diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll index f802e58d0a76..c2660c9770ec 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll @@ -49,7 +49,9 @@ module KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow = DataFlow::Global; module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source.asExpr() instanceof OpenSslPaddingLiteral } + predicate isSource(DataFlow::Node source) { + source.asExpr() instanceof OpenSslSpecialPaddingLiteral + } predicate isSink(DataFlow::Node sink) { exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll index 47ffd67924a6..e78b09dee7a5 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll @@ -2,12 +2,10 @@ import cpp private import experimental.quantum.Language private import KnownAlgorithmConstants private import Crypto::KeyOpAlg as KeyOpAlg -private import OpenSSLAlgorithmInstanceBase -private import PaddingAlgorithmInstance -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer +private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase +private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers +private import OpenSSLAlgorithmInstances private import AlgToAVCFlow -private import BlockAlgorithmInstance /** * Given a `KnownOpenSslCipherAlgorithmExpr`, converts this to a cipher family type. @@ -97,10 +95,13 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan } override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { - //TODO: the padding is either self, or it flows through getter ctx to a set padding call - // like EVP_PKEY_CTX_set_rsa_padding result = this - // TODO or trace through getter ctx to set padding + or + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(PaddingAlgorithmIO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } override string getRawAlgorithmName() { diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll index 97b183b7e7d3..b6d6112e1c6c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll @@ -2,12 +2,13 @@ import cpp private import experimental.quantum.Language private import KnownAlgorithmConstants private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers -private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase +private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations +private import Crypto::KeyOpAlg as KeyOpAlg private import AlgToAVCFlow class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, - Crypto::MacAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr + Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr { OpenSslAlgorithmValueConsumer getterCall; @@ -33,17 +34,34 @@ class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } - override string getRawMacAlgorithmName() { + override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() or result = this.(Call).getTarget().getName() } - override Crypto::MacType getMacType() { - this instanceof KnownOpenSslHMacAlgorithmExpr and result = Crypto::HMAC() - or - this instanceof KnownOpenSslCMacAlgorithmExpr and result = Crypto::CMAC() + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if this instanceof KnownOpenSslHMacAlgorithmExpr + then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + else + if this instanceof KnownOpenSslCMacAlgorithmExpr + then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) + else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() + } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmInstance, @@ -60,9 +78,13 @@ class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmIns // where the current AVC traces to a HashAlgorithmIO consuming operation step. // TODO: need to consider getting reset values, tracing down to the first set for now exists(OperationStep s, AvcContextCreationStep avc | - avc = this.getAvc() and + avc = super.getAvc() and avc.flowsToOperationStep(s) and s.getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result ) } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll index d487e05d0660..c9d2c7a21b6b 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll @@ -1,10 +1,10 @@ import cpp private import experimental.quantum.Language private import OpenSSLAlgorithmInstanceBase +private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants private import AlgToAVCFlow -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase +private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import codeql.quantum.experimental.Standardization::Types::KeyOpAlg as KeyOpAlg /** @@ -18,13 +18,14 @@ private import codeql.quantum.experimental.Standardization::Types::KeyOpAlg as K * # define RSA_PKCS1_WITH_TLS_PADDING 7 * # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 */ -class OpenSslPaddingLiteral extends Literal { +class OpenSslSpecialPaddingLiteral extends Literal { // TODO: we can be more specific about where the literal is in a larger expression // to avoid literals that are clealy not representing an algorithm, e.g., array indices. - OpenSslPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] } + OpenSslSpecialPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] } } /** + * Holds if `e` has the given `type`. * Given a `KnownOpenSslPaddingAlgorithmExpr`, converts this to a padding family type. * Does not bind if there is no mapping (no mapping to 'unknown' or 'other'). */ @@ -45,9 +46,6 @@ predicate knownOpenSslConstantToPaddingFamilyType( ) } -//abstract class OpenSslPaddingAlgorithmInstance extends OpenSslAlgorithmInstance, Crypto::PaddingAlgorithmInstance{} -// TODO: need to alter this to include known padding constants which don't have the -// same mechanics as those with known nids class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Expr { @@ -79,7 +77,7 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta isPaddingSpecificConsumer = false or // Possibility 3: padding-specific literal - this instanceof OpenSslPaddingLiteral and + this instanceof OpenSslSpecialPaddingLiteral and exists(DataFlow::Node src, DataFlow::Node sink | // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and @@ -124,44 +122,6 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta } } -// // Values used for EVP_PKEY_CTX_set_rsa_padding, these are -// // not the same as 'typical' constants found in the set of known algorithm constants -// // they do not have an NID -// // TODO: what about setting the padding directly? -// class KnownRSAPaddingConstant extends OpenSslPaddingAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Literal -// { -// KnownRSAPaddingConstant() { -// // from rsa.h in openssl: -// // # define RSA_PKCS1_PADDING 1 -// // # define RSA_NO_PADDING 3 -// // # define RSA_PKCS1_OAEP_PADDING 4 -// // # define RSA_X931_PADDING 5 -// // /* EVP_PKEY_ only */ -// // # define RSA_PKCS1_PSS_PADDING 6 -// // # define RSA_PKCS1_WITH_TLS_PADDING 7 -// // /* internal RSA_ only */ -// // # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 -// this instanceof Literal and -// this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] -// // TODO: trace to padding-specific consumers -// RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow -// } -// override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() } -// override Crypto::TPaddingType getPaddingType() { -// if this.(Literal).getValue().toInt() in [1, 6, 7, 8] -// then result = Crypto::PKCS1_v1_5() -// else -// if this.(Literal).getValue().toInt() = 3 -// then result = Crypto::NoPadding() -// else -// if this.(Literal).getValue().toInt() = 4 -// then result = Crypto::OAEP() -// else -// if this.