quantum-c#: add HashAlgorithms

fcasal · fcasal · commit 9970e586b247 · 2025-06-19T18:58:35.000+01:00
diff --git a/csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll b/csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll
@@ -60,6 +60,21 @@ class SigningNamedCurvePropertyAccess extends PropertyAccess {
   string getCurveName() { result = curveName }
 }
 
+class HashAlgorithmNameType extends CryptographyType {
+  HashAlgorithmNameType() { this.hasName("HashAlgorithmName") }
+}
+
+class HashAlgorithmName extends PropertyAccess {
+  string algorithmName;
+
+  HashAlgorithmName() {
+    this.getType() instanceof HashAlgorithmNameType and
+    this.getProperty().getName() = algorithmName
+  }
+
+  string getAlgorithmName() { result = algorithmName }
+}
+
 /**
  * Private predicate mapping NIST names to SEC names and leaving all others the same.
  */
@@ -76,12 +91,12 @@ private predicate eccurveNameMapping(string nist, string secp) {
 }
 
 // OPERATION INSTANCES
-private class ECDsaClass extends Type {
-  ECDsaClass() { this.hasFullyQualifiedName("System.Security.Cryptography", "ECDsa") }
+private class ECDsaClass extends CryptographyType {
+  ECDsaClass() { this.hasName("ECDsa") }
 }
 
-private class RSAClass extends Type {
-  RSAClass() { this.hasFullyQualifiedName("System.Security.Cryptography", "RSA") }
+private class RSAClass extends CryptographyType {
+  RSAClass() { this.hasName("RSA") }
 }
 
 class ByteArrayType extends Type {
@@ -92,7 +107,7 @@ class ReadOnlyByteSpanType extends Type {
   ReadOnlyByteSpanType() { this.getName() = "ReadOnlySpan<Byte>" }
 }
 
-abstract class DotNetSigner extends MethodCall {
+class DotNetSigner extends MethodCall {
   DotNetSigner() { this.getTarget().getName().matches(["Verify%", "Sign%"]) }
 
   Expr getMessageArg() {
@@ -117,6 +132,11 @@ abstract class DotNetSigner extends MethodCall {
     result = this
   }
 
+  Expr getHashAlgorithmArg() {
+    // Get the hash algorithm argument if it has the correct type.
+    result = this.getAnArgument() and result.getType() instanceof HashAlgorithmNameType
+  }
+
   predicate isSigner() { this.getTarget().getName().matches("Sign%") }
 
   predicate isVerifier() { this.getTarget().getName().matches("Verify%") }
diff --git a/csharp/ql/lib/experimental/quantum/dotnet/OperationInstances.qll b/csharp/ql/lib/experimental/quantum/dotnet/OperationInstances.qll
@@ -9,13 +9,14 @@ class ECDsaORRSASigningOperationInstance extends Crypto::SignatureOperationInsta
   CryptographyCreateCall creator;
 
   ECDsaORRSASigningOperationInstance() {
-    this instanceof DotNetSigner and
     CryptographyCreateToUseFlow::flow(DataFlow::exprNode(creator), DataFlow::exprNode(this))
   }
 
-  // TODO FIXME
   override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
     result = creator.getAlgorithmArg()
+    or
+    // FIXME: currently not working
+    result = super.getHashAlgorithmArg()
   }
 
   override Crypto::KeyOperationSubtype getKeyOperationSubtype() {

Original file line number	Diff line number	Diff line change
`@@ -9,13 +9,14 @@ class ECDsaORRSASigningOperationInstance extends Crypto::SignatureOperationInsta`
`9`	`9`	`CryptographyCreateCall creator;`
`10`	`10`
`11`	`11`	`ECDsaORRSASigningOperationInstance() {`
`12`		`- this instanceof DotNetSigner and`
`13`	`12`	`CryptographyCreateToUseFlow::flow(DataFlow::exprNode(creator), DataFlow::exprNode(this))`
`14`	`13`	`}`
`15`	`14`
`16`		`- // TODO FIXME`
`17`	`15`	`override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {`
`18`	`16`	`result = creator.getAlgorithmArg()`
	`17`	`+ or`
	`18`	`+ // FIXME: currently not working`
	`19`	`+ result = super.getHashAlgorithmArg()`
`19`	`20`	`}`
`20`	`21`
`21`	`22`	`override Crypto::KeyOperationSubtype getKeyOperationSubtype() {`