Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Quantum: Model OpenSSL EC key generation #19541

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 21, 2025
Merged

Quantum: Model OpenSSL EC key generation #19541

merged 3 commits into from
May 21, 2025

Conversation

bdrodes
Copy link
Contributor

@bdrodes bdrodes commented May 20, 2025

Adding modeling for EC key gen for openssl

@bdrodes
Crypto: Changing fixed key size for the key gen operation for EC key …
c3ed454 
…gen to be none, and rely implicitly on the connected algorithm length. (+1 squashed commits) (+1 squashed commits)

Squashed commits:

[b7cd7ba] Crypto: Modeled EC key gen for openssl. (+1 squashed commits)
@bdrodes bdrodes force-pushed the openssl_ec_key_gen branch from 0a99213 to c3ed454 Compare May 20, 2025 14:39
@bdrodes bdrodes marked this pull request as ready for review May 20, 2025 14:39
@Copilot Copilot AI review requested due to automatic review settings May 20, 2025 14:39
@bdrodes bdrodes requested a review from a team as a code owner May 20, 2025 14:39
Copilot
Copilot AI reviewed May 20, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces Elliptic Curve (EC) key generation modeling for OpenSSL and unifies the getKeySizeFixed API to return an integer across multiple language models.

  • Changed getKeySizeFixed return type from string to int and updated surrounding conversions.
  • Added a new ECKeyGenOperation class to model EC_KEY_generate_key.
  • Refactored algorithm instance methods to improve name parsing and removed legacy string-based key size logic.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
shared/quantum/codeql/quantum/experimental/Model.qll Switched getKeySizeFixed signatures to int and updated calls
java/ql/lib/experimental/quantum/JCA.qll Updated stubs for getKeySizeFixed to return int
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll Imported the new ECKeyGenOperation
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll Added EC key generation operation modeling stub
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll Introduced getParsedEllipticCurveName and adjusted type mapping
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll Modified getKeySizeFixed to return int using explicit size
Comments suppressed due to low confidence (3)

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll:53

  • The new ECKeyGenOperation stub for getKeySizeFixed is currently untested and unimplemented. Add unit tests for EC_KEY_generate_key flows and consider implementing key size inference or documenting the stub behavior.
override int getKeySizeFixed() {

java/ql/lib/experimental/quantum/JCA.qll:356

  • This stub for getKeySizeFixed in the JCA model lacks an implementation and corresponding tests. Consider implementing support for common key generators (e.g., AES-128) or adding tests to cover the placeholder behavior.
override int getKeySizeFixed() {

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll:41

  • [nitpick] The name getParsedEllipticCurveName closely mirrors getRawEllipticCurveName but currently only returns the normalized name. Consider renaming or documenting the difference between 'raw' and 'parsed' to avoid confusion.
override string getParsedEllipticCurveName() {

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll Outdated Show resolved Hide resolved
github-advanced-security[bot]
github-advanced-security bot found potential problems May 20, 2025
View reviewed changes
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll
@@ -0,0 +1,65 @@
private import experimental.quantum.Language
private import experimental.quantum.OpenSSL.LibraryDetector
private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in CTXFlow should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll
private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
private import OpenSSLOperationBase
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
private import semmle.code.cpp.dataflow.new.DataFlow

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
experimental.quantum.Language
Loading
.
@bdrodes @Copilot
Update cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOpe…
efd9386 
…ration.qll

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@nicolaswill nicolaswill merged commit 7ee1bd6 into github:main May 21, 2025
39 checks passed
@nicolaswill nicolaswill changed the title Openssl ec key gen Quantum: Model OpenSSL EC key generation May 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@nicolaswill nicolaswill nicolaswill approved these changes

Assignees
No one assigned
Labels
C++ Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bdrodes @nicolaswill
Morty Proxy This is a proxified and sanitized view of the page, visit original site.