hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Working refactor for cipher, padding, block mode. Still haven't completed connecting padding to algorithm instances if through a set padding interface.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-05-02 14:10:38 -04:00
parent 7481de75cb
commit 09d473674b
16 changed files with 1205 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll Normal file
View File

@@ -0,0 +1,170 @@
import cpp
import semmle.code.cpp.dataflow.new.DataFlow
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers // import all known alg value consummers
/**
* Traces 'known algorithms' to AVCs, specifically
* algorithms that are in the set of known algorithm constants.
* Padding-specific consumers exist that have their own values that
* overlap with the known algorithm constants.
* Padding consumers (specific padding consumers) are excluded from the set of sinks.
*/
module KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.asExpr() instanceof KnownOpenSSLAlgorithmConstant
}
predicate isSink(DataFlow::Node sink) {
exists(OpenSSLAlgorithmValueConsumer c |
c.getInputNode() = sink and
not c instanceof PaddingAlgorithmValueConsumer
)
}
predicate isBarrier(DataFlow::Node node) {
// False positive reducer, don't flow out through argv
exists(VariableAccess va, Variable v |
v.getAnAccess() = va and va = node.asExpr()
or
va = node.asIndirectExpr()
|
v.getName().matches("%argv")
)
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
knownPassThroughStep(node1, node2)
}
}
module KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow =
DataFlow::Global<KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig>;
module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.asExpr() instanceof KnownOpenSSLAlgorithmConstant
}
predicate isSink(DataFlow::Node sink) {
exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink)
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
knownPassThroughStep(node1, node2)
}
}
module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow =
DataFlow::Global<RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig>;
class OpenSSLAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep {
OpenSSLAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) }
override DataFlow::Node getOutput() {
exists(AlgorithmPassthroughCall c | c.getInNode() = this and c.getOutNode() = result)
}
}
abstract class AlgorithmPassthroughCall extends Call {
abstract DataFlow::Node getInNode();
abstract DataFlow::Node getOutNode();
}
class CopyAndDupAlgorithmPassthroughCall extends AlgorithmPassthroughCall {
DataFlow::Node inNode;
DataFlow::Node outNode;
CopyAndDupAlgorithmPassthroughCall() {
// Flow out through any return or other argument of the same type
// Assume flow in and out is asIndirectExpr or asDefinitingArgument since a pointer is assumed
// to be involved
// NOTE: not attempting to detect openssl specific copy/dup functions, but anything suspected to be copy/dup
this.getTarget().getName().toLowerCase().matches(["%_dup%", "%_copy%"]) and
exists(Expr inArg, Type t |
inArg = this.getAnArgument() and t = inArg.getUnspecifiedType().stripType()
|
inNode.asIndirectExpr() = inArg and
(
// Case 1: flow through another argument as an out arg of the same type
exists(Expr outArg |
outArg = this.getAnArgument() and
outArg != inArg and
outArg.getUnspecifiedType().stripType() = t
|
outNode.asDefiningArgument() = outArg
)
or
// Case 2: flow through the return value if the result is the same as the intput type
exists(Expr outArg | outArg = this and outArg.getUnspecifiedType().stripType() = t |
outNode.asIndirectExpr() = outArg
)
)
)
}
override DataFlow::Node getInNode() { result = inNode }
override DataFlow::Node getOutNode() { result = outNode }
}
class NIDToPointerPassthroughCall extends AlgorithmPassthroughCall {
DataFlow::Node inNode;
DataFlow::Node outNode;
NIDToPointerPassthroughCall() {
this.getTarget().getName() in ["OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn"] and
inNode.asExpr() = this.getArgument(0) and
outNode.asExpr() = this
//outNode.asIndirectExpr() = this
}
override DataFlow::Node getInNode() { result = inNode }
override DataFlow::Node getOutNode() { result = outNode }
}
class PointerToPointerPassthroughCall extends AlgorithmPassthroughCall {
DataFlow::Node inNode;
DataFlow::Node outNode;
PointerToPointerPassthroughCall() {
this.getTarget().getName() = "OBJ_txt2obj" and
inNode.asIndirectExpr() = this.getArgument(0) and
outNode.asIndirectExpr() = this
or
//outNode.asExpr() = this
this.getTarget().getName() in ["OBJ_obj2txt", "i2t_ASN1_OBJECT"] and
inNode.asIndirectExpr() = this.getArgument(2) and
outNode.asDefiningArgument() = this.getArgument(0)
}
override DataFlow::Node getInNode() { result = inNode }
override DataFlow::Node getOutNode() { result = outNode }
}
class PointerToNIDPassthroughCall extends AlgorithmPassthroughCall {
DataFlow::Node inNode;
DataFlow::Node outNode;
PointerToNIDPassthroughCall() {
this.getTarget().getName() in ["OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", "OBJ_txt2nid"] and
(
inNode.asIndirectExpr() = this.getArgument(0)
or
inNode.asExpr() = this.getArgument(0)
) and
outNode.asExpr() = this
}
override DataFlow::Node getInNode() { result = inNode }
override DataFlow::Node getOutNode() { result = outNode }
}
// TODO: pkeys pass through EVP_PKEY_CTX_new and any similar variant
predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(AlgorithmPassthroughCall c | c.getInNode() = node1 and c.getOutNode() = node2)
}

