Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 7ee1bd6

Browse filesBrowse files
nicolaswillnicolaswill
authored
Merge pull request #19541 from bdrodes/openssl_ec_key_gen
Openssl ec key gen
2 parents f660bcd + efd9386 commit 7ee1bd6
Copy full SHA for 7ee1bd6

File tree

Expand file treeCollapse file tree

6 files changed

+82
-19
lines changed
Filter options
Expand file treeCollapse file tree

6 files changed

+82
-19
lines changed

‎cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll

Copy file name to clipboardExpand all lines: cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll
+2-5Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -104,11 +104,8 @@ class KnownOpenSSLCipherConstantAlgorithmInstance extends OpenSSLAlgorithmInstan
104104

105105
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
106106

107-
override string getKeySizeFixed() {
108-
exists(int keySize |
109-
this.(KnownOpenSSLCipherAlgorithmConstant).getExplicitKeySize() = keySize and
110-
result = keySize.toString()
111-
)
107+
override int getKeySizeFixed() {
108+
this.(KnownOpenSSLCipherAlgorithmConstant).getExplicitKeySize() = result
112109
}
113110

114111
override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {

‎cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll

Copy file name to clipboardExpand all lines: cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll
+5-2Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,11 @@ class KnownOpenSSLEllipticCurveConstantAlgorithmInstance extends OpenSSLAlgorith
3535
override string getRawEllipticCurveName() { result = this.(Literal).getValue().toString() }
3636

3737
override Crypto::TEllipticCurveType getEllipticCurveType() {
38-
Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.(KnownOpenSSLEllipticCurveAlgorithmConstant)
39-
.getNormalizedName(), _, result)
38+
Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _, result)
39+
}
40+
41+
override string getParsedEllipticCurveName() {
42+
result = this.(KnownOpenSSLEllipticCurveAlgorithmConstant).getNormalizedName()
4043
}
4144

4245
override int getKeySize() {

‎cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll

Copy file name to clipboard
+65Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
private import experimental.quantum.Language
2+
private import experimental.quantum.OpenSSL.LibraryDetector
3+
private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
4+
private import OpenSSLOperationBase
5+
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
6+
private import semmle.code.cpp.dataflow.new.DataFlow
7+
8+
private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
9+
predicate isSource(DataFlow::Node source) {
10+
exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
11+
}
12+
13+
predicate isSink(DataFlow::Node sink) {
14+
exists(ECKeyGenOperation c | c.getAlgorithmArg() = sink.asExpr())
15+
}
16+
}
17+
18+
private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
19+
20+
class ECKeyGenOperation extends OpenSSLOperation, Crypto::KeyGenerationOperationInstance {
21+
ECKeyGenOperation() {
22+
this.(Call).getTarget().getName() = "EC_KEY_generate_key" and
23+
isPossibleOpenSSLFunction(this.(Call).getTarget())
24+
}
25+
26+
override Expr getOutputArg() {
27+
result = this.(Call) // return value of call
28+
}
29+
30+
Expr getAlgorithmArg() { result = this.(Call).getArgument(0) }
31+
32+
override Expr getInputArg() {
33+
// there is no 'input', in the sense that no data is being manipulated by the operation.
34+
// There is an input of an algorithm, but that is not the intention of the operation input arg.
35+
none()
36+
}
37+
38+
override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TAsymmetricKeyType() }
39+
40+
override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() {
41+
result = this.getOutputNode()
42+
}
43+
44+
override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
45+
AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
46+
DataFlow::exprNode(this.getAlgorithmArg()))
47+
}
48+
49+
override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
50+
none() // no explicit key size, inferred from algorithm
51+
}
52+
53+
override int getKeySizeFixed() {
54+
none()
55+
// TODO: marked as none as the operation itself has no key size, it
56+
// comes from the algorithm source, but note we could grab the
57+
// algorithm source and get the key size (see below).
58+
// We may need to reconsider what is the best approach here.
59+
// result =
60+
// this.getAnAlgorithmValueConsumer()
61+
// .getAKnownAlgorithmSource()
62+
// .(Crypto::EllipticCurveInstance)
63+
// .getKeySize()
64+
}
65+
}

