hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial hash models for openssl.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-03-07 14:24:01 -05:00
parent cf72fde911
commit bac0a635f9
8 changed files with 312 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
cpp/ql/lib/experimental/Quantum/Language.qll
View File

@@ -22,82 +22,82 @@ abstract class AdditionalFlowInputStep extends DataFlow::Node {
}
/**
* Generic data source to node input configuration
*/
module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source = any(Crypto::GenericDataSourceInstance i).getOutputNode()
}
predicate isSink(DataFlow::Node sink) {
sink = any(Crypto::FlowAwareElement other).getInputNode()
}
predicate isBarrierOut(DataFlow::Node node) {
node = any(Crypto::FlowAwareElement element).getInputNode()
}
predicate isBarrierIn(DataFlow::Node node) {
node = any(Crypto::FlowAwareElement element).getOutputNode()
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
node1.(AdditionalFlowInputStep).getOutput() = node2
}
}
// // TODO: I think this will be inefficient, no?
// class ConstantDataSource extends Crypto::GenericConstantOrAllocationSource instanceof Literal {
// override DataFlow::Node getOutputNode() {
// result.asExpr() = this
// /**
// * Generic data source to node input configuration
// */
// module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
// predicate isSource(DataFlow::Node source) {
// source = any(Crypto::GenericDataSourceInstance i).getOutputNode()
// }
// override predicate flowsTo(Crypto::FlowAwareElement other) {
// // TODO: separate config to avoid blowing up data-flow analysis
// GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
// predicate isSink(DataFlow::Node sink) {
// sink = any(Crypto::FlowAwareElement other).getInputNode()
// }
// override string getAdditionalDescription() { result = this.toString() }
// }
/**
* Definitions of various generic data sources
*/
// final class DefaultFlowSource = SourceNode;
// final class DefaultRemoteFlowSource = RemoteFlowSource;
// class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
// GenericLocalDataSource() {
// any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
// predicate isBarrierOut(DataFlow::Node node) {
// node = any(Crypto::FlowAwareElement element).getInputNode()
// }
// override DataFlow::Node getOutputNode() { result.asExpr() = this }
// override predicate flowsTo(Crypto::FlowAwareElement other) {
// GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
// predicate isBarrierIn(DataFlow::Node node) {
// node = any(Crypto::FlowAwareElement element).getOutputNode()
// }
// override string getAdditionalDescription() { result = this.toString() }
// }
// class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
// GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
// override DataFlow::Node getOutputNode() { result.asExpr() = this }
// override predicate flowsTo(Crypto::FlowAwareElement other) {
// GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
// predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
// node1.(AdditionalFlowInputStep).getOutput() = node2
// }
// override string getAdditionalDescription() { result = this.toString() }
// }
module GenericDataSourceUniversalFlow = DataFlow::Global<GenericDataSourceUniversalFlowConfig>;
// // // TODO: I think this will be inefficient, no?
// // class ConstantDataSource extends Crypto::GenericConstantOrAllocationSource instanceof Literal {
// // override DataFlow::Node getOutputNode() {
// // result.asExpr() = this
// // }
// // override predicate flowsTo(Crypto::FlowAwareElement other) {
// // // TODO: separate config to avoid blowing up data-flow analysis
// // GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
// // }
// // override string getAdditionalDescription() { result = this.toString() }
// // }
// /**
// * Definitions of various generic data sources
// */
// // final class DefaultFlowSource = SourceNode;
// // final class DefaultRemoteFlowSource = RemoteFlowSource;
// // class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
// // GenericLocalDataSource() {
// // any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
// // }
// // override DataFlow::Node getOutputNode() { result.asExpr() = this }
// // override predicate flowsTo(Crypto::FlowAwareElement other) {
// // GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
// // }
// // override string getAdditionalDescription() { result = this.toString() }
// // }
// // class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
// // GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
// // override DataFlow::Node getOutputNode() { result.asExpr() = this }
// // override predicate flowsTo(Crypto::FlowAwareElement other) {
// // GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
// // }
// // override string getAdditionalDescription() { result = this.toString() }
// // }
// module GenericDataSourceUniversalFlow = DataFlow::Global<GenericDataSourceUniversalFlowConfig>;
module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {

8
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPDigestAlgorithmSource.qll
View File

@@ -39,11 +39,11 @@ predicate literalToHashFamilyType(Literal e, Crypto::THashType type) {
class HashKnownAlgorithmLiteralAlgorithmInstance extends Crypto::HashAlgorithmInstance instanceof Literal
{
OpenSSLAlgorithmGetterCall cipherGetterCall;
OpenSSLAlgorithmGetterCall getterCall;
HashKnownAlgorithmLiteralAlgorithmInstance() {
exists(DataFlow::Node src, DataFlow::Node sink |
sink = cipherGetterCall.getValueArgNode() and
sink = getterCall.getValueArgNode() and
src.asExpr() = this and
KnownAlgorithmLiteralToAlgorithmGetterFlow::flow(src, sink) and
// Not just any known value, but specifically a known cipher operation
@@ -56,10 +56,12 @@ class HashKnownAlgorithmLiteralAlgorithmInstance extends Crypto::HashAlgorithmIn
// TODO: should this not be part of the abstract algorithm definition?
Crypto::AlgorithmConsumer getConsumer() {
AlgGetterToAlgConsumerFlow::flow(cipherGetterCall.getResultNode(), DataFlow::exprNode(result))
AlgGetterToAlgConsumerFlow::flow(getterCall.getResultNode(), DataFlow::exprNode(result))
}
override Crypto::THashType getHashFamily() { literalToHashFamilyType(this, result) }
override int getHashSize() { none() } //TODO
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
}

70
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashAlgorithmSource.qll Normal file
View File

@@ -0,0 +1,70 @@
import cpp
import experimental.Quantum.Language
import EVPHashConsumers
import OpenSSLAlgorithmGetter
predicate literalToHashFamilyType(Literal e, Crypto::THashType type) {
exists(string name, string algType | algType.toLowerCase().matches("hash") |
resolveAlgorithmFromLiteral(e, name, algType) and
(
name.matches("BLAKE2B") and type instanceof Crypto::BLAKE2B
or
name.matches("BLAKE2S") and type instanceof Crypto::BLAKE2S
or
name.matches("MD2") and type instanceof Crypto::MD2
or
name.matches("MD4") and type instanceof Crypto::MD4
or
name.matches("MD5") and type instanceof Crypto::MD5
or
name.matches("POLY1305") and type instanceof Crypto::POLY1305
or
name.matches(["SHA", "SHA1"]) and type instanceof Crypto::SHA1
or
name.matches("SHA+%") and not name.matches(["SHA1", "SHA3-"]) and type instanceof Crypto::SHA2
or
name.matches("SHA3-%") and type instanceof Crypto::SHA3
or
name.matches(["SHAKE"]) and type instanceof Crypto::SHAKE
or
name.matches("SM3") and type instanceof Crypto::SM3
or
name.matches("RIPEMD160") and type instanceof Crypto::RIPEMD160
or
//or
//TODO: need to handle MACs differently, including md_GOST94
// name.matches("%GOST%") and type instanceof Crypto::GOST
name.matches("WHIRLPOOL") and type instanceof Crypto::WHIRLPOOL
)
)
}
class HashKnownAlgorithmLiteralAlgorithmInstance extends Crypto::HashAlgorithmInstance instanceof Literal
{
OpenSSLAlgorithmGetterCall cipherGetterCall;
HashKnownAlgorithmLiteralAlgorithmInstance() {
exists(DataFlow::Node src, DataFlow::Node sink |
sink = cipherGetterCall.getValueArgNode() and
src.asExpr() = this and
KnownAlgorithmLiteralToAlgorithmGetterFlow::flow(src, sink) and
// Not just any known value, but specifically a known cipher operation
exists(string algType |
resolveAlgorithmFromLiteral(src.asExpr(), _, algType) and
algType.toLowerCase().matches("hash")
)
)
}
Crypto::AlgorithmConsumer getConsumer() {
AlgGetterToAlgConsumerFlow::flow(cipherGetterCall.getResultNode(), DataFlow::exprNode(result))
}
override Crypto::THashType getHashFamily() {
literalToHashFamilyType(this, result)
}
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
override int getHashSize() {none() }//TODO
}

