quantum-c#: Add support for HMACs

Author: fcasal

csharp/ql/lib/experimental/quantum/dotnet/Cryptography.qll

@@ -177,7 +177,8 @@ private predicate hashAlgorithmToFamily(
   hashName = "SHA3_384" and hashFamily = Crypto::SHA3() and digestLength = 384
   or
   hashName = "SHA3_512" and hashFamily = Crypto::SHA3() and digestLength = 512
-  // TODO: is there an idiomatic way to add a default type here?
+  or
+  hashName = "RIPEMD160" and hashFamily = Crypto::RIPEMD160() and digestLength = 160
 }
 
 class HashAlgorithmNameUser extends MethodCall {
@@ -630,3 +631,99 @@ class CryptoStreamUse extends MethodCall {
     result = this.getArgument(0)
   }
 }
+
+class MacAlgorithmType extends CryptographyType {
+  MacAlgorithmType() { this.getName().matches(["HMAC%", "KeyedHashAlgorithm"]) }
+}
+
+class HMACCreation extends ObjectCreation {
+  HMACCreation() { this.getObjectType() instanceof MacAlgorithmType }
+
+  Expr getKeyArg() { if this.hasNoArguments() then result = this else result = this.getArgument(0) }
+
+  string getRawAlgorithmName() { result = this.getObjectType().getName() }
+}
+
+class MacUse extends Crypto::AlgorithmValueConsumer instanceof MethodCall {
+  MacUse() {
+    this.getQualifier().getType() instanceof MacAlgorithmType and
+    this.getTarget().hasName(["ComputeHash", "ComputeHashAsync", "HashData", "HashDataAsync"])
+  }
+
+  predicate isIntermediate() { none() }
+
+  Expr getOutput() {
+    not this.isIntermediate() and
+    // some functions receive the destination as a parameter
+    if
+      super.getTarget().getName() = ["HashData"] and super.getNumberOfArguments() = 3
+      or
+      super.getTarget().getName() = ["HashDataAsync"] and super.getNumberOfArguments() = 4
+    then result = super.getArgument(2)
+    else result = this
+  }
+
+  private Expr getDataArg() {
+    // ComputeHash and ComputeHashAsync take the data as the first argument.
+    if super.getTarget().getName().matches("ComputeHash%")
+    then result = super.getArgument(0)
+    else result = super.getArgument(1)
+  }
+
+  Expr getInputArg() {
+    result = this.getDataArg() and result.getType() instanceof ByteArrayOrReadOnlyByteSpanType
+  }
+
+  Expr getStreamArg() { result = this.getDataArg() and result.getType() instanceof Stream }
+
+  Expr getKeyArg() {
+    if not super.getTarget().getName().matches("ComputeHash%")
+    then result = super.getArgument(0)
+    else result = HMACFlow::getCreationFromUse(this, _, _).getKeyArg()
+  }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = super.getQualifier() }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
+
+  Expr getQualifier() { result = super.getQualifier() }
+}
+
+class HMACAlgorithmInstance extends Crypto::MACAlgorithmInstance instanceof Expr {
+  HMACAlgorithmInstance() { this = any(MacUse c).getQualifier() }
+
+  override Crypto::TMACType getMACType() { result instanceof Crypto::THMAC }
+
+  override string getRawMACAlgorithmName() { result = super.getType().getName() }
+}
+
+class HMACAlgorithmQualifier extends Crypto::HMACAlgorithmInstance, Crypto::AlgorithmValueConsumer,
+  HMACAlgorithmInstance, Crypto::HashAlgorithmInstance instanceof Expr
+{
+  override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { result = this }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
+
+  override Crypto::THashType getHashFamily() {
+    result = getHashFamily(this.getRawHashAlgorithmName())
+  }
+
+  override string getRawHashAlgorithmName() {
+    if super.getType().hasName("KeyedHashAlgorithm")
+    then result = this.getOriginalRawHashAlgorithmName()
+    else result = super.getType().getName().replaceAll("HMAC", "")
+  }
+
+  override int getFixedDigestLength() {
+    hashAlgorithmToFamily(this.getRawHashAlgorithmName(), _, result)
+  }
+
+  private string getOriginalRawHashAlgorithmName() {
+    exists(MacUse use |
+      use.getQualifier() = this and
+      result = HMACFlow::getCreationFromUse(use, _, _).getRawAlgorithmName().replaceAll("HMAC", "")
+    )
+  }
+}

csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll

@@ -70,6 +70,8 @@ module CryptoStreamFlow = CreationToUseFlow<CryptoStreamCreation, CryptoStreamUs
 
 module AeadFlow = CreationToUseFlow<AeadCreation, AeadUse>;
 
