Added test cases for Bouncy Castle block cipher modes

This commit also reorganizes the Bouncy Castle test cases into separate
sub-directories for signature and cipher modes.

Author: fegge

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/AESCBCEncryption.java

@@ -0,0 +1,71 @@
+import java.security.SecureRandom;
+import java.security.Security;
+import java.util.Arrays;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.paddings.PKCS7Padding;
+import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+/**
+ * Example of AES-CBC encryption and decryption using Bouncy Castle's low-level API.
+ */
+public class AESCBCEncryption {
+    byte[] encrypt(byte[] plaintext, byte[] key, byte[] iv) throws Exception {
+        AESEngine engine = new AESEngine();
+        CBCBlockCipher mode = new CBCBlockCipher(engine);
+        PKCS7Padding padding = new PKCS7Padding();
+        PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(mode, padding);
+        
+        KeyParameter keyParam = new KeyParameter(key);
+        ParametersWithIV params = new ParametersWithIV(keyParam, iv);
+        
+        cipher.init(true, params); // true for encryption
+        byte[] ciphertext = new byte[cipher.getOutputSize(plaintext.length)];
+        int outputLen = cipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+        outputLen += cipher.doFinal(ciphertext, outputLen);
+        
+        if (outputLen != ciphertext.length) {
+            ciphertext = Arrays.copyOf(ciphertext, outputLen);
+        }
+        return ciphertext;
+    }
+    byte[] decrypt(byte[] ciphertext, byte[] key, byte[] iv) throws Exception {
+        AESEngine engine = new AESEngine();
+        CBCBlockCipher mode = new CBCBlockCipher(engine);
+        PKCS7Padding padding = new PKCS7Padding();
+        PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(mode, padding);
+        
+        KeyParameter keyParam = new KeyParameter(key);
+        ParametersWithIV params = new ParametersWithIV(keyParam, iv);
+        
+        cipher.init(false, params); // false for decryption
+        byte[] plaintext = new byte[cipher.getOutputSize(ciphertext.length)];
+        int outputLen = cipher.processBytes(ciphertext, 0, ciphertext.length, plaintext, 0);
+        outputLen += cipher.doFinal(plaintext, outputLen);
+        
+        if (outputLen != plaintext.length) {
+            plaintext = Arrays.copyOf(plaintext, outputLen);
+        }
+        return plaintext;
+    }
+    public static void main(String[] args) {
+        Security.addProvider(new BouncyCastleProvider());
+        
+        try {
+            SecureRandom random = new SecureRandom();
+            byte[] key = new byte[32];
+            random.nextBytes(key);
+            byte[] iv = new byte[16];
+            random.nextBytes(iv);
+            
+            byte[] message = "Hello AES-CBC mode!".getBytes("UTF-8");
+            byte[] ciphertext = new AESCBCEncryption().encrypt(message, key, iv);
+            byte[] plaintext = new AESCBCEncryption().decrypt(ciphertext, key, iv); 
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/AESGCMEncryption.java

@@ -0,0 +1,70 @@
+import java.security.SecureRandom;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import java.security.Security;
+import java.util.Arrays;
+
+/**
+ * Example of AES-GCM encryption and decryption using Bouncy Castle's low-level API.
+ */
+public class AESGCMEncryption {
+        byte[] encrypt(byte[] plaintext, byte[] key, byte[] nonce, byte[] aad) throws Exception {
+        AESEngine engine = new AESEngine();
+        GCMBlockCipher cipher = new GCMBlockCipher(engine);
+        AEADParameters params = new AEADParameters(
+                new KeyParameter(key),
+                128, // Authentication tag size in bits
+                nonce,
+                aad);
+        
+        cipher.init(true, params); // true for encryption
+        byte[] ciphertext = new byte[cipher.getOutputSize(plaintext.length)];
+        int outputLen = cipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+        outputLen += cipher.doFinal(ciphertext, outputLen);
+        
+        if (outputLen != ciphertext.length) {
+            ciphertext = Arrays.copyOf(ciphertext, outputLen);
+        }
+        return ciphertext;
+    }
+    byte[] decrypt(byte[] ciphertext, byte[] key, byte[] nonce, byte[] aad) throws Exception {
+        AESEngine engine = new AESEngine();
+        GCMBlockCipher cipher = new GCMBlockCipher(engine);
+        AEADParameters params = new AEADParameters(
+                new KeyParameter(key),
+                128, // Authentication tag size in bits
+                nonce,
+                aad);
+        
+        cipher.init(false, params); // false for decryption
+        byte[] plaintext = new byte[cipher.getOutputSize(ciphertext.length)];
+        int outputLen = cipher.processBytes(ciphertext, 0, ciphertext.length, plaintext, 0);
+        outputLen += cipher.doFinal(plaintext, outputLen);
+        
+        if (outputLen != plaintext.length) {
+            plaintext = Arrays.copyOf(plaintext, outputLen);
+        }
+        return plaintext;
+    }
+    public static void main(String[] args) {
+        Security.addProvider(new BouncyCastleProvider());
+        
+        try {
+            SecureRandom random = new SecureRandom();
+            byte[] key = new byte[32];
+            random.nextBytes(key);
+            byte[] nonce = new byte[12];
+            random.nextBytes(nonce);
+            
+            byte[] message = "This is a message to be encrypted.".getBytes("UTF-8");
+            byte[] aad = "This is additional authenticated data".getBytes("UTF-8");
+            byte[] ciphertext = new AESGCMEncryption().encrypt(message, key, nonce, aad);
+            byte[] plaintext = new AESGCMEncryption().decrypt(ciphertext, key, nonce, aad); 
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/cipher_operations.expected

