hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Further simplify test caes to only use edges/nodes/properties. Update model to account for MAC algorithms.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-06-12 15:36:59 -04:00
parent 20e2c7cefd
commit eb20955a54
15 changed files with 268 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
View File

@@ -134,6 +134,30 @@ class KnownOpenSSLHashAlgorithmExpr extends Expr instanceof KnownOpenSSLAlgorith
}
}
class KnownOpenSSLMACAlgorithmExpr extends Expr instanceof KnownOpenSSLAlgorithmExpr {
KnownOpenSSLMACAlgorithmExpr() { resolveAlgorithmFromExpr(this, _, "MAC") }
}
class KnownOpenSSLHMACAlgorithmExpr extends Expr instanceof KnownOpenSSLMACAlgorithmExpr {
KnownOpenSSLHMACAlgorithmExpr() { resolveAlgorithmFromExpr(this, "HMAC", "MAC") }
/**
* Gets an explicit cipher algorithm for this MAC algorithm.
* This occurs when the MAC specifies the algorithm at the same time "HMAC-SHA-256"
*/
KnownOpenSSLHashAlgorithmExpr getExplicitHashAlgorithm() { result = this }
}
class KnownOpenSSLCMACAlgorithmExpr extends Expr instanceof KnownOpenSSLMACAlgorithmExpr {
KnownOpenSSLCMACAlgorithmExpr() { resolveAlgorithmFromExpr(this, "CMAC", "MAC") }
/**
* Gets an explicit cipher algorithm for this MAC algorithm.
* This occurs when the MAC specifies the algorithm at the same time "HMAC-SHA-256"
*/
KnownOpenSSLCipherAlgorithmExpr getExplicitCipherAlgorithm() { result = this }
}
class KnownOpenSSLEllipticCurveAlgorithmExpr extends Expr instanceof KnownOpenSSLAlgorithmExpr {
KnownOpenSSLEllipticCurveAlgorithmExpr() { resolveAlgorithmFromExpr(this, _, "ELLIPTIC_CURVE") }
}
@@ -946,6 +970,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "DH" and algType = "KEY_AGREEMENT"
or
name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "HMAC" and algType = "MAC"
or
name = "aes-128-ofb" and nid = 420 and normalized = "AES-128" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-ofb" and nid = 420 and normalized = "OFB" and algType = "BLOCK_MODE"
@@ -1124,8 +1150,12 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "hmac-md5" and nid = 780 and normalized = "MD5" and algType = "HASH"
or
name = "hmac-md5" and nid = 780 and normalized = "HMAC" and algType = "HASH"
or
name = "hmac-sha1" and nid = 781 and normalized = "SHA1" and algType = "HASH"
or
name = "hmac-sha1" and nid = 781 and normalized = "HMAC" and algType = "MAC"
or
name = "md_gost94" and nid = 809 and normalized = "GOST94" and algType = "HASH"
or
name = "gost94" and nid = 812 and normalized = "GOST94" and algType = "HASH"
@@ -1200,10 +1230,14 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "rc4-hmac-md5" and nid = 915 and normalized = "MD5" and algType = "HASH"
or
name = "rc4-hmac-md5" and nid = 915 and normalized = "HMAC" and algType = "MAC"
or
name = "rc4-hmac-md5" and nid = 915 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION"
or
name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "SHA1" and algType = "HASH"
or
name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "HMAC" and algType = "MAC"
or
name = "aes-128-cbc-hmac-sha1" and
nid = 916 and
normalized = "AES-128" and
@@ -1213,6 +1247,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "SHA1" and algType = "HASH"
or
name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "HMAC" and algType = "MAC"
or
name = "aes-192-cbc-hmac-sha1" and
nid = 917 and
normalized = "AES-192" and
@@ -1227,6 +1263,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "CBC" and algType = "BLOCK_MODE"
or
name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "HMAC" and algType = "MAC"
or
name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "SHA-256" and algType = "HASH"
