Added initial support for C# block ciphers

Author: fegge

csharp/ql/lib/experimental/quantum/Language.qll

@@ -65,4 +65,4 @@ module ArtifactFlowConfig implements Language::DataFlow::ConfigSig {
 
 module ArtifactFlow = Language::DataFlow::Global<ArtifactFlowConfig>;
 
-import dotnet
+import dotnet

csharp/ql/lib/experimental/quantum/dotnet.qll

@@ -1,4 +1,3 @@
-import dotnet.AlgorithmInstances
 import dotnet.AlgorithmValueConsumers
-import dotnet.FlowAnalysis
-import dotnet.Cryptography
+import dotnet.AlgorithmInstances
+import dotnet.OperationInstances

csharp/ql/lib/experimental/quantum/dotnet/AlgorithmInstances.qll

@@ -1,6 +1,7 @@
 private import csharp
 private import experimental.quantum.Language
 private import AlgorithmValueConsumers
+private import OperationInstances
 private import Cryptography
 private import FlowAnalysis
 
@@ -40,3 +41,67 @@ class HashAlgorithmNameInstance extends Crypto::HashAlgorithmInstance instanceof
 
   Crypto::AlgorithmValueConsumer getConsumer() { result = consumer }
 }
+
+class SymmetricAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance instanceof SymmetricAlgorithmCreation
+{
+  override string getRawAlgorithmName() { result = super.getSymmetricAlgorithm().getName() }
+
+  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    if exists(symmetricAlgorithmNameToType(this.getRawAlgorithmName()))
+    then result = symmetricAlgorithmNameToType(this.getRawAlgorithmName())
+    else result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::OtherSymmetricCipherType())
+  }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  override int getKeySizeFixed() { none() }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() }
+}
+
+/**
+ * A padding mode literal, such as `PaddingMode.PKCS7`.
+ */
+class PaddingModeLiteralInstance extends Crypto::PaddingAlgorithmInstance instanceof MemberConstantAccess
+{
+  Crypto::AlgorithmValueConsumer consumer;
+
+  PaddingModeLiteralInstance() {
+    this = any(PaddingMode mode).getAnAccess() and
+    consumer = PaddingModeLiteralFlow::getConsumer(this, _, _)
+  }
+
+  override string getRawPaddingAlgorithmName() { result = super.getTarget().getName() }
+
+  override Crypto::TPaddingType getPaddingType() {
+    if exists(paddingNameToType(this.getRawPaddingAlgorithmName()))
+    then result = paddingNameToType(this.getRawPaddingAlgorithmName())
+    else result = Crypto::OtherPadding()
+  }
+
+  Crypto::AlgorithmValueConsumer getConsumer() { result = consumer }
+}
+
+private Crypto::KeyOpAlg::Algorithm symmetricAlgorithmNameToType(string algorithmName) {
+  algorithmName = "Aes" and result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES())
+  or
+  algorithmName = "DES" and result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::DES())
+  or
+  algorithmName = "RC2" and result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::RC2())
+  or
+  algorithmName = "Rijndael" and
+  result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES())
+  or
+  algorithmName = "TripleDES" and
+  result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::DES())
+}
+
+private Crypto::TPaddingType paddingNameToType(string paddingName) {
+  paddingName = "ANSIX923" and result = Crypto::ANSI_X9_23()
+  or
+  paddingName = "None" and result = Crypto::NoPadding()
+  or
+  paddingName = "PKCS7" and result = Crypto::PKCS7()
+}

csharp/ql/lib/experimental/quantum/dotnet/AlgorithmValueConsumers.qll

@@ -1,6 +1,7 @@
 private import csharp
 private import experimental.quantum.Language
 private import AlgorithmInstances
+private import OperationInstances
 private import Cryptography
 
