-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Quantum: Support for BouncyCastle signature algorithms and block cipher modes #19568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Conversation
8d2ec44
to
5884c71
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The BouncyCastle stubs need a copy of the license file:
https://github.com/bcgit/bc-java/blob/main/LICENSE.md
Aside from that, please resolve the QL for QL Code Scanning alerts (with the exception of class naming to match camelCase or PascalCase for acronyms... we can do that later).
I have not yet reviewed all of the modeling.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Outdated
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Outdated
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Outdated
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Outdated
Show resolved
Hide resolved
java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll
Fixed
Show resolved
Hide resolved
This commit adds the `KeyGenerationOperationInstance` and `KeyGenerationAlgorithmInstance` types to the BouncyCastle model. It also adds data flow support from key pairs to the corresponding public and private components.
This commit also adds associated elliptic curves to the key generation and key nodes.
This commit adds support for ECDSA. This includes tracking the instantiated curve parameters using data flow. It also adds SignatureArtifactInstance and SignatureOperationInstance types to the shared model.
This commit adds EllipticCurveConsumingAlgorithmInstance to the shared model, allowing us to model and graph elliptic curve algorithms.
Co-authored-by: Arthur Baars <[email protected]>
This commit also reorganizes the Bouncy Castle test cases into separate sub-directories for signature and cipher modes.
6c68be5
to
7969bdf
Compare
|
||
override Crypto::KeyOperationSubtype getKeyOperationSubtype() { | ||
// The key operation sub-type is determined by the `encrypting` argument to `init()`. | ||
exists(this.getInitCall()) and |
Check warning
Code scanning / CodeQL
Superfluous 'exists' conjunct. Warning
To be reviewed by @nicolaswill.