76
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll Normal file
View File

@@ -0,0 +1,76 @@
import cpp
import experimental.Quantum.Language
import OpenSSLAlgorithmInstanceBase
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
import AlgToAVCFlow
/**
* Given a `KnownOpenSSLBlockModeAlgorithmConstant`, converts this to a block family type.
* Does not bind if there is know mapping (no mapping to 'unknown' or 'other').
*/
predicate knownOpenSSLConstantToBlockModeFamilyType(
KnownOpenSSLBlockModeAlgorithmConstant e, Crypto::TBlockCipherModeOfOperationType type
) {
exists(string name |
name = e.getNormalizedName() and
(
name.matches("CBC") and type instanceof Crypto::CBC
or
name.matches("CFB%") and type instanceof Crypto::CFB
or
name.matches("CTR") and type instanceof Crypto::CTR
or
name.matches("GCM") and type instanceof Crypto::GCM
or
name.matches("OFB") and type instanceof Crypto::OFB
or
name.matches("XTS") and type instanceof Crypto::XTS
or
name.matches("CCM") and type instanceof Crypto::CCM
or
name.matches("GCM") and type instanceof Crypto::GCM
or
name.matches("CCM") and type instanceof Crypto::CCM
or
name.matches("ECB") and type instanceof Crypto::ECB
)
)
}
class KnownOpenSSLBlockModeConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
Crypto::ModeOfOperationAlgorithmInstance instanceof KnownOpenSSLBlockModeAlgorithmConstant
{
OpenSSLAlgorithmValueConsumer getterCall;
KnownOpenSSLBlockModeConstantAlgorithmInstance() {
// Two possibilities:
// 1) The source is a literal and flows to a getter, then we know we have an instance
// 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
// Possibility 1:
this instanceof Literal and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a CipherGetterCall
sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
// Source is `this`
src.asExpr() = this and
// This traces to a getter
KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
)
or
// Possibility 2:
this instanceof DirectAlgorithmValueConsumer and getterCall = this
}
override Crypto::TBlockCipherModeOfOperationType getModeType() {
knownOpenSSLConstantToBlockModeFamilyType(this, result)
or
not knownOpenSSLConstantToBlockModeFamilyType(this, _) and result = Crypto::OtherMode()
}
// NOTE: I'm not going to attempt to parse out the mode specific part, so returning
// the same as the raw name for now.
override string getRawModeAlgorithmName() { result = this.(Literal).getValue().toString() }
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
}

129
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll Normal file
View File

@@ -0,0 +1,129 @@
import cpp
import experimental.Quantum.Language
import KnownAlgorithmConstants
import Crypto::KeyOpAlg as KeyOpAlg
import OpenSSLAlgorithmInstanceBase
import PaddingAlgorithmInstance
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
import AlgToAVCFlow
import BlockAlgorithmInstance
/**
* Given a `KnownOpenSSLCipherAlgorithmConstant`, converts this to a cipher family type.
* Does not bind if there is know mapping (no mapping to 'unknown' or 'other').
*/
predicate knownOpenSSLConstantToCipherFamilyType(
KnownOpenSSLCipherAlgorithmConstant e, Crypto::KeyOpAlg::TAlgorithm type
) {
exists(string name |
name = e.getNormalizedName() and
(
name.matches("AES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES())
or
name.matches("ARIA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::ARIA())
or
name.matches("BLOWFISH%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
or
name.matches("BF%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
or
name.matches("CAMELLIA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CAMELLIA())
or
name.matches("CHACHA20%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CHACHA20())
or
name.matches("CAST5%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CAST5())
or
name.matches("2DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DoubleDES())
or
name.matches("3DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TripleDES())
or
name.matches("DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES())
or
name.matches("DESX%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DESX())
or
name.matches("GOST%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::GOST())
or
name.matches("IDEA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA())
or
name.matches("KUZNYECHIK%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::KUZNYECHIK())
or
name.matches("MAGMA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::MAGMA())
or
name.matches("RC2%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2())
or
name.matches("RC4%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4())
or
name.matches("RC5%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC5())
or
name.matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
or
name.matches("SEED%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SEED())
or
name.matches("SM4%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SM4())
)
)
}
class KnownOpenSSLCipherConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLCipherAlgorithmConstant
{
//OpenSSLAlgorithmInstance,
OpenSSLAlgorithmValueConsumer getterCall;
KnownOpenSSLCipherConstantAlgorithmInstance() {
(
// Two possibilities:
// 1) The source is a literal and flows to a getter, then we know we have an instance
// 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
// Possibility 1:
this instanceof Literal and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a CipherGetterCall
sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
// Source is `this`
src.asExpr() = this and
// This traces to a getter
KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
)
or
// Possibility 2:
this instanceof DirectAlgorithmValueConsumer and getterCall = this
)
}
override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() {
// if there is a block mode associated with the same element, then that's the block mode
// note, if none are associated, we may need to parse if the cipher is a block cipher
// to determine if this is an unknown vs not relevant.
result = this
}
override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() {
//TODO: the padding is either self, or it flows through getter ctx to a set padding call
// like EVP_PKEY_CTX_set_rsa_padding
result = this
// or trace through getter ctx to set padding
}
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
override string getKeySizeFixed() {
exists(int keySize |
this.(KnownOpenSSLCipherAlgorithmConstant).getExplicitKeySize() = keySize and
result = keySize.toString()
)
}
override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
knownOpenSSLConstantToCipherFamilyType(this, result)
or
not knownOpenSSLConstantToCipherFamilyType(this, _) and
result = Crypto::KeyOpAlg::TUnknownKeyOperationAlgorithmType()
}
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
// TODO: trace to any key size initializer, symmetric and asymmetric
none()
}
}

401
cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSLKnownAlgorithmConstants.qll → cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
View File