27
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashConsumers.qll Normal file
View File

@@ -0,0 +1,27 @@
import EVPHashInitializer
import EVPHashOperation
import EVPHashAlgorithmSource
class EVP_Digest_Initializer_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVPDigestInitializerAlgorithmArgument{
override DataFlow::Node getInputNode() { result.asExpr() = this }
override Crypto::AlgorithmElement getAKnownAlgorithmSource() {
result.(HashKnownAlgorithmLiteralAlgorithmInstance).getConsumer() = this
}
}
class EVP_Q_Digest_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVP_Q_Digest_Algorithm_Argument{
override DataFlow::Node getInputNode() { result.asExpr() = this }
override Crypto::AlgorithmElement getAKnownAlgorithmSource() {
result.(HashKnownAlgorithmLiteralAlgorithmInstance).getConsumer() = this
}
}
class EVP_Digest_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVP_Digest_Algorithm_Argument{
override DataFlow::Node getInputNode() { result.asExpr() = this }
override Crypto::AlgorithmElement getAKnownAlgorithmSource() {
result.(HashKnownAlgorithmLiteralAlgorithmInstance).getConsumer() = this
}
}

25
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashInitializer.qll Normal file
View File

@@ -0,0 +1,25 @@
import cpp
abstract class EVP_Hash_Inititalizer extends Call {
Expr getContextArg() { result = this.(Call).getArgument(0) }
abstract Expr getAlgorithmArg();
}
class EVP_DigestInit_Variant_Calls extends EVP_Hash_Inititalizer {
EVP_DigestInit_Variant_Calls() {
this.(Call).getTarget().getName() in [
"EVP_DigestInit", "EVP_DigestInit_ex", "EVP_DigestInit_ex2"
]
}
override Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
}
class EVPDigestInitializerAlgorithmArgument extends Expr {
EVPDigestInitializerAlgorithmArgument() {
exists(EVP_Hash_Inititalizer initCall | this = initCall.getAlgorithmArg())
}
}

80
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashOperation.qll
View File

@@ -1,5 +1,83 @@
import experimental.Quantum.Language
import CtxFlow as CTXFlow
import LibraryDetector
import EVPHashInitializer
import EVPHashConsumers
abstract class EVP_Hash_Operation extends Crypto::HashOperationInstance instanceof Call {
Expr getContextArg() { result = this.(Call).getArgument(0) }
//https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
EVP_Hash_Inititalizer getInitCall() {
CTXFlow::ctxFlowsTo(result.getContextArg(), this.getContextArg())
}
}
//https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
class EVP_Q_Digest_Operation extends EVP_Hash_Operation {
EVP_Q_Digest_Operation() {
this.(Call).getTarget().getName() = "EVP_Q_digest" and
isPossibleOpenSSLFunction(this.(Call).getTarget())
}
override Crypto::AlgorithmConsumer getAlgorithmConsumer() { this.(Call).getArgument(1) = result }
override EVP_Hash_Inititalizer getInitCall() {
// This variant of digest does not use an init
// and even if it were used, the init would be ignored/undefined
none()
}
}
class EVP_Q_Digest_Algorithm_Argument extends Expr {
EVP_Q_Digest_Algorithm_Argument() {
exists(EVP_Q_Digest_Operation op | this = op.(Call).getArgument(1))
}
}
class EVP_Digest_Operation extends EVP_Hash_Operation {
EVP_Digest_Operation() {
this.(Call).getTarget().getName() = "EVP_Digest" and
isPossibleOpenSSLFunction(this.(Call).getTarget())
}
// There is no context argument for this function
override Expr getContextArg() { none() }
override Crypto::AlgorithmConsumer getAlgorithmConsumer() { this.(Call).getArgument(4) = result }
override EVP_Hash_Inititalizer getInitCall() {
// This variant of digest does not use an init
// and even if it were used, the init would be ignored/undefined
none()
}
}
class EVP_Digest_Algorithm_Argument extends Expr {
EVP_Digest_Algorithm_Argument() {
exists(EVP_Digest_Operation op | this = op.(Call).getArgument(4))
}
}
class EVP_DigestUpdate_Operation extends EVP_Hash_Operation {
EVP_DigestUpdate_Operation() {
this.(Call).getTarget().getName() = "EVP_DigestUpdate" and
isPossibleOpenSSLFunction(this.(Call).getTarget())
}
override Crypto::AlgorithmConsumer getAlgorithmConsumer() {
this.getInitCall().getAlgorithmArg() = result
}
}
class EVP_DigestFinal_Variants_Operation extends EVP_Hash_Operation {
EVP_DigestFinal_Variants_Operation() {
this.(Call).getTarget().getName() in [
"EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"
] and
isPossibleOpenSSLFunction(this.(Call).getTarget())
}
override Crypto::AlgorithmConsumer getAlgorithmConsumer() {
this.getInitCall().getAlgorithmArg() = result
}
}