or
name = "aes-128-cbc-hmac-sha256" and
@@ -1238,6 +1276,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "SHA-256" and algType = "HASH"
or
name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "HMAC" and algType = "MAC"
or
name = "aes-192-cbc-hmac-sha256" and
nid = 949 and
normalized = "AES-192" and
@@ -1247,6 +1287,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "SHA-256" and algType = "HASH"
or
name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "HMAC" and algType = "MAC"
or
name = "aes-256-cbc-hmac-sha256" and
nid = 950 and
normalized = "AES-256" and
@@ -1286,6 +1328,11 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "CAMELLIA-128" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-128-cmac" and
nid = 964 and
normalized = "CMAC" and
algType = "MAC"
or
name = "camellia-192-gcm" and
nid = 965 and
normalized = "CAMELLIA-192" and
@@ -1338,6 +1385,11 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "CAMELLIA-256" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "camellia-256-cmac" and
nid = 972 and
normalized = "CMAC" and
algType = "MAC"
or
name = "id-scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION"
or
name = "gost89-cnt-12" and
@@ -1351,11 +1403,13 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "md_gost12_512" and nid = 983 and normalized = "GOST" and algType = "HASH"
or
// TODO: re-evaluate: this is a signing algorithm using hashing and curves
name = "id-tc26-signwithdigest-gost3410-2012-256" and
nid = 985 and
normalized = "GOST34102012" and
algType = "SYMMETRIC_ENCRYPTION"
or
// TODO: re-evaluate: this is a signing algorithm using hashing and curves
name = "id-tc26-signwithdigest-gost3410-2012-512" and
nid = 986 and
normalized = "GOST34102012" and
@@ -1364,22 +1418,42 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
name = "id-tc26-hmac-gost-3411-2012-256" and
nid = 988 and
normalized = "GOST34112012" and
algType = "SYMMETRIC_ENCRYPTION"
algType = "HASH"
or
name = "id-tc26-hmac-gost-3411-2012-256" and
nid = 988 and
normalized = "HMAC" and
algType = "MAC"
or
name = "id-tc26-hmac-gost-3411-2012-512" and
nid = 989 and
normalized = "GOST34112012" and
algType = "SYMMETRIC_ENCRYPTION"
algType = "HASH"
or
name = "id-tc26-hmac-gost-3411-2012-512" and
nid = 989 and
normalized = "HMAC" and
algType = "MAC"
or
name = "id-tc26-agreement-gost-3410-2012-256" and
nid = 992 and
normalized = "GOST34102012" and
algType = "SYMMETRIC_ENCRYPTION"
algType = "ELLIPTIC_CURVE"
or
name = "id-tc26-agreement-gost-3410-2012-256" and
nid = 992 and
normalized = "GOST34102012" and
algType = "KEY_AGREEMENT"
or
name = "id-tc26-agreement-gost-3410-2012-512" and
nid = 993 and
normalized = "GOST34102012" and
algType = "SYMMETRIC_ENCRYPTION"
algType = "ELLIPTIC_CURVE"
or
name = "id-tc26-agreement-gost-3410-2012-512" and
nid = 993 and
normalized = "GOST34102012" and
algType = "KEY_AGREEMENT"
or
name = "id-tc26-gost-3410-2012-512-constants" and
nid = 996 and
@@ -1467,12 +1541,20 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "hmac-sha3-224" and nid = 1102 and normalized = "SHA3-224" and algType = "HASH"
or
name = "hmac-sha3-224" and nid = 1102 and normalized = "HMAC" and algType = "MAC"
or
name = "hmac-sha3-256" and nid = 1103 and normalized = "SHA3-256" and algType = "HASH"
or
name = "hmac-sha3-256" and nid = 1103 and normalized = "HMAC" and algType = "MAC"
or
name = "hmac-sha3-384" and nid = 1104 and normalized = "SHA3-384" and algType = "HASH"
or
name = "hmac-sha3-384" and nid = 1104 and normalized = "HMAC" and algType = "MAC"
or
name = "hmac-sha3-512" and nid = 1105 and normalized = "SHA3-512" and algType = "HASH"
