Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Quantum: Add initial qltests for OpenSSL modeling #19564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
Loading
from
Open

Quantum: Add initial qltests for OpenSSL modeling #19564

wants to merge 11 commits into from

Conversation

bdrodes
Copy link
Contributor

@bdrodes bdrodes commented May 22, 2025

No description provided.

bdrodes added 9 commits May 21, 2025 18:15
@bdrodes
Crypto: Advanced literal filtering for OpenSSL, used for both unknown…
a36fd2c 
… and known algorithm literals to improve dataflow performance.
@bdrodes
Crypto: optimizing out the "getPossibleNidFromLiteral" predicate, and…
100045d 
… now relying on the charpred of OpenSSLAlgorithmCandidateLiteral.
@bdrodes
Crypto: Making generic literal filter more explicit that it is for fi…
09170e5 
…ltering all constants, not just for algorithms.
@bdrodes
Merge branch 'main' into generic_constant_filtering
a5b57d3 
# Conflicts:
#	cpp/ql/lib/experimental/quantum/Language.qll
#	cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
#	cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll
@bdrodes
Crypto: Code Cleanup (+1 squashed commits)
570fdeb 
Squashed commits:

[417734c] Crypto: Fixing typo (+1 squashed commits)

Squashed commits:

[1ac3d5c] Crypto: Fixing typo caused by AI auto complete.
@bdrodes
Crypto: Separating out an IntLiteral class so it is clearer that some…
ca1d4e2 
… constraints for generic input sources are heuristics to filter sources, and other constraints narrow the literals to a general type (ints). Also adding fixes in KnownAlgorithmConstants to classify some algorithms as key exchange and signature correctly, and added support for a signature constant wrapper.
@bdrodes
Crypto: Adding signature constant support, and fixing key exchange an…
28f4824 
…d signature mapping for ED and X elliptic curve variants.
@bdrodes
Crypto: Simplifying constant comparisons.
007683f
@bdrodes
Crypto: Initial test case and test case infrastructure for openssl. T…
6f6566f 
…he current expected file in this commit is empty, i.e., tests will fail.
@github-actions github-actions bot added the C++ label May 22, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems May 22, 2025
View reviewed changes
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
}
}

class KnownOpenSSLSignatureAlgorithmConstant extends KnownOpenSSLAlgorithmConstant {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in KnownOpenSSLSignatureAlgorithmConstant should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/GenericSourceCandidateLiteral.qll
//Heuristics for distinguishing int literals from other literals
exists(this.getValue().toInt()) and
not this instanceof CharLiteral and
not this instanceof StringLiteral

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in isOpenSSLStringLiteralGenericSourceCandidate should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/GenericSourceCandidateLiteral.qll
* Note: this predicate should only consider restrictions with respect to integers only.
* General restrictions are in the OpenSSLGenericSourceCandidateLiteral class.
*/
private predicate isOpenSSLIntLiteralGenericSourceCandidate(IntLiteral l) {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in isOpenSSLIntLiteralGenericSourceCandidate should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/GenericSourceCandidateLiteral.qll
* Literals are filtered, for example, if they are used in a way no indicative of an algorithm use
* such as in an array index, bitwise operation, or logical operation.
* Note a case like this:
* if(algVal == "AES")

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in OpenSSLGenericSourceCandidateLiteral should be PascalCase/camelCase.
bdrodes added 2 commits May 22, 2025 15:22
@bdrodes
Crypto: Adding initial openssl cipher unit tests. Expected files upda…
f645fea 
…ted in this commit (tests pass)
@bdrodes
Crypto: Adding initial hash tests, and updating how hash alg consumer…
c09b42a 
…s are tied to the operation to address a bug in the design, propagated the analgous change to ciphers.
@bdrodes bdrodes marked this pull request as ready for review May 22, 2025 20:15
@bdrodes bdrodes requested review from a team as code owners May 22, 2025 20:15
@jketema
Copy link
Contributor

jketema commented May 22, 2025
edited
Loading

Just a quick drive-by comment: the tests should preferably go into the tests/experimental/library-tests sub-directory to match what is being done for the library itself.

@nicolaswill nicolaswill requested review from nicolaswill and removed request for a team May 22, 2025 22:14
@nicolaswill
Copy link
Contributor

Just a quick drive-by comment: the tests should preferably go into the tests/experimental/library-tests sub-directory to match what is being done for the library itself.

@jketema Would tests/library-tests/experimental/quantum/* also work? I do not have any preference, but we will need to update CODEOWNERS to specify whatever directory the tests eventually live in. If we use the structure I suggest, the existing CODEOWNERS entries should cover those test directories already.

@nicolaswill nicolaswill changed the title Initial openssl tests Quantum: Add initial qltests for OpenSSL modeling May 22, 2025
@jketema
Copy link
Contributor

jketema commented May 23, 2025

@nicolaswill How about changing the pattern in the code owners file to **/experimental/**/quantum/ @github/ps-codeql. I believe that should work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolaswill nicolaswill Awaiting requested review from nicolaswill

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C++
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bdrodes @jketema @nicolaswill
Morty Proxy This is a proxified and sanitized view of the page, visit original site.