 class ECDsaAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer {
@@ -26,3 +27,16 @@ class HashAlgorithmNameConsumer extends Crypto::AlgorithmValueConsumer {
     exists(HashAlgorithmNameInstance l | l.getConsumer() = this and result = l)
   }
 }
+
+/**
+ * A write access to the `Padding` property of a `SymmetricAlgorithm` instance.
+ */
+class PaddingPropertyWrite extends Crypto::AlgorithmValueConsumer instanceof SymmetricAlgorithmUse {
+  PaddingPropertyWrite() { super.isPaddingConsumer() }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { result.asExpr() = this }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    result.(PaddingModeLiteralInstance).getConsumer() = this
+  }
+}

csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll

@@ -1,39 +1,15 @@
 private import csharp
-private import Cryptography
+private import semmle.code.csharp.dataflow.DataFlow
+private import OperationInstances
 private import AlgorithmValueConsumers
-
-/**
- * Flow from a known ECDsa property access to a `ECDsa.Create(sink)` call.
- */
-module SigningNamedCurveToSignatureCreateFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SigningNamedCurvePropertyAccess }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(ECDsaAlgorithmValueConsumer consumer | sink = consumer.getInputNode())
-  }
-}
-
-module SigningNamedCurveToSignatureCreateFlow =
-  DataFlow::Global<SigningNamedCurveToSignatureCreateFlowConfig>;
-
-module HashAlgorithmNameToUseConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HashAlgorithmName }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(HashAlgorithmNameConsumer consumer | sink = consumer.getInputNode())
-  }
-}
-
-module HashAlgorithmNameToUse = DataFlow::Global<HashAlgorithmNameToUseConfig>;
+private import Cryptography
 
 signature class CreationCallSig instanceof Call;
 
 signature class UseCallSig instanceof QualifiableExpr {
   predicate isIntermediate();
 }
 