or
name = "hmac-sha3-512" and nid = 1105 and normalized = "HMAC" and algType = "MAC"
or
name = "id-dsa-with-sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE"
or
name = "id-dsa-with-sha384" and nid = 1106 and normalized = "SHA-384" and algType = "HASH"
@@ -2240,34 +2322,67 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "hmac gost 34.11-2012 256 bit" and
nid = 988 and
normalized = "HMAC" and
algType = "MAC"
or
name = "hmac gost 34.11-2012 512 bit" and
nid = 989 and
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "hmac gost 34.11-2012 512 bit" and
nid = 989 and
normalized = "HMAC" and
algType = "MAC"
or
name = "hmac gost 34.11-94" and
nid = 810 and
normalized = "GOST" and
algType = "SYMMETRIC_ENCRYPTION"
or
name = "hmac gost 34.11-94" and
nid = 810 and
normalized = "HMAC" and
algType = "MAC"
or
name = "hmacwithmd5" and nid = 797 and normalized = "MD5" and algType = "HASH"
or
name = "hmacwithmd5" and nid = 797 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha1" and nid = 163 and normalized = "SHA1" and algType = "HASH"
or
name = "hmacwithsha1" and nid = 163 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha224" and nid = 798 and normalized = "SHA-224" and algType = "HASH"
or
name = "hmacwithsha224" and nid = 798 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha256" and nid = 799 and normalized = "SHA-256" and algType = "HASH"
or
name = "hmacwithsha256" and nid = 799 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha384" and nid = 800 and normalized = "SHA-384" and algType = "HASH"
or
name = "hmacwithsha384" and nid = 800 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha512" and nid = 801 and normalized = "SHA-512" and algType = "HASH"
or
name = "hmacwithsha512" and nid = 801 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha512-224" and nid = 1193 and normalized = "SHA-512-224" and algType = "HASH"
or
name = "hmacwithsha512-224" and nid = 1193 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsha512-256" and nid = 1194 and normalized = "SHA-512-256" and algType = "HASH"
or
name = "hmacwithsha512-256" and nid = 1194 and normalized = "HMAC" and algType = "MAC"
or
name = "hmacwithsm3" and nid = 1281 and normalized = "SM3" and algType = "HASH"
or
name = "hmacwithsm3" and nid = 1281 and normalized = "HMAC" and algType = "MAC"
or
name = "id-aes128-ccm" and
nid = 896 and
normalized = "AES-128" and
@@ -2517,12 +2632,20 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
or
name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "SHA3-224" and algType = "HASH"
or
name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "HMAC" and algType = "MAC"
or
name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "SHA3-256" and algType = "HASH"
or
name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "HMAC" and algType = "MAC"
or
name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "SHA3-384" and algType = "HASH"
or
name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "HMAC" and algType = "MAC"
or
name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "SHA3-512" and algType = "HASH"
or
name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "HMAC" and algType = "MAC"
or
name = "id-regctrl" and nid = 313 and normalized = "CTR" and algType = "BLOCK_MODE"
or
name = "id-smime-alg-3deswrap" and
@@ -3080,4 +3203,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
algType = "SIGNATURE"
or
name = "sm3withrsaencryption" and nid = 1144 and normalized = "SM3" and algType = "HASH"
or
name = "hmac" and nid = 855 and normalized = "HMAC" and algType = "MAC"
or
name = "cmac" and nid = 894 and normalized = "CMAC" and algType = "MAC"
}

66
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll Normal file
View File

@@ -0,0 +1,66 @@
import cpp
private import experimental.quantum.Language
private import KnownAlgorithmConstants
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations
private import AlgToAVCFlow
class KnownOpenSSLMACConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
Crypto::MACAlgorithmInstance instanceof KnownOpenSSLMACAlgorithmExpr
{
OpenSSLAlgorithmValueConsumer getterCall;
KnownOpenSSLMACConstantAlgorithmInstance() {
// Two possibilities:
// 1) The source is a literal and flows to a getter, then we know we have an instance
// 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
// Possibility 1:
this instanceof OpenSSLAlgorithmLiteral and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a CipherGetterCall
sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
// Source is `this`
src.asExpr() = this and
// This traces to a getter
KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
)
or
// Possibility 2:
this instanceof OpenSSLAlgorithmCall and
getterCall = this
}
override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
override string getRawMACAlgorithmName() {
result = this.(Literal).getValue().toString()
or
result = this.(Call).getTarget().getName()
}
override Crypto::TMACType getMACType() {
this instanceof KnownOpenSSLHMACAlgorithmExpr and result instanceof Crypto::THMAC
or
this instanceof KnownOpenSSLCMACAlgorithmExpr and result instanceof Crypto::TCMAC
}
}
class KnownOpenSSLHMACConstantAlgorithmInstance extends Crypto::HMACAlgorithmInstance,
KnownOpenSSLMACConstantAlgorithmInstance
{
override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() {
if exists(this.(KnownOpenSSLHMACAlgorithmExpr).getExplicitHashAlgorithm())
then
// ASSUMPTION: if there is an explicit hash algorithm, it is already modeled
// and we can simply grab that model's AVC
exists(OpenSSLAlgorithmInstance inst | inst.getAVC() = result and inst = this)
else
// ASSUMPTION: If no explicit algorithm is given, then it is assumed to be configured by
// a signature operation
exists(Crypto::SignatureOperationInstance s |
s.getHashAlgorithmValueConsumer() = result and
s.getAnAlgorithmValueConsumer() = this.getAVC()
)
}
}

33
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll
View File

@@ -23,7 +23,7 @@ class EVPKeyGenInitialize extends EvpPrimaryAlgorithmInitializer {
override CtxPointerSource getContext() { result = this.(Call).getArgument(0) }
}
class EVPKeyGenOperation extends EVPFinal, Crypto::KeyGenerationOperationInstance {
class EVPKeyGenOperation extends EvpOperation, Crypto::KeyGenerationOperationInstance {
DataFlow::Node keyResultNode;
EVPKeyGenOperation() {
@@ -47,7 +47,7 @@ class EVPKeyGenOperation extends EVPFinal, Crypto::KeyGenerationOperationInstanc
override Expr getInputArg() { none() }
override Expr getOutputArg() { result = this.(Call).getArgument(1) }
override Expr getOutputArg() { result = keyResultNode.asExpr() }
override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() { result = keyResultNode }
@@ -65,3 +65,32 @@ class EVPKeyGenOperation extends EVPFinal, Crypto::KeyGenerationOperationInstanc
result = DataFlow::exprNode(this.getInitCall().(EvpKeySizeInitializer).getKeySizeArg())
}
}
/**
* Calls to `EVP_PKEY_new_mac_key` create a new MAC key.
* EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen);
*/
class EvpNewMacKey extends EvpOperation, Crypto::KeyGenerationOperationInstance {
DataFlow::Node keyResultNode;
EvpNewMacKey() {
this.(Call).getTarget().getName() = "EVP_PKEY_new_mac_key" and keyResultNode.asExpr() = this
}
override CtxPointerSource getContext() { none() }
override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TSymmetricKeyType() }
override Expr getOutputArg() { result = keyResultNode.asExpr() }
override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() { result = keyResultNode }
override Expr getInputArg() { none() }
override Expr getAlgorithmArg() { result = this.(Call).getArgument(0) }
override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
result = DataFlow::exprNode(this.(Call).getArgument(3))
}
}
/// TODO: https://docs.openssl.org/3.0/man3/EVP_PKEY_new/#synopsis

