openssl keygen & tracking of keys-contexts-algorithms

Author: GrosQuildu

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll

@@ -3,6 +3,9 @@ private import experimental.quantum.Language
 private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
 private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
+private import experimental.quantum.OpenSSL.Operations.EVPKeyGenOperation
+private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.CtxFlow
 
 abstract class PKeyValueConsumer extends OpenSSLAlgorithmValueConsumer { }
 
@@ -17,14 +20,13 @@ class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
       // in these cases, the operation will be created separately for the same function.
       this.(Call).getTarget().getName() in [
           "EVP_PKEY_CTX_new_id", "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key",
-          "EVP_PKEY_new_mac_key", "EVP_PKEY_CTX_new"
+          "EVP_PKEY_new_mac_key"
         ] and
       valueArgNode.asExpr() = this.(Call).getArgument(0)
       or
       this.(Call).getTarget().getName() in [
           "EVP_PKEY_CTX_new_from_name", "EVP_PKEY_new_raw_private_key_ex",
           "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name",
-          "EVP_PKEY_CTX_new_from_pkey"
         ] and
       valueArgNode.asExpr() = this.(Call).getArgument(1)
       or
@@ -59,3 +61,61 @@ class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
   // when trying to get the valueArg with getInputNode.
   Expr getValueArgExpr() { result = valueArgNode.asExpr() }
 }
+
+// TODO: not sure where to put these
+
+/**
+ * Given context expression (EVP_PKEY_CTX), finds the algorithm.
+ */
+Expr getAlgorithmFromCtx(CtxPointerExpr ctx) {
+  exists(EVPPKeyAlgorithmConsumer source |
+    result = source.getValueArgExpr() and
+    ctxFlowsToCtxArg(source.getResultNode().asExpr(), ctx)
+  )
+  or
+  result = getAlgorithmFromKey(getKeyFromCtx(ctx))
+}
+
+/**
+ * Given context expression (EVP_PKEY_CTX), finds the key used to initialize the context.
+ */
+Expr getKeyFromCtx(CtxPointerExpr ctx) {
+  exists(Call contextCreationCall |
+    ctxFlowsToCtxArg(contextCreationCall, ctx) and (
+      contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new" and
+      result = contextCreationCall.getArgument(0)
+      or
+      contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
+      result = contextCreationCall.getArgument(1)
+    )
+  )
+}
+
+/**
+ * Flow from key creation to key used in a call
+ */
+module OpenSSLKeyFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    exists(EVPKeyGenOperation keygen |
+      keygen.getOutputKeyArtifact() = source
+    )
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(OpenSSLOperation call |
+      call.(Call).getAnArgument() = sink.asExpr()
+    )
+  }
+}
+
+module OpenSSLKeyFlow = TaintTracking::Global<OpenSSLKeyFlowConfig>;
+
+/**
+ * Given key expression (EVP_PKEY), finds the algorithm.
+ */
+Expr getAlgorithmFromKey(Expr key) {
+  exists(EVPKeyGenOperation keygen |
+    OpenSSLKeyFlow::flow(keygen.getOutputKeyArtifact(), DataFlow::exprNode(key)) and
+    result = keygen.getAlgorithmArg()
+  )
+}

cpp/ql/lib/experimental/quantum/OpenSSL/CtxFlow.qll

@@ -47,7 +47,7 @@ private class CtxType extends Type {
 /**
  * A pointer to a CtxType
  */
-private class CtxPointerExpr extends Expr {
+class CtxPointerExpr extends Expr {
   CtxPointerExpr() {
     this.getType() instanceof CtxType and
     this.getType() instanceof PointerType

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll

@@ -0,0 +1,49 @@
+private import experimental.quantum.Language
+private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
+private import OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
+private import semmle.code.cpp.dataflow.new.DataFlow
+
+
+class EVPKeyGenInitialize extends EVPInitialize {
+    EVPKeyGenInitialize() { this.(Call).getTarget().getName() in [
+        "EVP_PKEY_keygen_init", "EVP_PKEY_paramgen_init"
+        ]
+    }
+
+    override Expr getAlgorithmArg() {
+        result = getAlgorithmFromCtx(this.getContextArg())
+    }
+}
+
+class EVPKeyGenOperation extends EVPOperation, Crypto::KeyGenerationOperationInstance {
+    EVPKeyGenOperation() { this.(Call).getTarget().getName() in [
+        "EVP_PKEY_generate", "EVP_PKEY_paramgen", "EVP_PKEY_keygen", "EVP_PKEY_Q_keygen"
+        ]
+    }
+
+  override Expr getAlgorithmArg() {
+    if this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen" then
+        result = this.(Call).getArgument(0)
+    else
+        result = EVPOperation.super.getAlgorithmArg()
+}
+
+  override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TAsymmetricKeyType() }
+
+  override Expr getInputArg() { none() }
+
+  override Expr getOutputArg() { result = this.(Call).getArgument(1) }
+
+  override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() {
+    result = EVPOperation.super.getOutputKeyArtifact()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
+    none() // TODO
+  }
+
+  override int getKeySizeFixed() {
+    none() // TODO
+  }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll

@@ -7,6 +7,7 @@ private import OpenSSLOperationBase
 private import experimental.quantum.OpenSSL.CtxFlow
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.PKeyAlgorithmValueConsumer
 
+
 // TODO: verification functions
 class EVP_Signature_Initializer extends EVPInitialize {
   boolean isAlgorithmSpecifiedByKey;
@@ -30,17 +31,17 @@ class EVP_Signature_Initializer extends EVPInitialize {
     )
   }
 
-  /**
-   * Returns the argument that specifies the algorithm or none if the algorithm is implicit (from context or from key).
-   * Note that the key may be not provided in the initialization call.
-   */
   override Expr getAlgorithmArg() {
-    if isAlgorithmSpecifiedByKey = true or isAlgorithmSpecifiedByCtx = true
-    then none()
-    else (
-      this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and
+    if this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] then
       result = this.(Call).getArgument(1)
-    )
+    else
+      if isAlgorithmSpecifiedByKey = true then
+        result = getAlgorithmFromKey(this.getKeyArg())
+      else
+        if isAlgorithmSpecifiedByCtx = true then
+          result = getAlgorithmFromCtx(this.getContextArg())
+        else
+          none()
   }
 
   /**
@@ -55,10 +56,7 @@ class EVP_Signature_Initializer extends EVPInitialize {
     result = this.(Call).getArgument(5)
     or
     this.(Call).getTarget().getName().matches("EVP_PKEY_%") and
-    exists(EVPPKeyAlgorithmConsumer source |
-      result = source.getValueArgExpr() and
-      ctxFlowsToCtxArg(source.getResultNode().asExpr(), this.getContextArg())
-    )
+    result = getKeyFromCtx(this.getContextArg())
   }
 
   /**
@@ -103,7 +101,7 @@ private Expr signatureOperationOutputArg(Call call) {
 abstract class EVP_Signature_Operation extends EVPOperation, Crypto::SignatureOperationInstance {
   EVP_Signature_Operation() {
     this.(Call).getTarget().getName().matches("EVP_%") and
-    // NULL output argument means the call is to get the size of the signature
+    // NULL output argument means the call is to get the size of the signature and such call is not an operation
     (
       not exists(signatureOperationOutputArg(this).getValue())
       or

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll

@@ -13,7 +13,7 @@ abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Cal
   abstract Expr getAlgorithmArg();
 
   /**
-   * Algorithm is specified in initialization call or is implicitly established by the key.
+   * Algorithm is specified in initialization call or is implicitly established by the key or context.
    */
   override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
     AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
@@ -38,7 +38,8 @@ abstract class EVPInitialize extends Call {
   Crypto::KeyOperationSubtype getKeyOperationSubtype() { none() }
 
   /**
-   * Explicitly specified algorithm or none if implicit (e.g., established by the key).
+   * Explicitly specified algorithm or algorithm established by the key or context
+   * (should track flows to the key and/or context to return the algorithm expression)
    * None if not applicable.
    */
   Expr getAlgorithmArg() { none() }
@@ -131,6 +132,10 @@ abstract class EVPOperation extends OpenSSLOperation {
     result = DataFlow::exprNode(this.getOutputArg())
   }
 
+  Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() {
+    result = DataFlow::exprNode(this.getOutputArg())
+  }
+
   /**
    * Input consumer is the input argument of the call.
    */

cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_operations.ql

@@ -1,7 +1,12 @@
 import cpp
 import experimental.quantum.Language
+import experimental.quantum.OpenSSL.AlgorithmValueConsumers.PKeyAlgorithmValueConsumer
+import experimental.quantum.OpenSSL.CtxFlow
 import experimental.quantum.OpenSSL.Operations.EVPSignatureOperation
+import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase
 
-
-from EVP_Signature_Operation n
-select n, n.(Call).getTarget().getName(), n.getOutputArg()
+from Crypto::SignatureOperationNode n
+select n, n.asElement(), n.getAnInputArtifact(), n.getAnOutputArtifact(), n.getAKey(), 
+  n.asElement().(OpenSSLOperation).getAlgorithmArg()
+  // n.asElement().(Crypto::OperationInstance).getAnAlgorithmValueConsumer(),
+  // n.getAnAlgorithmOrGenericSource()