@@ -0,0 +1,8 @@
+| AESCBCEncryption.java:28:22:28:58 | EncryptOperation | AESCBCEncryption.java:17:28:17:42 | KeyOperationAlgorithm | AESCBCEncryption.java:22:50:22:52 | Key | AESCBCEncryption.java:23:66:23:67 | Nonce | AESCBCEncryption.java:27:45:27:53 | Message | AESCBCEncryption.java:27:77:27:86 | KeyOperationOutput |
+| AESCBCEncryption.java:28:22:28:58 | EncryptOperation | AESCBCEncryption.java:17:28:17:42 | KeyOperationAlgorithm | AESCBCEncryption.java:22:50:22:52 | Key | AESCBCEncryption.java:23:66:23:67 | Nonce | AESCBCEncryption.java:27:45:27:53 | Message | AESCBCEncryption.java:28:37:28:46 | KeyOperationOutput |
+| AESCBCEncryption.java:47:22:47:57 | DecryptOperation | AESCBCEncryption.java:36:28:36:42 | KeyOperationAlgorithm | AESCBCEncryption.java:41:50:41:52 | Key | AESCBCEncryption.java:42:66:42:67 | Nonce | AESCBCEncryption.java:46:45:46:54 | Message | AESCBCEncryption.java:46:79:46:87 | KeyOperationOutput |
+| AESCBCEncryption.java:47:22:47:57 | DecryptOperation | AESCBCEncryption.java:36:28:36:42 | KeyOperationAlgorithm | AESCBCEncryption.java:41:50:41:52 | Key | AESCBCEncryption.java:42:66:42:67 | Nonce | AESCBCEncryption.java:46:45:46:54 | Message | AESCBCEncryption.java:47:37:47:45 | KeyOperationOutput |
+| AESGCMEncryption.java:26:22:26:58 | EncryptOperation | AESGCMEncryption.java:15:28:15:42 | KeyOperationAlgorithm | AESGCMEncryption.java:18:34:18:36 | Key | AESGCMEncryption.java:20:17:20:21 | Nonce | AESGCMEncryption.java:25:45:25:53 | Message | AESGCMEncryption.java:25:77:25:86 | KeyOperationOutput |
+| AESGCMEncryption.java:26:22:26:58 | EncryptOperation | AESGCMEncryption.java:15:28:15:42 | KeyOperationAlgorithm | AESGCMEncryption.java:18:34:18:36 | Key | AESGCMEncryption.java:20:17:20:21 | Nonce | AESGCMEncryption.java:25:45:25:53 | Message | AESGCMEncryption.java:26:37:26:46 | KeyOperationOutput |
+| AESGCMEncryption.java:45:22:45:57 | DecryptOperation | AESGCMEncryption.java:34:28:34:42 | KeyOperationAlgorithm | AESGCMEncryption.java:37:34:37:36 | Key | AESGCMEncryption.java:39:17:39:21 | Nonce | AESGCMEncryption.java:44:45:44:54 | Message | AESGCMEncryption.java:44:79:44:87 | KeyOperationOutput |
+| AESGCMEncryption.java:45:22:45:57 | DecryptOperation | AESGCMEncryption.java:34:28:34:42 | KeyOperationAlgorithm | AESGCMEncryption.java:37:34:37:36 | Key | AESGCMEncryption.java:39:17:39:21 | Nonce | AESGCMEncryption.java:44:45:44:54 | Message | AESGCMEncryption.java:45:37:45:45 | KeyOperationOutput |

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/cipher_operations.ql

@@ -0,0 +1,6 @@
+import java
+import experimental.quantum.Language
+
+from Crypto::CipherOperationNode n
+select n, n.getAKnownAlgorithm(), n.getAKey(), n.getANonce(), n.getAnInputArtifact(),
+  n.getAnOutputArtifact()

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/key_artifacts.expected

@@ -0,0 +1,4 @@
+| AESCBCEncryption.java:60:30:60:32 | RandomNumberGeneration | AESCBCEncryption.java:22:50:22:52 | Key |
+| AESCBCEncryption.java:60:30:60:32 | RandomNumberGeneration | AESCBCEncryption.java:41:50:41:52 | Key |
+| AESGCMEncryption.java:58:30:58:32 | RandomNumberGeneration | AESGCMEncryption.java:18:34:18:36 | Key |
+| AESGCMEncryption.java:58:30:58:32 | RandomNumberGeneration | AESGCMEncryption.java:37:34:37:36 | Key |

java/ql/test/experimental/library-tests/quantum/BouncyCastle/options renamed to java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/options

@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/bcprov-lts8on-2.73.7
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/bcprov-lts8on-2.73.7

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/random_artifacts.expected

@@ -0,0 +1,8 @@
+| AESCBCEncryption.java:22:50:22:52 | Key |
+| AESCBCEncryption.java:23:66:23:67 | Nonce |
+| AESCBCEncryption.java:41:50:41:52 | Key |
+| AESCBCEncryption.java:42:66:42:67 | Nonce |
+| AESGCMEncryption.java:18:34:18:36 | Key |
+| AESGCMEncryption.java:20:17:20:21 | Nonce |
+| AESGCMEncryption.java:37:34:37:36 | Key |
+| AESGCMEncryption.java:39:17:39:21 | Nonce |

java/ql/test/experimental/library-tests/quantum/BouncyCastle/modes/random_artifacts.ql

@@ -0,0 +1,6 @@
+import java
+import experimental.quantum.Language
+
+from Crypto::ArtifactNode n
+where any(SecureRandomnessInstance rng).flowsTo(n.asElement())
+select n

java/ql/test/experimental/library-tests/quantum/BouncyCastle/ECDSAP256SignAndVerify.java renamed to java/ql/test/experimental/library-tests/quantum/BouncyCastle/signers/ECDSAP256SignAndVerify.java

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/bcprov-lts8on-2.73.7