72
cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSLKnownAlgorithmConstants.qll
View File

@@ -212,13 +212,13 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "sha512-256" and nid = 1095 and normalized = "SHA512256" and algType = "HASH"
or
name = "sha3-224" and nid = 1096 and normalized = "SHA3224" and algType = "HASH"
name = "sha3-224" and nid = 1096 and normalized = "SHA3-224" and algType = "HASH"
or
name = "sha3-256" and nid = 1097 and normalized = "SHA3256" and algType = "HASH"
name = "sha3-256" and nid = 1097 and normalized = "SHA3-256" and algType = "HASH"
or
name = "sha3-384" and nid = 1098 and normalized = "SHA3384" and algType = "HASH"
name = "sha3-384" and nid = 1098 and normalized = "SHA3-384" and algType = "HASH"
or
name = "sha3-512" and nid = 1099 and normalized = "SHA3512" and algType = "HASH"
name = "sha3-512" and nid = 1099 and normalized = "SHA3-512" and algType = "HASH"
or
name = "shake128" and nid = 1100 and normalized = "SHAKE128" and algType = "HASH"
or
@@ -1232,13 +1232,13 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "poly1305" and nid = 1061 and normalized = "POLY1305" and algType = "HASH"
or
name = "hmac-sha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH"
name = "hmac-sha3-224" and nid = 1102 and normalized = "SHA3-224" and algType = "HASH"
or
name = "hmac-sha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH"
name = "hmac-sha3-256" and nid = 1103 and normalized = "SHA3-256" and algType = "HASH"
or
name = "hmac-sha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH"
name = "hmac-sha3-384" and nid = 1104 and normalized = "SHA3-384" and algType = "HASH"
or
name = "hmac-sha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH"
name = "hmac-sha3-512" and nid = 1105 and normalized = "SHA3-512" and algType = "HASH"
or
name = "id-dsa-with-sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE"
or
@@ -1250,35 +1250,35 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH"
name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "SHA3-224" and algType = "HASH"
or
name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH"
name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "SHA3-256" and algType = "HASH"
or
name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH"
name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "SHA3-384" and algType = "HASH"
or
name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH"
name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "SHA3-512" and algType = "HASH"
or
name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH"
name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "SHA3-224" and algType = "HASH"
or
name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH"
name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "SHA3-256" and algType = "HASH"
or
name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH"
name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "SHA3-384" and algType = "HASH"
or
name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH"
name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "SHA3-512" and algType = "HASH"
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and
nid = 1116 and
@@ -1292,7 +1292,7 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and
nid = 1116 and
normalized = "SHA3224" and
normalized = "SHA3-224" and
algType = "HASH"
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and
@@ -1307,7 +1307,7 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and
nid = 1117 and
normalized = "SHA3256" and
normalized = "SHA3-256" and
algType = "HASH"
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and
@@ -1322,7 +1322,7 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and
nid = 1118 and
normalized = "SHA3384" and
normalized = "SHA3-384" and
algType = "HASH"
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and
@@ -1337,7 +1337,7 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and
nid = 1119 and
normalized = "SHA3512" and
normalized = "SHA3-512" and
algType = "HASH"
or
name = "aria-128-ccm" and nid = 1120 and normalized = "CCM" and algType = "BLOCK_MODE"
@@ -1666,19 +1666,19 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "dsa_with_sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "dsa_with_sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH"
name = "dsa_with_sha3-224" and nid = 1108 and normalized = "SHA3-224" and algType = "HASH"
or
