Python: Add MISSING: CryptographicOperationAlgorithm annotations

For RSA it's unclear what the algorithm name should even be. Signatures based on
RSA private keys with PSS scheme is ok, but with pkcs#1 v1.5 they are
weak/vulnerable. So clearly just putting RSA as the algorithm name is not enough
information...

and that problem is also why I wanted to do this commit separetely (to call
extra atten to this).

python/ql/test/library-tests/frameworks/cryptodome/test_dsa.py

@@ -21,7 +21,7 @@ message = b"message"
 signer = DSS.new(private_key, mode='fips-186-3')
 
 hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
-signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=DSA
 
 print("signature={}".format(signature))
 
@@ -30,12 +30,12 @@ print()
 verifier = DSS.new(public_key, mode='fips-186-3')
 
 hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
-verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=DSA
 print("Signature verified (as expected)")
 
 try:
     hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
-    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=DSA
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_ec.py

@@ -18,7 +18,7 @@ message = b"message"
 signer = DSS.new(private_key, mode='fips-186-3')
 
 hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
-signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=ECDSA
 
 print("signature={}".format(signature))
 
@@ -32,7 +32,7 @@ print("Signature verified (as expected)")
 
 try:
     hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
-    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=ECDSA
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_rsa.py

@@ -23,7 +23,7 @@ secret_message = b"secret message"
 
 encrypt_cipher = PKCS1_OAEP.new(public_key)
 
-encrypted = encrypt_cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationInput=secret_message
+encrypted = encrypt_cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationInput=secret_message # MISSING: CryptographicOperationAlgorithm=RSA-OAEP?
 
 print("encrypted={}".format(encrypted))
 
@@ -31,7 +31,7 @@ print()
 
 decrypt_cipher = PKCS1_OAEP.new(private_key)
 
-decrypted = decrypt_cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationInput=encrypted
+decrypted = decrypt_cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationInput=encrypted # MISSING: CryptographicOperationAlgorithm=RSA-OAEP?
 
 print("decrypted={}".format(decrypted))
 assert decrypted == secret_message
@@ -50,7 +50,7 @@ message = b"message"
 signer = pss.new(private_key)
 
 hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
-signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
 
 print("signature={}".format(signature))
 
@@ -59,13 +59,13 @@ print()
 verifier = pss.new(public_key)
 
 hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
-verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
 print("Signature verified (as expected)")
 
 try:
     verifier = pss.new(public_key)
     hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
-    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")