Updated signature operations test query

Author: fegge

java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances.qll

@@ -8,11 +8,13 @@ import FlowAnalysis
  */
 abstract private class EllipticCurveAlgorithmInstance extends Crypto::EllipticCurveInstance {
   override Crypto::TEllipticCurveType getEllipticCurveType() {
-    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), _, result)
+    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getRawEllipticCurveName().toUpperCase(),
+      _, result)
   }
 
   override int getKeySize() {
-    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), result, _)
+    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getRawEllipticCurveName().toUpperCase(),
+      result, _)
   }
 }
 
@@ -22,7 +24,7 @@ abstract private class EllipticCurveAlgorithmInstance extends Crypto::EllipticCu
 class EllipticCurveStringLiteralInstance extends EllipticCurveAlgorithmInstance instanceof StringLiteral
 {
   EllipticCurveStringLiteralInstance() {
-    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getValue(), _, _)
+    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getValue().toUpperCase(), _, _)
   }
 
   override string getRawEllipticCurveName() { result = super.getValue() }
@@ -76,7 +78,9 @@ class DSASignatureAlgorithmInstance extends SignatureAlgorithmInstance instanceo
 
 abstract private class EllipticCurveSignatureAlgorithmInstance extends SignatureAlgorithmInstance,
   EllipticCurveAlgorithmInstance
-{ }
+{
+  override Crypto::EllipticCurveInstance getEllipticCurve() { result = this }
+}
 
 /**
  * Ed25519, Ed25519ph, and Ed25519ctx signers.
@@ -133,7 +137,6 @@ class ECDSASignatureAlgorithmInstance extends SignatureAlgorithmInstance instanc
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
-    // We need to specify this explicitly since the key size is not fixed.
     result = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::ECDSA())
   }
 
@@ -181,7 +184,7 @@ class Ed25519KeyGenerationAlgorithmInstance extends EllipticCurveKeyGenerationAl
     super.getConstructedType().getName().matches("Ed25519%")
   }
 
-  override string getRawEllipticCurveName() { result = "CURVE25519" }
+  override string getRawEllipticCurveName() { result = "Curve25519" }
 }
 
 class Ed448KeyGenerationAlgorithmInstance extends EllipticCurveKeyGenerationAlgorithmInstance instanceof ClassInstanceExpr
@@ -191,7 +194,7 @@ class Ed448KeyGenerationAlgorithmInstance extends EllipticCurveKeyGenerationAlgo
     super.getConstructedType().getName().matches("Ed448%")
   }
 
-  override string getRawEllipticCurveName() { result = "CURVE25519" }
+  override string getRawEllipticCurveName() { result = "Curve25519" }
 }
 
 /**
@@ -208,7 +211,15 @@ class GenericEllipticCurveKeyGenerationAlgorithmInstance extends KeyGenerationAl
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    // The generator constructs an elliptic curve key pair, but the algorithm is
+    // not determined at key generation. As an example, the key could be used
+    // for either ECDSA or ECDH For this reason, we just return "EllipticCurve".
+    result = "EllipticCurve"
+  }
+
+  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    // The algorithm type is not known. See above.
+    result = Crypto::KeyOpAlg::TUnknownKeyOperationAlgorithmType()
   }
 }
 

java/ql/test/experimental/library-tests/quantum/BouncyCastle/ECDSAP256SignAndVerify.java

