Completed tying algorithm instances to consumers. Now the model should have known literals for cipher instances, and it traces those instances to consumers (inits) and those inits are traced to cipher operations.

2026-04-26 09:15:12 +02:00 · 2025-03-05 15:48:08 -05:00
parent de3ff45cba
commit 6083df2b7f
2 changed files with 21 additions and 11 deletions
--- a/cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherAlgorithmSource.qll
+++ b/cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherAlgorithmSource.qll
@@ -52,11 +52,13 @@ predicate literalToCipherFamilyType(Literal e, Crypto::TCipherType type) {
  )
 }

+
 class CipherKnownAlgorithmLiteralAlgorithmInstance extends Crypto::CipherAlgorithmInstance instanceof Literal
 {
+  OpenSSLAlgorithmGetterCall cipherGetterCall;
  CipherKnownAlgorithmLiteralAlgorithmInstance() {
-    exists(EVPCipherGetterCall c, DataFlow::Node src, DataFlow::Node sink |
-      sink = c.getValueArgNode() and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      sink = cipherGetterCall.getValueArgNode() and
      src.asExpr() = this and
      KnownAlgorithmLiteralToAlgorithmGetterFlow::flow(src, sink) and
      // Not just any known value, but specifically a known cipher operation
@@ -67,7 +69,9 @@ class CipherKnownAlgorithmLiteralAlgorithmInstance extends Crypto::CipherAlgorit
    )
  }

-  Crypto::AlgorithmConsumer getConsumer() { none() } //result = consumer }
+  Crypto::AlgorithmConsumer getConsumer() { 
+    AlgGetterToAlgConsumerFlow::flow(cipherGetterCall.getResultNode(), DataFlow::exprNode(result))
+  } 

  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() {
    none() // TODO: provider defaults