name = "dsa_with_sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "dsa_with_sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH"
name = "dsa_with_sha3-256" and nid = 1109 and normalized = "SHA3-256" and algType = "HASH"
or
name = "dsa_with_sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "dsa_with_sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH"
name = "dsa_with_sha3-384" and nid = 1110 and normalized = "SHA3-384" and algType = "HASH"
or
name = "dsa_with_sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "dsa_with_sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH"
name = "dsa_with_sha3-512" and nid = 1111 and normalized = "SHA3-512" and algType = "HASH"
or
name = "dsa_with_sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE"
or
@@ -1752,19 +1752,19 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH"
name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "SHA3-224" and algType = "HASH"
or
name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH"
name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "SHA3-256" and algType = "HASH"
or
name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH"
name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "SHA3-384" and algType = "HASH"
or
name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE"
or
name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH"
name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "SHA3-512" and algType = "HASH"
or
name = "gost 28147-89" and
nid = 813 and
@@ -2201,13 +2201,13 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
normalized = "GOSTR341194" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH"
name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "SHA3-224" and algType = "HASH"
or
name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH"
name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "SHA3-256" and algType = "HASH"
or
name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH"
name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "SHA3-384" and algType = "HASH"
or
name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH"
name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "SHA3-512" and algType = "HASH"
or
name = "id-regctrl" and nid = 313 and normalized = "CTR" and algType = "BLOCK_MODE"
or
@@ -2590,19 +2590,19 @@ predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string
or
name = "rsa-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3224" and algType = "HASH"
name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3-224" and algType = "HASH"
or
name = "rsa-sha3-256" and nid = 1117 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
name = "rsa-sha3-256" and nid = 1117 and normalized = "SHA3256" and algType = "HASH"
name = "rsa-sha3-256" and nid = 1117 and normalized = "SHA3-256" and algType = "HASH"
or
name = "rsa-sha3-384" and nid = 1118 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
name = "rsa-sha3-384" and nid = 1118 and normalized = "SHA3384" and algType = "HASH"
name = "rsa-sha3-384" and nid = 1118 and normalized = "SHA3-384" and algType = "HASH"
or
name = "rsa-sha3-512" and nid = 1119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or
name = "rsa-sha3-512" and nid = 1119 and normalized = "SHA3512" and algType = "HASH"
name = "rsa-sha3-512" and nid = 1119 and normalized = "SHA3-512" and algType = "HASH"
or
name = "rsa-sha384" and nid = 669 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
or

8
shared/cryptography/codeql/cryptography/Model.qll
View File

@@ -359,13 +359,17 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
abstract class EllipticCurveAlgorithmInstance extends LocatableElement { }
abstract class HashOperationInstance extends KnownElement { }
abstract class HashOperationInstance extends OperationElement {
// TODO: need input and outputs, but this should be universal to all Operations
}
abstract class HashAlgorithmInstance extends AlgorithmElement {
/**
* Gets the type of this digest algorithm, e.g., "SHA1", "SHA2", "MD5" etc.
*/
abstract THashType getHashFamily();
abstract int getHashSize();
}
abstract class KeyDerivationOperationInstance extends KnownElement { }
@@ -1034,7 +1038,6 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
newtype THashType =
BLAKE2B() or
BLAKE2S() or
RIPEMD160() or
MD2() or
MD4() or
MD5() or
@@ -1044,6 +1047,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
SHA3() or
SHAKE() or
SM3() or
RIPEMD160() or
WHIRLPOOL() or
OtherHashType()