Added support for block cipher modes

Author: fegge

java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmInstances.qll

@@ -14,7 +14,7 @@ class EllipticCurveStringLiteralInstance extends Crypto::EllipticCurveInstance i
   override string getRawEllipticCurveName() { result = super.getValue() }
 
   EllipticCurveAlgorithmValueConsumer getConsumer() {
-    result = EllipticCurveStringLiteralToConsumer::getConsumerFromLiteral(this, _, _)
+    result = EllipticCurveStringLiteralToConsumerFlow::getConsumerFromLiteral(this, _, _)
   }
 
   override Crypto::TEllipticCurveType getEllipticCurveType() {
@@ -69,25 +69,19 @@ abstract class SignatureAlgorithmInstance extends Crypto::KeyOperationAlgorithmI
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
-  /**
-   * Used for data flow from elliptic curve string literals to the algorithm
-   * instance.
-   */
+  // Used for data flow from elliptic curve string literals to the algorithm
   DataFlow::Node getParametersInput() { none() }
 
-  /**
-   * Used for data flow from elliptic curve string literals to the algorithm
-   * instance.
-   */
+  // Used for data flow from elliptic curve string literals to the algorithm
   DataFlow::Node getEllipticCurveInput() { none() }
 }
 
 /**
- * Represents an elliptic curve signature algorithm where both the signature
- * algorithm and elliptic curve are implicitly defined by the underlying type.
+ * An elliptic curve signature algorithm where both the signature algorithm and
+ * elliptic curve are implicitly defined by the underlying type.
  */
 abstract class KnownEllipticCurveSignatureAlgorithmInstance extends KnownEllipticCurveInstance,
   SignatureAlgorithmInstance
@@ -107,7 +101,7 @@ class DsaSignatureAlgorithmInstance extends SignatureAlgorithmInstance instanceo
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 }
 
@@ -122,7 +116,7 @@ class Ed25519SignatureAlgorithmInstance extends KnownEllipticCurveSignatureAlgor
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
   override string getRawEllipticCurveName() { result = "Curve25519" }
@@ -139,7 +133,7 @@ class Ed448SignatureAlgorithmInstance extends KnownEllipticCurveSignatureAlgorit
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
   override string getRawEllipticCurveName() { result = "Curve448" }
@@ -163,7 +157,7 @@ class EcdsaSignatureAlgorithmInstance extends SignatureAlgorithmInstance instanc
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
@@ -184,7 +178,7 @@ class StatefulSignatureAlgorithmInstance extends SignatureAlgorithmInstance inst
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
@@ -218,19 +212,15 @@ abstract class KeyGenerationAlgorithmInstance extends Crypto::KeyOperationAlgori
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
-  /**
-   * Used for data flow from elliptic curve string literals to the algorithm
-   * instance.
-   */
+  // Used for data flow from elliptic curve string literals to the algorithm
+  // instance.
   DataFlow::Node getParametersInput() { none() }
 
-  /**
-   * Used for data flow from elliptic curve string literals to the algorithm
-   * instance.
-   */
+  // Used for data flow from elliptic curve string literals to the algorithm
+  // instance.
   DataFlow::Node getEllipticCurveInput() { none() }
 }
 
@@ -320,7 +310,7 @@ class StatefulSignatureKeyGenerationAlgorithmInstance extends KeyGenerationAlgor
   }
 
   override string getRawAlgorithmName() {
-    typeNameToRawAlgorithmName(super.getConstructedType().getName(), result)
+    typeNameToRawAlgorithmNameMapping(super.getConstructedType().getName(), result)
   }
 
   override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
@@ -332,11 +322,103 @@ class StatefulSignatureKeyGenerationAlgorithmInstance extends KeyGenerationAlgor
   }
 }
 
