Adding inventory queries.

cpp/ql/src/experimental/crypto/inventory/AllAsymmetricAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name All Asymmetric Algorithms
+ * @description Finds all potential usage of asymmeric keys (RSA & ECC) using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/all-asymmetric-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AsymmetricAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/AllCryptoAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name All Cryptographic Algorithms
+ * @description Finds all potential usage of cryptographic algorithms usage using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/all-cryptographic-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from CryptographicAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/AsymmetricEncryptionAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Asymmetric Encryption Algorithms
+ * @description Finds all potential usage of asymmeric keys for encryption or key exchange using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/all-asymmetric-encryption-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AsymmetricEncryptionAlgorithm alg
+select alg, "Use of algorithm " + alg.getEncryptionName()

cpp/ql/src/experimental/crypto/inventory/AsymmetricPaddingAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Asymmetric Padding Schemes
+ * @description Finds all potential usage of padding schemes used with asymmeric algorithms.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/asymmetric-padding-schemes
+ * @problem.severity error
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from AsymmetricPadding alg
+select alg, "Use of algorithm " + alg.getPaddingName()

cpp/ql/src/experimental/crypto/inventory/AuthenticatedEncryptionAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Authenticated Encryption Algorithms
+ * @description Finds all potential usage of authenticated encryption schemes using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/authenticated-encryption-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AuthenticatedEncryptionAlgorithm alg
+select alg, "Use of algorithm " + alg.getAuthticatedEncryptionName()

cpp/ql/src/experimental/crypto/inventory/BlockModeAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Block cipher mode of operation
+ * @description Finds all potential block cipher modes of operations using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/block-cipher-mode
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from BlockModeAlgorithm alg
+select alg, "Use of algorithm " + alg.getBlockModeName()

cpp/ql/src/experimental/crypto/inventory/BlockModeKnownIVsOrNonces.ql

@@ -0,0 +1,18 @@
+/**
+ * @name Initialization Vector (IV) or nonces
+ * @description Finds all potential sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/iv-sources
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from BlockModeAlgorithm alg
+select alg.getIVorNonce(), "Block mode IV/Nonce source"

cpp/ql/src/experimental/crypto/inventory/BlockModeUnknownIVsOrNonces.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Unknown Initialization Vector (IV) or nonces
+ * @description Finds all potentially unknown sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/unkown-iv-sources
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from BlockModeAlgorithm alg
+where not alg.hasIVorNonce()
+select alg, "Block mode with unknown IV or Nonce configuration"

cpp/ql/src/experimental/crypto/inventory/EllipticCurveAlgorithmSize.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Elliptic Curve Key length
+ * @description Finds all potential key lengths for elliptic curve algorithms usage.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/elliptic-curve-key-length
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from EllipticCurveAlgorithm alg, string size
+where
+  if not exists(alg.getCurveBitSize())
+  then size = "UNKNOWN SIZE"
+  else size = alg.getCurveBitSize().toString()
+select alg, "Use of algorithm " + alg.getCurveName() + " with key size (in bits) " + size

cpp/ql/src/experimental/crypto/inventory/EllipticCurveAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Elliptic Curve Algorithms
+ * @description Finds all potential usage of elliptic curve algorithms using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/elliptic-curve-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from EllipticCurveAlgorithm alg
+select alg, "Use of algorithm " + alg.getCurveName()

cpp/ql/src/experimental/crypto/inventory/HashingAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Hash Algorithms
+ * @description Finds all potential usage of cryptographic hash algorithms using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/hash-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from HashAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/KeyExchangeAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Key Exchange Algorithms
+ * @description Finds all potential usage of key exchange using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/key-exchange
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from KeyExchangeAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/KnownAsymmetricKeyGeneration.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Known asymmetric key source generation
+ * @description Finds all known potential sources for asymmetric key generation while using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/asymmetric-key-generation
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AsymmetricKeyGeneration op, CryptographicAlgorithm alg, Expr configSrc
+where
+  alg = op.getAlgorithm() and
+  configSrc = op.getKeyConfigurationSource(alg)
+select op, "Key generator for algorithm $@ with key configuration $@", alg, alg.getName(),
+  configSrc, configSrc.toString()

cpp/ql/src/experimental/crypto/inventory/SigningAlgorithms.ql

@@ -0,0 +1,18 @@
+/**
+ * @name Signing Algorithms
+ * @description Finds all potential usage of signing algorithms using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/signing-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from SigningAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/SymmetricEncryptionAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Symmetric Encryption Algorithms
+ * @description Finds all potential usage of symmetric encryption algorithms using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/symmetric-encryption-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from SymmetricEncryptionAlgorithm alg
+select alg, "Use of algorithm " + alg.getEncryptionName()

cpp/ql/src/experimental/crypto/inventory/SymmetricPaddingAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Symmetric Padding Schemes
+ * @description Finds all potential usage of padding schemes used with symmeric algorithms.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/symmetric-padding-schemes
+ * @problem.severity error
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from SymmetricPadding alg
+select alg, "Use of algorithm " + alg.getPaddingName()

cpp/ql/src/experimental/crypto/inventory/UnknownAsymmetricKeyGeneration.ql

@@ -0,0 +1,20 @@
+/**
+ * @name Unknown asymmetric key source generation
+ * @description Finds all unknown potential sources for asymmetric key generation while using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/unkwon-asymmetric-key-generation
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AsymmetricKeyGeneration op, CryptographicAlgorithm alg
+where
+  alg = op.getAlgorithm() and
+  not op.hasKeyConfigurationSource(alg)
+select op, "Key generator for algorithm $@ with unknown configuration source", alg, alg.getName()