25
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll
View File

@@ -20,6 +20,22 @@ module EncValToInitEncArgConfig implements DataFlow::ConfigSig {
module EncValToInitEncArgFlow = DataFlow::Global<EncValToInitEncArgConfig>;
private predicate argToAVC(Expr arg, Crypto::AlgorithmValueConsumer avc) {
// NOTE: because we trace through keys to their sources we must consider that the arg is an avc
// Consider this example:
// EVP_PKEY *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, key_len);
// The key may trace into a signing operation. Tracing through the key we will get the arg taking `EVP_PKEY_HMAC`
// as the algorithm value consumer (the input node of the AVC). The output node of this AVC
// is the call return of `EVP_PKEY_new_mac_key`. If we trace from the AVC result to
// the input argument this will not be possible (from the return to the call argument is a backwards flow).
// Therefore, we must consider the input node of the AVC as the argument.
// This should only occur due to tracing through keys to find configuration data.
avc.getInputNode().asExpr() = arg
or
AvcToCallArgFlow::flow(avc.(OpenSSLAlgorithmValueConsumer).getResultNode(),
DataFlow::exprNode(arg))
}
/**
* A class for all OpenSSL operations.
*/
@@ -37,8 +53,7 @@ abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Cal
* Algorithm is specified in initialization call or is implicitly established by the key.
*/
override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
AvcToCallArgFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
DataFlow::exprNode(this.getAlgorithmArg()))
argToAVC(this.getAlgorithmArg(), result)
}
}
@@ -100,8 +115,7 @@ abstract class EvpPrimaryAlgorithmInitializer extends EvpInitializer {
abstract Expr getAlgorithmArg();
Crypto::AlgorithmValueConsumer getAlgorithmValueConsumer() {
AvcToCallArgFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
DataFlow::exprNode(this.getAlgorithmArg()))
argToAVC(this.getAlgorithmArg(), result)
}
}
@@ -155,8 +169,7 @@ abstract class EvpHashAlgorithmInitializer extends EvpInitializer {
abstract Expr getHashAlgorithmArg();
Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() {
AvcToCallArgFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
DataFlow::exprNode(this.getHashAlgorithmArg()))
argToAVC(this.getHashAlgorithmArg(), result)
}
}

5
cpp/ql/test/experimental/library-tests/quantum/hash_input_sources.expected
View File

@@ -1,5 +0,0 @@
| openssl_basic.c:124:13:124:30 | HashOperation | openssl_basic.c:120:37:120:43 | Message | openssl_basic.c:181:49:181:87 | Constant |
| openssl_basic.c:144:13:144:22 | HashOperation | openssl_basic.c:144:24:144:30 | Message | openssl_basic.c:181:49:181:87 | Constant |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:22:34:22:40 | Message | openssl_signature.c:602:37:602:77 | Constant |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:22:34:22:40 | Message | openssl_signature.c:685:37:685:77 | Constant |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:22:34:22:40 | Message | openssl_signature.c:741:37:741:77 | Constant |

6
cpp/ql/test/experimental/library-tests/quantum/hash_input_sources.ql
View File

@@ -1,6 +0,0 @@
import cpp
import experimental.quantum.Language
from Crypto::HashOperationNode n, Crypto::MessageArtifactNode m
where n.getInputArtifact() = m
select n, m, m.getSourceNode()

3
cpp/ql/test/experimental/library-tests/quantum/key_creation_key_size_sources.expected
View File

@@ -1,3 +0,0 @@
| openssl_pkey.c:55:9:55:23 | KeyGeneration | openssl_pkey.c:54:47:54:50 | Constant | openssl_pkey.c:54:47:54:50 | 2048 |
| openssl_signature.c:548:9:548:23 | KeyGeneration | openssl_signature.c:547:51:547:54 | Constant | openssl_signature.c:547:51:547:54 | 2048 |
| openssl_signature.c:578:9:578:23 | KeyGeneration | openssl_signature.c:569:55:569:58 | Constant | openssl_signature.c:569:55:569:58 | 2048 |

6
cpp/ql/test/experimental/library-tests/quantum/key_creation_key_size_sources.ql
View File