(Literal).getValue().toInt() = 5 -// then result = Crypto::ANSI_X9_23() -// else result = Crypto::OtherPadding() -// } -// } class OaepPaddingAlgorithmInstance extends Crypto::OaepPaddingAlgorithmInstance, KnownOpenSslPaddingConstantAlgorithmInstance { @@ -170,10 +130,18 @@ class OaepPaddingAlgorithmInstance extends Crypto::OaepPaddingAlgorithmInstance, } override Crypto::HashAlgorithmInstance getOaepEncodingHashAlgorithm() { - none() //TODO + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(HashAlgorithmOaepIO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } override Crypto::HashAlgorithmInstance getMgf1HashAlgorithm() { - none() //TODO + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(HashAlgorithmMgf1IO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll index 44e30ddf9fc9..d5fe4e383f4d 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll @@ -3,6 +3,26 @@ private import OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers import EVPPKeyCtxInitializer +/** + * A base class for all final cipher operation steps. + */ +abstract class FinalCipherOperationStep extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A base configuration for all EVP cipher operations. + */ +abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep { + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + /** * A base class for all EVP cipher operations. */ @@ -155,21 +175,6 @@ class EvpCipherUpdateCall extends OperationStep { override OperationStepType getStepType() { result = UpdateStep() } } -/** - * A base configuration for all EVP cipher operations. - */ -abstract class EvpCipherOperationFinalStep extends OperationStep { - override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - } - - override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - } - - override OperationStepType getStepType() { result = FinalStep() } -} - /** * A Call to EVP_Cipher. */ @@ -216,7 +221,14 @@ class EvpCipherFinalCall extends EvpCipherOperationFinalStep { */ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { EvpPKeyCipherOperation() { - this.getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"] + this.getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"] and + // TODO: for now ignore this operation entirely if it is setting the cipher text to null + // this needs to be re-evalauted if this scenario sets other values worth tracking + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) } override DataFlow::Node getInput(IOType type) { @@ -228,16 +240,31 @@ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { override DataFlow::Node getOutput(IOType type) { super.getOutput(type) = result or - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asExpr() = this.getArgument(1) and + type = CiphertextIO() and + this.getStepType() = FinalStep() // TODO: could indicate text lengths here, as well } + + override OperationStepType getStepType() { + // When the output buffer is null, the step is not a final step + // it is used to get the buffer size, if 0 consider it an initialization step + // NOTE/TODO: not tracing 0 to the arg, just looking for 0 directly in param + // the assumption is this is the common case, but we may want to make this more + // robust and support a dataflow. + result = FinalStep() and + (exists(super.getArgument(1).getValue()) implies super.getArgument(1).getValue().toInt() != 0) + or + result = InitializerStep() and + super.getArgument(1).getValue().toInt() = 0 + } } /** * An EVP cipher operation instance. * Any operation step that is a final operation step for EVP cipher operation steps. */ -class EvpCipherOperationInstance extends Crypto::KeyOperationInstance instanceof EvpCipherOperationFinalStep +class OpenSslCipherOperationInstance extends Crypto::KeyOperationInstance instanceof FinalCipherOperationStep { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 2208407e53ca..9d9b14c6d2fc 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -71,19 +71,42 @@ class EvpCtxSetEcParamgenCurveNidInitializer extends OperationStep { * - `EVP_PKEY_CTX_set_ecdh_kdf_md` */ class EvpCtxSetHashInitializer extends OperationStep { + boolean isOaep; + boolean isMgf1; + EvpCtxSetHashInitializer() { this.getTarget().getName() in [ - "EVP_PKEY_CTX_set_signature_md", "EVP_PKEY_CTX_set_rsa_mgf1_md_name", - "EVP_PKEY_CTX_set_rsa_mgf1_md", "EVP_PKEY_CTX_set_rsa_oaep_md_name", - "EVP_PKEY_CTX_set_rsa_oaep_md", "EVP_PKEY_CTX_set_dsa_paramgen_md", + "EVP_PKEY_CTX_set_signature_md", "EVP_PKEY_CTX_set_dsa_paramgen_md", "EVP_PKEY_CTX_set_dh_kdf_md", "EVP_PKEY_CTX_set_ecdh_kdf_md" - ] + ] and + isOaep = false and + isMgf1 = false + or + this.getTarget().getName() in [ + "EVP_PKEY_CTX_set_rsa_mgf1_md_name", "EVP_PKEY_CTX_set_rsa_mgf1_md" + ] and + isOaep = false and + isMgf1 = true + or + this.getTarget().getName() in [ + "EVP_PKEY_CTX_set_rsa_oaep_md_name", + "EVP_PKEY_CTX_set_rsa_oaep_md" + ] and + isOaep = true and + isMgf1 = false } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO() + result.asExpr() = this.getArgument(1) and + type = HashAlgorithmIO() and + isOaep = false and + isMgf1 = false + or + result.asExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true + or + result.asExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true } override DataFlow::Node getOutput(IOType type) { diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll index 1878bfbe09f2..1922f04c3c64 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll @@ -6,6 +6,13 @@ private import experimental.quantum.Language private import OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers +/** + * A base class for final digest operations. + */ +abstract class FinalDigestOperation extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + /** * A call to and EVP digest initializer, such as: * - `EVP_DigestInit` @@ -51,18 +58,11 @@ class EvpDigestUpdateCall extends OperationStep instanceof Call { override OperationStepType getStepType() { result = UpdateStep() } } -/** - * A base class for final digest operations. - */ -abstract class EvpFinalDigestOperationStep extends OperationStep { - override OperationStepType getStepType() { result = FinalStep() } -} - /** * A call to `EVP_Q_digest` * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis */ -class EvpQDigestOperation extends EvpFinalDigestOperationStep instanceof Call { +class EvpQDigestOperation extends FinalDigestOperation instanceof Call { EvpQDigestOperation() { this.getTarget().getName() = "EVP_Q_digest" } override DataFlow::Node getInput(IOType type) { @@ -81,7 +81,7 @@ class EvpQDigestOperation extends EvpFinalDigestOperationStep instanceof Call { } } -class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call { +class EvpDigestOperation extends FinalDigestOperation instanceof Call { EvpDigestOperation() { this.getTarget().getName() = "EVP_Digest" } override DataFlow::Node getInput(IOType type) { @@ -98,7 +98,7 @@ class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call { /** * A call to EVP_DigestFinal variants */ -class EvpDigestFinalCall extends EvpFinalDigestOperationStep instanceof Call { +class EvpDigestFinalCall extends FinalDigestOperation instanceof Call { EvpDigestFinalCall() { this.getTarget().getName() in ["EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"] } @@ -118,7 +118,7 @@ class EvpDigestFinalCall extends EvpFinalDigestOperationStep instanceof Call { /** * An openssl digest final hash operation instance */ -class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EvpFinalDigestOperationStep +class OpenSslDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof FinalDigestOperation { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll index 2c146aec97f5..0685938b8850 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll @@ -43,6 +43,9 @@ class EvpKeyGenInitialize extends OperationStep { override OperationStepType getStepType() { result = InitializerStep() } } +/** + * A base class for final key generation operation steps. + */ abstract class KeyGenFinalOperationStep extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } } @@ -165,7 +168,7 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { /** * An `KeyGenerationOperationInstance` for the for all key gen final operation steps. */ -class KeyGenOperationInstance extends Crypto::KeyGenerationOperationInstance instanceof KeyGenFinalOperationStep +class OpenSslKeyGenOperationInstance extends Crypto::KeyGenerationOperationInstance instanceof KeyGenFinalOperationStep { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index f1ab394ad787..bddb7ef0728c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -58,7 +58,11 @@ newtype TIOType = // For OSSL_PARAM and OSSL_LIB_CTX use of OsslParamIO and OsslLibContextIO ContextIO() or DigestIO() or + // For OAEP and MGF1 hashes, there is a special IO type for these hashes + // it is recommended to set the most explicit type known, not both HashAlgorithmIO() or + HashAlgorithmOaepIO() or + HashAlgorithmMgf1IO() or IVorNonceIO() or KeyIO() or KeyOperationSubtypeIO() or @@ -123,7 +127,6 @@ class IOType extends TIOType { } } -//TODO: add more initializers as needed /** * The type of step in an `OperationStep`. * - `ContextCreationStep`: the creation of a context from an algorithm or key. @@ -245,8 +248,10 @@ abstract class OperationStep extends Call { /** * Gets an AVC for the primary algorithm for this operation. - * A primary algorithm is an AVC that flows to a ctx input directly or - * an AVC that flows to a primary algorithm input directly. + * A primary algorithm is an AVC that either: + * 1) flows to a ctx input directly or + * 2) flows to a primary algorithm input directly + * 3) flows to a key input directly (algorithm held in a key will be considered primary) * See `AvcContextCreationStep` for details about resetting scenarios. * Gets the first OperationStep an AVC flows to. If a context input, * the AVC is considered primary. @@ -254,18 +259,19 @@ abstract class OperationStep extends Call { * operation step (dominating operation step, see `getDominatingInitializersToStep`). */ Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() { - exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcSucc | - (t = PrimaryAlgorithmIO() or t = ContextIO()) and - avcSucc.flowsToOperationStep(this) and + exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcConsumingPred | + (t = PrimaryAlgorithmIO() or t = ContextIO() or t = KeyIO()) and + avcConsumingPred.flowsToOperationStep(this) and src.asExpr() = result and - sink = avcSucc.getInput(t) and + sink = avcConsumingPred.getInput(t) and AvcToOperationStepFlow::flow(src, sink) and ( - // Case 1: the avcSucc step is a dominating initialization step - t = PrimaryAlgorithmIO() and - avcSucc = this.getDominatingInitializersToStep(PrimaryAlgorithmIO()) + // Case 1: the avcConsumingPred step is a dominating primary algorithm initialization step + // or dominating key initialization step + (t = PrimaryAlgorithmIO() or t = KeyIO()) and + avcConsumingPred = this.getDominatingInitializersToStep(t) or - // Case 2: the succ is a context input (any avcSucc is valid) + // Case 2: the pred is a context input t = ContextIO() ) ) @@ -277,6 +283,8 @@ abstract class OperationStep extends Call { * TODO: generalize to use this for `getPrimaryAlgorithmValueConsumer` */ Crypto::AlgorithmValueConsumer getAlgorithmValueConsumerForInput(IOType type) { + result = this and this.setsValue(type) + or exists(DataFlow::Node src, DataFlow::Node sink | AvcToOperationStepFlow::flow(src, sink) and src.asExpr() = result and @@ -387,7 +395,9 @@ private class CtxCopyReturnCall extends CtxPassThroughCall, CtxPointerExpr { override DataFlow::Node getNode2() { result.asExpr() = this } } -// TODO: is this still needed? +// TODO: is this still needed? It appears to be (tests fail without it) but +// I don't know why as EVP_PKEY_paramgen is an operation step and we pass through +// operation steps already. /** * A call to `EVP_PKEY_paramgen` acts as a kind of pass through. * It's output pkey is eventually used in a new operation generating @@ -414,28 +424,6 @@ private class CtxParamGenCall extends CtxPassThroughCall { override DataFlow::Node getNode2() { result = n2 } } -//TODO: I am not sure CallArgToCtxRet is needed anymore -/** - * If the current node is an argument to a function - * that returns a pointer type, immediately flow through. - * NOTE: this passthrough is required if we allow - * intermediate steps to go into variables that are not a CTX type. - * See for example `CtxParamGenCall`. - */ -private class CallArgToCtxRet extends CtxPassThroughCall, CtxPointerExpr { - DataFlow::Node n1; - DataFlow::Node n2; - - CallArgToCtxRet() { - this.getAnArgument() = n1.asExpr() and - n2.asExpr() = this - } - - override DataFlow::Node getNode1() { result = n1 } - - override DataFlow::Node getNode2() { result = n2 } -} - /** * A flow configuration from any non-final `OperationStep` to any other `OperationStep`. */ diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index b9b498ee8df3..d097f68a4945 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -6,12 +6,24 @@ private import experimental.quantum.Language private import experimental.quantum.OpenSSL.AvcFlow private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations +private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances -// TODO: verification functions /** * A base class for final signature operations. + * The operation must be known to always be a signature operation, + * and not a MAC operation. + * NOTE: even an operation that may be a mac or signature but is known to take in + * only signature configurations should extend `SignatureOrMacFinalOperation`. */ -abstract class EvpSignatureFinalOperation extends OperationStep { +abstract class SignatureFinalOperation extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A base class for final signature or MAC operations. + * The operation must be known to always be a signature or MAC operation. + */ +abstract class SignatureOrMacFinalOperation extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } } @@ -141,7 +153,7 @@ class EvpSignatureUpdateCall extends OperationStep { /** * A call to EVP_SignFinal or EVP_SignFinal_ex. */ -class EvpSignFinal extends EvpSignatureFinalOperation { +class EvpSignFinal extends SignatureFinalOperation { EvpSignFinal() { this.getTarget().getName() in ["EVP_SignFinal_ex", "EVP_SignFinal"] } override DataFlow::Node getInput(IOType type) { @@ -162,10 +174,10 @@ class EvpSignFinal extends EvpSignatureFinalOperation { } /** - * A call to EVP_DigestSign or EVP_PKEY_sign. + * A call to EVP_PKEY_sign. */ -class EvpDigestSign extends EvpSignatureFinalOperation { - EvpDigestSign() { this.getTarget().getName() in ["EVP_DigestSign", "EVP_PKEY_sign"] } +class EvpPkeySign extends SignatureFinalOperation { + EvpPkeySign() { this.getTarget().getName() = "EVP_PKEY_sign" } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = ContextIO() @@ -181,15 +193,30 @@ class EvpDigestSign extends EvpSignatureFinalOperation { } /** - * A call to EVP_DigestSignFinal or EVP_PKEY_sign_message_final. + * A call to EVP_DigestSign. + * This is a mac or sign operation. */ -class EvpDigestAndPkeySignFinal extends EvpSignatureFinalOperation { - EvpDigestAndPkeySignFinal() { - this.getTarget().getName() in [ - "EVP_DigestSignFinal", - "EVP_PKEY_sign_message_final" - ] +class EvpDigestSign extends SignatureOrMacFinalOperation { + EvpDigestSign() { this.getTarget().getName() = "EVP_DigestSign" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(3) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() } +} + +/** + * A call to EVP_PKEY_sign_message_final. + */ +class EvpPkeySignFinal extends SignatureFinalOperation { + EvpPkeySignFinal() { this.getTarget().getName() = "EVP_PKEY_sign_message_final" } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = ContextIO() @@ -205,9 +232,124 @@ class EvpDigestAndPkeySignFinal extends EvpSignatureFinalOperation { } /** - * An EVP signature operation instance. + * A call to EVP_DigestSignFinal. + * This is a mac or sign operation. + */ +class EvpDigestSignFinal extends SignatureOrMacFinalOperation { + EvpDigestSignFinal() { this.getTarget().getName() = "EVP_DigestSignFinal" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + } + + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A call to EVP_DigestVerifyInit or EVP_DigestVerifyInit_ex. + */ +class EvpDigestVerifyInit extends OperationStep { + EvpDigestVerifyInit() { + this.getTarget().getName() in ["EVP_DigestVerifyInit", "EVP_DigestVerifyInit_ex"] + } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asExpr() = this.getArgument(3) and + type = OsslLibContextIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asExpr() = this.getArgument(5) and + type = KeyIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit" and + result.asExpr() = this.getArgument(4) and + type = KeyIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asExpr() = this.getArgument(6) and + type = OsslParamIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to EVP_DigestVerifyUpdate. */ -class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof EvpSignatureFinalOperation +class EvpDigestVerifyUpdate extends OperationStep { + EvpDigestVerifyUpdate() { this.getTarget().getName() = "EVP_DigestVerifyUpdate" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to EVP_DigestVerifyFinal + */ +class EvpDigestVerifyFinal extends SignatureFinalOperation { + EvpDigestVerifyFinal() { this.getTarget().getName() = "EVP_DigestVerifyFinal" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to EVP_DigestVerify + */ +class EvpDigestVerify extends SignatureFinalOperation { + EvpDigestVerify() { this.getTarget().getName() = "EVP_DigestVerify" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(3) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * An instance of a signature operation. + * This is an OpenSSL specific class that extends the base SignatureOperationInstance. + */ +class OpenSslSignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof SignatureFinalOperation { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result @@ -217,7 +359,7 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i * Signing, verification or unknown. */ override Crypto::KeyOperationSubtype getKeyOperationSubtype() { - // TODO: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug + // NOTE: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug if super.getTarget().getName().toLowerCase().matches("%sign%") then result instanceof Crypto::TSignMode else @@ -227,18 +369,18 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i } override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { - // TODO: some signing operations may have explicit nonce generators - none() + // some signing operations may have explicit nonce generators + super.getDominatingInitializersToStep(IVorNonceIO()).getInput(IVorNonceIO()) = result } - /** - * Keys provided in the initialization call or in a context are found by this method. - * Keys in explicit arguments are found by overridden methods in extending classes. - */ override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { super.getDominatingInitializersToStep(KeyIO()).getInput(KeyIO()) = result } + override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { + super.getDominatingInitializersToStep(SignatureIO()).getInput(SignatureIO()) = result + } + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { super.getOutputStepFlowingToStep(SignatureIO()).getOutput(SignatureIO()) = result } @@ -247,14 +389,58 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i super.getDominatingInitializersToStep(PlaintextIO()).getInput(PlaintextIO()) = result } + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + super + .getDominatingInitializersToStep(HashAlgorithmIO()) + .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result + } + + override predicate hasHashAlgorithmConsumer() { + exists(super.getDominatingInitializersToStep(HashAlgorithmIO())) + } +} + +/** + * A class for signature or MAC operation instances. + * This is an OpenSSL specific class that extends the base SignatureOrMacOperationInstance. + */ +class OpenSslSignatureOrMacOperationInstance extends Crypto::SignatureOrMacOperationInstance instanceof SignatureOrMacFinalOperation +{ + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + super.getPrimaryAlgorithmValueConsumer() = result + } + /** - * TODO: only signing operations for now, change when verificaiton is added + * Signing, verification or unknown. */ - override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { none() } + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { + result instanceof Crypto::TSignMode or result instanceof Crypto::TMacMode + } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { + // some signing operations may have explicit nonce generators + super.getDominatingInitializersToStep(IVorNonceIO()).getInput(IVorNonceIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + super.getDominatingInitializersToStep(KeyIO()).getInput(KeyIO()) = result + } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + super.getOutputStepFlowingToStep(SignatureIO()).getOutput(SignatureIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { + super.getDominatingInitializersToStep(PlaintextIO()).getInput(PlaintextIO()) = result + } override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { super .getDominatingInitializersToStep(HashAlgorithmIO()) .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result } + + override predicate hasHashAlgorithmConsumer() { + exists(super.getDominatingInitializersToStep(HashAlgorithmIO())) + } } diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected index 27be8e5cfba5..348ba678bc63 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -34,15 +34,30 @@ | openssl_basic.c:155:22:155:41 | KeyGeneration | Algorithm | openssl_basic.c:155:22:155:41 | KeyGeneration | | openssl_basic.c:155:22:155:41 | KeyGeneration | KeyInput | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | Output | openssl_basic.c:155:22:155:41 | Key | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | | openssl_basic.c:155:64:155:66 | Key | Source | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:160:59:160:62 | Key | Source | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:163:35:163:41 | Message | Source | openssl_basic.c:181:49:181:87 | Constant | -| openssl_basic.c:167:9:167:27 | SignOperation | Algorithm | openssl_basic.c:167:9:167:27 | SignOperation | -| openssl_basic.c:167:9:167:27 | SignOperation | HashAlgorithm | openssl_basic.c:160:39:160:48 | HashAlgorithm | -| openssl_basic.c:167:9:167:27 | SignOperation | Input | openssl_basic.c:163:35:163:41 | Message | -| openssl_basic.c:167:9:167:27 | SignOperation | Key | openssl_basic.c:160:59:160:62 | Key | -| openssl_basic.c:167:9:167:27 | SignOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | HashAlgorithm | openssl_basic.c:160:39:160:48 | HashAlgorithm | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Input | openssl_basic.c:163:35:163:41 | Message | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Key | openssl_basic.c:160:59:160:62 | Key | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Nonce | openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Mode | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Padding | openssl_basic.c:249:51:249:72 | PaddingAlgorithm | +| openssl_basic.c:238:9:238:25 | KeyGeneration | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:238:9:238:25 | KeyGeneration | Output | openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:238:39:238:43 | Key | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:243:52:243:55 | Key | Source | openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | MD | openssl_basic.c:250:51:250:60 | HashAlgorithm | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | MGF1Hash | openssl_basic.c:251:51:251:60 | HashAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Input | openssl_basic.c:263:64:263:70 | Message | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Key | openssl_basic.c:243:52:243:55 | Key | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Nonce | openssl_basic.c:262:24:262:39 | EncryptOperation | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Output | openssl_basic.c:262:54:262:63 | KeyOperationOutput | +| openssl_basic.c:263:64:263:70 | Message | Source | openssl_basic.c:231:27:231:49 | Constant | | openssl_pkey.c:21:10:21:28 | KeyGeneration | Algorithm | openssl_pkey.c:21:10:21:28 | KeyGeneration | | openssl_pkey.c:21:10:21:28 | KeyGeneration | Output | openssl_pkey.c:21:30:21:32 | Key | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Mode | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | @@ -83,37 +98,67 @@ | openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:548:34:548:37 | Key | | openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:578:34:578:37 | Key | | openssl_signature.c:134:38:134:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:135:9:135:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:135:9:135:27 | SignOperation | Output | openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:142:9:142:27 | SignOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:142:9:142:27 | SignOperation | Output | openssl_signature.c:142:37:142:46 | SignatureOutput | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:40 | SignatureOutput | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Input | openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Output | openssl_signature.c:142:37:142:46 | SignatureOutput | +| openssl_signature.c:165:54:165:57 | Key | Source | openssl_signature.c:548:34:548:37 | Key | +| openssl_signature.c:165:54:165:57 | Key | Source | openssl_signature.c:578:34:578:37 | Key | +| openssl_signature.c:166:40:166:46 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Input | openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Input | openssl_signature.c:166:40:166:46 | Message | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Key | openssl_signature.c:165:54:165:57 | Key | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Signature | openssl_signature.c:167:39:167:47 | SignatureInput | +| openssl_signature.c:167:39:167:47 | SignatureInput | Source | openssl_signature.c:142:37:142:46 | SignatureOutput | | openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:548:34:548:37 | Key | | openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:578:34:578:37 | Key | | openssl_signature.c:196:38:196:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:197:9:197:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:197:9:197:27 | SignOperation | Output | openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:204:9:204:27 | SignOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:204:9:204:27 | SignOperation | Output | openssl_signature.c:204:37:204:46 | SignatureOutput | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Input | openssl_signature.c:196:38:196:44 | Message | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Key | openssl_signature.c:190:57:190:60 | Key | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Output | openssl_signature.c:197:37:197:40 | SignatureOutput | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Input | openssl_signature.c:196:38:196:44 | Message | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Key | openssl_signature.c:190:57:190:60 | Key | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Output | openssl_signature.c:204:37:204:46 | SignatureOutput | +| openssl_signature.c:228:59:228:62 | Key | Source | openssl_signature.c:548:34:548:37 | Key | +| openssl_signature.c:228:59:228:62 | Key | Source | openssl_signature.c:578:34:578:37 | Key | +| openssl_signature.c:234:40:234:46 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Input | openssl_signature.c:196:38:196:44 | Message | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Input | openssl_signature.c:234:40:234:46 | Message | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Key | openssl_signature.c:190:57:190:60 | Key | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Key | openssl_signature.c:228:59:228:62 | Key | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Signature | openssl_signature.c:235:39:235:47 | SignatureInput | +| openssl_signature.c:235:39:235:47 | SignatureInput | Source | openssl_signature.c:204:37:204:46 | SignatureOutput | | openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:548:34:548:37 | Key | | openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:578:34:578:37 | Key | | openssl_signature.c:263:9:263:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected index 52a7c61502bd..2acaf5b0ed88 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -21,18 +21,34 @@ | openssl_basic.c:144:67:144:73 | HashAlgorithm | Name | MD5 | openssl_basic.c:144:67:144:73 | openssl_basic.c:144:67:144:73 | | openssl_basic.c:144:67:144:73 | HashAlgorithm | RawName | EVP_md5 | openssl_basic.c:144:67:144:73 | openssl_basic.c:144:67:144:73 | | openssl_basic.c:155:22:155:41 | Key | KeyType | Asymmetric | openssl_basic.c:155:22:155:41 | openssl_basic.c:155:22:155:41 | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | Name | HMAC | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | RawName | 855 | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | Name | HMAC | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | RawName | 855 | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | | openssl_basic.c:155:64:155:66 | Key | KeyType | Unknown | openssl_basic.c:155:64:155:66 | openssl_basic.c:155:64:155:66 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | Name | SHA2 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:59:160:62 | Key | KeyType | Unknown | openssl_basic.c:160:59:160:62 | openssl_basic.c:160:59:160:62 | -| openssl_basic.c:167:9:167:27 | SignOperation | KeyOperationSubtype | Sign | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | | openssl_basic.c:179:43:179:76 | Constant | Description | 01234567890123456789012345678901 | openssl_basic.c:179:43:179:76 | openssl_basic.c:179:43:179:76 | | openssl_basic.c:180:42:180:59 | Constant | Description | 0123456789012345 | openssl_basic.c:180:42:180:59 | openssl_basic.c:180:42:180:59 | | openssl_basic.c:181:49:181:87 | Constant | Description | This is a test message for encryption | openssl_basic.c:181:49:181:87 | openssl_basic.c:181:49:181:87 | | openssl_basic.c:218:32:218:33 | Constant | Description | 32 | openssl_basic.c:218:32:218:33 | openssl_basic.c:218:32:218:33 | +| openssl_basic.c:231:27:231:49 | Constant | Description | Encrypt me with OAEP! | openssl_basic.c:231:27:231:49 | openssl_basic.c:231:27:231:49 | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Name | RSA | openssl_basic.c:235:51:235:55 | openssl_basic.c:235:51:235:55 | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | RawName | RSA | openssl_basic.c:235:51:235:55 | openssl_basic.c:235:51:235:55 | +| openssl_basic.c:237:54:237:57 | Constant | Description | 2048 | openssl_basic.c:237:54:237:57 | openssl_basic.c:237:54:237:57 | +| openssl_basic.c:238:39:238:43 | Key | KeyType | Asymmetric | openssl_basic.c:238:39:238:43 | openssl_basic.c:238:39:238:43 | +| openssl_basic.c:243:52:243:55 | Key | KeyType | Unknown | openssl_basic.c:243:52:243:55 | openssl_basic.c:243:52:243:55 | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | Name | OAEP | openssl_basic.c:249:51:249:72 | openssl_basic.c:249:51:249:72 | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | RawName | 4 | openssl_basic.c:249:51:249:72 | openssl_basic.c:249:51:249:72 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | Name | SHA2 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | Name | SHA2 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:262:24:262:39 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_basic.c:262:24:262:39 | openssl_basic.c:262:24:262:39 | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Name | RSA | openssl_pkey.c:21:10:21:28 | openssl_pkey.c:21:10:21:28 | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | RawName | RSA_generate_key_ex | openssl_pkey.c:21:10:21:28 | openssl_pkey.c:21:10:21:28 | | openssl_pkey.c:21:30:21:32 | Key | KeyType | Asymmetric | openssl_pkey.c:21:30:21:32 | openssl_pkey.c:21:30:21:32 | @@ -46,11 +62,19 @@ | openssl_signature.c:80:9:80:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:80:9:80:21 | openssl_signature.c:80:9:80:21 | | openssl_signature.c:80:53:80:56 | Key | KeyType | Unknown | openssl_signature.c:80:53:80:56 | openssl_signature.c:80:53:80:56 | | openssl_signature.c:133:52:133:55 | Key | KeyType | Unknown | openssl_signature.c:133:52:133:55 | openssl_signature.c:133:52:133:55 | -| openssl_signature.c:135:9:135:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | -| openssl_signature.c:142:9:142:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | +| openssl_signature.c:165:54:165:57 | Key | KeyType | Unknown | openssl_signature.c:165:54:165:57 | openssl_signature.c:165:54:165:57 | +| openssl_signature.c:167:9:167:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:167:9:167:29 | openssl_signature.c:167:9:167:29 | | openssl_signature.c:190:57:190:60 | Key | KeyType | Unknown | openssl_signature.c:190:57:190:60 | openssl_signature.c:190:57:190:60 | -| openssl_signature.c:197:9:197:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | -| openssl_signature.c:204:9:204:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | +| openssl_signature.c:228:59:228:62 | Key | KeyType | Unknown | openssl_signature.c:228:59:228:62 | openssl_signature.c:228:59:228:62 | +| openssl_signature.c:235:9:235:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:235:9:235:29 | openssl_signature.c:235:9:235:29 | | openssl_signature.c:260:39:260:42 | Key | KeyType | Unknown | openssl_signature.c:260:39:260:42 | openssl_signature.c:260:39:260:42 | | openssl_signature.c:263:9:263:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:263:9:263:21 | openssl_signature.c:263:9:263:21 | | openssl_signature.c:270:9:270:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:270:9:270:21 | openssl_signature.c:270:9:270:21 | diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index 223f7bfca6c5..6245926f2110 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -24,17 +24,29 @@ | openssl_basic.c:144:67:144:73 | HashAlgorithm | | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:160:39:160:48 | HashAlgorithm | | openssl_basic.c:160:59:160:62 | Key | | openssl_basic.c:163:35:163:41 | Message | -| openssl_basic.c:167:9:167:27 | SignOperation | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | | openssl_basic.c:167:34:167:36 | SignatureOutput | | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:180:42:180:59 | Constant | | openssl_basic.c:181:49:181:87 | Constant | | openssl_basic.c:218:32:218:33 | Constant | +| openssl_basic.c:231:27:231:49 | Constant | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:237:54:237:57 | Constant | +| openssl_basic.c:238:9:238:25 | KeyGeneration | +| openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:243:52:243:55 | Key | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | +| openssl_basic.c:262:54:262:63 | KeyOperationOutput | +| openssl_basic.c:263:64:263:70 | Message | | openssl_pkey.c:21:10:21:28 | KeyGeneration | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:30:21:32 | Key | @@ -57,16 +69,24 @@ | openssl_signature.c:80:53:80:56 | Key | | openssl_signature.c:133:52:133:55 | Key | | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignOperation | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | | openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignOperation | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | | openssl_signature.c:142:37:142:46 | SignatureOutput | +| openssl_signature.c:165:54:165:57 | Key | +| openssl_signature.c:166:40:166:46 | Message | +| openssl_signature.c:167:9:167:29 | VerifyOperation | +| openssl_signature.c:167:39:167:47 | SignatureInput | | openssl_signature.c:190:57:190:60 | Key | | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignOperation | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | | openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignOperation | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | | openssl_signature.c:204:37:204:46 | SignatureOutput | +| openssl_signature.c:228:59:228:62 | Key | +| openssl_signature.c:234:40:234:46 | Message | +| openssl_signature.c:235:9:235:29 | VerifyOperation | +| openssl_signature.c:235:39:235:47 | SignatureInput | | openssl_signature.c:260:39:260:42 | Key | | openssl_signature.c:263:9:263:21 | SignOperation | | openssl_signature.c:263:33:263:36 | SignatureOutput | diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c index f1ffbfa24d36..04504070ddd7 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c @@ -1,7 +1,7 @@ #include "openssl/evp.h" #include "openssl/obj_mac.h" #include "openssl/rand.h" - +#include "openssl/rsa.h" size_t strlen(const char* str); // Sample OpenSSL code that demonstrates various cryptographic operations @@ -218,4 +218,58 @@ int test_main() { calculate_hmac_sha256(key, 32, plaintext, plaintext_len, hmac); return 0; -} \ No newline at end of file +} + +/** + * Simplified signature test + */ +int test_rsa_oaep_basic(void) { + EVP_PKEY_CTX *keygen_ctx = NULL, *encrypt_ctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ciphertext = NULL; + size_t ciphertext_len = 0; + const char *message = "Encrypt me with OAEP!"; + int ret = 1; + + // Generate RSA key + keygen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + if (!keygen_ctx || EVP_PKEY_keygen_init(keygen_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, 2048) <= 0 || + EVP_PKEY_generate(keygen_ctx, &pkey) <= 0) { + goto cleanup; + } + + // Create encryption context + encrypt_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); + if (!encrypt_ctx || EVP_PKEY_encrypt_init(encrypt_ctx) <= 0) { + goto cleanup; + } + + // Set OAEP padding + if (EVP_PKEY_CTX_set_rsa_padding(encrypt_ctx, RSA_PKCS1_OAEP_PADDING) <= 0 || + EVP_PKEY_CTX_set_rsa_oaep_md(encrypt_ctx, EVP_sha256()) <= 0 || + EVP_PKEY_CTX_set_rsa_mgf1_md(encrypt_ctx, EVP_sha256()) <= 0) { + goto cleanup; + } + + // Determine buffer size + if (EVP_PKEY_encrypt(encrypt_ctx, NULL, &ciphertext_len, + (const unsigned char *)message, strlen(message)) <= 0) { + goto cleanup; + } + + ciphertext = OPENSSL_malloc(ciphertext_len); + if (!ciphertext || EVP_PKEY_encrypt(encrypt_ctx, ciphertext, &ciphertext_len, + (const unsigned char *)message, strlen(message)) <= 0) { + goto cleanup; + } + + ret = 0; + +cleanup: + EVP_PKEY_CTX_free(keygen_ctx); + EVP_PKEY_CTX_free(encrypt_ctx); + EVP_PKEY_free(pkey); + OPENSSL_free(ciphertext); + return ret; +} \ No newline at end of file diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index dc86c4637505..f6f5ba71ec2a 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -205,12 +205,6 @@ module JCAModel { ) } - bindingset[name] - predicate mac_name_to_mac_type_known(Crypto::TMacType type, string name) { - type = Crypto::HMAC() and - name.toUpperCase().matches("HMAC%") - } - bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and @@ -1480,7 +1474,7 @@ module JCAModel { module MacInitCallToMacOperationFlow = DataFlow::Global; - class KnownMacAlgorithm extends Crypto::MacAlgorithmInstance instanceof StringLiteral { + class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof StringLiteral { MacGetInstanceAlgorithmValueConsumer consumer; KnownMacAlgorithm() { @@ -1490,13 +1484,30 @@ module JCAModel { MacGetInstanceAlgorithmValueConsumer getConsumer() { result = consumer } - override string getRawMacAlgorithmName() { result = super.getValue() } + override string getRawAlgorithmName() { result = super.getValue() } - override Crypto::MacType getMacType() { - if mac_name_to_mac_type_known(_, super.getValue()) - then mac_name_to_mac_type_known(result, super.getValue()) - else result = Crypto::OtherMacType() + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if super.getValue().toUpperCase().matches("HMAC%") + then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + else + if super.getValue().toUpperCase().matches("CMAC%") + then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) + else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() + } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } class MacGetInstanceCall extends MethodCall { @@ -1566,7 +1577,7 @@ module JCAModel { ) } - override Crypto::ConsumerInputDataFlowNode