hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Updating algorithm string literals and key generation algorithm literal sources to include signatures.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-03 18:09:27 -04:00
parent 9c5765a48c
commit 9fa30a3884
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/lib/experimental/quantum/JCA.qll
View File

@@ -115,7 +115,8 @@ module JCAModel {
bindingset[name] bindingset[name]
predicate key_agreement_names(string name) { predicate key_agreement_names(string name) {
name.toUpperCase().matches(["DH", "EDH", "ECDH", "X25519", "X448"].toUpperCase()) name.toUpperCase()
.matches(["DH", "EDH", "ECDH", "X25519", "X448", "ML-KEM%", "XDH"].toUpperCase())
} }
bindingset[name] bindingset[name]
@@ -221,13 +222,16 @@ module JCAModel {
bindingset[name] bindingset[name]
predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) {
type = Crypto::DH() and type = Crypto::DH() and
name.toUpperCase() = "DH" name.toUpperCase() in ["DH", "XDH"]
or or
type = Crypto::EDH() and type = Crypto::EDH() and
name.toUpperCase() = "EDH" name.toUpperCase() = "EDH"
or or
type = Crypto::ECDH() and type = Crypto::ECDH() and
name.toUpperCase() in ["ECDH", "X25519", "X448"] name.toUpperCase() in ["ECDH", "X25519", "X448"]
or
type = Crypto::OtherKeyAgreementType() and
name.toUpperCase().matches("ML-KEM%")
} }
/** /**
@@ -1042,7 +1046,8 @@ module JCAModel {
override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
result.(CipherStringLiteralAlgorithmInstance).getConsumer() = this or result.(CipherStringLiteralAlgorithmInstance).getConsumer() = this or
result.(KeyAgreementStringLiteralAlgorithmInstance).getConsumer() = this or result.(KeyAgreementStringLiteralAlgorithmInstance).getConsumer() = this or
result.(EllipticCurveStringLiteralInstance).getConsumer() = this result.(EllipticCurveStringLiteralInstance).getConsumer() = this or
result.(SignatureStringLiteralAlgorithmInstance).getConsumer() = this
} }
KeyGeneratorGetInstanceCall getInstantiationCall() { result = instantiationCall } KeyGeneratorGetInstanceCall getInstantiationCall() { result = instantiationCall }