Merge branch 'brodes/key_agreement' of https://github.com/nicolaswill/codeql into brodes/key_agreement

Author: nicolaswill

java/ql/src/experimental/Quantum/InventoryFilters/ArtifactReuse.qll

@@ -0,0 +1,70 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+import experimental.Quantum.Language
+
+/**
+ * Flow from any function that appears to return a value
+ * to an artifact node.
+ * NOTE: TODO: need to handle call by refernece for now. Need to re-evaluate (see notes below)
+ * Such functions may be 'wrappers' for some derived value.
+ */
+private module WrapperConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    exists(Call c |
+      c = source.asExpr()
+      // not handling references yet, I think we want to flat say references are only ok
+      // if I know the source, otherwise, it has to be through an additional flow step, which
+      // we filter as a source, i.e., references are only allowed as sources only,
+      // no inferrece? Not sure if that would work
+      //or
+      //   source.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = c.getAnArgument()
+    ) and
+    // Filter out sources that are known additional flow steps, as these are likely not the
+    // kind of wrapper source we are looking for.
+    not exists(AdditionalFlowInputStep s | s.getOutput() = source)
+  }
+
+  // Flow through additional flow steps
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+  }
+
+  predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(Crypto::ArtifactNode i).asElement() }
+}
+
+module WrapperFlow = DataFlow::Global<WrapperConfig>;
+
+/**
+ * Using a set approach to determine if reuse of an artifact exists.
+ * This predicate produces a set of 'wrappers' that flow to the artifact node.
+ * This set can be compared with the set to another artifact node to determine if they are the same.
+ */
+private DataFlow::Node getWrapperSet(Crypto::NonceArtifactNode a) {
+  WrapperFlow::flow(result, DataFlow::exprNode(a.asElement()))
+  or
+  result.asExpr() = a.getSourceElement()
+}
+
+/**
+ * Two different artifact nodes are considered reuse if any of the following conditions are met:
+ * 1. The source for artifact `a` and artifact `b` are the same and the source is a literal.
+ * 2. The source for artifact `a` and artifact `b` are not the same and the source is a literal of the same value.
+ * 3. For all 'wrappers' that return the source of artifact `a`, and that wrapper also exists for artifact `b`.
+ * 4. For all 'wrappers' that return the source of artifact `b`, and that wrapper also exists for artifact `a`.
+ */
+predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) {
+  a != b and
+  (
+    a.getSourceElement() = b.getSourceElement() and a.getSourceElement() instanceof Literal
+    or
+    a.getSourceElement().(Literal).getValue() = b.getSourceElement().(Literal).getValue()
+    or
+    forex(DataFlow::Node e | e = getWrapperSet(a) |
+      exists(DataFlow::Node e2 | e2 = getWrapperSet(b) | e = e2)
+    )
+    or
+    forex(DataFlow::Node e | e = getWrapperSet(b) |
+      exists(DataFlow::Node e2 | e2 = getWrapperSet(a) | e = e2)
+    )
+  )
+}

java/ql/src/experimental/Quantum/InventoryFilters/KnownWeakKDFIterationCount.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Detects known weak KDf iteration counts (less than 100k and the count is statically known)
+ * @id java/crypto_inventory_filters/known_weak_kdf_iteration_count
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::KeyDerivationOperationNode op, Literal l
+where
+  op.getIterationCount().asElement() = l and
+  l.getValue().toInt() < 100000
+select op, "Key derivation operation configures iteration count below 100k: $@", l,
+  l.getValue().toString()

java/ql/src/experimental/Quantum/InventoryFilters/ReusedNonce.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects reuse of the same nonce in multiple operations
+ * @id java/crypto_inventory_filter/nonce_reuse
+ * @kind problem
+ */
+
+import java
+import ArtifactReuse
+
+from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2
+where isArtifactReuse(nonce1, nonce2)
+select nonce1, "Reuse with nonce $@", nonce2, nonce2.toString()

java/ql/src/experimental/Quantum/InventoryFilters/UnknownKDFIterationCount.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Detects unknown KDf iteration counts
+ * @id java/crypto_inventory_filters/unknown_kdf_iteration_count
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::KeyDerivationOperationNode op, Element e, string msg
+where
+  e = op.getIterationCount().asElement() and
+  not e instanceof Literal and
+  msg = "Key derivation operation with unknown iteration: $@"
+  or
+  not exists(op.getIterationCount()) and
+  e = op.asElement() and
+  msg = "Key derivation operation with no iteration configuration."
+select op, msg, e, e.toString()

java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects known asymmetric algorithms
+ * @id java/crypto_inventory_slices/known_asymmetric_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::AlgorithmNode a
+where Crypto::isKnownAsymmetricAlgorithm(a)
+select a, "Instance of asymmetric algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects known asymmetric cipher algorithms
+ * @id java/crypto_inventory_slices/known_symmetric_cipher_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::KeyOperationAlgorithmNode a
+where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm
+select a, "Instance of asymmetric cipher algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects operations where the algorithm applied is a known asymmetric algorithms
+ * @id java/crypto_inventory_slices/known_asymmetric_operation_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::OperationNode op, Crypto::AlgorithmNode a
+where a = op.getAKnownAlgorithm() and Crypto::isKnownAsymmetricAlgorithm(a)
+select op, "Operation using asymmetric algorithm $@", a, a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownCipherAlgorithm.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Detects known cipher algorithms
+ * @id java/crypto_inventory_slices/known_cipher_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+// TODO: should there be a cipher algorithm node?
+from Crypto::KeyOperationAlgorithmNode a
+where
+  a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm or
+  a.getAlgorithmType() instanceof Crypto::KeyOpAlg::SymmetricCipherAlgorithm
+select a, "Instance of cipher algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects known elliptic curve algorithms
+ * @id java/crypto_inventory_slices/known_elliptic_curve_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::EllipticCurveNode a
+select a, "Instance of elliptic curve algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownHashingAlgorithm.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects algorithms that are known hashing algorithms
+ * @id java/crypto_inventory_slices/known_hashing_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::HashAlgorithmNode a
+select a, "Instance of hashing algorithm " + a.getAlgorithmName()