quantum-c#: add tests for signatures

fcasal · fcasal · commit 2d4af336059f · 2025-06-25T18:27:05.000+01:00
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/SignatureExample.cs b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/SignatureExample.cs
@@ -0,0 +1,138 @@
+using System;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace QuantumExamples.Cryptography
+{
+    public class SignatureExample
+    {
+        public static void RunExample()
+        {
+            const string originalMessage = "This is a message to sign!";
+
+            // Demonstrate ECDSA signing and verification
+            DemonstrateECDSAExample(originalMessage);
+
+            // Demonstrate RSA signing and verification
+            DemonstrateRSAExample(originalMessage);
+
+            // Demonstrate RSA with formatters
+            DemonstrateRSAFormatterExample(originalMessage);
+        }
+
+        private static void DemonstrateECDSAExample(string message)
+        {
+            Console.WriteLine("=== ECDSA Example ===");
+
+            // Create ECDSA instance with P-256 curve
+            var nistP256 = ECCurve.NamedCurves.nistP256;
+            using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
+
+            // Message to sign
+            var messageBytes = Encoding.UTF8.GetBytes(message);
+
+            Console.WriteLine($"Original message: {message}");
+
+            // Sign the message
+            var signature = ecdsa.SignData(messageBytes, HashAlgorithmName.SHA256);
+
+            Console.WriteLine($"Signature: {Convert.ToBase64String(signature)}");
+
+            // Verify the signature
+            var isValid = ecdsa.VerifyData(messageBytes, signature, HashAlgorithmName.SHA256);
+            Console.WriteLine($"Signature valid: {isValid}");
+
+            // Export public key for verification by others
+            var publicKey = ecdsa.ExportParameters(false);
+            Console.WriteLine($"Public key X: {Convert.ToBase64String(publicKey.Q.X)}");
+            Console.WriteLine($"Public key Y: {Convert.ToBase64String(publicKey.Q.Y)}");
+
+            // Demonstrate verification with tampered data
+            var tamperedMessage = Encoding.UTF8.GetBytes("Hello, ECDSA Modified!");
+            var isValidTampered = ecdsa.VerifyData(tamperedMessage, signature, HashAlgorithmName.SHA256);
+            Console.WriteLine($"Tampered signature valid: {isValidTampered}");
+
+            // Test with different instance
+            using var ecdsaNew = ECDsa.Create();
+            byte[] newMessageBytes = Encoding.UTF8.GetBytes("Hello, ECDSA!");
+            var newSignature = ecdsaNew.SignData(newMessageBytes, HashAlgorithmName.SHA256);
+
+            // Verify the signature
+            var isNewValid = ecdsaNew.VerifyData(newMessageBytes, newSignature, HashAlgorithmName.SHA256);
+            Console.WriteLine($"New signature valid: {isNewValid}");
+
+            var parameters = ecdsaNew.ExportParameters(false);
+
+            var ecdsaFromParams = ECDsa.Create(parameters);
+            var signatureFromParams = ecdsaFromParams.SignData(newMessageBytes, HashAlgorithmName.SHA256);
+            var isValidFromParams = ecdsaFromParams.VerifyData(newMessageBytes, signatureFromParams, HashAlgorithmName.SHA256);
+            Console.WriteLine($"Signature valid with parameters: {isValidFromParams}");
+        }
+
+        private static void DemonstrateRSAExample(string message)
+        {
+            Console.WriteLine("=== RSA Example ===");
+
+            using RSA rsa = RSA.Create();
+            byte[] data = Encoding.UTF8.GetBytes(message);
+            byte[] sig = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            bool isValid = rsa.VerifyData(data, sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            Console.WriteLine($"Signature valid: {isValid}");
+
+            // Create with parameters
+            RSAParameters parameters = rsa.ExportParameters(true);
+            using RSA rsaWithParams = RSA.Create(parameters);
+            byte[] sigWithParams = rsaWithParams.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            bool isValidWithParams = rsaWithParams.VerifyData(data, sigWithParams, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            Console.WriteLine($"Signature valid with parameters: {isValidWithParams}");
+
+            // Create with specific key size
+            using RSA rsaWithKeySize = RSA.Create(2048);
+            byte[] sigWithKeySize = rsaWithKeySize.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            bool isValidWithKeySize = rsaWithKeySize.VerifyData(data, sigWithKeySize, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            Console.WriteLine($"Signature valid with key size: {isValidWithKeySize}");
+        }
+
+        private static void DemonstrateRSAFormatterExample(string message)
+        {
+            Console.WriteLine("=== RSA Formatter Example ===");
+
+            using SHA256 alg = SHA256.Create();
+
+            byte[] data = Encoding.UTF8.GetBytes(message);
+            byte[] hash = alg.ComputeHash(data);
+
+            RSAParameters sharedParameters;
+            byte[] signedHash;
+
+            // Generate signature
+            using (RSA rsa = RSA.Create())
+            {
+                sharedParameters = rsa.ExportParameters(false);
+
+                RSAPKCS1SignatureFormatter rsaFormatter = new(rsa);
+                rsaFormatter.SetHashAlgorithm(nameof(SHA256));
+
+                signedHash = rsaFormatter.CreateSignature(hash);
+            }
+
+            // Verify signature
+            using (RSA rsa = RSA.Create())
+            {
+                rsa.ImportParameters(sharedParameters);
+
+                RSAPKCS1SignatureDeformatter rsaDeformatter = new(rsa);
+                rsaDeformatter.SetHashAlgorithm(nameof(SHA256));
+
+                if (rsaDeformatter.VerifySignature(hash, signedHash))
+                {
+                    Console.WriteLine("The signature is valid.");
+                }
+                else
+                {
+                    Console.WriteLine("The signature is not valid.");
+                }
+            }
+        }
+    }
+}
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/options b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/options
@@ -0,0 +1,2 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations.expected b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations.expected
@@ -0,0 +1,15 @@
+| SignatureExample.cs:37:29:37:82 | SignOperation | SignatureExample.cs:37:44:37:55 | Message |
+| SignatureExample.cs:42:27:42:93 | VerifyOperation | SignatureExample.cs:42:44:42:55 | Message |
+| SignatureExample.cs:52:35:52:104 | VerifyOperation | SignatureExample.cs:52:52:52:66 | Message |
+| SignatureExample.cs:58:32:58:91 | SignOperation | SignatureExample.cs:58:50:58:64 | Message |
+| SignatureExample.cs:61:30:61:105 | VerifyOperation | SignatureExample.cs:61:50:61:64 | Message |
+| SignatureExample.cs:67:39:67:105 | SignOperation | SignatureExample.cs:67:64:67:78 | Message |
+| SignatureExample.cs:68:37:68:126 | VerifyOperation | SignatureExample.cs:68:64:68:78 | Message |
+| SignatureExample.cs:78:26:78:96 | SignOperation | SignatureExample.cs:78:39:78:42 | Message |
+| SignatureExample.cs:79:28:79:105 | VerifyOperation | SignatureExample.cs:79:43:79:46 | Message |
+| SignatureExample.cs:85:36:85:116 | SignOperation | SignatureExample.cs:85:59:85:62 | Message |
+| SignatureExample.cs:86:38:86:135 | VerifyOperation | SignatureExample.cs:86:63:86:66 | Message |
+| SignatureExample.cs:91:37:91:118 | SignOperation | SignatureExample.cs:91:61:91:64 | Message |
+| SignatureExample.cs:92:39:92:138 | VerifyOperation | SignatureExample.cs:92:65:92:68 | Message |
+| SignatureExample.cs:116:30:116:63 | SignOperation | SignatureExample.cs:116:59:116:62 | Message |
+| SignatureExample.cs:127:21:127:68 | VerifyOperation | SignatureExample.cs:127:52:127:55 | Message |
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations.ql b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations.ql
@@ -0,0 +1,5 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::SignatureOperationNode n
+select n, n.getAnInputArtifact()
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_algorithm.expected b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_algorithm.expected
@@ -0,0 +1,13 @@
+| SignatureExample.cs:37:29:37:82 | SignOperation | ECDSA | ECDsa |
+| SignatureExample.cs:42:27:42:93 | VerifyOperation | ECDSA | ECDsa |
+| SignatureExample.cs:52:35:52:104 | VerifyOperation | ECDSA | ECDsa |
+| SignatureExample.cs:58:32:58:91 | SignOperation | ECDSA | ECDsa |
+| SignatureExample.cs:61:30:61:105 | VerifyOperation | ECDSA | ECDsa |
+| SignatureExample.cs:67:39:67:105 | SignOperation | ECDSA | ECDsa |