+module HMACFlow = CreationToUseFlow<HMACCreation, MacUse>;
+
 module SymmetricAlgorithmFlow =
   CreationToUseFlow<SymmetricAlgorithmCreation, SymmetricAlgorithmUse>;
 

csharp/ql/lib/experimental/quantum/dotnet/OperationInstances.qll

@@ -99,7 +99,9 @@ class SymmetricAlgorithmOperationInstance extends Crypto::KeyOperationInstance i
  */
 class CryptoStreamOperationInstance extends Crypto::KeyOperationInstance instanceof CryptoStreamCreation
 {
-  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { result = this.getCryptoTransform() }
+  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
+    result = this.getCryptoTransform()
+  }
 
   override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
     if this.getCryptoTransform().isEncryptor()
@@ -117,7 +119,8 @@ class CryptoStreamOperationInstance extends Crypto::KeyOperationInstance instanc
     if exists(this.getCryptoTransform().getKeyArg())
     then result.asExpr() = this.getCryptoTransform().getKeyArg()
     else (
-      result.asExpr() = SymmetricAlgorithmFlow::getIntermediateUseFromUse(this.getCryptoTransform(), _, _) and
+      result.asExpr() =
+        SymmetricAlgorithmFlow::getIntermediateUseFromUse(this.getCryptoTransform(), _, _) and
       result.asExpr().(SymmetricAlgorithmUse).isKeyConsumer()
     )
   }
@@ -129,7 +132,8 @@ class CryptoStreamOperationInstance extends Crypto::KeyOperationInstance instanc
     if exists(this.getCryptoTransform().getIvArg())
     then result.asExpr() = this.getCryptoTransform().getIvArg()
     else (
-      result.asExpr() = SymmetricAlgorithmFlow::getIntermediateUseFromUse(this.getCryptoTransform(), _, _) and
+      result.asExpr() =
+        SymmetricAlgorithmFlow::getIntermediateUseFromUse(this.getCryptoTransform(), _, _) and
       result.asExpr().(SymmetricAlgorithmUse).isIvConsumer()
     )
   }
@@ -205,3 +209,20 @@ class AeadOperationInstance extends Crypto::KeyOperationInstance instanceof Aead
     result.asExpr() = super.getOutputArg()
   }
 }
+
+class HMACOperationInstance extends Crypto::MACOperationInstance instanceof MacUse {
+  HMACOperationInstance() { not super.isIntermediate() }
+
+  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
+    result = super.getQualifier()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getMessageConsumer() {
+    result.asExpr() = super.getInputArg() or
+    result.asExpr() = StreamFlow::getEarlierUse(super.getStreamArg(), _, _).getInputArg()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
+    result.asExpr() = super.getKeyArg()
+  }
+}