-module CryptographyCreateToUseFlow = CreationToUseFlow<CryptographyCreateCall, DotNetSigner>;
-
 module CreationToUseFlow<CreationCallSig Creation, UseCallSig Use> {
   private module CreationToUseConfig implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) {
@@ -85,3 +61,159 @@ module CreationToUseFlow<CreationCallSig Creation, UseCallSig Use> {
     )
   }
 }
+
+/**
+ * Flow from a known ECDsa property access to a `ECDsa.Create(sink)` call.
+ */
+module SigningNamedCurveToSignatureCreateFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SigningNamedCurvePropertyAccess }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(ECDsaAlgorithmValueConsumer consumer | sink = consumer.getInputNode())
+  }
+}
+
+module SigningNamedCurveToSignatureCreateFlow =
+  DataFlow::Global<SigningNamedCurveToSignatureCreateFlowConfig>;
+
+module HashAlgorithmNameToUseConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HashAlgorithmName }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(HashAlgorithmNameConsumer consumer | sink = consumer.getInputNode())
+  }
+}
+
+module HashAlgorithmNameToUse = DataFlow::Global<HashAlgorithmNameToUseConfig>;
+
+module CryptographyCreateToUseFlow = CreationToUseFlow<CryptographyCreateCall, DotNetSigner>;
+
+/**
+ * A flow analysis module that tracks the flow from a `CryptoStreamMode.READ` or
+ * `CryptoStreamMode.WRITE` access to the corresponding `CryptoStream` object
+ * creation.
+ */
+module CryptoStreamModeFlow {
+  private module CryptoStreamModeConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      source.asExpr() = any(CryptoStreamMode mode).getAnAccess()
+    }
+
+    predicate isSink(DataFlow::Node sink) {
+      sink.asExpr() = any(CryptoStreamCreation creation).getModeArg()
+    }
+  }
+
+  private module CryptoStreamModeFlow = DataFlow::Global<CryptoStreamModeConfig>;
+
+  CryptoStreamMode getModeFromCreation(CryptoStreamCreation creation) {
+    exists(CryptoStreamModeFlow::PathNode source, CryptoStreamModeFlow::PathNode sink |
+      source.getNode().asExpr() = result.getAnAccess() and
+      sink.getNode().asExpr() = creation.getAnArgument() and
+      CryptoStreamModeFlow::flowPath(source, sink)
+    )
+  }
+}
+
+/**
+ * A flow analysis module that tracks data flow from a `ICryptoTransform`
+ * creation (e.g. `Aes.CreateEncryptor()`) to the transform argument of a
+ * `CryptoStream` object creation.
+ */
+module CryptoTransformFlow {
+  private module CryptoTransformConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CryptoTransformCreation }
+
+    predicate isSink(DataFlow::Node sink) {
+      sink.asExpr() = any(ObjectCreation creation).getAnArgument()
+    }
+  }
+
+  private module CryptoTransformFlow = DataFlow::Global<CryptoTransformConfig>;
+
+  CryptoTransformCreation getCreationFromUse(ObjectCreation creation) {
+    exists(CryptoTransformFlow::PathNode source, CryptoTransformFlow::PathNode sink |
+      source.getNode().asExpr() = result and
+      sink.getNode().asExpr() = creation.getAnArgument() and
+      CryptoTransformFlow::flowPath(source, sink)
+    )
+  }
+}
+
+/**
+ * A flow analysis module that tracks the flow from a `PaddingMode` member
+ * access (e.g. `PaddingMode.PKCS7`) to a `Padding` property write on a
+ * `SymmetricAlgorithm` instance.
+ *
+ * Example:
+ * ```
+ *  Aes aes = Aes.Create();
+ *  aes.Padding = PaddingMode.PKCS7;
+ *  ...
+ * ```
+ */
+module PaddingModeLiteralFlow {
+  private module PaddingModeLiteralConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      source.asExpr() = any(PaddingMode mode).getAnAccess()
+    }
+
+    predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof PaddingPropertyWrite }
+
+    // TODO: Figure out why this is needed.
+    predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+      exists(Assignment assign |
+        node1.asExpr() = assign.getRValue() and
+        node2.asExpr() = assign.getLValue()
+      )
+    }
+  }
+
+  private module PaddingModeLiteralFlow = DataFlow::Global<PaddingModeLiteralConfig>;
+
+  SymmetricAlgorithmUse getConsumer(
+    Expr mode, PaddingModeLiteralFlow::PathNode source, PaddingModeLiteralFlow::PathNode sink
+  ) {
+    source.getNode().asExpr() = mode and
+    sink.getNode().asExpr() = result and
+    PaddingModeLiteralFlow::flowPath(source, sink)
+  }
+}
+
+/**
+ * A flow analysis module that tracks the flow from a `MemoryStream` object
+ * creation to the `stream` argument passed to a `CryptoStream` constructor
+ * call.
+ *
+ * TODO: This should probably be made generic over multiple stream types.
+ */
+module MemoryStreamFlow {
+  private class MemoryStreamCreation extends ObjectCreation {
+    MemoryStreamCreation() {
+      this.getObjectType().hasFullyQualifiedName("System.IO", "MemoryStream")
+    }
+
+    Expr getBufferArg() { result = this.getArgument(0) }
+  }
+
+  // (Note that we cannot use `CreationToUseFlow` here, because the use is not a
+  // `QualifiableExpr`.)
+  private module MemoryStreamConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source.asExpr() instanceof MemoryStreamCreation }
+
+    predicate isSink(DataFlow::Node sink) {
+      exists(CryptoStreamCreation creation | sink.asExpr() = creation.getStreamArg())
+    }
+  }
+
+  private module MemoryStreamFlow = DataFlow::Global<MemoryStreamConfig>;
+
+  MemoryStreamCreation getCreationFromUse(
+    CryptoStreamCreation creation, MemoryStreamFlow::PathNode source,
+    MemoryStreamFlow::PathNode sink
+  ) {
+    source.getNode().asExpr() = result and
+    sink.getNode().asExpr() = creation.getStreamArg() and
+    MemoryStreamFlow::flowPath(source, sink)
+  }
+}