Crypto: Added Signature algorithm instance and consumer

2026-04-22 07:15:15 +02:00 · 2025-06-04 15:42:55 -04:00
parent 39583abade
commit 952bc266b1
4 changed files with 137 additions and 5 deletions
--- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll
+++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll
@@ -0,0 +1,102 @@
+import cpp
+private import experimental.quantum.Language
+private import KnownAlgorithmConstants
+private import Crypto::KeyOpAlg as KeyOpAlg
+private import OpenSSLAlgorithmInstanceBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
+private import AlgToAVCFlow
+
+/**
+ * Gets the signature algorithm type based on the normalized algorithm name.
+ */
+private predicate knownOpenSSLConstantToSignatureFamilyType(
+  KnownOpenSSLSignatureAlgorithmExpr e, Crypto::KeyOpAlg::TAlgorithm type
+) {
+  exists(string name |
+    name = e.(KnownOpenSSLAlgorithmExpr).getNormalizedName() and
+    (
+      name.matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
+      or
+      name.matches("DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
+      or
+      name.matches("ECDSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA())
+      or
+      name.matches("ED25519%") and type = KeyOpAlg::TSignature(KeyOpAlg::EDDSA())
+      or
+      name.matches("ED448%") and type = KeyOpAlg::TSignature(KeyOpAlg::EDDSA())
+    )
+  )
+}
+
+/**
+ * A signature algorithm instance derived from an OpenSSL constant.
+ */
+class KnownOpenSSLSignatureConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
+  Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLSignatureAlgorithmExpr
+{
+  OpenSSLAlgorithmValueConsumer getterCall;
+
+  KnownOpenSSLSignatureConstantAlgorithmInstance() {
+    // Two possibilities:
+    // 1) The source is a literal and flows to a getter, then we know we have an instance
+    // 2) The source is a KnownOpenSSLAlgorithm call, and we know we have an instance immediately from that
+    // Possibility 1:
+    this instanceof KnownOpenSSLPaddingAlgorithmExpr and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      // Sink is an argument to a signature getter call
+      sink = getterCall.getInputNode() and
+      // Source is `this`
+      src.asExpr() = this and
+      // This traces to a getter
+      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
+    )
+    or
+    // Possibility 2:
+    this instanceof OpenSSLAlgorithmCall and
+    getterCall = this
+  }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  override string getRawAlgorithmName() {
+    result = this.(Literal).getValue().toString()
+    or
+    result = this.(Call).getTarget().getName()
+  }
+
+  override int getKeySizeFixed() {
+    // TODO: use ellipticCurveNameToKeySizeAndFamilyMapping or KnownOpenSSLEllipticCurveConstantAlgorithmInstance
+    // TODO: maybe add getExplicitKeySize to KnownOpenSSLSignatureAlgorithmExpr and use it here
+    none()
+  }
+
+  override KeyOpAlg::Algorithm getAlgorithmType() {
+    knownOpenSSLConstantToSignatureFamilyType(this, result)
+    or
+    not knownOpenSSLConstantToSignatureFamilyType(this, _) and
+    result = KeyOpAlg::TSignature(KeyOpAlg::OtherSignatureAlgorithmType())
+  }
+
+  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
+    // TODO: trace to any key size initializer
+    // probably PKeyAlgorithmValueConsumer and SignatureAlgorithmValueConsumer
+    none()
+  }
+
+  /**
+   * No mode for signatures.
+   */
+  override predicate shouldHaveModeOfOperation() { none() }
+
+  /**
+   * Padding only for RSA.
+   */
+  override predicate shouldHavePaddingScheme() {
+    this.getAlgorithmType() instanceof KeyOpAlg::TAsymmetricCipher
+  }
+}
--- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumers.qll
+++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumers.qll
@@ -5,3 +5,4 @@ import PaddingAlgorithmValueConsumer
 import HashAlgorithmValueConsumer
 import EllipticCurveAlgorithmValueConsumer
 import PKeyAlgorithmValueConsumer
+import SignatureAlgorithmValueConsumer
--- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll
+++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll
@@ -0,0 +1,32 @@
+import cpp
+private import experimental.quantum.Language
+private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
+private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
+private import OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.LibraryDetector
+
+abstract class SignatureAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
+
+class EVPSignatureAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer {
+  DataFlow::Node valueArgNode;
+  DataFlow::Node resultNode;
+
+  EVPSignatureAlgorithmValueConsumer() {
+    resultNode.asExpr() = this and
+    (
+      // EVP_SIGNATURE
+      this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and
+      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      // EVP_PKEY_get1_DSA, EVP_PKEY_get1_RSA
+      // DSA_SIG_new, DSA_SIG_get0, RSA_sign ?
+    )
+  }
+
+  override DataFlow::Node getResultNode() { result = resultNode }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
+  }
+}