+/**
+ * A block cipher used in a mode of operation. The algorithm is implicitly
+ * defined by the type.
+ */
+class BlockCipherAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance instanceof ClassInstanceExpr
+{
+  // We track the block cipher mode here to ensure that going from the block
+  // cipher instance to the block cipher mode instance and back always yields
+  // the same instance.
+  //
+  // Since the block cipher algorithm instance is always resolved using data
+  // flow from the block cipher mode, we don't loose any information by
+  // requiring that this flow exists.
+  BlockCipherModeAlgorithmInstance mode;
+
+  BlockCipherAlgorithmInstance() {
+    super.getConstructedType() instanceof Modes::BlockCipher and
+    mode = BlockCipherToBlockCipherModeFlow::getBlockCipherModeFromBlockCipher(this, _, _)
+  }
+
+  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
+    if blockCipherNameToAlgorithmMapping(this.getRawAlgorithmName(), _)
+    then blockCipherNameToAlgorithmMapping(this.getRawAlgorithmName(), result)
+    else result = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::OtherSymmetricCipherType())
+  }
+
+  // TODO: Implement this.
+  override int getKeySizeFixed() { none() }
+
+  override string getRawAlgorithmName() {
+    typeNameToRawAlgorithmNameMapping(super.getType().getName(), result)
+  }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { result = mode }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() {
+    result = BlockCipherToPaddingModeFlow::getPaddingModeFromBlockCipher(this)
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() }
+
+  // Gets a consumer of this block cipher algorithm instance.
+  Crypto::AlgorithmValueConsumer getConsumer() { result = mode.getBlockCipherArg() }
+}
+
+/**
+ * A block cipher mode instance.
+ */
+class BlockCipherModeAlgorithmInstance extends Crypto::ModeOfOperationAlgorithmInstance,
+  BlockCipherModeAlgorithmValueConsumer instanceof ClassInstanceExpr
+{
+  BlockCipherModeAlgorithmInstance() {
+    super.getConstructedType() instanceof Modes::UnpaddedBlockCipherMode
+  }
+
+  override string getRawModeAlgorithmName() {
+    result = super.getConstructedType().getName().splitAt("BlockCipher", 0)
+  }
+
+  override Crypto::TBlockCipherModeOfOperationType getModeType() {
+    if modeNameToModeTypeMapping(this.getRawModeAlgorithmName(), _)
+    then modeNameToModeTypeMapping(this.getRawModeAlgorithmName(), result)
+    else result = Crypto::OtherMode()
+  }
+
+  Expr getBlockCipherArg() {
+    exists(Expr arg |
+      arg = super.getAnArgument() and
+      arg.getType() instanceof Modes::BlockCipher and
+      result = arg
+    )
+  }
+
+  Crypto::AlgorithmValueConsumer getConsumer() { result = this }
+}
+
+/**
+ * A padding mode instance implicitly determined by the constructor.
+ */
+class PaddingAlgorithmInstance extends Crypto::PaddingAlgorithmInstance instanceof ClassInstanceExpr
+{
+  PaddingAlgorithmInstance() { super.getConstructedType() instanceof Modes::PaddingMode }
+
+  override Crypto::TPaddingType getPaddingType() {
+    paddingNameToTypeMapping(this.getRawPaddingAlgorithmName(), result)
+  }
+
+  override string getRawPaddingAlgorithmName() {
+    result = super.getConstructedType().getName().splitAt("Padding", 0)
+  }
+}
+
 /**
  * Private predicates mapping type names to raw names, key sizes and algorithms.
  */
 bindingset[typeName]
-private predicate typeNameToRawAlgorithmName(string typeName, string algorithmName) {
+private predicate typeNameToRawAlgorithmNameMapping(string typeName, string algorithmName) {
   // Ed25519, Ed25519ph, and Ed25519ctx key generators and signers
   typeName.matches("Ed25519%") and
   algorithmName = "Ed25519"
@@ -356,6 +438,66 @@ private predicate typeNameToRawAlgorithmName(string typeName, string algorithmNa
   // HSS
   typeName.matches("HSS%") and
   algorithmName = "HSS"
+  or
+  typeName.matches("AES%") and
+  algorithmName = "AES"
+  or
+  typeName.matches("Aria%") and
+  algorithmName = "Aria"
+  or
+  typeName.matches("Blowfish%") and
+  algorithmName = "Blowfish"
+  or
+  typeName.matches("DES%") and
+  algorithmName = "DES"
+  or
+  typeName.matches("TripleDES%") and
+  algorithmName = "TripleDES"
+}
+
+private predicate modeNameToModeTypeMapping(
+  string modeName, Crypto::TBlockCipherModeOfOperationType modeType
+) {
+  modeName = "CBC" and
+  modeType = Crypto::CBC()
+  or
+  modeName = "CCM" and
+  modeType = Crypto::CCM()
+  or
+  modeName = "CFB" and
+  modeType = Crypto::CFB()
+  or
+  modeName = "CTR" and
+  modeType = Crypto::CTR()
+  or
+  modeName = "ECB" and
+  modeType = Crypto::ECB()
+  or
+  modeName = "GCM" and
+  modeType = Crypto::GCM()
+  or
+  modeName = "OCB" and
+  modeType = Crypto::OCB()
+  or
+  modeName = "OFB" and
+  modeType = Crypto::OFB()
+  or
+  modeName = "XTS" and
+  modeType = Crypto::XTS()
+}
+
+private predicate paddingNameToTypeMapping(string paddingName, Crypto::TPaddingType paddingType) {
+  paddingName = "NoPadding" and
+  paddingType = Crypto::NoPadding()
+  or
+  paddingName = "PKCS7" and
+  paddingType = Crypto::PKCS7()
+  or
+  paddingName = "ISO10126" and
+  paddingType = Crypto::OtherPadding()
+  or
+  paddingName = "ZeroByte" and
+  paddingType = Crypto::OtherPadding()
 }
 
