Added support for HSS

Author: fegge

java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances.qll

@@ -176,20 +176,25 @@ class ECDSASignatureAlgorithmInstance extends SignatureAlgorithmInstance instanc
 }
 
 /**
- * LMS signers.
+ * An LMS or HSS stateful hash-based signer.
  */
-class LMSSignatureAlgorithmInstance extends SignatureAlgorithmInstance instanceof ClassInstanceExpr {
-  LMSSignatureAlgorithmInstance() {
+class StatefulSignatureAlgorithmInstance extends SignatureAlgorithmInstance instanceof ClassInstanceExpr
+{
+  StatefulSignatureAlgorithmInstance() {
     super.getConstructedType() instanceof Signers::Signer and
-    super.getConstructedType().getName().matches("LMS%")
+    super.getConstructedType().getName().matches(["LMS%", "HSS%"])
   }
 
   override string getRawAlgorithmName() {
     typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    super.getConstructedType().getName().matches("LMS%") and
     result = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::LMS())
+    or
+    super.getConstructedType().getName().matches("HSS%") and
+    result = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::HSS())
   }
 }
 
@@ -307,25 +312,26 @@ class GenericEllipticCurveKeyGenerationAlgorithmInstance extends KeyGenerationAl
 }
 
 /**
- * Represents LMS key generation instances. The algorithm is implicitly defined
- * by the type.
- *
- * TODO: Determine how to represent LMS parameters, such as the hash function
- * and the tree height.
+ * Represents LMS or HSS key generation instances. The algorithm is implicitly
+ * defined by the type.
  */
-class LMSKeyGenerationAlgorithmInstance extends KeyGenerationAlgorithmInstance instanceof ClassInstanceExpr
+class StatefulSignatureKeyGenerationAlgorithmInstance extends KeyGenerationAlgorithmInstance instanceof ClassInstanceExpr
 {
-  LMSKeyGenerationAlgorithmInstance() {
+  StatefulSignatureKeyGenerationAlgorithmInstance() {
     super.getConstructedType() instanceof Generators::KeyGenerator and
-    super.getConstructedType().getName().matches("LMS%")
+    super.getConstructedType().getName().matches(["LMS%", "HSS%"])
   }
 
   override string getRawAlgorithmName() {
     typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    super.getConstructedType().getName().matches("LMS%") and
     result = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::LMS())
+    or
+    super.getConstructedType().getName().matches("HSS%") and
+    result = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::HSS())
   }
 }
 
@@ -336,11 +342,11 @@ bindingset[typeName]
 private predicate typeNameToRawAlgorithmName(string typeName, string algorithmName) {
   // Ed25519, Ed25519ph, and Ed25519ctx key generators and signers
   typeName.matches("Ed25519%") and
-  algorithmName = "ED25519"
+  algorithmName = "Ed25519"
   or
   // Ed448 and Ed448ph key generators and signers
   typeName.matches("Ed448%") and
-  algorithmName = "ED448"
+  algorithmName = "Ed448"
   or
   // ECDSA
   typeName.matches("ECDSA%") and
@@ -349,28 +355,32 @@ private predicate typeNameToRawAlgorithmName(string typeName, string algorithmNa
   // LMS
   typeName.matches("LMS%") and
   algorithmName = "LMS"
+  or
+  // HSS
+  typeName.matches("HSS%") and
+  algorithmName = "HSS"
 }
 
 private predicate signatureNameToKeySizeAndAlgorithmMapping(
   string name, int keySize, Crypto::KeyOpAlg::Algorithm algorithm
 ) {
-  name = "ED25519" and
+  name = "Ed25519" and
   keySize = 256 and
   algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed25519())
   or
-  name = "ED448" and
+  name = "Ed448" and
   keySize = 448 and
   algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed448())
 }
 
 private predicate generatorNameToKeySizeAndAlgorithmMapping(
   string name, int keySize, Crypto::KeyOpAlg::Algorithm algorithm
 ) {
-  name = "ED25519" and
+  name = "Ed25519" and
   keySize = 256 and
   algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed25519())
   or
-  name = "ED448" and
+  name = "Ed448" and
   keySize = 448 and
   algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed448())
 }

java/ql/lib/experimental/quantum/BouncyCastle/OperationInstances.qll

@@ -162,8 +162,12 @@ module Signers {
     }
   }
 
+  /**
+   * This class represents signers with a one shot API (where the entire message
+   * is passed to either `generateSignature()` or `verifySignature`.).
+   */
   class OneShotSigner extends Signer {
-    OneShotSigner() { this.getName().matches(["ECDSA%", "LMS%"]) }
+    OneShotSigner() { this.getName().matches(["ECDSA%", "LMS%", "HSS%"]) }
 
     override Expr getMessageArg(MethodCall call) {
       // For ECDSA and LMS, the message is passed directly to `generateSignature()`.

shared/quantum/codeql/quantum/experimental/Model.qll

@@ -607,6 +607,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
       Ed25519() or
       Ed448() or
       LMS() or
+      HSS() or
       MLDSA() or
       OtherSignatureAlgorithmType()