@@ -0,0 +1,61 @@
+import java.security.Security;
+import java.security.SecureRandom;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.signers.ECDSASigner;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+
+/**
+ * Example of using Bouncy Castle's low-level API for ECDSA signing and verification over P-256.
+ */
+public class ECDSAP256SignAndVerify {
+    public static void main(String[] args) {
+        // Add Bouncy Castle provider
+        Security.addProvider(new BouncyCastleProvider());
+        
+        try {
+            // Get P-256 curve parameters using BouncyCastle's SECNamedCurves
+            String curveName = "secp256r1";
+            X9ECParameters ecParams = SECNamedCurves.getByName(curveName);
+            ECDomainParameters domainParams = new ECDomainParameters(ecParams);
+            
+            // Generate a key pair
+            SecureRandom random = new SecureRandom();
+            ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
+            ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(domainParams, random);
+            keyPairGenerator.init(keyGenParams);
+            AsymmetricCipherKeyPair keyPair = keyPairGenerator.generateKeyPair();
+            
+            ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters) keyPair.getPrivate();
+            ECPublicKeyParameters publicKey = (ECPublicKeyParameters) keyPair.getPublic();
+            
+            byte[] message = "Hello, ECDSA P-256 signature!".getBytes("UTF-8");
+            
+            // Sign the message
+            ECDSASigner signer = new ECDSASigner();
+            signer.init(true, privateKey); // true for signing
+            // Note: ECDSA typically signs a hash of the message, not the message directly
+            // For simplicity, we're signing the message bytes directly here
+            java.math.BigInteger[] signature = signer.generateSignature(message);
+            
+            System.out.println("Signature generated!");
+            System.out.println("Signature r: " + signature[0].toString(16));
+            System.out.println("Signature s: " + signature[1].toString(16));
+            
+            // Verify the signature
+            ECDSASigner verifier = new ECDSASigner();
+            verifier.init(false, publicKey); // false for verification
+            boolean verified = verifier.verifySignature(message, signature[0], signature[1]);
+            
+            System.out.println("Signature verified: " + verified);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_artifacts.expected

@@ -1,4 +1,6 @@
-| Ed448SignAndVerify.java:21:47:21:80 | Key | CURVE25519 |
+| ECDSAP256SignAndVerify.java:33:47:33:80 | Key | Unknown |
+| ECDSAP256SignAndVerify.java:33:47:33:80 | Key | secp256r1 |
+| Ed448SignAndVerify.java:21:47:21:80 | Key | Curve25519 |
 | Ed448SignAndVerify.java:21:47:21:80 | Key | Ed448 |
-| Ed25519SignAndVerify.java:21:47:21:80 | Key | CURVE25519 |
+| Ed25519SignAndVerify.java:21:47:21:80 | Key | Curve25519 |
 | Ed25519SignAndVerify.java:21:47:21:80 | Key | Ed25519 |

java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_generation_operations.expected

@@ -1,3 +1,5 @@
+| ECDSAP256SignAndVerify.java:33:47:33:80 | KeyGeneration | ECDSAP256SignAndVerify.java:24:32:24:42 | EllipticCurve | ECDSAP256SignAndVerify.java:33:47:33:80 | Key |
+| ECDSAP256SignAndVerify.java:33:47:33:80 | KeyGeneration | ECDSAP256SignAndVerify.java:30:51:30:74 | KeyOperationAlgorithm | ECDSAP256SignAndVerify.java:33:47:33:80 | Key |
 | Ed448SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed448SignAndVerify.java:19:54:19:80 | EllipticCurve | Ed448SignAndVerify.java:21:47:21:80 | Key |
 | Ed448SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed448SignAndVerify.java:19:54:19:80 | KeyOperationAlgorithm | Ed448SignAndVerify.java:21:47:21:80 | Key |
 | Ed25519SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed25519SignAndVerify.java:19:56:19:84 | EllipticCurve | Ed25519SignAndVerify.java:21:47:21:80 | Key |

java/ql/test/experimental/library-tests/quantum/BouncyCastle/signature_operations.expected

