mirror of
https://github.com/github/codeql.git
synced 2026-04-20 14:34:04 +02:00
Merge pull request #1 from nicolaswill/brodes/experiments
Concepts for elliptic curves and misc. updates.
This commit is contained in:
@@ -94,6 +94,11 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
|
||||
*/
|
||||
abstract string getAlgorithmName();
|
||||
|
||||
/**
|
||||
* Gets the raw name of this algorithm from source (no parsing or formatting)
|
||||
*/
|
||||
abstract string getRawAlgorithmName();
|
||||
|
||||
final override string toString() { result = this.getAlgorithmName() }
|
||||
}
|
||||
|
||||
@@ -147,10 +152,6 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
|
||||
|
||||
override string getAlgorithmName() { this.hashTypeToNameMapping(this.getHashType(), result) }
|
||||
|
||||
/**
|
||||
* Gets the raw name of this hash algorithm from source.
|
||||
*/
|
||||
abstract string getRawAlgorithmName();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -197,30 +198,55 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
|
||||
}
|
||||
}
|
||||
|
||||
newtype TEllipticCurveFamilyType =
|
||||
// We're saying by this that all of these have an identical interface / properties / edges
|
||||
NIST() or
|
||||
SEC() or
|
||||
NUMS() or
|
||||
PRIME() or
|
||||
BRAINPOOL() or
|
||||
CURVE25519() or
|
||||
CURVE448() or
|
||||
C2() or
|
||||
SM2() or
|
||||
ES() or
|
||||
OtherEllipticCurveFamilyType()
|
||||
|
||||
|
||||
/**
|
||||
* Elliptic curve algorithm
|
||||
*/
|
||||
abstract class EllipticCurve extends Algorithm {
|
||||
abstract string getVersion(Location location);
|
||||
|
||||
|
||||
abstract string getKeySize(Location location);
|
||||
|
||||
abstract TEllipticCurveFamilyType getCurveFamilyType();
|
||||
|
||||
override predicate properties(string key, string value, Location location) {
|
||||
super.properties(key, value, location)
|
||||
or
|
||||
key = "version" and
|
||||
if exists(this.getVersion(location))
|
||||
then value = this.getVersion(location)
|
||||
else (
|
||||
value instanceof UnknownPropertyValue and location instanceof UnknownLocation
|
||||
)
|
||||
or
|
||||
key = "key_size" and
|
||||
if exists(this.getKeySize(location))
|
||||
then value = this.getKeySize(location)
|
||||
else (
|
||||
value instanceof UnknownPropertyValue and location instanceof UnknownLocation
|
||||
)
|
||||
// other properties, like field type are possible, but not modeled until considered necessary
|
||||
}
|
||||
|
||||
override string getAlgorithmName() { result = this.getRawAlgorithmName().toUpperCase()}
|
||||
|
||||
/**
|
||||
* Mandating that for Elliptic Curves specifically, users are responsible
|
||||
* for providing as the 'raw' name, the official name of the algorithm.
|
||||
* Casing doesn't matter, we will enforce further naming restrictions on
|
||||
* `getAlgorithmName` by default.
|
||||
* Rationale: elliptic curve names can have a lot of variation in their components
|
||||
* (e.g., "secp256r1" vs "P-256"), trying to produce generalized set of properties
|
||||
* is possible to capture all cases, but such modeling is likely not necessary.
|
||||
* if all properties need to be captured, we can reassess how names are generated.
|
||||
*/
|
||||
override abstract string getRawAlgorithmName();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user