hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19632 from bdrodes/openssl_keyagreement_instances_and_consumers

Browse Source 
Quantum: Add OpenSSL key agreement instances and consumers
This commit is contained in:
Nicolas Will
2025-06-02 20:55:05 +02:00
committed by GitHub
parent 52aa7e3c7d 7e7dfeb40b
commit 7d7ea72516
11 changed files with 241 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll
View File

@@ -71,7 +71,11 @@ class KnownOpenSSLBlockModeConstantAlgorithmInstance extends OpenSSLAlgorithmIns
// NOTE: I'm not going to attempt to parse out the mode specific part, so returning
// the same as the raw name for now.
override string getRawModeAlgorithmName() { result = this.(Literal).getValue().toString() }
override string getRawModeAlgorithmName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
}

6
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll
View File

@@ -102,7 +102,11 @@ class KnownOpenSSLCipherConstantAlgorithmInstance extends OpenSSLAlgorithmInstan
// TODO or trace through getter ctx to set padding
}
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
override string getRawAlgorithmName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
override int getKeySizeFixed() {
this.(KnownOpenSSLCipherAlgorithmConstant).getExplicitKeySize() = result

6
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll
View File

@@ -32,7 +32,11 @@ class KnownOpenSSLEllipticCurveConstantAlgorithmInstance extends OpenSSLAlgorith
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
override string getRawEllipticCurveName() { result = this.(Literal).getValue().toString() }
override string getRawEllipticCurveName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
override Crypto::TEllipticCurveType getEllipticCurveType() {
Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _, result)

6
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll
View File

@@ -76,7 +76,11 @@ class KnownOpenSSLHashConstantAlgorithmInstance extends OpenSSLAlgorithmInstance
not knownOpenSSLConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType()
}
override string getRawHashAlgorithmName() { result = this.(Literal).getValue().toString() }
override string getRawHashAlgorithmName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
override int getFixedDigestLength() {
this.(KnownOpenSSLHashAlgorithmConstant).getExplicitDigestLength() = result

63
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll Normal file
View File

@@ -0,0 +1,63 @@
import cpp
private import experimental.quantum.Language
private import KnownAlgorithmConstants
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
private import AlgToAVCFlow
predicate knownOpenSSLConstantToKeyAgreementFamilyType(
KnownOpenSSLKeyAgreementAlgorithmConstant e, Crypto::TKeyAgreementType type
) {
exists(string name |
name = e.getNormalizedName() and
(
name = "ECDH" and type = Crypto::ECDH()
or
name = "DH" and type = Crypto::DH()
or
name = "EDH" and type = Crypto::EDH()
or
name = "ESDH" and type = Crypto::EDH()
)
)
}
class KnownOpenSSLHashConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
Crypto::KeyAgreementAlgorithmInstance instanceof KnownOpenSSLKeyAgreementAlgorithmConstant
{
OpenSSLAlgorithmValueConsumer getterCall;
KnownOpenSSLHashConstantAlgorithmInstance() {
// Two possibilities:
// 1) The source is a literal and flows to a getter, then we know we have an instance
// 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
// Possibility 1:
this instanceof Literal and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a CipherGetterCall
sink = getterCall.getInputNode() and
// Source is `this`
src.asExpr() = this and
// This traces to a getter
KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
)
or
// Possibility 2:
this instanceof DirectAlgorithmValueConsumer and getterCall = this
}
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
override Crypto::TKeyAgreementType getKeyAgreementType() {
knownOpenSSLConstantToKeyAgreementFamilyType(this, result)
or
not knownOpenSSLConstantToKeyAgreementFamilyType(this, _) and
result = Crypto::OtherKeyAgreementType()
}
override string getRawKeyAgreementAlgorithmName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
}

103
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
View File

@@ -67,6 +67,10 @@ class KnownOpenSSLSignatureAlgorithmConstant extends KnownOpenSSLAlgorithmConsta
KnownOpenSSLSignatureAlgorithmConstant() { resolveAlgorithmFromExpr(this, _, "SIGNATURE") }
}
class KnownOpenSSLKeyAgreementAlgorithmConstant extends KnownOpenSSLAlgorithmConstant {
KnownOpenSSLKeyAgreementAlgorithmConstant() { resolveAlgorithmFromExpr(this, _, "KEY_AGREEMENT") }
}
/**
* Resolves a call to a 'direct algorithm getter', e.g., EVP_MD5()
* This approach to fetching algorithms was used in OpenSSL 1.0.2.
@@ -141,6 +145,14 @@ predicate customAliases(string target, string alias) {
* The `target` and `alias` are converted to lowercase to be of a standard form.
*/
predicate defaultAliases(string target, string alias) {
// "DH" and "DHX" are not aliases in the traditional sense,
// i.e., they are not registered as aliases explicitly,
// rather they appear in common usage, and experiments reveal their
// NID matches those of the `dhKeyAgreement` and `x9.42 dh` algorithms respectively.
alias = "dh" and target = "dhKeyAgreement"
or
alias = "dhx" and target = "x9.42 dh"
or
alias = "aes128" and target = "aes-128-cbc"
or
alias = "aes192" and target = "aes-192-cbc"
@@ -236,6 +248,10 @@ predicate defaultAliases(string target, string alias) {
* `algType` is the type of algorithm (e.g., "SYMMETRIC_ENCRYPTION")
*/
predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized, string algType) {
name = "dhKeyAgreement" and nid = 28 and normalized = "DH" and algType = "KEY_AGREEMENT"
or
name = "x9.42 dh" and nid = 29 and normalized = "DH" and algType = "KEY_AGREEMENT"
or
name = "rsa" and nid = 19 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
name = "prime192v1" and nid = 409 and normalized = "PRIME192V1" and algType = "ELLIPTIC_CURVE"
@@ -868,6 +884,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "SHA1" and algType = "HASH"
or
name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "DH" and algType = "KEY_AGREEMENT"
or
name = "aes-128-ofb" and nid = 420 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ofb" and nid = 420 and normalized = "OFB" and algType = "BLOCK_MODE"
@@ -1369,9 +1387,9 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "kx-rsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
name = "kx-ecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE"
name = "kx-ecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_AGREEMENT"
or
name = "kx-ecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE"
name = "kx-ecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_AGREEMENT"
or
name = "kx-rsa-psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
@@ -1679,11 +1697,11 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "x448" and nid = 1035 and normalized = "X448" and algType = "ELLIPTIC_CURVE"
or
name = "x448" and nid = 1035 and normalized = "X448" and algType = "KEY_EXCHANGE"
name = "x448" and nid = 1035 and normalized = "X448" and algType = "KEY_AGREEMENT"
or
name = "x25519" and nid = 1034 and normalized = "X25519" and algType = "ELLIPTIC_CURVE"
or
name = "x25519" and nid = 1034 and normalized = "X25519" and algType = "KEY_EXCHANGE"
name = "x25519" and nid = 1034 and normalized = "X25519" and algType = "KEY_AGREEMENT"
or
name = "authecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE"
or
@@ -1783,51 +1801,101 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "SHA1" and
algType = "HASH"
or
name = "dhsinglepass-cofactordh-sha1kdf-scheme" and
nid = 941 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-cofactordh-sha224kdf-scheme" and
nid = 942 and
normalized = "SHA-224" and
algType = "HASH"
or
name = "dhsinglepass-cofactordh-sha224kdf-scheme" and
nid = 942 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-cofactordh-sha256kdf-scheme" and
nid = 943 and
normalized = "SHA-256" and
algType = "HASH"
or
name = "dhsinglepass-cofactordh-sha256kdf-scheme" and
nid = 943 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-cofactordh-sha384kdf-scheme" and
nid = 944 and
normalized = "SHA-384" and
algType = "HASH"
or
name = "dhsinglepass-cofactordh-sha384kdf-scheme" and
nid = 944 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-cofactordh-sha512kdf-scheme" and
nid = 945 and
normalized = "SHA-512" and
algType = "HASH"
or
name = "dhsinglepass-cofactordh-sha512kdf-scheme" and
nid = 945 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-stddh-sha1kdf-scheme" and
nid = 936 and
normalized = "SHA1" and
algType = "HASH"
or
name = "dhsinglepass-stddh-sha1kdf-scheme" and
nid = 936 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-stddh-sha224kdf-scheme" and
nid = 937 and
normalized = "SHA-224" and
algType = "HASH"
or
name = "dhsinglepass-stddh-sha224kdf-scheme" and
nid = 937 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-stddh-sha256kdf-scheme" and
nid = 938 and
normalized = "SHA-256" and
algType = "HASH"
or
name = "dhsinglepass-stddh-sha256kdf-scheme" and
nid = 938 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-stddh-sha384kdf-scheme" and
nid = 939 and
normalized = "SHA-384" and
algType = "HASH"
or
name = "dhsinglepass-stddh-sha384kdf-scheme" and
nid = 939 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dhsinglepass-stddh-sha512kdf-scheme" and
nid = 940 and
normalized = "SHA-512" and
algType = "HASH"
or
name = "dhsinglepass-stddh-sha512kdf-scheme" and
nid = 940 and
normalized = "DH" and
algType = "KEY_AGREEMENT"
or
name = "dsa-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "dsa-sha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE"
@@ -1987,7 +2055,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "gost r 34.10-2001 dh" and
name = "gost r 34.10-2001 dh" and // TODO: review this algorithm
nid = 817 and
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
@@ -2057,7 +2125,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "gost r 34.10-94 dh" and
name = "gost r 34.10-94 dh" and // TODO: review this algorithm
nid = 818 and
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
@@ -2272,7 +2340,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "GOSTR34102001" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-gostr3410-2001dh" and
name = "id-gostr3410-2001dh" and // TODO: review this algorithm
nid = 817 and
normalized = "GOSTR34102001" and
algType = "SYMMETRIC_ENCRYPTION"
@@ -2337,7 +2405,7 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "GOSTR341094" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-gostr3410-94dh" and
name = "id-gostr3410-94dh" and // TODO: review this algorithm
nid = 818 and
normalized = "GOSTR341094" and
algType = "SYMMETRIC_ENCRYPTION"
@@ -2421,16 +2489,31 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "3DES" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-smime-alg-esdhwith3des" and
nid = 241 and
normalized = "ESDH" and
algType = "KEY_AGREEMENT"
or
name = "id-smime-alg-esdhwithrc2" and
nid = 242 and
normalized = "RC2" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-smime-alg-esdhwithrc2" and
nid = 242 and
normalized = "ESDH" and
algType = "KEY_AGREEMENT"
or
name = "id-smime-alg-rc2wrap" and
nid = 244 and
normalized = "RC2" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id_smime_alg_esdh" and
nid = 245 and
normalized = "ESDH" and
algType = "KEY_AGREEMENT"
or
name = "id-tc26-gost-28147-param-z" and
nid = 1003 and
normalized = "GOST28147" and
@@ -2476,9 +2559,9 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "GOST34102012" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "kxecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE"
name = "kxecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_AGREEMENT"
or
name = "kxecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE"
name = "kxecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_AGREEMENT"
or
name = "kxgost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION"
or