‎cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll

Copy file name to clipboard
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
import OpenSSLOperationBase
22
import EVPCipherOperation
33
import EVPHashOperation
4+
import ECKeyGenOperation

‎java/ql/lib/experimental/quantum/JCA.qll

Copy file name to clipboardExpand all lines: java/ql/lib/experimental/quantum/JCA.qll
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -353,7 +353,7 @@ module JCAModel {
353353
else result instanceof KeyOpAlg::TUnknownKeyOperationAlgorithmType
354354
}
355355

356-
override string getKeySizeFixed() {
356+
override int getKeySizeFixed() {
357357
none() // TODO: implement to handle variants such as AES-128
358358
}
359359

@@ -1104,7 +1104,7 @@ module JCAModel {
11041104
KeyGeneratorFlowAnalysisImpl::getInitFromUse(this, _, _).getKeySizeArg() = result.asExpr()
11051105
}
11061106

1107-
override string getKeySizeFixed() { none() }
1107+
override int getKeySizeFixed() { none() }
11081108
}
11091109

11101110
class KeyGeneratorCipherAlgorithm extends CipherStringLiteralAlgorithmInstance {
@@ -1310,7 +1310,7 @@ module JCAModel {
13101310
result.asExpr() = this.getKeySpecInstantiation().(PBEKeySpecInstantiation).getKeyLengthArg()
13111311
}
13121312

1313-
override string getKeySizeFixed() { none() }
1313+
override int getKeySizeFixed() { none() }
13141314

13151315
override string getOutputKeySizeFixed() { none() }
13161316

‎shared/quantum/codeql/quantum/experimental/Model.qll

Copy file name to clipboardExpand all lines: shared/quantum/codeql/quantum/experimental/Model.qll
+6-9Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -841,7 +841,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
841841
* This will be automatically inferred and applied at the node level.
842842
* See `fixedImplicitCipherKeySize`.
843843
*/
844-
abstract string getKeySizeFixed();
844+
abstract int getKeySizeFixed();
845845

846846
/**
847847
* Gets a consumer for the key size in bits specified for this algorithm variant.
@@ -1044,7 +1044,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
10441044
abstract KeyArtifactType getOutputKeyType();
10451045

10461046
// Defaults or fixed values
1047-
string getKeySizeFixed() { none() }
1047+
int getKeySizeFixed() { none() }
10481048

10491049
// Consumer input nodes
10501050
abstract ConsumerInputDataFlowNode getKeySizeConsumer();
@@ -1900,7 +1900,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
19001900
or
19011901
// [ONLY_KNOWN]
19021902
key = "DefaultKeySize" and
1903-
value = kdfInstance.getKeySizeFixed() and
1903+
value = kdfInstance.getKeySizeFixed().toString() and
19041904
location = this.getLocation()
19051905
or
19061906
// [ONLY_KNOWN] - TODO: refactor for known unknowns
@@ -2259,13 +2259,10 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
22592259
/**
22602260
* Gets the key size variant of this algorithm in bits, e.g., 128 for "AES-128".
22612261
*/
2262-
string getKeySizeFixed() {
2262+
int getKeySizeFixed() {
22632263
result = instance.asAlg().getKeySizeFixed()
22642264
or
2265-
exists(int size |
2266-
KeyOpAlg::fixedImplicitCipherKeySize(instance.asAlg().getAlgorithmType(), size) and
2267-
result = size.toString()
2268-
)
2265+
KeyOpAlg::fixedImplicitCipherKeySize(instance.asAlg().getAlgorithmType(), result)
22692266
}
22702267

22712268
/**
@@ -2333,7 +2330,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
23332330
// [ONLY_KNOWN]
23342331
key = "KeySize" and
23352332
(
2336-
value = this.getKeySizeFixed() and
2333+
value = this.getKeySizeFixed().toString() and
23372334
location = this.getLocation()
23382335
or
23392336
node_as_property(this.getKeySize(), value, location)

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.