 private predicate signatureNameToKeySizeAndAlgorithmMapping(
@@ -381,3 +523,22 @@ private predicate generatorNameToKeySizeAndAlgorithmMapping(
   keySize = 448 and
   algorithm = Crypto::KeyOpAlg::TSignature(Crypto::KeyOpAlg::Ed448())
 }
+
+private predicate blockCipherNameToAlgorithmMapping(
+  string name, Crypto::KeyOpAlg::Algorithm algorithm
+) {
+  name = "AES" and
+  algorithm = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES())
+  or
+  name = "Aria" and
+  algorithm = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::ARIA())
+  or
+  name = "Blowfish" and
+  algorithm = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::BLOWFISH())
+  or
+  name = "DES" and
+  algorithm = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::DES())
+  or
+  name = "TripleDES" and
+  algorithm = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::TripleDES())
+}

java/ql/lib/experimental/quantum/BouncyCastle/AlgorithmValueConsumers.qll

@@ -1,12 +1,12 @@
 import java
 import AlgorithmInstances
 
-abstract class HashAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { }
-
-abstract class CipherAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { }
-
 abstract class EllipticCurveAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { }
 
+/**
+ * An AVC for an elliptic curve algorithm where the algorithm is defined by an
+ * elliptic curve string literal.
+ */
 class EllipticCurveStringLiteralArg extends EllipticCurveAlgorithmValueConsumer instanceof Expr {
   EllipticCurveStringLiteralArg() {
     this = any(Params::ParametersInstantiation params).getAlgorithmArg()
@@ -20,8 +20,8 @@ class EllipticCurveStringLiteralArg extends EllipticCurveAlgorithmValueConsumer
 }
 
 /**
- * The AVC for a signature algorithm where the algorithm is implicitly defined
- * by the constructor.
+ * An AVC for a signature algorithm where the algorithm is implicitly defined by
+ * the constructor.
  */
 abstract class SignatureAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer {
   override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this }
@@ -30,11 +30,40 @@ abstract class SignatureAlgorithmValueConsumer extends Crypto::AlgorithmValueCon
 }
 
 /**
- * The AVC for a key generation algorithm where the algorithm is implicitly
+ * An AVC for a key generation algorithm where the algorithm is implicitly
  * defined by the constructor.
  */
 abstract class KeyGenerationAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer {
   override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this }
 
   override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
 }
+
+/**
+ * A block cipher argument passed to an block cipher mode constructor.
+ */
+class BlockCipherAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof Expr {
+  BlockCipherAlgorithmValueConsumer() {
+    this = any(BlockCipherModeAlgorithmInstance mode).getBlockCipherArg()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { result.asExpr() = this }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    result.(BlockCipherAlgorithmInstance).getConsumer() = this
+  }
+}
+
+/**
+ * An AVC for a block cipher mode implicitly defined by the constructor.
+ */
+abstract class BlockCipherModeAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof ClassInstanceExpr
+{
+  BlockCipherModeAlgorithmValueConsumer() {
+    this.getType() instanceof Modes::UnpaddedBlockCipherMode
+  }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
+}