csharp/ql/test/experimental/library-tests/quantum/dotnet/macs/HMACExample.cs

@@ -0,0 +1,121 @@
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace QuantumExamples.Cryptography
+{
+    public class HMACExample
+    {
+        public static void RunExample()
+        {
+            const string originalMessage = "This is a message to authenticate!";
+
+            // Demonstrate various MAC approaches
+            DemonstrateHMACMethods(originalMessage);
+            DemonstrateKeyedHashAlgorithm(originalMessage);
+            DemonstrateOneShotMAC(originalMessage);
+            DemonstrateStreamBasedMAC(originalMessage);
+        }
+
+        private static void DemonstrateHMACMethods(string message)
+        {
+            Console.WriteLine("=== HMAC Methods ===");
+            byte[] messageBytes = Encoding.UTF8.GetBytes(message);
+            byte[] key = GenerateKey(32); // 256-bit key
+
+            Console.WriteLine($"Original message: {message}");
+            Console.WriteLine($"Key: {Convert.ToBase64String(key)}");
+
+            // HMAC-SHA256 using HMACSHA256 class
+            using (HMACSHA256 hmacSha256 = new HMACSHA256(key))
+            {
+                byte[] hash = hmacSha256.ComputeHash(messageBytes);
+                Console.WriteLine($"HMAC-SHA256: {Convert.ToBase64String(hash)}");
+            }
+
+            // HMAC-SHA1 using HMACSHA1 class
+            using (HMACSHA1 hmacSha1 = new HMACSHA1(key))
+            {
+                byte[] hash = hmacSha1.ComputeHash(messageBytes);
+                Console.WriteLine($"HMAC-SHA1: {Convert.ToBase64String(hash)}");
+            }
+
+            // HMAC-SHA384 using HMACSHA384 class
+            using (HMACSHA384 hmacSha384 = new HMACSHA384(key))
+            {
+                byte[] hash = hmacSha384.ComputeHash(messageBytes);
+                Console.WriteLine($"HMAC-SHA384: {Convert.ToBase64String(hash)}");
+            }
+
+            // HMAC-SHA512 using HMACSHA512 class
+            using (HMACSHA512 hmacSha512 = new HMACSHA512(key))
+            {
+                byte[] hash = hmacSha512.ComputeHash(messageBytes);
+                Console.WriteLine($"HMAC-SHA512: {Convert.ToBase64String(hash)}");
+            }
+        }
+
+        private static void DemonstrateKeyedHashAlgorithm(string message)
+        {
+            Console.WriteLine("\n=== KeyedHashAlgorithm Base Class ===");
+            byte[] messageBytes = Encoding.UTF8.GetBytes(message);
+            byte[] key = GenerateKey(32);
+
+            // Using KeyedHashAlgorithm base class reference
+            using (KeyedHashAlgorithm keyedHash = new HMACSHA256(key))
+            {
+                byte[] hash = keyedHash.ComputeHash(messageBytes);
+                Console.WriteLine($"KeyedHashAlgorithm (HMAC-SHA256): {Convert.ToBase64String(hash)}");
+                Console.WriteLine($"Algorithm name: {keyedHash.GetType().Name}");
+                Console.WriteLine($"Hash size: {keyedHash.HashSize} bits");
+            }
+        }
+
+        private static void DemonstrateOneShotMAC(string message)
+        {
+            Console.WriteLine("\n=== One-Shot MAC Methods ===");
+            byte[] messageBytes = Encoding.UTF8.GetBytes(message);
+            byte[] key = GenerateKey(32);
+
+            byte[] hmacSha256OneShot = HMACSHA256.HashData(key, messageBytes);
+            Console.WriteLine($"One-shot HMAC-SHA256: {Convert.ToBase64String(hmacSha256OneShot)}");
+
+            byte[] hmacSha1OneShot = HMACSHA1.HashData(key, messageBytes);
+            Console.WriteLine($"One-shot HMAC-SHA1: {Convert.ToBase64String(hmacSha1OneShot)}");
+
+            byte[] hmacSha384OneShot = HMACSHA384.HashData(key, messageBytes);
+            Console.WriteLine($"One-shot HMAC-SHA384: {Convert.ToBase64String(hmacSha384OneShot)}");
+
+            byte[] hmacSha512OneShot = HMACSHA512.HashData(key, messageBytes);
+            Console.WriteLine($"One-shot HMAC-SHA512: {Convert.ToBase64String(hmacSha512OneShot)}");
+        }
+
+        private static void DemonstrateStreamBasedMAC(string message)
+        {
+            Console.WriteLine("\n=== Stream-Based MAC ===");
+            byte[] key = GenerateKey(32);
+
+            using (HMACSHA256 hmac = new HMACSHA256(key))
+            using (MemoryStream stream = new MemoryStream())
+            {
+                byte[] messageBytes = Encoding.UTF8.GetBytes(message);
+                stream.Write(messageBytes, 0, messageBytes.Length);
+                stream.Position = 0;
+
+                byte[] hash = hmac.ComputeHash(stream);
+                Console.WriteLine($"Stream-based HMAC-SHA256: {Convert.ToBase64String(hash)}");
+            }
+        }
+
+        private static byte[] GenerateKey(int sizeInBytes)
+        {
+            byte[] key = new byte[sizeInBytes];
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
+            {
+                rng.GetBytes(key);
+            }
+            return key;
+        }
+    }
+}

csharp/ql/test/experimental/library-tests/quantum/dotnet/macs/mac_hashalgorithms.expected

