Added support for ChaCha20Poly1305

Author: fegge

csharp/ql/lib/experimental/quantum/dotnet/AlgorithmInstances.qll

@@ -27,7 +27,6 @@ abstract class SigningAlgorithmInstance extends Crypto::KeyOperationAlgorithmIns
 
   override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() }
 
-
   override int getKeySizeFixed() { none() }
 }
 
@@ -160,28 +159,37 @@ class CipherModeLiteralInstance extends Crypto::ModeOfOperationAlgorithmInstance
 }
 
 /**
- * A call to either `Encrypt` or `Decrypt` on an `AesGcm` or `AesCcm` instance.
- * The algorithm is defined implicitly by this AST node.
+ * A call to either `Encrypt` or `Decrypt` on an `AesGcm`, `AesCcm`, or
+ * `ChaCha20Poly1305` instance. The algorithm is defined implicitly by this AST
+ * node.
  */
-class AesModeAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance,
-  Crypto::ModeOfOperationAlgorithmInstance instanceof AesModeUse
+class AeadAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance,
+  Crypto::ModeOfOperationAlgorithmInstance instanceof AeadUse
 {
-  override string getRawAlgorithmName() { result = "Aes" }
+  override string getRawAlgorithmName() {
+    super.getQualifier().getType().hasName("Aes%") and result = "Aes"
+    or
+    super.getQualifier().getType().hasName("ChaCha20%") and result = "ChaCha20"
+  }
 
   override string getRawModeAlgorithmName() {
-    this.getRawAlgorithmName() = "AesGcm" and result = "Gcm"
+    super.getQualifier().getType().getName() = "AesGcm" and result = "Gcm"
     or
-    this.getRawAlgorithmName() = "AesCcm" and result = "Ccm"
+    super.getQualifier().getType().getName() = "AesCcm" and result = "Ccm"
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    this.getRawAlgorithmName() = "Aes" and
     result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES())
+    or
+    this.getRawAlgorithmName() = "ChaCha20" and
+    result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::CHACHA20())
   }
 
   override Crypto::TBlockCipherModeOfOperationType getModeType() {
-    this.getRawAlgorithmName() = "AesGcm" and result = Crypto::GCM()
+    this.getRawModeAlgorithmName() = "Gcm" and result = Crypto::GCM()
     or
-    this.getRawAlgorithmName() = "AesCcm" and result = Crypto::CCM()
+    this.getRawModeAlgorithmName() = "Ccm" and result = Crypto::CCM()
   }
 
   override int getKeySizeFixed() { none() }

csharp/ql/lib/experimental/quantum/dotnet/AlgorithmValueConsumers.qll

@@ -71,11 +71,15 @@ class SymmetricAlgorithmConsumer extends Crypto::AlgorithmValueConsumer instance
 }
 
 /**
- * A call to either `Encrypt` or `Decrypt` on an `AesGcm` or `AesCcm` instance.
- * The algorithm is defined implicitly by this AST node.
+ * A call to either `Encrypt` or `Decrypt` on an `AesGcm`, `AesCcm` or
+ * `ChaCha20Poly1305` instance.  The algorithm is defined implicitly by this AST
+ * node.
  */
-class AesModeAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof AesModeUse {
+class AeadAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof AeadUse {
   override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
 
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this }
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    // See `AeadAlgorithmInstance` for the algorithm instance.
+    result = this
+  }
 }

csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll

@@ -311,19 +311,25 @@ private class RSASigner extends SignerUse {
   RSASigner() { this.getQualifier().getType() instanceof RSAClass }
 }
 
-class AesMode extends Class {
-  AesMode() { this.hasFullyQualifiedName("System.Security.Cryptography", ["AesGcm", "AesCcm"]) }
+/**
+ * An AEAD class, such as `AesGcm`, `AesCcm`, or `ChaCha20Poly1305`.
+ */
+class Aead extends Class {
+  Aead() {
+    this.hasFullyQualifiedName("System.Security.Cryptography",
+      ["AesGcm", "AesCcm", "ChaCha20Poly1305"])
+  }
 }
 
-class AesModeCreation extends ObjectCreation {
-  AesModeCreation() { this.getObjectType() instanceof AesMode }
+class AeadCreation extends ObjectCreation {
+  AeadCreation() { this.getObjectType() instanceof Aead }
 
   Expr getKeyArg() { result = this.getArgument(0) }
 }
 
-class AesModeUse extends MethodCall {
-  AesModeUse() {
-    this.getQualifier().getType() instanceof AesMode and
+class AeadUse extends MethodCall {
+  AeadUse() {
+    this.getQualifier().getType() instanceof Aead and
     this.getTarget().hasName(["Encrypt", "Decrypt"])
   }
 

csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll

@@ -84,7 +84,7 @@ module HashCreateToUseFlow = CreationToUseFlow<HashAlgorithmCreateCall, HashUse>
 
 module CryptoStreamFlow = CreationToUseFlow<CryptoStreamCreation, CryptoStreamUse>;
 
-module AesModeFlow = CreationToUseFlow<AesModeCreation, AesModeUse>;
+module AeadFlow = CreationToUseFlow<AeadCreation, AeadUse>;
 
 module SymmetricAlgorithmFlow =
   CreationToUseFlow<SymmetricAlgorithmCreation, SymmetricAlgorithmUse>;

csharp/ql/lib/experimental/quantum/dotnet/OperationInstances.qll

@@ -144,20 +144,21 @@ class CryptoStreamOperationInstance extends Crypto::KeyOperationInstance instanc
 }
 
 /**
- * A call to either `Encrypt` or `Decrypt` on an `AesGcm` or `AesCcm` instance.
+ * A call to either `Encrypt` or `Decrypt` on an `AesGcm`, `AesCcm`, or
+ * `ChaCha20Poly1305` instance.
  */
-class AesModeOperationInstance extends Crypto::KeyOperationInstance instanceof AesModeUse {
+class AeadOperationInstance extends Crypto::KeyOperationInstance instanceof AeadUse {
   override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
-    // See `AesModeAlgorithmInstance` for the algorithm value consumer.
+    // See `AeadModeAlgorithmValueConsumer` for the algorithm value consumer.
     result = this
   }
 
   override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
-    result = this.(AesModeUse).getKeyOperationSubtype()
+    result = this.(AeadUse).getKeyOperationSubtype()
   }
 
   override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
-    result.asExpr() = AesModeFlow::getCreationFromUse(this, _, _).getKeyArg()
+    result.asExpr() = AeadFlow::getCreationFromUse(this, _, _).getKeyArg()
   }
 
   override Crypto::ConsumerInputDataFlowNode getNonceConsumer() {