@@ -1,4 +1,6 @@
-| Ed448SignAndVerify.java:32:32:32:57 | SignOperation | Ed448SignAndVerify.java:30:31:30:40 | Key | Ed448SignAndVerify.java:31:27:31:33 | Message | KeyOperationOutput |
-| Ed448SignAndVerify.java:40:32:40:66 | VerifyOperation | Ed448SignAndVerify.java:38:34:38:42 | Key | Ed448SignAndVerify.java:39:29:39:35 | Message |  |
-| Ed25519SignAndVerify.java:32:32:32:57 | SignOperation | Ed25519SignAndVerify.java:30:31:30:40 | Key | Ed25519SignAndVerify.java:31:27:31:33 | Message | KeyOperationOutput |
-| Ed25519SignAndVerify.java:40:32:40:66 | VerifyOperation | Ed25519SignAndVerify.java:38:34:38:42 | Key | Ed25519SignAndVerify.java:39:29:39:35 | Message |  |
+| ECDSAP256SignAndVerify.java:45:48:45:80 | SignOperation | ECDSAP256SignAndVerify.java:41:34:41:50 | KeyOperationAlgorithm | ECDSAP256SignAndVerify.java:42:31:42:40 | Key | ECDSAP256SignAndVerify.java:45:73:45:79 | Message |  | SignatureOutput |
+| ECDSAP256SignAndVerify.java:54:32:54:92 | VerifyOperation | ECDSAP256SignAndVerify.java:52:36:52:52 | KeyOperationAlgorithm | ECDSAP256SignAndVerify.java:53:34:53:42 | Key | ECDSAP256SignAndVerify.java:54:57:54:63 | Message | SignatureInput |  |
+| Ed448SignAndVerify.java:32:32:32:57 | SignOperation | Ed448SignAndVerify.java:29:34:29:70 | KeyOperationAlgorithm | Ed448SignAndVerify.java:30:31:30:40 | Key | Ed448SignAndVerify.java:31:27:31:33 | Message |  | SignatureOutput |
+| Ed448SignAndVerify.java:40:32:40:66 | VerifyOperation | Ed448SignAndVerify.java:37:36:37:72 | KeyOperationAlgorithm | Ed448SignAndVerify.java:38:34:38:42 | Key | Ed448SignAndVerify.java:39:29:39:35 | Message | SignatureInput |  |
+| Ed25519SignAndVerify.java:32:32:32:57 | SignOperation | Ed25519SignAndVerify.java:29:36:29:54 | KeyOperationAlgorithm | Ed25519SignAndVerify.java:30:31:30:40 | Key | Ed25519SignAndVerify.java:31:27:31:33 | Message |  | SignatureOutput |
+| Ed25519SignAndVerify.java:40:32:40:66 | VerifyOperation | Ed25519SignAndVerify.java:37:38:37:56 | KeyOperationAlgorithm | Ed25519SignAndVerify.java:38:34:38:42 | Key | Ed25519SignAndVerify.java:39:29:39:35 | Message | SignatureInput |  |

java/ql/test/experimental/library-tests/quantum/BouncyCastle/signature_operations.ql

@@ -1,7 +1,15 @@
 import java
 import experimental.quantum.Language
 
-string getAnOutputArtifact(Crypto::KeyOperationNode n) {
+string getASignatureInput(Crypto::SignatureOperationNode n) {
+  exists(Crypto::SignatureArtifactNode input |
+    input = n.getASignatureArtifact() and result = input.toString()
+  )
+  or
+  not exists(n.getASignatureArtifact()) and result = ""
+}
+
+string getASignatureOutput(Crypto::SignatureOperationNode n) {
   exists(Crypto::KeyOperationOutputNode output |
     output = n.getAnOutputArtifact() and result = output.toString()
   )
@@ -10,4 +18,5 @@ string getAnOutputArtifact(Crypto::KeyOperationNode n) {
 }
 
 from Crypto::SignatureOperationNode n
-select n, n.getAKey(), n.getAnInputArtifact(), getAnOutputArtifact(n)
+select n, n.getAKnownAlgorithm(), n.getAKey(), n.getAnInputArtifact(), getASignatureInput(n),
+  getASignatureOutput(n)