Misc updates for OpenSSL modeling to trace algorithm literals to known alg getters, and converting the literal to a TCipherType.

2026-04-22 23:35:14 +02:00 · 2025-03-05 15:17:52 -05:00
parent cce5f24b38
commit de3ff45cba
8 changed files with 652 additions and 150 deletions
--- a/cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherAlgorithmSource.qll
+++ b/cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherAlgorithmSource.qll
@@ -0,0 +1,148 @@
+import cpp
+import experimental.Quantum.Language
+import EVPCipherConsumers
+import OpenSSLAlgorithmGetter
+
+predicate literalToCipherFamilyType(Literal e, Crypto::TCipherType type) {
+  exists(string name, string algType | algType.toLowerCase().matches("%encryption") |
+    resolveAlgorithmFromLiteral(e, name, algType) and
+    (
+      name.matches("AES%") and type instanceof Crypto::AES
+      or
+      name.matches("ARIA") and type instanceof Crypto::ARIA
+      or
+      name.matches("BLOWFISH") and type instanceof Crypto::BLOWFISH
+      or
+      name.matches("BF") and type instanceof Crypto::BLOWFISH
+      or
+      name.matches("CAMELLIA%") and type instanceof Crypto::CAMELLIA
+      or
+      name.matches("CHACHA20") and type instanceof Crypto::CHACHA20
+      or
+      name.matches("CAST5") and type instanceof Crypto::CAST5
+      or
+      name.matches("2DES") and type instanceof Crypto::DOUBLEDES
+      or
+      name.matches(["3DES", "TRIPLEDES"]) and type instanceof Crypto::TRIPLEDES
+      or
+      name.matches("DES") and type instanceof Crypto::DES
+      or
+      name.matches("DESX") and type instanceof Crypto::DESX
+      or
+      name.matches("GOST%") and type instanceof Crypto::GOST
+      or
+      name.matches("IDEA") and type instanceof Crypto::IDEA
+      or
+      name.matches("KUZNYECHIK") and type instanceof Crypto::KUZNYECHIK
+      or
+      name.matches("MAGMA") and type instanceof Crypto::MAGMA
+      or
+      name.matches("RC2") and type instanceof Crypto::RC2
+      or
+      name.matches("RC4") and type instanceof Crypto::RC4
+      or
+      name.matches("RC5") and type instanceof Crypto::RC5
+      or
+      name.matches("RSA") and type instanceof Crypto::RSA
+      or
+      name.matches("SEED") and type instanceof Crypto::SEED
+      or
+      name.matches("SM4") and type instanceof Crypto::SM4
+    )
+  )
+}
+
+class CipherKnownAlgorithmLiteralAlgorithmInstance extends Crypto::CipherAlgorithmInstance instanceof Literal
+{
+  CipherKnownAlgorithmLiteralAlgorithmInstance() {
+    exists(EVPCipherGetterCall c, DataFlow::Node src, DataFlow::Node sink |
+      sink = c.getValueArgNode() and
+      src.asExpr() = this and
+      KnownAlgorithmLiteralToAlgorithmGetterFlow::flow(src, sink) and
+      // Not just any known value, but specifically a known cipher operation
+      exists(string algType |
+        resolveAlgorithmFromLiteral(src.asExpr(), _, algType) and
+        algType.toLowerCase().matches("%encryption")
+      )
+    )
+  }
+
+  Crypto::AlgorithmConsumer getConsumer() { none() } //result = consumer }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() {
+    none() // TODO: provider defaults
+  }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
+
+  override Crypto::TCipherType getCipherFamily() { literalToCipherFamilyType(this, result) }
+}
+//     override Crypto::TCipherType getCipherFamily() {
+//       if this.cipherNameMappingKnown(_, super.getAlgorithmName())
+//       then this.cipherNameMappingKnown(result, super.getAlgorithmName())
+//       else result instanceof Crypto::OtherCipherType
+//     }
+//     bindingset[name]
+//     private predicate cipherNameMappingKnown(Crypto::TCipherType type, string name) {
+//       name = "AES" and
+//       type instanceof Crypto::AES
+//       or
+//       name = "DES" and
+//       type instanceof Crypto::DES
+//       or
+//       name = "TripleDES" and
+//       type instanceof Crypto::TripleDES
+//       or
+//       name = "IDEA" and
+//       type instanceof Crypto::IDEA
+//       or
+//       name = "CAST5" and
+//       type instanceof Crypto::CAST5
+//       or
+//       name = "ChaCha20" and
+//       type instanceof Crypto::ChaCha20
+//       or
+//       name = "RC4" and
+//       type instanceof Crypto::RC4
+//       or
+//       name = "RC5" and
+//       type instanceof Crypto::RC5
+//       or
+//       name = "RSA" and
+//       type instanceof Crypto::RSA
+//     }
+//     private predicate modeToNameMappingKnown(Crypto::TBlockCipherModeOperationType type, string name) {
+//       type instanceof Crypto::ECB and name = "ECB"
+//       or
+//       type instanceof Crypto::CBC and name = "CBC"
+//       or
+//       type instanceof Crypto::GCM and name = "GCM"
+//       or
+//       type instanceof Crypto::CTR and name = "CTR"
+//       or
+//       type instanceof Crypto::XTS and name = "XTS"
+//       or
+//       type instanceof Crypto::CCM and name = "CCM"
+//       or
+//       type instanceof Crypto::SIV and name = "SIV"
+//       or
+//       type instanceof Crypto::OCB and name = "OCB"
+//     }
+//     override Crypto::TBlockCipherModeOperationType getModeType() {
+//       if this.modeToNameMappingKnown(_, super.getMode())
+//       then this.modeToNameMappingKnown(result, super.getMode())
+//       else result instanceof Crypto::OtherMode
+//     }
+//     override string getRawModeAlgorithmName() { result = super.getMode() }
+//     override string getRawPaddingAlgorithmName() { result = super.getPadding() }
+//     bindingset[name]
+//     private predicate paddingToNameMappingKnown(Crypto::TPaddingType type, string name) {
+//       type instanceof Crypto::NoPadding and name = "NOPADDING"
+//       or
+//       type instanceof Crypto::PKCS7 and name = ["PKCS5Padding", "PKCS7Padding"] // TODO: misnomer in the JCA?
+//       or
+//       type instanceof Crypto::OAEP and name.matches("OAEP%") // TODO: handle OAEPWith%
+//     }
+//   }