@@ -1,5 +1,5 @@
import cpp
import LibraryDetector
import experimental.Quantum.OpenSSL.LibraryDetector
class KnownOpenSSLAlgorithmConstant extends Expr {
string normalizedName;
@@ -16,6 +16,28 @@ class KnownOpenSSLAlgorithmConstant extends Expr {
string getAlgType() { result = algType }
}
class KnownOpenSSLCipherAlgorithmConstant extends KnownOpenSSLAlgorithmConstant {
KnownOpenSSLCipherAlgorithmConstant() {
this.(KnownOpenSSLAlgorithmConstant).getAlgType().toLowerCase().matches("%encryption")
}
int getExplicitKeySize() {
result = this.getNormalizedName().regexpCapture(".*-(\\d*)", 1).toInt()
}
}
class KnownOpenSSLPaddingAlgorithmConstant extends KnownOpenSSLAlgorithmConstant {
KnownOpenSSLPaddingAlgorithmConstant() {
this.(KnownOpenSSLAlgorithmConstant).getAlgType().toLowerCase().matches("%padding")
}
}
class KnownOpenSSLBlockModeAlgorithmConstant extends KnownOpenSSLAlgorithmConstant {
KnownOpenSSLBlockModeAlgorithmConstant() {
this.(KnownOpenSSLAlgorithmConstant).getAlgType().toLowerCase().matches("block_mode")
}
}
/**
* Resolves a call to a 'direct algorithm getter', e.g., EVP_MD5()
* This approach to fetching algorithms was used in OpenSSL 1.0.2.
@@ -222,9 +244,9 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "gost2001" and nid = 811 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "gost2012_256" and nid = 979 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION"
name = "gost2012_256" and nid = 979 and normalized = "GOST" and algType = "HASH" // TODO: Verify algorithm type
or
name = "gost2012_512" and nid = 980 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION"
name = "gost2012_512" and nid = 980 and normalized = "GOST" and algType = "HASH" // TODO: Verify algorithm type
or
name = "ed25519" and nid = 1087 and normalized = "ED25519" and algType = "ELLIPTIC_CURVE"
or
@@ -276,159 +298,222 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "sm3" and nid = 1143 and normalized = "SM3" and algType = "HASH"
or
name = "aes-128-cbc" and nid = 419 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-cbc" and nid = 419 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cbc" and nid = 419 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aes-128-ecb" and nid = 418 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-ecb" and nid = 418 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ecb" and nid = 418 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "aes-192-cbc" and nid = 423 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-cbc" and nid = 423 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-cbc" and nid = 423 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aes-192-ecb" and nid = 422 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-ecb" and nid = 422 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-ecb" and nid = 422 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "aes-256-cbc" and nid = 427 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-cbc" and nid = 427 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-cbc" and nid = 427 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aes-256-ecb" and nid = 426 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-ecb" and nid = 426 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-ecb" and nid = 426 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "aria-128-cbc" and nid = 1066 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aria-128-cbc" and nid = 1066 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-cbc" and
nid = 1066 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-cfb" and nid = 1067 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aria-128-cfb" and nid = 1067 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-cfb" and
nid = 1067 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-ctr" and nid = 1069 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "aria-128-ctr" and nid = 1069 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-ctr" and
nid = 1069 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-ecb" and nid = 1065 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "aria-128-ecb" and nid = 1065 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-ecb" and
nid = 1065 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-ofb" and nid = 1068 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "aria-128-ofb" and nid = 1068 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-ofb" and
nid = 1068 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-cfb1" and nid = 1080 and normalized = "CFB1" and algType = "BLOCK_MODE"
or
name = "aria-128-cfb1" and nid = 1080 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-cfb1" and
nid = 1080 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-cfb8" and nid = 1083 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-cfb8" and
nid = 1083 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-cfb8" and nid = 1083 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "aria-192-cbc" and nid = 1071 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aria-192-cbc" and nid = 1071 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-cbc" and
nid = 1071 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-cfb" and nid = 1072 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aria-192-cfb" and nid = 1072 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-cfb" and
nid = 1072 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-ctr" and nid = 1074 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "aria-192-ctr" and nid = 1074 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-ctr" and
nid = 1074 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-ecb" and nid = 1070 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "aria-192-ecb" and nid = 1070 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-ecb" and
nid = 1070 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-ofb" and nid = 1073 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "aria-192-ofb" and nid = 1073 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-ofb" and
nid = 1073 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-cfb1" and nid = 1081 and normalized = "CFB1" and algType = "BLOCK_MODE"
or
name = "aria-192-cfb1" and nid = 1081 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-cfb1" and
nid = 1081 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-cfb8" and nid = 1084 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-cfb8" and
nid = 1084 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-cfb8" and nid = 1084 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "aria-256-cbc" and nid = 1076 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aria-256-cbc" and nid = 1076 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-cbc" and
nid = 1076 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-cfb" and nid = 1077 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aria-256-cfb" and nid = 1077 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-cfb" and
nid = 1077 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-ctr" and nid = 1079 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "aria-256-ctr" and nid = 1079 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-ctr" and
nid = 1079 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-ecb" and nid = 1075 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "aria-256-ecb" and nid = 1075 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-ecb" and
nid = 1075 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-ofb" and nid = 1078 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "aria-256-ofb" and nid = 1078 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-ofb" and
nid = 1078 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-cfb1" and nid = 1082 and normalized = "CFB1" and algType = "BLOCK_MODE"
or
name = "aria-256-cfb1" and nid = 1082 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-cfb1" and
nid = 1082 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-cfb8" and nid = 1085 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-cfb8" and
nid = 1085 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-cfb8" and nid = 1085 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "camellia-128-cbc" and
nid = 751 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-cbc" and nid = 751 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "camellia-128-ecb" and
nid = 754 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-ecb" and nid = 754 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "camellia-192-cbc" and
nid = 752 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-cbc" and nid = 752 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "camellia-192-ecb" and
nid = 755 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-ecb" and nid = 755 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "camellia-256-cbc" and
nid = 753 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-cbc" and nid = 753 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "camellia-256-ecb" and
nid = 756 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-ecb" and nid = 756 and normalized = "ECB" and algType = "BLOCK_MODE"
or
name = "rc4" and nid = 5 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "rc4-40" and nid = 97 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION"
name = "rc4-40" and nid = 97 and normalized = "RC4-40" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "des-ecb" and nid = 29 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION"
or
