github
diff --git a/‎java/ql/lib/experimental/quantum/BouncyCastle.qll
Lines changed: 20 additions & 24 deletions b/‎java/ql/lib/experimental/quantum/BouncyCastle.qll
Lines changed: 20 additions & 24 deletions
diff --git a/‎java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances.qll
Lines changed: 158 additions & 2 deletions b/‎java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances.qll
Lines changed: 158 additions & 2 deletions
diff --git a/‎java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances/KeyGenerationAlgorithmInstance.qll
Lines changed: 0 additions & 85 deletions b/‎java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances/KeyGenerationAlgorithmInstance.qll
Lines changed: 0 additions & 85 deletions
@@ -24,24 +24,24 @@ module Signers {
     }
 
     MethodCall getAMethodCall(string name) {
-      result.getCallee().hasQualifiedName("org.bouncycastle.crypto.signers", this.getName(), name)
+      result.getCallee().hasQualifiedName(this.getPackage().getName(), this.getName(), name)
     }
   }
 
   /**
    * BouncyCastle algorithms are instantiated by calling the constructor of the
-   * corresponding class.
+   * corresponding class, which also represents the algorithm instance.
    */
-  private class NewCall = SignatureAlgorithmInstance;
+  private class SignerNewCall = SignatureAlgorithmInstance;
 
   /**
    * The type is instantiated by a constructor call and initialized by a call to
    * `init()` which takes two arguments. The first argument is a flag indicating
    * whether the operation is signing data or verifying a signature, and the
    * second is the key to use.
    */
-  private class InitCall extends MethodCall {
-    InitCall() { this = any(Signer signer).getAnInitCall() }
+  private class SignerInitCall extends MethodCall {
+    SignerInitCall() { this = any(Signer signer).getAnInitCall() }
 
     Expr getForSigningArg() { result = this.getArgument(0) }
 
@@ -67,8 +67,8 @@ module Signers {
    * `generateSignature()` or `verifySignature()` methods are used to produce or
    * verify the signature, respectively.
    */
-  private class UseCall extends MethodCall {
-    UseCall() { this = any(Signer signer).getAUseCall() }
+  private class SignerUseCall extends MethodCall {
+    SignerUseCall() { this = any(Signer signer).getAUseCall() }
 
     predicate isIntermediate() { this.getCallee().getName() = "update" }
 
@@ -80,13 +80,14 @@ module Signers {
   /**
    * Instantiate the flow analysis module for the `Signer` class.
    */
-  private module FlowAnalysis = NewToInitToUseFlowAnalysis<NewCall, InitCall, UseCall>;
+  private module FlowAnalysis =
+    NewToInitToUseFlowAnalysis<SignerNewCall, SignerInitCall, SignerUseCall>;
 
   /**
    * A signing operation instance is a call to either `update()`, `generateSignature()`,
    * or `verifySignature()` on a `Signer` instance.
    */
-  class SignatureOperationInstance extends Crypto::KeyOperationInstance instanceof UseCall {
+  class SignatureOperationInstance extends Crypto::KeyOperationInstance instanceof SignerUseCall {
     SignatureOperationInstance() { not this.isIntermediate() }
 
     override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
@@ -114,9 +115,9 @@ module Signers {
       result.asExpr() = super.getOutput()
     }
 
-    InitCall getInitCall() { result = FlowAnalysis::getInitFromUse(this, _, _) }
+    SignerInitCall getInitCall() { result = FlowAnalysis::getInitFromUse(this, _, _) }
 
-    UseCall getAnUpdateCall() {
+    SignerUseCall getAnUpdateCall() {
       result = FlowAnalysis::getAnIntermediateUseFromFinalUse(this, _, _)
     }
   }
@@ -150,20 +151,10 @@ module Generators {
     MethodCall getAUseCall() { result = this.getAMethodCall(["generateKey", "generateKeyPair"]) }
 
     MethodCall getAMethodCall(string name) {
-      result
-          .getCallee()
-          .hasQualifiedName("org.bouncycastle.crypto.generators", this.getName(), name)
+      result.getCallee().hasQualifiedName(this.getPackage().getName(), this.getName(), name)
     }
 
     Crypto::KeyArtifactType getKeyType() { result = type }
-
-    string getRawAlgorithmName() {
-      this.getKeyType() = Crypto::TSymmetricKeyType() and
-      result = this.getName().splitAt("KeyGenerator", 0)
-      or
-      this.getKeyType() = Crypto::TAsymmetricKeyType() and
-      result = this.getName().splitAt("KeyPairGenerator", 0)
-    }
   }
 
   /**
@@ -187,7 +178,7 @@ module Generators {
 
   /**
    * BouncyCastle algorithms are instantiated by calling the constructor of the
-   * corresponding class.
+   * corresponding class, which also represents the algorithm instance.
    */
   private class KeyGeneratorNewCall = KeyGenerationAlgorithmInstance;
 
@@ -250,10 +241,15 @@ module Generators {
       result = KeyGeneratorFlow::getInitFromUse(this, _, _).getKeySizeConsumer()
     }
   }
+}
 
+/**
+ * Models for cryptographic parameters defined by the `org.bouncycastle.crypto.params` package.
+ */
+module Parameters {
   class KeyGenerationParameters extends RefType {
     KeyGenerationParameters() {
-      this.getPackage().getName() = "org.bouncycastle.crypto.generators" and
+      this.getPackage().getName() = "org.bouncycastle.crypto.params" and
       this.getName().matches("%KeyGenerationParameters")
     }
   }
 
