Cipher Algorithm Slices

java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects known asymmetric cipher algorithms
+ * @id java/crypto_inventory_slices/known_symmetric_cipher_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::KeyOperationAlgorithmNode a
+where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm
+select a, "Instance of asymmetric cipher algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownCipherAlgorithm.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Detects known cipher algorithms
+ * @id java/crypto_inventory_slices/known_cipher_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+// TODO: should there be a cipher algorithm node?
+from Crypto::KeyOperationAlgorithmNode a
+where
+  a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm or
+  a.getAlgorithmType() instanceof Crypto::KeyOpAlg::SymmetricCipherAlgorithm
+select a, "Instance of cipher algorithm " + a.getAlgorithmName()

shared/cryptography/codeql/cryptography/Model.qll

@@ -659,6 +659,14 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
 
       TSymmetricCipherType getType() { result = type }
     }
+
+    class AsymmetricCipherAlgorithm extends Algorithm, TAsymmetricCipher {
+      TAsymmetricCipherType type;
+
+      AsymmetricCipherAlgorithm() { this = TAsymmetricCipher(type) }
+
+      TAsymmetricCipherType getType() { result = type }
+    }
   }
 
   /**