@@ -510,7 +595,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "seed-ofb" and nid = 778 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "rc2-cbc" and nid = 37 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION"
name = "rc2-cbc" and nid = 37 and normalized = "RC2-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "rc2-cbc" and nid = 37 and normalized = "CBC" and algType = "BLOCK_MODE"
or
@@ -526,11 +611,11 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "rc2-ofb" and nid = 40 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "rc2-64-cbc" and nid = 166 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION"
name = "rc2-64-cbc" and nid = 166 and normalized = "RC2-64" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "rc2-64-cbc" and nid = 166 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "rc2-40-cbc" and nid = 98 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION"
name = "rc2-40-cbc" and nid = 98 and normalized = "RC2-40" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "rc2-40-cbc" and nid = 98 and normalized = "CBC" and algType = "BLOCK_MODE"
or
@@ -586,7 +671,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "sm4-ctr" and nid = 1139 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "aes-128-gcm" and nid = 895 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-gcm" and nid = 895 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE"
or
@@ -604,32 +689,32 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "id-aes128-wrap" and
nid = 788 and
normalized = "AES128" and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes192-wrap" and
nid = 789 and
normalized = "AES192" and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes256-wrap" and
nid = 790 and
normalized = "AES256" and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes128-wrap-pad" and
nid = 897 and
normalized = "AES128" and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes192-wrap-pad" and
nid = 900 and
normalized = "AES192" and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes256-wrap-pad" and
nid = 903 and
normalized = "AES256" and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "chacha20" and nid = 1019 and normalized = "CHACHA20" and algType = "SYMMETRIC_ENCRYPTION"
@@ -738,7 +823,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pkcs5" and nid = 187 and normalized = "PKCS5" and algType = "KEY_DERIVATION"
or
name = "aes-256-gcm" and nid = 901 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-gcm" and nid = 901 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE"
or
@@ -775,53 +860,71 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "SHA1" and algType = "HASH"
or
name = "aes-128-ofb" and nid = 420 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-ofb" and nid = 420 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ofb" and nid = 420 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "aes-128-cfb" and nid = 421 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-cfb" and nid = 421 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cfb" and nid = 421 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aes-192-ofb" and nid = 424 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-ofb" and nid = 424 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-ofb" and nid = 424 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "aes-192-cfb" and nid = 425 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-cfb" and nid = 425 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-cfb" and nid = 425 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aes-256-ofb" and nid = 428 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-ofb" and nid = 428 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-ofb" and nid = 428 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "aes-256-cfb" and nid = 429 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-cfb" and nid = 429 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-cfb" and nid = 429 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "des-cdmf" and nid = 643 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cfb1" and nid = 650 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-cfb1" and
nid = 650 and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cfb1" and nid = 650 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aes-192-cfb1" and nid = 651 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-cfb1" and
nid = 651 and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-cfb1" and nid = 651 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aes-256-cfb1" and nid = 652 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-cfb1" and
nid = 652 and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-cfb1" and nid = 652 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "aes-128-cfb8" and nid = 653 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-cfb8" and
nid = 653 and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cfb8" and nid = 653 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "aes-192-cfb8" and nid = 654 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-cfb8" and
nid = 654 and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-cfb8" and nid = 654 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "aes-256-cfb8" and nid = 655 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-cfb8" and
nid = 655 and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-cfb8" and nid = 655 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
@@ -851,84 +954,84 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "camellia-128-cfb" and
nid = 757 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-cfb" and nid = 757 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "camellia-192-cfb" and
nid = 758 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-cfb" and nid = 758 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "camellia-256-cfb" and
nid = 759 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-cfb" and nid = 759 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "camellia-128-cfb1" and
nid = 760 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-cfb1" and nid = 760 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "camellia-192-cfb1" and
nid = 761 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-cfb1" and nid = 761 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "camellia-256-cfb1" and
nid = 762 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-cfb1" and nid = 762 and normalized = "CFB" and algType = "BLOCK_MODE"
or
name = "camellia-128-cfb8" and
nid = 763 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-cfb8" and nid = 763 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "camellia-192-cfb8" and
nid = 764 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-cfb8" and nid = 764 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "camellia-256-cfb8" and
nid = 765 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-cfb8" and nid = 765 and normalized = "CFB8" and algType = "BLOCK_MODE"
or
name = "camellia-128-ofb" and
nid = 766 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-ofb" and nid = 766 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "camellia-192-ofb" and
nid = 767 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-ofb" and nid = 767 and normalized = "OFB" and algType = "BLOCK_MODE"
or
name = "camellia-256-ofb" and
nid = 768 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-ofb" and nid = 768 and normalized = "OFB" and algType = "BLOCK_MODE"
@@ -956,56 +1059,56 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "gost2001cc" and nid = 851 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ccm" and nid = 896 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-ccm" and nid = 896 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "aes-192-gcm" and nid = 898 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-gcm" and nid = 898 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "aes-192-ccm" and nid = 899 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-ccm" and nid = 899 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "aes-256-ccm" and nid = 902 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-ccm" and nid = 902 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "aes-128-ctr" and nid = 904 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-ctr" and nid = 904 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ctr" and nid = 904 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "aes-192-ctr" and nid = 905 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-ctr" and nid = 905 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-ctr" and nid = 905 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "aes-256-ctr" and nid = 906 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-ctr" and nid = 906 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-ctr" and nid = 906 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "id-camellia128-wrap" and
nid = 907 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-camellia192-wrap" and
nid = 908 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-camellia256-wrap" and
nid = 909 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "mgf1" and nid = 911 and normalized = "MGF1" and algType = "HASH"
or
name = "aes-128-xts" and nid = 913 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-xts" and nid = 913 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-xts" and nid = 913 and normalized = "XTS" and algType = "BLOCK_MODE"
or
name = "aes-256-xts" and nid = 914 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-xts" and nid = 914 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-xts" and nid = 914 and normalized = "XTS" and algType = "BLOCK_MODE"