+| SignatureExample.cs:68:37:68:126 | VerifyOperation | ECDSA | ECDsa |
+| SignatureExample.cs:78:26:78:96 | SignOperation | UnknownSignature | RSA |
+| SignatureExample.cs:79:28:79:105 | VerifyOperation | UnknownSignature | RSA |
+| SignatureExample.cs:85:36:85:116 | SignOperation | UnknownSignature | RSA |
+| SignatureExample.cs:86:38:86:135 | VerifyOperation | UnknownSignature | RSA |
+| SignatureExample.cs:91:37:91:118 | SignOperation | UnknownSignature | RSA |
+| SignatureExample.cs:92:39:92:138 | VerifyOperation | UnknownSignature | RSA |
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_algorithm.ql b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_algorithm.ql
@@ -0,0 +1,6 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::SignatureOperationNode signature, Crypto::AlgorithmNode algorithm
+where algorithm = signature.getAKnownAlgorithm()
+select signature, algorithm.getAlgorithmName(), algorithm.getRawAlgorithmName()
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_keys.expected b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_keys.expected
@@ -0,0 +1,13 @@
+| SignatureExample.cs:37:29:37:82 | SignOperation | SignatureExample.cs:29:31:29:72 | Key |
+| SignatureExample.cs:42:27:42:93 | VerifyOperation | SignatureExample.cs:29:31:29:72 | Key |
+| SignatureExample.cs:52:35:52:104 | VerifyOperation | SignatureExample.cs:29:31:29:72 | Key |
+| SignatureExample.cs:58:32:58:91 | SignOperation | SignatureExample.cs:56:34:56:47 | Key |
+| SignatureExample.cs:61:30:61:105 | VerifyOperation | SignatureExample.cs:56:34:56:47 | Key |
+| SignatureExample.cs:67:39:67:105 | SignOperation | SignatureExample.cs:66:48:66:57 | Key |
+| SignatureExample.cs:68:37:68:126 | VerifyOperation | SignatureExample.cs:66:48:66:57 | Key |
+| SignatureExample.cs:78:26:78:96 | SignOperation | SignatureExample.cs:76:29:76:40 | Key |
+| SignatureExample.cs:79:28:79:105 | VerifyOperation | SignatureExample.cs:76:29:76:40 | Key |
+| SignatureExample.cs:85:36:85:116 | SignOperation | SignatureExample.cs:84:50:84:59 | Key |
+| SignatureExample.cs:86:38:86:135 | VerifyOperation | SignatureExample.cs:84:50:84:59 | Key |
+| SignatureExample.cs:91:37:91:118 | SignOperation | SignatureExample.cs:90:40:90:55 | Key |
+| SignatureExample.cs:92:39:92:138 | VerifyOperation | SignatureExample.cs:90:40:90:55 | Key |
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_keys.ql b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_keys.ql
@@ -0,0 +1,5 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::SignatureOperationNode n
+select n, n.getAKey()
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_signatures.expected b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_signatures.expected
@@ -0,0 +1,8 @@
+| SignatureExample.cs:42:27:42:93 | VerifyOperation | SignatureExample.cs:42:44:42:55 | Message | SignatureExample.cs:42:58:42:66 | SignatureInput |
+| SignatureExample.cs:52:35:52:104 | VerifyOperation | SignatureExample.cs:52:52:52:66 | Message | SignatureExample.cs:52:69:52:77 | SignatureInput |
+| SignatureExample.cs:61:30:61:105 | VerifyOperation | SignatureExample.cs:61:50:61:64 | Message | SignatureExample.cs:61:67:61:78 | SignatureInput |
+| SignatureExample.cs:68:37:68:126 | VerifyOperation | SignatureExample.cs:68:64:68:78 | Message | SignatureExample.cs:68:81:68:99 | SignatureInput |
+| SignatureExample.cs:79:28:79:105 | VerifyOperation | SignatureExample.cs:79:43:79:46 | Message | SignatureExample.cs:79:49:79:51 | SignatureInput |
+| SignatureExample.cs:86:38:86:135 | VerifyOperation | SignatureExample.cs:86:63:86:66 | Message | SignatureExample.cs:86:69:86:81 | SignatureInput |
+| SignatureExample.cs:92:39:92:138 | VerifyOperation | SignatureExample.cs:92:65:92:68 | Message | SignatureExample.cs:92:71:92:84 | SignatureInput |
+| SignatureExample.cs:127:21:127:68 | VerifyOperation | SignatureExample.cs:127:52:127:55 | Message | SignatureExample.cs:127:58:127:67 | SignatureInput |
diff --git a/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_signatures.ql b/csharp/ql/test/experimental/library-tests/quantum/dotnet/signatures/sign_operations_signatures.ql
@@ -0,0 +1,5 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::SignatureOperationNode n
+select n, n.getAnInputArtifact(), n.getASignatureArtifact()

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+semmle-extractor-options: /nostdlib /noconfig`
	`2`	`+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj`