Added unit tests for BouncyCastle EdDSA signatures and key generators

fegge · fegge · commit 06fa0e920758 · 2025-05-28T10:10:08.000+02:00
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/Ed25519SignAndVerify.java b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/Ed25519SignAndVerify.java
@@ -0,0 +1,47 @@
+import java.security.KeyPair;
+import java.security.Security;
+import java.security.SecureRandom;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
+import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
+import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
+import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
+import org.bouncycastle.crypto.signers.Ed25519Signer;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+public class Ed25519SignAndVerify {
+    public static void main(String[] args) {
+        Security.addProvider(new BouncyCastleProvider());
+        
+        try {
+            // Generate a key pair
+            SecureRandom random = new SecureRandom();
+            Ed25519KeyPairGenerator keyPairGenerator = new Ed25519KeyPairGenerator();
+            keyPairGenerator.init(new Ed25519KeyGenerationParameters(random));
+            AsymmetricCipherKeyPair keyPair = keyPairGenerator.generateKeyPair();
+            
+            Ed25519PrivateKeyParameters privateKey = (Ed25519PrivateKeyParameters) keyPair.getPrivate();
+            Ed25519PublicKeyParameters publicKey = (Ed25519PublicKeyParameters) keyPair.getPublic();
+            
+            byte[] message = "Hello, Ed25519 signature!".getBytes("UTF-8");
+            
+            // Sign the message
+            Ed25519Signer signer = new Ed25519Signer();
+            signer.init(true, privateKey); // true for signing
+            signer.update(message, 0, message.length);
+            byte[] signature = signer.generateSignature();
+            
+            System.out.println("Signature generated!");
+            
+            // Verify the signature
+            Ed25519Signer verifier = new Ed25519Signer();
+            verifier.init(false, publicKey); // false for verification
+            verifier.update(message, 0, message.length);
+            boolean verified = verifier.verifySignature(signature);
+            
+            System.out.println("Signature verified: " + verified);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/Ed448SignAndVerify.java b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/Ed448SignAndVerify.java
@@ -0,0 +1,47 @@
+import java.security.KeyPair;
+import java.security.Security;
+import java.security.SecureRandom;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.Ed448KeyPairGenerator;
+import org.bouncycastle.crypto.params.Ed448KeyGenerationParameters;
+import org.bouncycastle.crypto.params.Ed448PrivateKeyParameters;
+import org.bouncycastle.crypto.params.Ed448PublicKeyParameters;
+import org.bouncycastle.crypto.signers.Ed448Signer;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+public class Ed448SignAndVerify {
+    public static void main(String[] args) {
+        Security.addProvider(new BouncyCastleProvider());
+        
+        try {
+            // Generate a key pair
+            SecureRandom random = new SecureRandom();
+            Ed448KeyPairGenerator keyPairGenerator = new Ed448KeyPairGenerator();
+            keyPairGenerator.init(new Ed448KeyGenerationParameters(random));
+            AsymmetricCipherKeyPair keyPair = keyPairGenerator.generateKeyPair();
+            
+            Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters) keyPair.getPrivate();
+            Ed448PublicKeyParameters publicKey = (Ed448PublicKeyParameters) keyPair.getPublic();
+            
+            byte[] message = "Hello, Ed448 signature!".getBytes("UTF-8");
+            
+            // Sign the message
+            Ed448Signer signer = new Ed448Signer("context".getBytes());
+            signer.init(true, privateKey); // true for signing
+            signer.update(message, 0, message.length);
+            byte[] signature = signer.generateSignature();
+            
+            System.out.println("Signature generated!");
+            
+            // Verify the signature
+            Ed448Signer verifier = new Ed448Signer("context".getBytes());
+            verifier.init(false, publicKey); // false for verification
+            verifier.update(message, 0, message.length);
+            boolean verified = verifier.verifySignature(signature);
+            
+            System.out.println("Signature verified: " + verified);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_artifacts.expected b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_artifacts.expected
@@ -0,0 +1,4 @@
+| Ed448SignAndVerify.java:21:47:21:80 | Key | CURVE25519 |
+| Ed448SignAndVerify.java:21:47:21:80 | Key | Ed448 |
+| Ed25519SignAndVerify.java:21:47:21:80 | Key | CURVE25519 |
+| Ed25519SignAndVerify.java:21:47:21:80 | Key | Ed25519 |
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_artifacts.ql b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_artifacts.ql
@@ -0,0 +1,5 @@
+import java
+import experimental.quantum.Language
+
+from Crypto::KeyArtifactNode n
+select n, n.getAKnownAlgorithm()
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_generation_operations.expected b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_generation_operations.expected
@@ -0,0 +1,4 @@
+| Ed448SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed448SignAndVerify.java:19:54:19:80 | EllipticCurve | Ed448SignAndVerify.java:21:47:21:80 | Key |
+| Ed448SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed448SignAndVerify.java:19:54:19:80 | KeyOperationAlgorithm | Ed448SignAndVerify.java:21:47:21:80 | Key |
+| Ed25519SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed25519SignAndVerify.java:19:56:19:84 | EllipticCurve | Ed25519SignAndVerify.java:21:47:21:80 | Key |
+| Ed25519SignAndVerify.java:21:47:21:80 | KeyGeneration | Ed25519SignAndVerify.java:19:56:19:84 | KeyOperationAlgorithm | Ed25519SignAndVerify.java:21:47:21:80 | Key |
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_generation_operations.ql b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/key_generation_operations.ql
@@ -0,0 +1,5 @@
+import java
+import experimental.quantum.Language
+
+from Crypto::KeyGenerationOperationNode n
+select n, n.getAKnownAlgorithm(), n.getOutputKeyArtifact()
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/options b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/bcprov-lts8on-2.73.7
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/signature_operations.expected b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/signature_operations.expected
@@ -0,0 +1,4 @@
+| Ed448SignAndVerify.java:32:32:32:57 | SignOperation | Ed448SignAndVerify.java:30:31:30:40 | Key | Ed448SignAndVerify.java:31:27:31:33 | Message | KeyOperationOutput |
+| Ed448SignAndVerify.java:40:32:40:66 | VerifyOperation | Ed448SignAndVerify.java:38:34:38:42 | Key | Ed448SignAndVerify.java:39:29:39:35 | Message |  |
+| Ed25519SignAndVerify.java:32:32:32:57 | SignOperation | Ed25519SignAndVerify.java:30:31:30:40 | Key | Ed25519SignAndVerify.java:31:27:31:33 | Message | KeyOperationOutput |
+| Ed25519SignAndVerify.java:40:32:40:66 | VerifyOperation | Ed25519SignAndVerify.java:38:34:38:42 | Key | Ed25519SignAndVerify.java:39:29:39:35 | Message |  |
diff --git a/java/ql/test/experimental/library-tests/quantum/BouncyCastle/signature_operations.ql b/java/ql/test/experimental/library-tests/quantum/BouncyCastle/signature_operations.ql
@@ -0,0 +1,13 @@
+import java
+import experimental.quantum.Language
+
+string getAnOutputArtifact(Crypto::KeyOperationNode n) {
+  exists(Crypto::KeyOperationOutputNode output |
+    output = n.getAnOutputArtifact() and result = output.toString()
+  )
+  or
+  not exists(n.getAnOutputArtifact()) and result = ""
+}
+
+from Crypto::SignatureOperationNode n
+select n, n.getAKey(), n.getAnInputArtifact(), getAnOutputArtifact(n)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/bcprov-lts8on-2.73.7`