Skip to content

Quantum: Initial support for C##19905

Open
fegge wants to merge 40 commits intogithub:mainfrom
trailofbits:tob/quantum-csharp
Open

Quantum: Initial support for C##19905
fegge wants to merge 40 commits intogithub:mainfrom
trailofbits:tob/quantum-csharp

Conversation

@fegge
Copy link
Contributor

@fegge fegge commented Jun 27, 2025

This PR adds support for parts of the .NET cryptographic libraries. Currently, it contains QL libraries and tests for

  • Symmetric ciphers
  • Signatures
  • Hash functions
  • MACs

fegge and others added 30 commits June 16, 2025 11:59
@fegge
Initial quantum support for C#
9decd51
@fegge
Fixed issues in C# Language.qll
66eee73
@fegge
Added C# query to generate CBOM graph
69e6308
@fcasal
quantum-c#: initial support for ECDSA and RSA signatures
07a3032
@fcasal
Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql in…
36213c5 
…to tob/quantum-csharp
@fcasal
quantum-c#: make type precise
d690a34
@fcasal
quantum-c#: add HashAlgorithms
9970e58
@fcasal
quantum-c#: Add HashAlgorithmInstance
1762959
@fcasal
quantum-c#: Add generic dataflow module
01b98fc
@fcasal
quanntum-c#: refactor class names
3913f44
@fegge
Added initial support for C# block ciphers
b1bbd97
@fcasal
quantum-c#: Add HashAlgorithmInstance
791c260
@fcasal
Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql in…
2642e32 
…to tob/quantum-csharp
@fcasal
quantum-c#: refactoring
6d0024d
@fegge
Extended CryptoStreamKeyOperationInstance
c7caf97 
- Added support to get input consumers and output artifacts
- Added padding and cipher mode algorithm instances, as well as dataflow
  to link these to `CryptoStream` key operations
@fcasal
quantum-c#: add hash operation instance
a3e93ce
@fcasal
Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql in…
e0430a7 
…to tob/quantum-csharp
@fegge
Added support for the system CSPRNG
9238b12
@fegge
Added unit tests for C# block cipher modes
46c037c
@fcasal
refactoring
a7c5f7a
@fcasal
Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql in…
50c98f6 
…to tob/quantum-csharp
@fegge
Updated Stream related data flow
3e70e8e
@fcasal
Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql in…
e488a74 
…to tob/quantum-csharp
@fcasal
quantum-c#: Use stream flows for the HashOperationInstance
f3c436a
@fegge
Added support for AesGcm and AesCcm
45ae4d1 
This commit also reorganizes the dotnet library to move utility classes
into the private Cryptography module.
@fegge
Updated test suite with AesGcm and AesCcm tests
e643cc4
@fegge
Added support for ChaCha20Poly1305
5fc267a
@fcasal
quantum-c#: refactor AVCs for hashes and signatures.
e344505
@fcasal
Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql in…
601d5d1 
…to tob/quantum-csharp
@fegge
Added support for bare symmetric algorithms
298d226
@fegge fegge requested review from a team as code owners June 27, 2025 12:36
@github-actions github-actions bot added the C# label Jun 27, 2025
@fegge fegge marked this pull request as draft June 27, 2025 12:41
@bdrodes
Copy link
Contributor

bdrodes commented Jun 27, 2025

@fegge Check out my test cases. I do 3 tests, nodes, node edges, and node properties. That should cover everything. Can you update the PR to do that kind of test?

@bdrodes
Copy link
Contributor

bdrodes commented Jun 27, 2025

@fegge make sure to work with @nicolaswill to get all my PRs in first and double check if model updates on my part break anything.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 29, 2025
View reviewed changes
csharp/ql/lib/experimental/quantum/Language.qll
Comment on lines 147 to 150
/**
* An instance of random number generation, modelled as the expression
* tied to an output node (i.e., the RNG output)
*/

Check warning

Code scanning / CodeQL

Misspelling Warning

This comment contains the non-US spelling 'modelled', which should instead be 'modeled'.
csharp/ql/lib/experimental/quantum/dotnet/AlgorithmInstances.qll
private import Cryptography
private import FlowAnalysis

class NamedCurveAlgorithmInstance extends Crypto::EllipticCurveInstance instanceof NamedCurvePropertyAccess

Check warning

Code scanning / CodeQL

Suggest using non-extending subtype relationships. Warning

Consider defining this class as non-extending subtype of
NamedCurvePropertyAccess
Loading
.
csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll Outdated
ECParameters() { this.hasName("ECParameters") }
}

class RSAParameters extends CryptographyType {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in RSAParameters should be PascalCase/camelCase.
csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll Outdated
ECDsaClass() { this.hasName("ECDsa") }
}

private class RSAClass extends CryptographyType {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in RSAClass should be PascalCase/camelCase.
csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll Outdated
RSAClass() { this.hasName("RSA") }
}

private class RSAPKCS1SignatureFormatter extends CryptographyType {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in RSAPKCS1SignatureFormatter should be PascalCase/camelCase.
csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll Outdated
override string getRawMACAlgorithmName() { result = super.getType().getName() }
}

class HMACAlgorithmQualifier extends Crypto::HMACAlgorithmInstance, Crypto::AlgorithmValueConsumer,

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in HMACAlgorithmQualifier should be PascalCase/camelCase.
csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll Outdated

module AeadFlow = CreationToUseFlow<AeadCreation, AeadUse>;

module HMACFlow = CreationToUseFlow<HMACCreation, MacUse>;

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in HMACFlow should be PascalCase/camelCase.
csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll
}

module SigningCreateToUseFlow {
private module SigningCreateToUseFlow implements DataFlow::ConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll Outdated
Comment on lines 266 to 276
/**
* An additional flow step across new object creations that use the original objects.
*
* Example:
* ```
* RSA rsa = RSA.Create()
* RSAPKCS1SignatureFormatter rsaFormatter = new(rsa);
* rsaFormatter.SetHashAlgorithm(nameof(SHA256));
* signedHash = rsaFormatter.CreateSignature(hash);
* ```
*/

Check warning

Code scanning / CodeQL

Predicate QLDoc style. Warning

The QLDoc for a predicate without a result should start with 'Holds'.
csharp/ql/lib/experimental/quantum/dotnet/OperationInstances.qll Outdated
}
}

class HMACOperationInstance extends Crypto::MACOperationInstance instanceof MacUse {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in HMACOperationInstance should be PascalCase/camelCase.
@fegge fegge marked this pull request as ready for review July 4, 2025 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

C#

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fegge @bdrodes @fcasal