@@ -1,6 +0,0 @@
import cpp
import experimental.quantum.Language
from Crypto::KeyCreationOperationNode n, Crypto::NodeBase src
where n.getAKeySizeSource() = src
select n, src, src.asElement()

2
cpp/ql/test/experimental/library-tests/quantum/keyop_input_sources.expected
View File

@@ -1,2 +0,0 @@
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:35:54:35:62 | Message | openssl_basic.c:181:49:181:87 | Constant |
| openssl_pkey.c:64:9:64:24 | EncryptOperation | openssl_pkey.c:64:58:64:66 | Message | openssl_pkey.c:45:49:45:65 | Constant |

6
cpp/ql/test/experimental/library-tests/quantum/keyop_input_sources.ql
View File

@@ -1,6 +0,0 @@
import cpp
import experimental.quantum.Language
from Crypto::KeyOperationNode n, Crypto::MessageArtifactNode m
where n.getAnInputArtifact() = m
select n, m, m.getSourceNode()

3
cpp/ql/test/experimental/library-tests/quantum/keyop_key_sources.expected
View File

@@ -1,3 +0,0 @@
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:31:49:31:51 | Key | openssl_basic.c:179:43:179:76 | Constant |
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:77:45:77:47 | Key | openssl_basic.c:179:43:179:76 | Constant |
| openssl_pkey.c:64:9:64:24 | EncryptOperation | openssl_pkey.c:60:28:60:31 | Key | openssl_pkey.c:55:30:55:34 | Key |

6
cpp/ql/test/experimental/library-tests/quantum/keyop_key_sources.ql
View File

@@ -1,6 +0,0 @@
import cpp
import experimental.quantum.Language
from Crypto::KeyOperationNode op, Crypto::KeyArtifactNode k
where op.getAKey() = k
select op, k, k.getSourceNode()

2
cpp/ql/test/experimental/library-tests/quantum/keyop_nonce_sources.expected
View File

@@ -1,2 +0,0 @@
| openssl_basic.c:40:13:40:31 | EncryptOperation | openssl_basic.c:31:54:31:55 | Nonce | openssl_basic.c:180:42:180:59 | Constant |
| openssl_basic.c:90:11:90:29 | DecryptOperation | openssl_basic.c:77:50:77:51 | Nonce | openssl_basic.c:180:42:180:59 | Constant |

6
cpp/ql/test/experimental/library-tests/quantum/keyop_nonce_sources.ql
View File

@@ -1,6 +0,0 @@
import cpp
import experimental.quantum.Language
from Crypto::KeyOperationNode op, Crypto::NonceArtifactNode n
where op.getANonce() = n
select op, n, n.getSourceNode()

24
shared/quantum/codeql/quantum/experimental/Model.qll
View File

@@ -801,6 +801,14 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
* verification operation.
*/
abstract ConsumerInputDataFlowNode getSignatureConsumer();
/**
* Gets the consumer of a hash algorithm.
* This is intended for signature operations they are explicitly configured
* with a hash algorithm. If a signature is not configured with an explicit
* hash algorithm, users do not need to provide a consumer (set none()).
*/
abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer();
}
/**
@@ -2192,15 +2200,25 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
result.asElement() = instance.getSignatureConsumer().getConsumer()
}
HashAlgorithmNode getHashAlgorithm() {
result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode()
}
override NodeBase getChild(string key) {
result = super.getChild(key)
or
// [KNOWN_OR_UNKNOWN] - only if we know the type is verify
this.getKeyOperationSubtype() = TVerifyMode() and
key = "Signature" and
if exists(this.getASignatureArtifact())
then result = this.getASignatureArtifact()
else result = this
(
if exists(this.getASignatureArtifact())
then result = this.getASignatureArtifact()
else result = this
)
or
// [KNOWN_OR_UNKNOWN]
key = "HashAlgorithm" and
(if exists(this.getHashAlgorithm()) then result = this.getHashAlgorithm() else result = this)
}
}