getMessageConsumer() { + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result.asExpr() = super.getArgument(0) and super.getMethod().getParameterType(0).hasName("byte[]") } diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index d8b1402b5e88..ec09468b5d2f 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -409,8 +409,6 @@ module CryptographyBase Input> { or exists(KeyDerivationOperationInstance op | inputNode = op.getInputConsumer()) or - exists(MacOperationInstance op | inputNode = op.getMessageConsumer()) - or exists(HashOperationInstance op | inputNode = op.getInputConsumer()) ) and this = Input::dfn_to_element(inputNode) @@ -545,8 +543,6 @@ module CryptographyBase Input> { or exists(KeyGenerationOperationInstance op | inputNode = op.getKeyValueConsumer()) or - exists(MacOperationInstance op | inputNode = op.getKeyConsumer()) - or exists(KeyAgreementSecretGenerationOperationInstance op | inputNode = op.getServerKeyConsumer() or inputNode = op.getPeerKeyConsumer() @@ -562,9 +558,10 @@ module CryptographyBase Input> { /** * A key-based cryptographic operation instance, encompassing: - * 1. **Ciphers**: Encryption and decryption, both symmetric and asymmetric - * 1. **Signing**: Signing and verifying, **NOT** including MACs (see `MACOperationInstance`) - * 1. **Key encapsulation**: Key wrapping and unwrapping + * - **Ciphers**: Encryption and decryption, both symmetric and asymmetric + * - **Signing**: Signing and verifying + * - **MACs**: Mac generation + * - **Key encapsulation**: Key wrapping and unwrapping * * This class represents a generic key operation that transforms input data * using a cryptographic key, producing an output artifact such as ciphertext, @@ -598,7 +595,8 @@ module CryptographyBase Input> { /** * Gets the consumer of the primary message input for this key operation. * For example: plaintext (for encryption), ciphertext (for decryption), - * message to be signed, or wrapped key to be unwrapped. + * a message to be signed or verified, the message on which a mac is generated, + * or a wrapped key to be unwrapped. */ abstract ConsumerInputDataFlowNode getInputConsumer(); @@ -614,25 +612,6 @@ module CryptographyBase Input> { abstract ArtifactOutputDataFlowNode getOutputArtifact(); } - /** - * A key operation instance representing a signature being generated or verified. - */ - abstract class SignatureOperationInstance extends KeyOperationInstance { - /** - * Gets the consumer of the signature that is being verified in case of a - * verification operation. - */ - abstract ConsumerInputDataFlowNode getSignatureConsumer(); - - /** - * Gets the consumer of a hash algorithm. - * This is intended for signature operations they are explicitly configured - * with a hash algorithm. If a signature is not configured with an explicit - * hash algorithm, users do not need to provide a consumer (set none()). - */ - abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); - } - /** * A key-based algorithm instance used in cryptographic operations such as encryption, decryption, * signing, verification, and key wrapping. @@ -651,6 +630,7 @@ module CryptographyBase Input> { * - `TSymmetricCipher(OtherSymmetricCipherType())` * - `TAsymmetricCipher(OtherAsymmetricCipherType())` * - `TSignature(OtherSignatureAlgorithmType())` + * - `TMacAlgorithm(OtherMacAlgorithmType())` * - `TKeyEncapsulation(OtherKEMAlgorithmType())` * * If the category of algorithm is not known, the following type should be used: @@ -710,6 +690,41 @@ module CryptographyBase Input> { predicate shouldHavePaddingScheme() { any() } } + abstract class HmacAlgorithmInstance extends KeyOperationAlgorithmInstance { + HmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::HMAC()) } + + /** + * Gets the hash algorithm used by this HMAC algorithm. + */ + abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); + + /** + * CMACs will have algorithms that have modes of operation but that + * is associated with the cipher algorithm, that is itself + * associated to the MAC algorithm. + */ + override predicate shouldHaveModeOfOperation() { none() } + + override ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + /** + * CMACs may have padding but the padding is associated with the cipher algorithm, + * that is itself associated to the MAC algorithm. + */ + override predicate shouldHavePaddingScheme() { none() } + + override PaddingAlgorithmInstance getPaddingAlgorithm() { none() } + } + + abstract class CmacAlgorithmInstance extends KeyOperationAlgorithmInstance { + CmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::CMAC()) } + + /** + * Gets the cipher algorithm used by this CMAC algorithm. + */ + abstract AlgorithmValueConsumer getCipherAlgorithmValueConsumer(); + } + abstract class ModeOfOperationAlgorithmInstance extends AlgorithmInstance { /** * Gets the type of this mode of operation, e.g., "ECB" or "CBC". @@ -760,40 +775,47 @@ module CryptographyBase Input> { abstract HashAlgorithmInstance getMgf1HashAlgorithm(); } - abstract class MacAlgorithmInstance extends AlgorithmInstance { + /** + * A parent class for signature and MAC operations. + * Signatures and macs are the asymmetric and symmetric analogs of each other, + * and some APIs can reuse a single operation to do either signing on mac. + * Users should extend this class when an operation can be either a signature or a MAC, + * and where the instance is not obviously one or the other from use. + */ + abstract class SignatureOrMacOperationInstance extends KeyOperationInstance { /** - * Gets the type of this MAC algorithm, e.g., "HMAC" or "CMAC". + * Gets the consumer of a hash algorithm. + * This is intended for mac/signing operations they are explicitly configured + * with a hash algorithm. If the operation is not configured with an explicit + * hash algorithm, users do not need to provide a consumer (set none()). */ - abstract MacType getMacType(); + abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); /** - * Gets the isolated name as it appears in source, e.g., "HMAC-SHA256" in "HMAC-SHA256/UnrelatedInformation". - * - * This name should not be parsed or formatted beyond isolating the raw MAC name if necessary. + * Holds if this operation has a hash algorithm consumer. + * I.e., holds if the operation is configured to perform a hash + * on a message before signing and algorithm is passed in. + * The hash algorithm consumer must be specified through + * `getHashAlgorithmValueConsumer()`. */ - abstract string getRawMacAlgorithmName(); + abstract predicate hasHashAlgorithmConsumer(); } - abstract class MacOperationInstance extends OperationInstance { - /** - * Gets the message input used in this operation. - */ - abstract ConsumerInputDataFlowNode getMessageConsumer(); - + /** + * A key operation instance representing a signature being generated or verified. + * Note: These instances are known to always be signature operations. + * If an API allows an operation to be used for both MAC and signature, + * it should be modeled as a `SignatureOrMacOperationInstance` instead, + * even if all configuration paths to the current operation only configure it as a signature operation. + */ + abstract class SignatureOperationInstance extends SignatureOrMacOperationInstance { /** - * Gets the key used in this operation. + * Gets the consumer of the signature when this operation is a verification operation. */ - abstract ConsumerInputDataFlowNode getKeyConsumer(); + abstract ConsumerInputDataFlowNode getSignatureConsumer(); } - abstract class HmacAlgorithmInstance extends MacAlgorithmInstance { - HmacAlgorithmInstance() { this.getMacType() = HMAC() } - - /** - * Gets the hash algorithm used by this HMAC algorithm. - */ - abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); - } + abstract class MacOperationInstance extends SignatureOrMacOperationInstance { } abstract class EllipticCurveInstance extends AlgorithmInstance { /** @@ -1063,11 +1085,6 @@ module CryptographyBase Input> { exists(KeyOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) } - private predicate