or
@@ -1017,7 +1120,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-128-cbc-hmac-sha1" and
nid = 916 and
normalized = "AES128" and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "CBC" and algType = "BLOCK_MODE"
@@ -1026,14 +1129,14 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-192-cbc-hmac-sha1" and
nid = 917 and
normalized = "AES192" and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aes-256-cbc-hmac-sha1" and
nid = 918 and
normalized = "AES256" and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "CBC" and algType = "BLOCK_MODE"
@@ -1042,7 +1145,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-128-cbc-hmac-sha256" and
nid = 948 and
normalized = "AES128" and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "CBC" and algType = "BLOCK_MODE"
@@ -1051,7 +1154,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-192-cbc-hmac-sha256" and
nid = 949 and
normalized = "AES192" and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "CBC" and algType = "BLOCK_MODE"
@@ -1060,93 +1163,93 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-256-cbc-hmac-sha256" and
nid = 950 and
normalized = "AES256" and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aes-128-ocb" and nid = 958 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-ocb" and nid = 958 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-ocb" and nid = 959 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-ocb" and nid = 959 and normalized = "AES-192" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-ocb" and nid = 960 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-ocb" and nid = 960 and normalized = "AES-256" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-gcm" and
nid = 961 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-gcm" and nid = 961 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "camellia-128-ccm" and
nid = 962 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-ccm" and nid = 962 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "camellia-128-ctr" and
nid = 963 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-ctr" and nid = 963 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "camellia-128-cmac" and
nid = 964 and
normalized = "CAMELLIA128" and
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-gcm" and
nid = 965 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-gcm" and nid = 965 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "camellia-192-ccm" and
nid = 966 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-ccm" and nid = 966 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "camellia-192-ctr" and
nid = 967 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-192-ctr" and nid = 967 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "camellia-192-cmac" and
nid = 968 and
normalized = "CAMELLIA192" and
normalized = "CAMELLIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-gcm" and
nid = 969 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-gcm" and nid = 969 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "camellia-256-ccm" and
nid = 970 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-ccm" and nid = 970 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "camellia-256-ctr" and
nid = 971 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-ctr" and nid = 971 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "camellia-256-cmac" and
nid = 972 and
normalized = "CAMELLIA256" and
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION"
@@ -1386,27 +1489,45 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aria-128-ccm" and nid = 1120 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "aria-128-ccm" and nid = 1120 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-ccm" and
nid = 1120 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-ccm" and nid = 1121 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "aria-192-ccm" and nid = 1121 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-ccm" and
nid = 1121 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-ccm" and nid = 1122 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "aria-256-ccm" and nid = 1122 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-ccm" and
nid = 1122 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-128-gcm" and nid = 1123 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "aria-128-gcm" and nid = 1123 and normalized = "ARIA128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-128-gcm" and
nid = 1123 and
normalized = "ARIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-192-gcm" and nid = 1124 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "aria-192-gcm" and nid = 1124 and normalized = "ARIA192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-192-gcm" and
nid = 1124 and
normalized = "ARIA-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aria-256-gcm" and nid = 1125 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "aria-256-gcm" and nid = 1125 and normalized = "ARIA256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aria-256-gcm" and
nid = 1125 and
normalized = "ARIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "sm4-cfb1" and nid = 1136 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION"
or
@@ -1505,15 +1626,24 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "magma-mac" and nid = 1192 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-siv" and nid = 1198 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-128-siv" and
nid = 1198 and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-siv" and nid = 1198 and normalized = "SIV" and algType = "BLOCK_MODE"
or
name = "aes-192-siv" and nid = 1199 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-192-siv" and
nid = 1199 and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-192-siv" and nid = 1199 and normalized = "SIV" and algType = "BLOCK_MODE"
or
name = "aes-256-siv" and nid = 1200 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION"
name = "aes-256-siv" and
nid = 1200 and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-256-siv" and nid = 1200 and normalized = "SIV" and algType = "BLOCK_MODE"
or
@@ -2000,42 +2130,42 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "id-aes128-ccm" and
nid = 896 and
normalized = "AES128" and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "id-aes128-gcm" and
nid = 895 and
normalized = "AES128" and
normalized = "AES-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "id-aes192-ccm" and
nid = 899 and
normalized = "AES192" and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "id-aes192-gcm" and
nid = 898 and
normalized = "AES192" and
normalized = "AES-192" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE"
or
name = "id-aes256-ccm" and
nid = 902 and
normalized = "AES256" and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE"
or
name = "id-aes256-gcm" and
nid = 901 and
normalized = "AES256" and
normalized = "AES-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-aes256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE"
@@ -2407,27 +2537,36 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pbe-sha1-rc2-128" and
nid = 148 and
normalized = "RC2" and
normalized = "RC2-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "SHA1" and algType = "HASH"
or
name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION"
name = "pbe-sha1-rc2-40" and
nid = 149 and
normalized = "RC2-40" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "SHA1" and algType = "HASH"
or
name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION"
name = "pbe-sha1-rc2-64" and
nid = 68 and
normalized = "RC2-64" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbe-sha1-rc4-128" and nid = 144 and normalized = "SHA1" and algType = "HASH"
or
name = "pbe-sha1-rc4-128" and
nid = 144 and
normalized = "RC4" and
normalized = "RC4-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "SHA1" and algType = "HASH"
or
name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION"
name = "pbe-sha1-rc4-40" and
nid = 145 and
normalized = "RC4-40" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithmd2anddes-cbc" and
nid = 9 and
@@ -2478,7 +2617,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pbewithsha1and128bitrc2-cbc" and
nid = 148 and
normalized = "RC2" and
normalized = "RC2-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithsha1and128bitrc2-cbc" and
@@ -2490,7 +2629,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pbewithsha1and128bitrc4" and
nid = 144 and
normalized = "RC4" and
normalized = "RC4-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithsha1and2-keytripledes-cbc" and
@@ -2505,7 +2644,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pbewithsha1and2-keytripledes-cbc" and
nid = 147 and
normalized = "TRIPLEDES" and
normalized = "3DES" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithsha1and3-keytripledes-cbc" and
@@ -2520,14 +2659,14 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pbewithsha1and3-keytripledes-cbc" and
nid = 146 and
normalized = "TRIPLEDES" and
normalized = "3DES" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithsha1and40bitrc2-cbc" and nid = 149 and normalized = "SHA1" and algType = "HASH"
or
name = "pbewithsha1and40bitrc2-cbc" and
nid = 149 and
normalized = "RC2" and
normalized = "RC2-40" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithsha1and40bitrc2-cbc" and
@@ -2539,7 +2678,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "pbewithsha1and40bitrc4" and
nid = 145 and
normalized = "RC4" and
normalized = "RC4-40" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "SHA1" and algType = "HASH"

