add initial work for openssl signatures

Author: GrosQuildu

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll

@@ -0,0 +1,103 @@
+import cpp
+private import experimental.quantum.Language
+private import KnownAlgorithmConstants
+private import Crypto::KeyOpAlg as KeyOpAlg
+private import OpenSSLAlgorithmInstanceBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
+private import AlgToAVCFlow
+
+
+/**
+ * Gets the signature algorithm type based on the normalized algorithm name.
+ */
+private predicate knownOpenSSLConstantToSignatureFamilyType(
+  KnownOpenSSLSignatureAlgorithmConstant e, Crypto::KeyOpAlg::TAlgorithm type
+) {
+  exists(string name |
+    name = e.getNormalizedName() and
+    (
+      name.matches("rsa%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
+      or
+      name.matches("dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
+      or
+      name.matches("ecdsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA())
+      or
+      name.matches("ed25519%") and type = KeyOpAlg::TSignature(KeyOpAlg::Ed25519())
+      or
+      name.matches("ed448%") and type = KeyOpAlg::TSignature(KeyOpAlg::Ed448())
+      // or
+      // name.matches("sm2%") and type = KeyOpAlg::TSignature(KeyOpAlg::SM2())
+      // or
+      // name.matches("ml-dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::MLDSA())
+      // or
+      // name.matches("slh-dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::SLHDSA())
+    )
+  )
+}
+
+/**
+ * A signature algorithm instance derived from an OpenSSL constant.
+ */
+class KnownOpenSSLSignatureConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
+  Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLSignatureAlgorithmConstant
+{
+  OpenSSLAlgorithmValueConsumer getterCall;
+
+  KnownOpenSSLSignatureConstantAlgorithmInstance() {
+    // Two possibilities:
+    // 1) The source is a literal and flows to a getter, then we know we have an instance
+    // 2) The source is a KnownOpenSSLAlgorithm call, and we know we have an instance immediately from that
+    
+    // Possibility 1:
+    this instanceof Literal and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      // Sink is an argument to a signature getter call
+      sink = getterCall.getInputNode() and
+      // Source is `this`
+      src.asExpr() = this and
+      // This traces to a getter
+      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
+    )
+    or
+    // Possibility 2:
+    this instanceof DirectAlgorithmValueConsumer and getterCall = this
+  }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() {
+    none()
+  }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() {
+    none()
+  }
+
+  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
+
+  override int getKeySizeFixed() {
+    // this.(KnownOpenSSLSignatureAlgorithmConstant).getExplicitKeySize() = result
+    none()
+  }
+
+  override KeyOpAlg::Algorithm getAlgorithmType() {
+    knownOpenSSLConstantToSignatureFamilyType(this, result)
+    or
+    not knownOpenSSLConstantToSignatureFamilyType(this, _) and
+    result = KeyOpAlg::TSignature(KeyOpAlg::OtherSignatureAlgorithmType())
+  }
+
+  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
+    // TODO: trace to any key size initializer, symmetric and asymmetric
+    none()
+  }
+
+  override predicate shouldHaveModeOfOperation() {
+    none()
+  }
+
+  override predicate shouldHavePaddingScheme() {
+    none()
+  }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll

@@ -0,0 +1,38 @@
+import cpp
+private import experimental.quantum.Language
+private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
+private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
+private import OpenSSLAlgorithmValueConsumerBase
+
+abstract class SignatureAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
+
+class EVPSignatureAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
+  DataFlow::Node valueArgNode;
+  DataFlow::Node resultNode;
+  Function consumer;
+
+  EVPSignatureAlgorithmValueConsumer() {
+    resultNode.asExpr() = this and
+    this.(Call).getTarget() = consumer and
+    (
+      // EVP_SIGNATURE
+      consumer.getName() = "EVP_SIGNATURE_fetch" and
+      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      or
+      consumer.getName() = "EVP_SIGNATURE_is_a" and
+      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      // EVP_PKEY_get1_DSA, DSA_SIG_new, EVP_RSA_gen
+    )
+  }
+
+  override DataFlow::Node getResultNode() { result = resultNode }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
+
+  // override DataFlow::Node getInputNode() { result = valueArgNode }
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
+    //TODO: As a potential alternative, for OpenSSL only, add a generic source node for literals and only create flow (flowsTo) to
+    // OpenSSL AVCs... the unknown literal sources would have to be any literals not in the known set.
+  }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll

@@ -0,0 +1,53 @@
+/**
+ * Provides classes for modeling OpenSSL's EVP signature operations
+ */
+
+private import experimental.quantum.Language
+private import OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
+
+// TODO: verification
+
+abstract class EVP_Cipher_Initializer extends EVPInitialize {
+    Expr keyArg;
+    Expr algorithmArg;
+
+    EVP_Cipher_Initializer() {
+        this.(Call).getTarget().getName() in [
+          "EVP_DigestSignInit", "EVP_DigestSignInit_ex",
+          "EVP_SignInit", "EVP_SignInit_ex",
+          "EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex", "EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"
+        ] and
+        (
+          this.(Call).getTarget().getName() = "EVP_DigestSignInit" and 
+          keyArg = this.(Call).getArgument(5)
+          or
+          this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and 
+          keyArg = this.(Call).getArgument(4)
+          or
+          this.(Call).getTarget().getName() = "EVP_PKEY_sign_init_ex2" and
+          algorithmArg = this.(Call).getArgument(1)
+          or
+          this.(Call).getTarget().getName() = "EVP_PKEY_sign_message_init" and
+          algorithmArg = this.(Call).getArgument(1) 
+        )
+    }
+
+    override Expr getAlgorithmArg() { result = algorithmArg }
+
+    override Expr getKeyArg() { result = keyArg }
+
+    override Expr getIVArg() { none() }
+
+    override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
+        if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
+        then result instanceof Crypto::TSignMode
+        else
+        if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
+        then result instanceof Crypto::TVerifyMode
+        else
+        result instanceof Crypto::TUnknownKeyOperationMode
+    }
+}