6
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll
View File

@@ -90,7 +90,11 @@ class KnownOpenSSLPaddingConstantAlgorithmInstance extends OpenSSLAlgorithmInsta
isPaddingSpecificConsumer = true
}
override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() }
override string getRawPaddingAlgorithmName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }

28
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll Normal file
View File

@@ -0,0 +1,28 @@
import cpp
private import experimental.quantum.Language
private import semmle.code.cpp.dataflow.new.DataFlow
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
abstract class KEMAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
class EVPKEMAlgorithmValueConsumer extends KEMAlgorithmValueConsumer {
DataFlow::Node valueArgNode;
DataFlow::Node resultNode;
EVPKEMAlgorithmValueConsumer() {
resultNode.asExpr() = this and
(
this.(Call).getTarget().getName() = "EVP_KEM_fetch" and
valueArgNode.asExpr() = this.(Call).getArgument(1)
)
}
override DataFlow::Node getResultNode() { result = resultNode }
override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
}
}

28
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll Normal file
View File

@@ -0,0 +1,28 @@
import cpp
private import experimental.quantum.Language
private import semmle.code.cpp.dataflow.new.DataFlow
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
abstract class KeyExchangeAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
class EVPKeyExchangeAlgorithmValueConsumer extends KeyExchangeAlgorithmValueConsumer {
DataFlow::Node valueArgNode;
DataFlow::Node resultNode;
EVPKeyExchangeAlgorithmValueConsumer() {
resultNode.asExpr() = this and
(
this.(Call).getTarget().getName() = "EVP_KEYEXCH_fetch" and
valueArgNode.asExpr() = this.(Call).getArgument(1)
)
}
override DataFlow::Node getResultNode() { result = resultNode }
override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
}
}

2
java/ql/lib/experimental/quantum/JCA.qll
View File

@@ -1388,7 +1388,7 @@ module JCAModel {
override Crypto::TKeyAgreementType getKeyAgreementType() {
if key_agreement_name_to_type_known(_, super.getValue())
then key_agreement_name_to_type_known(result, super.getValue())
else result = Crypto::UnknownKeyAgreementType()
else result = Crypto::OtherKeyAgreementType()
}
KeyAgreementAlgorithmValueConsumer getConsumer() { result = consumer }

4
shared/quantum/codeql/quantum/experimental/Model.qll
View File

@@ -1156,8 +1156,10 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
DH() or // Diffie-Hellman
EDH() or // Ephemeral Diffie-Hellman
ECDH() or // Elliptic Curve Diffie-Hellman
// NOTE: for now ESDH is considered simply EDH
//ESDH() or // Ephemeral-Static Diffie-Hellman
// Note: x25519 and x448 are applications of ECDH
UnknownKeyAgreementType()
OtherKeyAgreementType()
abstract class KeyAgreementAlgorithmInstance extends AlgorithmInstance {
abstract TKeyAgreementType getKeyAgreementType();