Python: Add CryptographicOperation modeling for Cryptodome

Author: RasmusWL

python/ql/src/semmle/python/frameworks/Cryptodome.qll

@@ -17,7 +17,6 @@ private import semmle.python.ApiGraphs
  * See https://pycryptodome.readthedocs.io/en/latest/
  */
 private module CryptodomeModel {
-  // ---------------------------------------------------------------------------
   /**
    * A call to `Cryptodome.PublicKey.RSA.generate`/`Crypto.PublicKey.RSA.generate`
    *
@@ -101,4 +100,115 @@ private module CryptodomeModel {
     // Note: There is not really a key-size argument, since it's always specified by the curve.
     override DataFlow::Node getKeySizeArg() { none() }
   }
+
+  /**
+   * A cryptographic operation on an instance from the `Cipher` subpackage of `Cryptodome`/`Crypto`.
+   */
+  class CryptodomeGenericCipherOperation extends Cryptography::CryptographicOperation::Range,
+    DataFlow::CallCfgNode {
+    string methodName;
+    string cipherName;
+
+    CryptodomeGenericCipherOperation() {
+      methodName in [
+          "encrypt", "decrypt", "verify", "update", "hexverify", "encrypt_and_digest",
+          "decrypt_and_verify"
+        ] and
+      this =
+        API::moduleImport(["Crypto", "Cryptodome"])
+            .getMember(["Cipher"])
+            .getMember(cipherName)
+            .getMember("new")
+            .getReturn()
+            .getMember(methodName)
+            .getACall()
+    }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(cipherName) }
+
+    override DataFlow::Node getAnInput() {
+      methodName = "encrypt" and
+      result in [this.getArg(0), this.getArgByName(["message", "plaintext"])]
+      or
+      methodName = "decrypt" and
+      result in [this.getArg(0), this.getArgByName("ciphertext")]
+      or
+      // for the following methods, method signatures can be found in
+      // https://pycryptodome.readthedocs.io/en/latest/src/cipher/modern.html
+      methodName in ["update"] and
+      result in [this.getArg(0), this.getArgByName("data")]
+      or
+      methodName in ["verify"] and
+      result in [this.getArg(0), this.getArgByName(["mac_tag", "received_mac_tag"])]
+      or
+      methodName in ["hexverify"] and
+      result in [this.getArg(0), this.getArgByName("mac_tag_hex")]
+      or
+      methodName in ["encrypt_and_digest"] and
+      result in [this.getArg(0), this.getArgByName("plaintext")]
+      or
+      methodName in ["decrypt_and_verify"] and
+      result in [this.getArg(0), this.getArgByName("ciphertext")]
+    }
+  }
+
+  /**
+   * A cryptographic operation on an instance from the `Signature` subpackage of `Cryptodome`/`Crypto`.
+   */
+  class CryptodomeGenericSignatureOperation extends Cryptography::CryptographicOperation::Range,
+    DataFlow::CallCfgNode {
+    string methodName;
+    string signatureName;
+
+    CryptodomeGenericSignatureOperation() {
+      methodName in ["sign", "verify"] and
+      this =
+        API::moduleImport(["Crypto", "Cryptodome"])
+            .getMember(["Signature"])
+            .getMember(signatureName)
+            .getMember("new")
+            .getReturn()
+            .getMember(methodName)
+            .getACall()
+    }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() {
+      result.matchesName(signatureName)
+    }
+
+    override DataFlow::Node getAnInput() {
+      methodName = "sign" and
+      result in [this.getArg(0), this.getArgByName("msg_hash")] // Cryptodome.Hash instance
+      or
+      methodName in ["verify"] and
+      (
+        result in [this.getArg(0), this.getArgByName(["msg_hash"])] // Cryptodome.Hash instance
+        or
+        result in [this.getArg(1), this.getArgByName(["signature"])]
+      )
+    }
+  }
+
+  /**
+   * A cryptographic operation on an instance from the `Hash` subpackage of `Cryptodome`/`Crypto`.
+   */
+  class CryptodomeGenericHashOperation extends Cryptography::CryptographicOperation::Range,
+    DataFlow::CallCfgNode {
+    string hashName;
+
+    CryptodomeGenericHashOperation() {
+      exists(API::Node hashModule |
+        hashModule =
+          API::moduleImport(["Crypto", "Cryptodome"]).getMember(["Hash"]).getMember(hashName)
+      |
+        this = hashModule.getMember("new").getACall()
+        or
+        this = hashModule.getMember("new").getReturn().getMember("update").getACall()
+      )
+    }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }
+
+    override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
+  }
 }