6
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/OpenSSLAlgorithmInstanceBase.qll Normal file
View File

@@ -0,0 +1,6 @@
import experimental.Quantum.Language
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
abstract class OpenSSLAlgorithmInstance extends Crypto::AlgorithmInstance {
abstract OpenSSLAlgorithmValueConsumer getAVC();
}

4
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/OpenSSLAlgorithmInstances.qll Normal file
View File

@@ -0,0 +1,4 @@
import OpenSSLAlgorithmInstanceBase
import CipherAlgorithmInstance
import PaddingAlgorithmInstance
import BlockAlgorithmInstance

167
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll Normal file
View File

@@ -0,0 +1,167 @@
import cpp
import experimental.Quantum.Language
import OpenSSLAlgorithmInstanceBase
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
import AlgToAVCFlow
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
/**
* Given a `KnownOpenSSLPaddingAlgorithmConstant`, converts this to a padding family type.
* Does not bind if there is know mapping (no mapping to 'unknown' or 'other').
*/
predicate knownOpenSSLConstantToPaddingFamilyType(
KnownOpenSSLPaddingAlgorithmConstant e, Crypto::TPaddingType type
) {
exists(string name |
name = e.getNormalizedName() and
(
name.matches("OAEP") and type = Crypto::OAEP()
or
name.matches("PSS") and type = Crypto::PSS()
or
name.matches("PKCS7") and type = Crypto::PKCS7()
or
name.matches("PKCS1V15") and type = Crypto::PKCS1_v1_5()
)
)
}
//abstract class OpenSSLPaddingAlgorithmInstance extends OpenSSLAlgorithmInstance, Crypto::PaddingAlgorithmInstance{}
// TODO: need to alter this to include known padding constants which don't have the
// same mechanics as those with known nids
class KnownOpenSSLPaddingConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
Crypto::PaddingAlgorithmInstance instanceof Expr
{
OpenSSLAlgorithmValueConsumer getterCall;
boolean isPaddingSpecificConsumer;
KnownOpenSSLPaddingConstantAlgorithmInstance() {
// three possibilities:
// 1) The source is a 'typical' literal and flows to a getter, then we know we have an instance
// 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
// 3) the source is a padding-specific literal flowing to a padding-specific consumer
// Possibility 1:
this instanceof Literal and
this instanceof KnownOpenSSLPaddingAlgorithmConstant and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a CipherGetterCall
sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
// Source is `this`
src.asExpr() = this and
// This traces to a getter
KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) and
isPaddingSpecificConsumer = false
)
or
// Possibility 2:
this instanceof DirectAlgorithmValueConsumer and
getterCall = this and
this instanceof KnownOpenSSLPaddingAlgorithmConstant and
isPaddingSpecificConsumer = false
or
// Possibility 3:
// from rsa.h in openssl:
// # define RSA_PKCS1_PADDING 1
// # define RSA_NO_PADDING 3
// # define RSA_PKCS1_OAEP_PADDING 4
// # define RSA_X931_PADDING 5
// /* EVP_PKEY_ only */
// # define RSA_PKCS1_PSS_PADDING 6
// # define RSA_PKCS1_WITH_TLS_PADDING 7
// /* internal RSA_ only */
// # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
this instanceof Literal and
this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a CipherGetterCall
sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
// Source is `this`
src.asExpr() = this and
// This traces to a padding-specific consumer
RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow::flow(src, sink)
) and
isPaddingSpecificConsumer = true
}
override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() }
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
override Crypto::TPaddingType getPaddingType() {
isPaddingSpecificConsumer = true and
(
if this.(Literal).getValue().toInt() in [1, 7, 8]
then result = Crypto::PKCS1_v1_5()
else
if this.(Literal).getValue().toInt() = 3
then result = Crypto::NoPadding()
else
if this.(Literal).getValue().toInt() = 4
then result = Crypto::OAEP()
else
if this.(Literal).getValue().toInt() = 5
then result = Crypto::ANSI_X9_23()
else
if this.(Literal).getValue().toInt() = 6
then result = Crypto::PSS()
else result = Crypto::OtherPadding()
)
or
isPaddingSpecificConsumer = false and
knownOpenSSLConstantToPaddingFamilyType(this, result)
}
}
// // Values used for EVP_PKEY_CTX_set_rsa_padding, these are
// // not the same as 'typical' constants found in the set of known algorithm constants
// // they do not have an NID
// // TODO: what about setting the padding directly?
// class KnownRSAPaddingConstant extends OpenSSLPaddingAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Literal
// {
// KnownRSAPaddingConstant() {
// // from rsa.h in openssl:
// // # define RSA_PKCS1_PADDING 1
// // # define RSA_NO_PADDING 3
// // # define RSA_PKCS1_OAEP_PADDING 4
// // # define RSA_X931_PADDING 5
// // /* EVP_PKEY_ only */
// // # define RSA_PKCS1_PSS_PADDING 6
// // # define RSA_PKCS1_WITH_TLS_PADDING 7
// // /* internal RSA_ only */
// // # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
// this instanceof Literal and
// this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8]
// // TODO: trace to padding-specific consumers
// RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow
// }
// override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() }
// override Crypto::TPaddingType getPaddingType() {
// if this.(Literal).getValue().toInt() in [1, 6, 7, 8]
// then result = Crypto::PKCS1_v1_5()
// else
// if this.(Literal).getValue().toInt() = 3
// then result = Crypto::NoPadding()
// else
// if this.(Literal).getValue().toInt() = 4
// then result = Crypto::OAEP()
// else
// if this.(Literal).getValue().toInt() = 5
// then result = Crypto::ANSI_X9_23()
// else result = Crypto::OtherPadding()
// }
// }
class OAEPPaddingAlgorithmInstance extends Crypto::OAEPPaddingAlgorithmInstance,
KnownOpenSSLPaddingConstantAlgorithmInstance
{
OAEPPaddingAlgorithmInstance() {
this.(Crypto::PaddingAlgorithmInstance).getPaddingType() = Crypto::OAEP()
}
override Crypto::HashAlgorithmInstance getOAEPEncodingHashAlgorithm() {
none() //TODO
}
override Crypto::HashAlgorithmInstance getMGF1HashAlgorithm() {
none() //TODO
}
}

39
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll Normal file
View File

@@ -0,0 +1,39 @@
import cpp
import experimental.Quantum.Language
import experimental.Quantum.OpenSSL.LibraryDetector
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
import experimental.Quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
import OpenSSLAlgorithmValueConsumerBase
abstract class CipherAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
// https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_fetch.html
class EVPCipherAlgorithmValueConsumer extends CipherAlgorithmValueConsumer {
DataFlow::Node valueArgNode;
DataFlow::Node resultNode;
EVPCipherAlgorithmValueConsumer() {
resultNode.asExpr() = this and
isPossibleOpenSSLFunction(this.(Call).getTarget()) and
(
this.(Call).getTarget().getName() in [
"EVP_get_cipherbyname", "EVP_get_cipherbyobj", "EVP_get_cipherbynid"
] and
valueArgNode.asExpr() = this.(Call).getArgument(0)
or
this.(Call).getTarget().getName() in ["EVP_CIPHER_fetch", "EVP_ASYM_CIPHER_fetch"] and
valueArgNode.asExpr() = this.(Call).getArgument(1)
)
}
override DataFlow::Node getResultNode() { result = resultNode }
override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
// override DataFlow::Node getInputNode() { result = valueArgNode }
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
//TODO: As a potential alternative, for OpenSSL only, add a generic source node for literals and only create flow (flowsTo) to
// OpenSSL AVCs... the unknown literal sources would have to be any literals not in the known set.
}
}

