more tests

Author: GrosQuildu

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/OpenSSLAlgorithmInstances.qll

@@ -4,3 +4,4 @@ import PaddingAlgorithmInstance
 import BlockAlgorithmInstance
 import HashAlgorithmInstance
 import EllipticCurveAlgorithmInstance
+import SignatureAlgorithmInstance

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll

@@ -4,30 +4,30 @@ private import OpenSSLOperationBase
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
 private import semmle.code.cpp.dataflow.new.DataFlow
 
-
 class EVPKeyGenInitialize extends EVPInitialize {
-    EVPKeyGenInitialize() { this.(Call).getTarget().getName() in [
-        "EVP_PKEY_keygen_init", "EVP_PKEY_paramgen_init"
-        ]
-    }
-
-    override Expr getAlgorithmArg() {
-        result = getAlgorithmFromCtx(this.getContextArg())
-    }
+  EVPKeyGenInitialize() {
+    this.(Call).getTarget().getName() in [
+        "EVP_PKEY_keygen_init",
+        "EVP_PKEY_paramgen_init"
+      ]
+  }
+
+  override Expr getAlgorithmArg() { result = getAlgorithmFromCtx(this.getContextArg()) }
 }
 
 class EVPKeyGenOperation extends EVPOperation, Crypto::KeyGenerationOperationInstance {
-    EVPKeyGenOperation() { this.(Call).getTarget().getName() in [
-        "EVP_PKEY_generate", "EVP_PKEY_paramgen", "EVP_PKEY_keygen", "EVP_PKEY_Q_keygen"
-        ]
-    }
+  EVPKeyGenOperation() {
+    this.(Call).getTarget().getName() in [
+        "EVP_PKEY_generate", "EVP_PKEY_keygen", "EVP_PKEY_Q_keygen", "EVP_PKEY_paramgen"
+        // TODO: "EVP_PKEY_paramgen"
+      ]
+  }
 
   override Expr getAlgorithmArg() {
-    if this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen" then
-        result = this.(Call).getArgument(0)
-    else
-        result = EVPOperation.super.getAlgorithmArg()
-}
+    if this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen"
+    then result = this.(Call).getArgument(0)
+    else result = EVPOperation.super.getAlgorithmArg()
+  }
 
   override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TAsymmetricKeyType() }
 

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/keygen_key_sources.ql

@@ -0,0 +1,8 @@
+import cpp
+import experimental.quantum.Language
+import experimental.quantum.OpenSSL.Operations.EVPKeyGenOperation
+
+from EVPKeyGenOperation keyGen, Crypto::KeyArtifactNode key
+where keyGen = key.asElement().(Crypto::KeyArtifactOutputInstance).getCreator()
+select keyGen, key, key.getAKnownAlgorithm()
+// TODO: add key.getSourceNode() when the test has any explicit key source (now we always generate new keys)

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/keygen_operations.ql

@@ -0,0 +1,5 @@
+import cpp
+import experimental.quantum.Language
+
+from Crypto::KeyGenerationOperationNode n
+select n, n.getOutputKeyArtifact(), n.getAnAlgorithmOrGenericSource()

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/openssl_signature.c

@@ -571,7 +571,7 @@ static EVP_PKEY* generate_dsa_key(void) {
     EVP_PKEY *params = NULL, *key = NULL;
 
     /* Generate parameters first */
-    param_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
+    param_ctx = EVP_PKEY_CTX_new_from_name(NULL, "dsa", NULL);
     if (!param_ctx) return NULL;
 
     if (EVP_PKEY_paramgen_init(param_ctx) <= 0 ||
@@ -764,7 +764,7 @@ int test_signature_apis_dsa(void) {
     }
 
     /* Test generic APIs */
-    if (!test_signature_apis(key, md, no_parameter_setter, "DSA")) {
+    if (!test_signature_apis(key, md, no_parameter_setter, "dsa")) {
         success = 0;
     }
 

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_key_sources.ql

@@ -0,0 +1,8 @@
+import cpp
+import experimental.quantum.Language
+
+from Crypto::SignatureOperationNode op, Crypto::KeyArtifactNode key
+where op.getAKey() = key
+select op, key
+// TODO: should key.getAKnownAlgorithm() return a value?
+// TODO: add key.getSourceNode() when the test has any explicit key source (now we always generate new keys)

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_message_sources.ql

@@ -0,0 +1,8 @@
+import cpp
+import experimental.quantum.Language
+
+from Crypto::SignatureOperationNode n, Crypto::MessageArtifactNode m
+where n.getAnInputArtifact() = m
+select n, m, m.getSourceNode()
+// TODO: we miss call to EVP_PKEY_sign, because getSourceNode does not find the `digest` we sign
+// TODO: we miss message generated with `EVP_SignUpdate(md_ctx, message+1, message_len-1)`, because getSourceNode does not find it

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_operations.ql

@@ -1,12 +1,7 @@
 import cpp
 import experimental.quantum.Language
-import experimental.quantum.OpenSSL.AlgorithmValueConsumers.PKeyAlgorithmValueConsumer
-import experimental.quantum.OpenSSL.CtxFlow
-import experimental.quantum.OpenSSL.Operations.EVPSignatureOperation
-import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase
 
 from Crypto::SignatureOperationNode n
 select n, n.getAnInputArtifact(), n.getAnOutputArtifact(), n.getAKey(),
   n.getAnAlgorithmOrGenericSource(), n.getKeyOperationSubtype()
-  // , n.getASignatureArtifact()
-  
+// TODO: add n.getASignatureArtifact() for verification operations