Crypto: Add modeling for JCA signatures. Make consistent use of "unknown" or "other" for unrecognized types.

2025-12-16 16:53:25 +01:00 · 2025-10-03 12:07:37 -04:00
parent a46bd4c4ca
commit f1eb6511a7
2 changed files with 223 additions and 6 deletions
--- a/shared/quantum/codeql/quantum/experimental/Standardization.qll
+++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll
@@ -16,7 +16,7 @@ module Types {
      TSignature(TSignatureAlgorithmType t) or
      TMac(TMacAlgorithmType t) or
      TKeyEncapsulation(TKemAlgorithmType t) or
-      TUnknownKeyOperationAlgorithmType()
+      TOtherKeyOperationAlgorithmType()

    // Parameterized algorithm types
    newtype TSymmetricCipherType =
@@ -64,7 +64,7 @@ module Types {
    newtype TCipherStructureType =
      Block() or
      Stream() or
-      UnknownCipherStructureType()
+      OtherCipherStructureType()

    class CipherStructureType extends TCipherStructureType {
      string toString() {
@@ -72,7 +72,7 @@ module Types {
        or
        result = "Stream" and this = Stream()
        or
-        result = "Unknown" and this = UnknownCipherStructureType()
+        result = "Unknown" and this = OtherCipherStructureType()
      }
    }

@@ -119,7 +119,7 @@ module Types {
      or
      type = OtherSymmetricCipherType() and
      name = "UnknownSymmetricCipher" and
-      s = UnknownCipherStructureType()
+      s = OtherCipherStructureType()
    }

    class AlgorithmType extends TAlgorithm {
@@ -157,7 +157,7 @@ module Types {
        this = TMac(OtherMacAlgorithmType()) and result = "UnknownMac"
        or
        // Unknown
-        this = TUnknownKeyOperationAlgorithmType() and result = "Unknown"
+        this = TOtherKeyOperationAlgorithmType() and result = "Unknown"
      }

      int getImplicitKeySize() {