36
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll Normal file
View File

@@ -0,0 +1,36 @@
import cpp
import experimental.Quantum.Language
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
// TODO: can self referential to itself, which is also an algorithm (Known algorithm)
/**
* Cases like EVP_MD5(),
* there is no input, rather it directly gets an algorithm
* and returns it.
*/
class DirectAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
DataFlow::Node resultNode;
Expr resultExpr;
DirectAlgorithmValueConsumer() {
this instanceof KnownOpenSSLAlgorithmConstant and
this instanceof Call and
resultExpr = this and
resultNode.asExpr() = resultExpr
}
/**
* These cases take in no explicit value (the value is implicit)
*/
override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
override DataFlow::Node getResultNode() { result = resultNode }
// override DataFlow::Node getOutputNode() { result = resultNode }
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
// Note: algorithm source definitions enforces that
// this class will be a known algorithm source
result = this
}
}

9
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumerBase.qll Normal file
View File

@@ -0,0 +1,9 @@
import experimental.Quantum.Language
import semmle.code.cpp.dataflow.new.DataFlow
abstract class OpenSSLAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof Call {
/**
* Returns the node representing the resulting algorithm
*/
abstract DataFlow::Node getResultNode();
}

4
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumers.qll Normal file
View File

@@ -0,0 +1,4 @@
import OpenSSLAlgorithmValueConsumerBase
import CipherAlgorithmValueConsumer
import DirectAlgorithmValueConsumer
import PaddingAlgorithmValueConsumer

36
cpp/ql/lib/experimental/Quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll Normal file
View File

@@ -0,0 +1,36 @@
import cpp
import experimental.Quantum.Language
import experimental.Quantum.OpenSSL.LibraryDetector
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
import experimental.Quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
import OpenSSLAlgorithmValueConsumerBase
abstract class PaddingAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
// https://docs.openssl.org/master/man7/EVP_ASYM_CIPHER-RSA/#rsa-asymmetric-cipher-parameters
// TODO: need to handle setting padding through EVP_PKEY_CTX_set_params, where modes like "OSSL_PKEY_RSA_PAD_MODE_OAEP"
// are set.
class EVP_PKEY_CTX_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorithmValueConsumer {
DataFlow::Node valueArgNode;
DataFlow::Node resultNode;
EVP_PKEY_CTX_set_rsa_padding_AlgorithmValueConsumer() {
resultNode.asExpr() = this and
isPossibleOpenSSLFunction(this.(Call).getTarget()) and
(
this.(Call).getTarget().getName() in ["EVP_PKEY_CTX_set_rsa_padding"] and
valueArgNode.asExpr() = this.(Call).getArgument(1)
)
}
override DataFlow::Node getResultNode() { result = resultNode }
override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
// override DataFlow::Node getInputNode() { result = valueArgNode }
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
//TODO: As a potential alternative, for OpenSSL only, add a generic source node for literals and only create flow (flowsTo) to
// OpenSSL AVCs... the unknown literal sources would have to be any literals not in the known set.
}
}

123
cpp/ql/lib/experimental/Quantum/OpenSSL/Operations/EVPCipherInitializer.qll Normal file
View File

@@ -0,0 +1,123 @@
/**
* see: https://docs.openssl.org/master/man3/EVP_EncryptInit/
* Models cipher initialization for EVP cipher operations.
*/
import experimental.Quantum.Language
import experimental.Quantum.OpenSSL.CtxFlow as CTXFlow
module EncValToInitEncArgConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] }
predicate isSink(DataFlow::Node sink) {
exists(EVP_Cipher_Inititalizer initCall | sink.asExpr() = initCall.getOperataionSubtypeArg())
}
}
module EncValToInitEncArgFlow = DataFlow::Global<EncValToInitEncArgConfig>;
int getEncConfigValue(Expr e) {
exists(EVP_Cipher_Inititalizer initCall | e = initCall.getOperataionSubtypeArg()) and
exists(DataFlow::Node a, DataFlow::Node b |
EncValToInitEncArgFlow::flow(a, b) and b.asExpr() = e and result = a.asExpr().getValue().toInt()
)
}
bindingset[i]
Crypto::KeyOperationSubtype intToCipherOperationSubtype(int i) {
if i = 0
then result instanceof Crypto::TEncryptMode
else
if i = 1
then result instanceof Crypto::TDecryptMode
else result instanceof Crypto::TUnknownKeyOperationMode
}
// TODO: need to add key consumer
abstract class EVP_Cipher_Inititalizer extends Call {
Expr getContextArg() { result = this.(Call).getArgument(0) }
Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
abstract Expr getKeyArg();
abstract Expr getIVArg();
// abstract Crypto::CipherOperationSubtype getCipherOperationSubtype();
abstract Expr getOperataionSubtypeArg();
Crypto::KeyOperationSubtype getCipherOperationSubtype() {
if this.(Call).getTarget().getName().toLowerCase().matches("%encrypt%")
then result instanceof Crypto::TEncryptMode
else
if this.(Call).getTarget().getName().toLowerCase().matches("%decrypt%")
then result instanceof Crypto::TDecryptMode
else
if exists(getEncConfigValue(this.getOperataionSubtypeArg()))
then result = intToCipherOperationSubtype(getEncConfigValue(this.getOperataionSubtypeArg()))
else result instanceof Crypto::TUnknownKeyOperationMode
}
}
abstract class EVP_EX_Initializer extends EVP_Cipher_Inititalizer {
override Expr getKeyArg() { result = this.(Call).getArgument(3) }
override Expr getIVArg() { result = this.(Call).getArgument(4) }
}
abstract class EVP_EX2_Initializer extends EVP_Cipher_Inititalizer {
override Expr getKeyArg() { result = this.(Call).getArgument(2) }
override Expr getIVArg() { result = this.(Call).getArgument(3) }
}
class EVP_Cipher_EX_Init_Call extends EVP_EX_Initializer {
EVP_Cipher_EX_Init_Call() {
this.(Call).getTarget().getName() in [
"EVP_EncryptInit_ex", "EVP_DecryptInit_ex", "EVP_CipherInit_ex"
]
}
override Expr getOperataionSubtypeArg() {
this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and
result = this.(Call).getArgument(5)
}
}
class EVP_Cipher_EX2_or_Simple_Init_Call extends EVP_EX2_Initializer {
EVP_Cipher_EX2_or_Simple_Init_Call() {
this.(Call).getTarget().getName() in [
"EVP_EncryptInit_ex2", "EVP_DecryptInit_ex2", "EVP_CipherInit_ex2", "EVP_EncryptInit",
"EVP_DecryptInit", "EVP_CipherInit"
]
}
override Expr getOperataionSubtypeArg() {
this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and
result = this.(Call).getArgument(4)
}
}
class EVP_CipherInit_SKEY_Call extends EVP_EX2_Initializer {
EVP_CipherInit_SKEY_Call() { this.(Call).getTarget().getName() in ["EVP_CipherInit_SKEY"] }
override Expr getOperataionSubtypeArg() { result = this.(Call).getArgument(5) }
}
class EVPCipherInitializerAlgorithmArgument extends Expr {
EVPCipherInitializerAlgorithmArgument() {
exists(EVP_Cipher_Inititalizer initCall | this = initCall.getAlgorithmArg())
}
}
class EVPCipherInitializerKeyArgument extends Expr {
EVPCipherInitializerKeyArgument() {
exists(EVP_Cipher_Inititalizer initCall | this = initCall.getKeyArg())
}
}
class EVPCipherInitializerIVArgument extends Expr {
EVPCipherInitializerIVArgument() {
exists(EVP_Cipher_Inititalizer initCall | this = initCall.getIVArg())
}
}

114
cpp/ql/lib/experimental/Quantum/OpenSSL/Operations/EVPCipherOperation.qll Normal file
View File

@@ -0,0 +1,114 @@
import experimental.Quantum.Language
import experimental.Quantum.OpenSSL.CtxFlow as CTXFlow
import EVPCipherInitializer
import OpenSSLOperationBase
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
// import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.AlgorithmValueConsumers
// import OpenSSLOperation
module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
}
predicate isSink(DataFlow::Node sink) {
exists(EVP_Cipher_Operation c | c.getInitCall().getAlgorithmArg() = sink.asExpr())
}
}
module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
// class EVPCipherOutput extends CipherOutputArtifact {
// EVPCipherOutput() { exists(EVP_Cipher_Operation op | op.getOutputArg() = this) }
// override DataFlow::Node getOutputNode() { result.asDefiningArgument() = this }
// }
//
/**
* see: https://docs.openssl.org/master/man3/EVP_EncryptInit/#synopsis
* Base configuration for all EVP cipher operations.
* NOTE: cannot extend instance of OpenSSLOperation, as we need to override
* elements of OpenSSLOperation (i.e., we are creating an instance)
*/
abstract class EVP_Cipher_Operation extends OpenSSLOperation, Crypto::KeyOperationInstance {
Expr getContextArg() { result = this.(Call).getArgument(0) }
override Expr getOutputArg() { result = this.(Call).getArgument(1) }
override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
result instanceof Crypto::TEncryptMode and
this.(Call).getTarget().getName().toLowerCase().matches("%encrypt%")
or
result instanceof Crypto::TDecryptMode and
this.(Call).getTarget().getName().toLowerCase().matches("%decrypt%")
or
result = this.getInitCall().getCipherOperationSubtype() and
this.(Call).getTarget().getName().toLowerCase().matches("%cipher%")
}
EVP_Cipher_Inititalizer getInitCall() {
CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
}
override Crypto::ConsumerInputDataFlowNode getNonceConsumer() {
this.getInitCall().getIVArg() = result.asExpr()
}
override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result = this.getInputNode() }
override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
this.getInitCall().getKeyArg() = result.asExpr()
}
override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result = this.getOutputNode() }
override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
DataFlow::exprNode(this.getInitCall().getAlgorithmArg()))
}
}
// abstract class EVP_Update_Call extends EVP_Cipher_Operation { }
abstract class EVP_Final_Call extends EVP_Cipher_Operation {
override Expr getInputArg() { none() }
}
// TODO: only model Final (model final as operation and model update but not as an operation)
// Updates are multiple input consumers (most important)
// PUNT assuming update doesn't ouput, otherwise it outputs arifacts, but is not an operation
class EVP_Cipher_Call extends EVP_Cipher_Operation {
EVP_Cipher_Call() { this.(Call).getTarget().getName() = "EVP_Cipher" }
override Expr getInputArg() { result = this.(Call).getArgument(2) }
}
// class EVP_Encrypt_Decrypt_or_Cipher_Update_Call extends EVP_Update_Call {
// EVP_Encrypt_Decrypt_or_Cipher_Update_Call() {
// this.(Call).getTarget().getName() in [
// "EVP_EncryptUpdate", "EVP_DecryptUpdate", "EVP_CipherUpdate"
// ]
// }
// override Expr getInputArg() { result = this.(Call).getArgument(3) }
// }
class EVP_Encrypt_Decrypt_or_Cipher_Final_Call extends EVP_Final_Call {
EVP_Encrypt_Decrypt_or_Cipher_Final_Call() {
this.(Call).getTarget().getName() in [
"EVP_EncryptFinal_ex", "EVP_DecryptFinal_ex", "EVP_CipherFinal_ex", "EVP_EncryptFinal",
"EVP_DecryptFinal", "EVP_CipherFinal"
]
}
}
class EVP_PKEY_Operation extends EVP_Cipher_Operation {
EVP_PKEY_Operation() {
this.(Call).getTarget().getName() in ["EVP_PKEY_decrypt", "EVP_PKEY_encrypt"]
}
override Expr getInputArg() { result = this.(Call).getArgument(3) }
// TODO: how PKEY is initialized is different that symmetric cipher
// Consider making an entirely new class for this and specializing
// the get init call
}
class EVPCipherInputArgument extends Expr {
EVPCipherInputArgument() { exists(EVP_Cipher_Operation op | op.getInputArg() = this) }
}

21
cpp/ql/lib/experimental/Quantum/OpenSSL/Operations/OpenSSLOperationBase.qll Normal file
View File

@@ -0,0 +1,21 @@
import experimental.Quantum.Language
abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Call {
abstract Expr getInputArg();
/**
* Can be an argument of a call or a return value of a function.
*/
abstract Expr getOutputArg();
DataFlow::Node getInputNode() {
// Assumed to be default to asExpr
result.asExpr() = this.getInputArg()
}
DataFlow::Node getOutputNode() {
if exists(Call c | c.getAnArgument() = this)
then result.asDefiningArgument() = this
else result.asExpr() = this
}
}

1
cpp/ql/lib/experimental/Quantum/OpenSSL/Operations/OpenSSLOperations.qll Normal file
View File

@@ -0,0 +1 @@
import EVPCipherOperation