@@ -0,0 +1,10 @@
+| HMACExample.cs:33:31:33:66 | MACOperation | HMACSHA256 | HMAC |
+| HMACExample.cs:40:31:40:64 | MACOperation | HMACSHA1 | HMAC |
+| HMACExample.cs:47:31:47:66 | MACOperation | HMACSHA384 | HMAC |
+| HMACExample.cs:54:31:54:66 | MACOperation | HMACSHA512 | HMAC |
+| HMACExample.cs:68:31:68:65 | MACOperation | KeyedHashAlgorithm | HMAC |
+| HMACExample.cs:81:40:81:77 | MACOperation | HMACSHA256 | HMAC |
+| HMACExample.cs:84:38:84:73 | MACOperation | HMACSHA1 | HMAC |
+| HMACExample.cs:87:40:87:77 | MACOperation | HMACSHA384 | HMAC |
+| HMACExample.cs:90:40:90:77 | MACOperation | HMACSHA512 | HMAC |
+| HMACExample.cs:106:31:106:54 | MACOperation | HMACSHA256 | HMAC |

csharp/ql/test/experimental/library-tests/quantum/dotnet/macs/mac_hashalgorithms.ql

@@ -0,0 +1,6 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::MACOperationNode n, Crypto::AlgorithmNode algo
+where n.getAKnownAlgorithm() = algo
+select n, algo.getRawAlgorithmName(), algo.getAlgorithmName()

csharp/ql/test/experimental/library-tests/quantum/dotnet/macs/mac_operations.expected

@@ -0,0 +1,10 @@
+| HMACExample.cs:33:31:33:66 | MACOperation | HMACExample.cs:31:59:31:61 | Key | HMACExample.cs:33:54:33:65 | Message |
+| HMACExample.cs:40:31:40:64 | MACOperation | HMACExample.cs:38:53:38:55 | Key | HMACExample.cs:40:52:40:63 | Message |
+| HMACExample.cs:47:31:47:66 | MACOperation | HMACExample.cs:45:59:45:61 | Key | HMACExample.cs:47:54:47:65 | Message |
+| HMACExample.cs:54:31:54:66 | MACOperation | HMACExample.cs:52:59:52:61 | Key | HMACExample.cs:54:54:54:65 | Message |
+| HMACExample.cs:68:31:68:65 | MACOperation | HMACExample.cs:66:66:66:68 | Key | HMACExample.cs:68:53:68:64 | Message |
+| HMACExample.cs:81:40:81:77 | MACOperation | HMACExample.cs:81:60:81:62 | Key | HMACExample.cs:81:65:81:76 | Message |
+| HMACExample.cs:84:38:84:73 | MACOperation | HMACExample.cs:84:56:84:58 | Key | HMACExample.cs:84:61:84:72 | Message |
+| HMACExample.cs:87:40:87:77 | MACOperation | HMACExample.cs:87:60:87:62 | Key | HMACExample.cs:87:65:87:76 | Message |
+| HMACExample.cs:90:40:90:77 | MACOperation | HMACExample.cs:90:60:90:62 | Key | HMACExample.cs:90:65:90:76 | Message |
+| HMACExample.cs:106:31:106:54 | MACOperation | HMACExample.cs:99:53:99:55 | Key | HMACExample.cs:103:30:103:41 | Message |

csharp/ql/test/experimental/library-tests/quantum/dotnet/macs/mac_operations.ql

@@ -0,0 +1,5 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::MACOperationNode n
+select n, n.getAKey(), n.getAMessage()

csharp/ql/test/experimental/library-tests/quantum/dotnet/macs/options

@@ -0,0 +1,2 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj