Merge pull request #1 from nicolaswill/brodes/experiments

Concepts for elliptic curves and misc. updates.
2026-04-20 14:34:04 +02:00 · 2025-02-06 14:43:09 +01:00
parent 69a63855cc 0cd3df9d26
commit cd70acde66
5 changed files with 392 additions and 12 deletions
--- a/cpp/ql/lib/experimental/Quantum/Base.qll
+++ b/cpp/ql/lib/experimental/Quantum/Base.qll
@@ -94,6 +94,11 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
     */
    abstract string getAlgorithmName();

+     /**
+     * Gets the raw name of this algorithm from source (no parsing or formatting)
+     */
+    abstract string getRawAlgorithmName();
+
    final override string toString() { result = this.getAlgorithmName() }
  }

@@ -147,10 +152,6 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {

    override string getAlgorithmName() { this.hashTypeToNameMapping(this.getHashType(), result) }

-    /**
-     * Gets the raw name of this hash algorithm from source.
-     */
-    abstract string getRawAlgorithmName();
  }

  /**
@@ -197,30 +198,55 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
    }
  }

+  newtype TEllipticCurveFamilyType =
+  // We're saying by this that all of these have an identical interface / properties / edges
+  NIST() or
+  SEC() or
+  NUMS() or
+  PRIME() or
+  BRAINPOOL() or
+  CURVE25519() or
+  CURVE448() or
+  C2() or
+  SM2() or
+  ES() or
+  OtherEllipticCurveFamilyType()
+
+
  /**
   * Elliptic curve algorithm
   */
  abstract class EllipticCurve extends Algorithm {
-    abstract string getVersion(Location location);
+

    abstract string getKeySize(Location location);

+    abstract TEllipticCurveFamilyType getCurveFamilyType();
+
    override predicate properties(string key, string value, Location location) {
      super.properties(key, value, location)
      or
-      key = "version" and
-      if exists(this.getVersion(location))
-      then value = this.getVersion(location)
-      else (
-        value instanceof UnknownPropertyValue and location instanceof UnknownLocation
-      )
-      or
      key = "key_size" and
      if exists(this.getKeySize(location))
      then value = this.getKeySize(location)
      else (
        value instanceof UnknownPropertyValue and location instanceof UnknownLocation
      )
+      // other properties, like field type are possible, but not modeled until considered necessary
    }
+
+    override string getAlgorithmName() { result = this.getRawAlgorithmName().toUpperCase()}
+
+    /**
+     * Mandating that for Elliptic Curves specifically, users are responsible
+     * for providing as the 'raw' name, the official name of the algorithm. 
+     * Casing doesn't matter, we will enforce further naming restrictions on 
+     * `getAlgorithmName` by default. 
+     * Rationale: elliptic curve names can have a lot of variation in their components
+     * (e.g., "secp256r1" vs "P-256"), trying to produce generalized set of properties
+     * is possible to capture all cases, but such modeling is likely not necessary. 
+     * if all properties need to be captured, we can reassess how names are generated. 
+     */
+    override abstract string getRawAlgorithmName();
  }
 }