + putExpectation("SHAKE128-256", INPUT_EMPTY, + TestUtils.decodeHex( + "7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26")); + putExpectation("SHAKE256-512", INPUT_EMPTY, + TestUtils.decodeHex( + "46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762f" + + "d75dc4ddd8c0f200cb05019d67b592f6fc821c49479ab48640292eacb3b7c4be")); // Regression test for a SHA-1 problem with inputs larger than 256 MiB. http://b/4501620 // In mid-2013 this takes 3 minutes even on the host, so let's not run it on devices.