isMacAvc(AlgorithmValueConsumer avc) { - exists(MacOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) or - exists(Pbkdf2AlgorithmInstance alg | avc = alg.getHmacAlgorithmValueConsumer()) - } - private predicate isKeyDerivationAvc(AlgorithmValueConsumer avc) { exists(KeyDerivationOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) } @@ -1091,9 +1108,6 @@ module CryptographyBase Input> { final private class HashAlgorithmInstanceOrValueConsumer = AlgorithmInstanceOrValueConsumer::Union; - final private class MacAlgorithmInstanceOrValueConsumer = - AlgorithmInstanceOrValueConsumer::Union; - final private class KeyDerivationAlgorithmInstanceOrValueConsumer = AlgorithmInstanceOrValueConsumer::Union; @@ -1128,13 +1142,11 @@ module CryptographyBase Input> { TPaddingAlgorithm(PaddingAlgorithmInstance e) or // All other operations THashOperation(HashOperationInstance e) or - TMacOperation(MacOperationInstance e) or TKeyAgreementOperation(KeyAgreementSecretGenerationOperationInstance e) or // All other algorithms TEllipticCurve(EllipticCurveInstanceOrValueConsumer e) or THashAlgorithm(HashAlgorithmInstanceOrValueConsumer e) or TKeyDerivationAlgorithm(KeyDerivationAlgorithmInstanceOrValueConsumer e) or - TMacAlgorithm(MacAlgorithmInstanceOrValueConsumer e) or TKeyAgreementAlgorithm(KeyAgreementAlgorithmInstanceOrValueConsumer e) or // Generic source nodes, i.e., sources of data that are not resolvable to a specific known asset. TGenericSourceNode(GenericSourceInstance e) { @@ -1582,57 +1594,36 @@ module CryptographyBase Input> { /** * A MAC operation that produces a MAC value. */ - final class MacOperationNode extends OperationNode, TMacOperation { - MacOperationInstance instance; - - MacOperationNode() { this = TMacOperation(instance) } + final class MacOperationNode extends SignatureOrMacOperationNode { + MacOperationNode() { + this.getKeyOperationSubtype() = TMacMode() and + // If the type could be a mac, then we will not consider it a mac operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) + } final override string getInternalType() { result = "MACOperation" } override LocatableElement asElement() { result = instance } - override predicate isCandidateAlgorithmNode(AlgorithmNode node) { - node instanceof MacAlgorithmNode - } - MessageArtifactNode getAMessage() { - result.asElement() = instance.getMessageConsumer().getConsumer() + result.asElement() = instance.getInputConsumer().getConsumer() } - KeyArtifactNode getAKey() { result.asElement() = instance.getKeyConsumer().getConsumer() } - override NodeBase getChild(string edgeName) { result = super.getChild(edgeName) or // [KNOWN_OR_UNKNOWN] edgeName = "Message" and - if exists(this.getAMessage()) then result = this.getAMessage() else result = this - or - // [KNOWN_OR_UNKNOWN] - edgeName = "Key" and - if exists(this.getAKey()) then result = this.getAKey() else result = this + (if exists(this.getAMessage()) then result = this.getAMessage() else result = this) } } - /** - * A MAC algorithm, such as HMAC or CMAC. - */ - class MacAlgorithmNode extends AlgorithmNode, TMacAlgorithm { - MacAlgorithmInstanceOrValueConsumer instance; - - MacAlgorithmNode() { this = TMacAlgorithm(instance) } - - final override string getInternalType() { result = "MACAlgorithm" } - - override LocatableElement asElement() { result = instance } - - final override string getRawAlgorithmName() { - result = instance.asAlg().getRawMacAlgorithmName() + abstract class MacAlgorithmNode extends KeyOperationAlgorithmNode { + MacAlgorithmNode() { + instance.(KeyOperationAlgorithmInstance).getAlgorithmType() = KeyOpAlg::TMac(_) } - MacType getMacType() { result = instance.asAlg().getMacType() } - - override string getAlgorithmName() { result = this.getMacType().toString() } + override string getInternalType() { result = "MACAlgorithm" } } final class HmacAlgorithmNode extends MacAlgorithmNode { @@ -1640,6 +1631,8 @@ module CryptographyBase Input> { HmacAlgorithmNode() { hmacInstance = instance.asAlg() } + override string getInternalType() { result = "HMACAlgorithm" } + NodeBase getHashAlgorithmOrUnknown() { result.asElement() = hmacInstance.getHashAlgorithmValueConsumer().getASource() } @@ -1655,6 +1648,7 @@ module CryptographyBase Input> { } } + // TODO: CMAC model class KeyAgreementOperationNode extends OperationNode, TKeyAgreementOperation { KeyAgreementSecretGenerationOperationInstance instance; @@ -1871,6 +1865,7 @@ module CryptographyBase Input> { TUnwrapMode() or TSignMode() or TVerifyMode() or + TMacMode() or TUnknownKeyOperationMode() /** @@ -1890,6 +1885,8 @@ module CryptographyBase Input> { or result = "Verify" and this = TVerifyMode() or + result = "Mac" and this = TMacMode() + or result = "Unknown" and this = TUnknownKeyOperationMode() } } @@ -2001,14 +1998,44 @@ module CryptographyBase Input> { override string getInternalType() { result = nodeName } } - class SignatureOperationNode extends KeyOperationNode { + class SignatureOrMacOperationNode extends KeyOperationNode { + override SignatureOrMacOperationInstance instance; + + SignatureOrMacOperationNode() { + this.getKeyOperationSubtype() = TSignMode() + or + this.getKeyOperationSubtype() = TVerifyMode() + or + this.getKeyOperationSubtype() = TMacMode() + } + + override string getInternalType() { result = "SignatureOrMACOperation" } + + HashAlgorithmNode getHashAlgorithm() { + result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode() + } + + override NodeBase getChild(string key) { + result = super.getChild(key) + or + // [KNOWN_OR_UNKNOWN] + key = "HashAlgorithm" and + (if exists(this.getHashAlgorithm()) then result = this.getHashAlgorithm() else result = this) + } + } + + class SignatureOperationNode extends SignatureOrMacOperationNode { override SignatureOperationInstance instance; string nodeName; SignatureOperationNode() { - this.getKeyOperationSubtype() = TSignMode() and nodeName = "SignOperation" - or - this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" + ( + this.getKeyOperationSubtype() = TSignMode() and nodeName = "SignOperation" + or + this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" + ) and + // If the type could be a mac, then we will not consider it a signature operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) } override string getInternalType() { result = nodeName } @@ -2017,10 +2044,6 @@ module CryptographyBase Input> { result.asElement() = instance.getSignatureConsumer().getConsumer() } - HashAlgorithmNode getHashAlgorithm() { - result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode() - } - override NodeBase getChild(string key) { result = super.getChild(key) or diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index 29c5b58d343a..929c92aefff1 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -14,6 +14,7 @@ module Types { TSymmetricCipher(TSymmetricCipherType t) or TAsymmetricCipher(TAsymmetricCipherType t) or TSignature(TSignatureAlgorithmType t) or + TMac(TMacAlgorithmType t) or TKeyEncapsulation(TKemAlgorithmType t) or TUnknownKeyOperationAlgorithmType() @@ -55,6 +56,11 @@ module Types { FRODO_KEM() or OtherKemAlgorithmType() + newtype TMacAlgorithmType = + HMAC() or + CMAC() or + OtherMacAlgorithmType() + newtype TCipherStructureType = Block() or Stream() or @@ -143,6 +149,13 @@ module Types { or this = TKeyEncapsulation(OtherKemAlgorithmType()) and result = "UnknownKEM" or + // MAC algorithms + this = TMac(HMAC()) and result = "HMAC" + or + this = TMac(CMAC()) and result = "CMAC" + or + this = TMac(OtherMacAlgorithmType()) and result = "UnknownMac" + or // Unknown this = TUnknownKeyOperationAlgorithmType() and result = "Unknown" } @@ -305,21 +318,6 @@ module Types { } } - newtype TMacType = - HMAC() or - CMAC() or - OtherMacType() - - class MacType extends TMacType { - string toString() { - this = HMAC() and result = "HMAC" - or - this = CMAC() and result = "CMAC" - or - this = OtherMacType() and result = "UnknownMacType" - } - } - // Key agreement algorithms newtype TKeyAgreementType = DH() or // Diffie-Hellman