hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Updating algorithm string literals and key generation algorithm literal sources to include signatures.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-03 18:09:27 -04:00
parent 9c5765a48c
commit 9fa30a3884
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/lib/experimental/quantum/JCA.qll
View File

@@ -115,7 +115,8 @@ module JCAModel {
bindingset[name]
predicate key_agreement_names(string name) {
name.toUpperCase().matches(["DH", "EDH", "ECDH", "X25519", "X448"].toUpperCase())
name.toUpperCase()
.matches(["DH", "EDH", "ECDH", "X25519", "X448", "ML-KEM%", "XDH"].toUpperCase())
}
bindingset[name]
@@ -221,13 +222,16 @@ module JCAModel {
bindingset[name]
predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) {
type = Crypto::DH() and
name.toUpperCase() = "DH"
name.toUpperCase() in ["DH", "XDH"]
or
type = Crypto::EDH() and
name.toUpperCase() = "EDH"
or
type = Crypto::ECDH() and
name.toUpperCase() in ["ECDH", "X25519", "X448"]
or
type = Crypto::OtherKeyAgreementType() and
name.toUpperCase().matches("ML-KEM%")
}
/**
@@ -1042,7 +1046,8 @@ module JCAModel {
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
result.(CipherStringLiteralAlgorithmInstance).getConsumer() = this or
result.(KeyAgreementStringLiteralAlgorithmInstance).getConsumer() = this or
result.(EllipticCurveStringLiteralInstance).getConsumer() = this
result.(EllipticCurveStringLiteralInstance).getConsumer() = this or
result.(SignatureStringLiteralAlgorithmInstance).getConsumer() = this
}
KeyGeneratorGetInstanceCall getInstantiationCall() { result = instantiationCall }