@@ -1,4 +1,160 @@
 import java
 import experimental.quantum.Language
-import AlgorithmInstances.SignatureAlgorithmInstances
-import AlgorithmInstances.KeyGenerationAlgorithmInstance
+import AlgorithmValueConsumers
+
+abstract private class EllipticCurveAlgorithmInstance extends Crypto::EllipticCurveInstance,
+  EllipticCurveAlgorithmValueConsumer
+{
+  override Crypto::TEllipticCurveType getEllipticCurveType() {
+    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), _, result)
+  }
+
+  override string getKeySize() {
+    exists(int keySize |
+      Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), keySize, _) and
+      result = keySize.toString()
+    )
+  }
+}
+
+/**
+ * Signature algorithms.
+ */
+abstract class SignatureAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance,
+  SignatureAlgorithmValueConsumer instanceof ClassInstanceExpr
+{
+  // TODO: Could potentially be used to model signature modes like Ed25519ph and Ed25519ctx.
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() }
+
+  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    signatureNameToKeySizeAndAlgorithmMapping(this.getRawAlgorithmName(), _, result)
+  }
+
+  override string getKeySizeFixed() {
+    signatureNameToKeySizeAndAlgorithmMapping(this.getRawAlgorithmName(), result, _)
+  }
+
+  override string getRawAlgorithmName() {
+    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+  }
+}
+
+abstract private class EllipticCurveSignatureAlgorithmInstance extends SignatureAlgorithmInstance,
+  EllipticCurveAlgorithmInstance
+{ }
+
+class Ed25519SignatureAlgorithmInstance extends EllipticCurveSignatureAlgorithmInstance instanceof ClassInstanceExpr
+{
+  Ed25519SignatureAlgorithmInstance() {
+    super.getConstructedType() instanceof Signers::Signer and
+    super.getConstructedType().getName().matches("Ed25519%")
+  }
+
+  override string getRawEllipticCurveName() { result = "CURVE25519" }
+}
+
+class Ed448SignatureAlgorithmInstance extends EllipticCurveSignatureAlgorithmInstance instanceof ClassInstanceExpr
+{
+  Ed448SignatureAlgorithmInstance() {
+    super.getConstructedType() instanceof Signers::Signer and
+    super.getConstructedType().getName().matches("Ed448%")
+  }
+
+  override string getRawAlgorithmName() {
+    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+  }
+
+  override string getRawEllipticCurveName() { result = "CURVE448" }
+}
+
+/**
+ * Key generation algorithms.
+ */
+abstract class KeyGenerationAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance,
+  KeyGenerationAlgorithmValueConsumer instanceof ClassInstanceExpr
+{
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  // TODO: Model flow from the parameter specification to the key generator.
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() }
+
+  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    generatorNameToKeySizeAndAlgorithmMapping(this.getRawAlgorithmName(), _, result)
+  }
+
+  override string getKeySizeFixed() {
+    generatorNameToKeySizeAndAlgorithmMapping(this.getRawAlgorithmName(), result, _)
+  }
+
+  override string getRawAlgorithmName() {
+    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+  }
+}
+
+abstract private class EllipticCurveKeyGenerationAlgorithmInstance extends KeyGenerationAlgorithmInstance,
+  EllipticCurveAlgorithmInstance
+{ }
+
+class Ed25519KeyGenerationAlgorithmInstance extends EllipticCurveKeyGenerationAlgorithmInstance instanceof ClassInstanceExpr
+{
+  Ed25519KeyGenerationAlgorithmInstance() {
+    super.getConstructedType() instanceof Generators::KeyGenerator and
+    super.getConstructedType().getName().matches("Ed25519%")
+  }
+
+  override string getRawEllipticCurveName() { result = "CURVE25519" }
+}
+
+class Ed448KeyGenerationAlgorithmInstance extends EllipticCurveKeyGenerationAlgorithmInstance instanceof ClassInstanceExpr
+{
+  Ed448KeyGenerationAlgorithmInstance() {
+    super.getConstructedType() instanceof Generators::KeyGenerator and
+    super.getConstructedType().getName().matches("Ed448%")
+  }
+
+  override string getRawEllipticCurveName() { result = "CURVE25519" }
+}
+
+/**
+ * Private predicates mapping type names to raw names, key sizes and algorithms.
+ */
+bindingset[typeName]
+private predicate typeNameToRawAlgorithmName(string typeName, string algorithmName) {
+  // Ed25519, Ed25519ph, and Ed25519ctx key generators and signers
+  typeName.matches("Ed25519%") and
+  algorithmName = "ED25519"
+  or
+  // Ed448 and Ed448ph key generators and signers
+  typeName.matches("Ed448%") and
+  algorithmName = "ED448"
+}
+
+private predicate signatureNameToKeySizeAndAlgorithmMapping(
+  string name, string keySize, Crypto::KeyOpAlg::Algorithm algorithm
+) {
+  name = "ED25519" and
+  keySize = "256" and
+  algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed25519())
+  or
+  name = "ED448" and
+  keySize = "448" and
+  algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed448())
+}
+
+private predicate generatorNameToKeySizeAndAlgorithmMapping(
+  string name, string keySize, Crypto::KeyOpAlg::Algorithm algorithm
+) {
+  name = "ED25519" and
+  keySize = "256" and
+  algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed25519())
+  or
+  name = "ED448" and
+  keySize = "448" and
+  algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed448())
+}