python/ql/test/experimental/library-tests/frameworks/cryptodome/test_aes.py

@@ -21,14 +21,14 @@
 cipher = AES.new(key, AES.MODE_CBC, iv=iv)
 # using separate .encrypt calls on individual lines does not work
 whole_plantext = secret_message + padding
-encrypted = cipher.encrypt(whole_plantext)
+encrypted = cipher.encrypt(whole_plantext) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=whole_plantext
 
 print("encrypted={}".format(encrypted))
 
 print()
 
 cipher = AES.new(key, AES.MODE_CBC, iv=iv)
-decrypted = cipher.decrypt(encrypted)
+decrypted = cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=encrypted
 
 decrypted = decrypted[:-padding_len]
 

python/ql/test/experimental/library-tests/frameworks/cryptodome/test_md5.py

@@ -1,10 +1,10 @@
 from Cryptodome.Hash import MD5
 
-hasher = MD5.new(b"secret message") # $ MISSING: CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+hasher = MD5.new(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
 print(hasher.hexdigest())
 
 
-hasher = MD5.new() # $ MISSING: CryptographicOperation CryptographicOperationAlgorithm=MD5
-hasher.update(b"secret") # $ MISSING: CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
-hasher.update(b" message") # $ MISSING: CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
+hasher = MD5.new() # $ CryptographicOperation CryptographicOperationAlgorithm=MD5
+hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
+hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
 print(hasher.hexdigest())

python/ql/test/experimental/library-tests/frameworks/cryptodome/test_rc4.py

@@ -17,14 +17,14 @@
 secret_message = b"secret message"
 
 cipher = ARC4.new(key)
-encrypted = cipher.encrypt(secret_message)
+encrypted = cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=secret_message
 
 print("encrypted={}".format(encrypted))
 
 print()
 
 cipher = ARC4.new(key)
-decrypted = cipher.decrypt(encrypted)
+decrypted = cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=encrypted
 
 print("decrypted={}".format(decrypted))
 assert decrypted == secret_message

python/ql/test/library-tests/frameworks/cryptodome/test_dsa.py

@@ -20,22 +20,22 @@
 
 signer = DSS.new(private_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher
 
 print("signature={}".format(signature))
 
 print()
 
 verifier = DSS.new(public_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
 print("Signature verified (as expected)")
 
 try:
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_ec.py

@@ -17,22 +17,22 @@
 
 signer = DSS.new(private_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher
 
 print("signature={}".format(signature))
 
 print()
 
 verifier = DSS.new(public_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
 print("Signature verified (as expected)")
 
 try:
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_rsa.py

@@ -23,17 +23,15 @@
 
 encrypt_cipher = PKCS1_OAEP.new(public_key)
 
-encrypted = encrypt_cipher.encrypt(secret_message)
+encrypted = encrypt_cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationInput=secret_message
 
 print("encrypted={}".format(encrypted))
 
 print()
 
 decrypt_cipher = PKCS1_OAEP.new(private_key)
 
-decrypted = decrypt_cipher.decrypt(
-    encrypted,
-)
+decrypted = decrypt_cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationInput=encrypted
 
 print("decrypted={}".format(decrypted))
 assert decrypted == secret_message
@@ -51,23 +49,23 @@
 
 signer = pss.new(private_key)
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher
 
 print("signature={}".format(signature))
 
 print()
 
 verifier = pss.new(public_key)
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
 print("Signature verified (as expected)")
 
 try:
     verifier = pss.new(public_key)
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")