Skip to content

Commit 9c5765a

Browse files
bdrodesbdrodes
committed
Crypto: Add missing string constants for signature algorithms.
1 parent 66e9d76 commit 9c5765a

File tree

5 files changed

+101
-37
lines changed

5 files changed

+101
-37
lines changed

java/ql/lib/experimental/quantum/JCA.qll

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -102,10 +102,15 @@ module JCAModel {
102102
].toUpperCase())
103103
}
104104

105+
/**
106+
* Names that match known signature algorithms.
107+
* https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html
108+
*/
105109
bindingset[name]
106110
predicate signature_names(string name) {
107-
name.toUpperCase().splitAt("with".toUpperCase(), 1).matches(["RSA", "ECDSA", "DSA"])
108-
// note RSASSA-PSS is RSA with PSS where the digest is set through PSSParameterSpec
111+
name.toUpperCase().splitAt("with".toUpperCase(), 1).matches(["RSA%", "ECDSA%", "DSA%"])
112+
or
113+
name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"])
109114
}
110115

111116
bindingset[name]
@@ -225,18 +230,29 @@ module JCAModel {
225230
name.toUpperCase() in ["ECDH", "X25519", "X448"]
226231
}
227232

233+
/**
234+
* Maps a signature algorithm name to its type, if known.
235+
* see https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html
236+
*/
228237
bindingset[name]
229238
predicate signature_name_to_type_known(Crypto::KeyOpAlg::TAlgorithm type, string name) {
230-
name.toUpperCase().splitAt("with".toUpperCase(), 1) = "RSA" and
239+
name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("RSA%") and
231240
type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
232241
or
233-
name.toUpperCase().splitAt("with".toUpperCase(), 1) = "ECDSA" and
242+
name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("ECDSA%") and
234243
type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA())
235244
or
236-
name.toUpperCase().splitAt("with".toUpperCase(), 1) = "DSA" and
245+
name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("DSA%") and
237246
type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
238247
or
239248
name.toUpperCase().matches("RSASSA-PSS") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
249+
or
250+
name.toUpperCase().matches(["EDDSA", "ED25519", "ED448"]) and
251+
type = KeyOpAlg::TSignature(KeyOpAlg::EDDSA())
252+
or
253+
name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
254+
or
255+
name.toUpperCase().matches("HSS/LMS") and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS())
240256
}
241257

242258
bindingset[name]

java/ql/test/experimental/library-tests/quantum/node_edges.expected

Lines changed: 36 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -447,16 +447,20 @@
447447
| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Key | jca/EllipticCurve2.java:164:30:164:43 | Key |
448448
| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:166:33:166:46 | SignatureInput |
449449
| jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | Source | jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput |
450+
| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm |
451+
| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm |
450452
| jca/EllipticCurve2.java:179:28:179:42 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key |
451453
| jca/EllipticCurve2.java:180:26:180:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant |
452-
| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:178:53:178:61 | Constant |
454+
| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm |
453455
| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:181:16:181:31 | SignOperation |
454456
| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Input | jca/EllipticCurve2.java:180:26:180:32 | Message |
455457
| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Key | jca/EllipticCurve2.java:179:28:179:42 | Key |
456458
| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Output | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput |
459+
| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm |
460+
| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm |
457461
| jca/EllipticCurve2.java:194:30:194:43 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key |
458462
| jca/EllipticCurve2.java:195:26:195:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant |
459-
| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:193:53:193:61 | Constant |
463+
| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm |
460464
| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation |
461465
| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Input | jca/EllipticCurve2.java:195:26:195:32 | Message |
462466
| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Key | jca/EllipticCurve2.java:194:30:194:43 | Key |
@@ -1398,17 +1402,21 @@
13981402
| jca/SignatureOperation.java:61:16:61:36 | Key | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm |
13991403
| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm |
14001404
| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Output | jca/SignatureOperation.java:61:16:61:36 | Key |
1405+
| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm |
1406+
| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm |
14011407
| jca/SignatureOperation.java:72:28:72:37 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key |
14021408
| jca/SignatureOperation.java:73:26:73:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant |
1403-
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | Constant |
1404-
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:74:16:74:31 | SignOperation |
1409+
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm |
1410+
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm |
14051411
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Input | jca/SignatureOperation.java:73:26:73:29 | Message |
14061412
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Key | jca/SignatureOperation.java:72:28:72:37 | Key |
14071413
| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Output | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput |
1414+
| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm |
1415+
| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm |
14081416
| jca/SignatureOperation.java:85:30:85:38 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key |
14091417
| jca/SignatureOperation.java:86:26:86:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant |
1410-
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | Constant |
1411-
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation |
1418+
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm |
1419+
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm |
14121420
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Input | jca/SignatureOperation.java:86:26:86:29 | Message |
14131421
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Key | jca/SignatureOperation.java:85:30:85:38 | Key |
14141422
| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Signature | jca/SignatureOperation.java:87:33:87:40 | SignatureInput |
@@ -1441,18 +1449,22 @@
14411449
| jca/SignatureOperation.java:144:16:144:36 | Key | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant |
14421450
| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant |
14431451
| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Output | jca/SignatureOperation.java:144:16:144:36 | Key |
1452+
| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm |
1453+
| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm |
14441454
| jca/SignatureOperation.java:155:28:155:37 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key |
14451455
| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant |
14461456
| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant |
1447-
| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | Constant |
1457+
| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm |
14481458
| jca/SignatureOperation.java:157:16:157:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:31 | SignOperation |
14491459
| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message |
14501460
| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Key | jca/SignatureOperation.java:155:28:155:37 | Key |
14511461
| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Output | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput |
1462+
| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm |
1463+
| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm |
14521464
| jca/SignatureOperation.java:168:30:168:38 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key |
14531465
| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant |
14541466
| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant |
1455-
| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | Constant |
1467+
| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm |
14561468
| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation |
14571469
| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Input | jca/SignatureOperation.java:169:26:169:29 | Message |
14581470
| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Key | jca/SignatureOperation.java:168:30:168:38 | Key |
@@ -1480,22 +1492,30 @@
14801492
| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Key | jca/SignatureOperation.java:214:30:214:38 | Key |
14811493
| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Signature | jca/SignatureOperation.java:216:33:216:40 | SignatureInput |
14821494
| jca/SignatureOperation.java:216:33:216:40 | SignatureInput | Source | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput |
1495+
| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm |
1496+
| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm |
14831497
| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm |
14841498
| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm |
1499+
| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm |
1500+
| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm |
14851501
| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm |
14861502
| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm |
1503+
| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm |
1504+
| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm |
14871505
| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key |
14881506
| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key |
14891507
| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key |
14901508
| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key |
14911509
| jca/SignatureOperation.java:317:26:317:32 | Message | Source | jca/SignatureOperation.java:315:26:315:49 | Constant |
1492-
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | Constant |
1510+
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm |
14931511
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm |
1494-
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | Constant |
1512+
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm |
14951513
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm |
1496-
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | Constant |
1514+
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm |
1515+
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm |
14971516
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm |
14981517
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm |
1518+
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm |
14991519
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message |
15001520
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key |
15011521
| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Output | jca/SignatureOperation.java:318:27:318:42 | SignatureOutput |
@@ -1504,13 +1524,15 @@
15041524
| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key |
15051525
| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key |
15061526
| jca/SignatureOperation.java:321:26:321:32 | Message | Source | jca/SignatureOperation.java:321:26:321:32 | Message |
1507-
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | Constant |
1527+
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm |
15081528
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm |
1509-
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | Constant |
1529+
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm |
15101530
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm |
1511-
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | Constant |
1531+
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm |
1532+
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm |
15121533
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm |
15131534
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm |
1535+
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm |
15141536
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message |
15151537
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:321:26:321:32 | Message |
15161538
| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key |

0 commit comments

Comments
 (0)