signature algorithms are tracked from keys and contexts

GrosQuildu · GrosQuildu · commit 367235804b0e · 2025-05-30T12:09:09.000+02:00
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll
@@ -62,7 +62,8 @@ class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
   Expr getValueArgExpr() { result = valueArgNode.asExpr() }
 }
 
-// TODO: not sure where to put these
+// TODO: not sure where to put these predicates
+Expr getAlgorithmFromArgument(Expr arg) { none() }
 
 /**
  * Given context expression (EVP_PKEY_CTX), finds the algorithm.
@@ -81,7 +82,8 @@ Expr getAlgorithmFromCtx(CtxPointerExpr ctx) {
  */
 Expr getKeyFromCtx(CtxPointerExpr ctx) {
   exists(Call contextCreationCall |
-    ctxFlowsToCtxArg(contextCreationCall, ctx) and (
+    ctxFlowsToCtxArg(contextCreationCall, ctx) and
+    (
       contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new" and
       result = contextCreationCall.getArgument(0)
       or
@@ -96,15 +98,11 @@ Expr getKeyFromCtx(CtxPointerExpr ctx) {
  */
 module OpenSSLKeyFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
-    exists(EVPKeyGenOperation keygen |
-      keygen.getOutputKeyArtifact() = source
-    )
+    exists(EVPKeyGenOperation keygen | keygen.getOutputKeyArtifact() = source)
   }
 
   predicate isSink(DataFlow::Node sink) {
-    exists(OpenSSLOperation call |
-      call.(Call).getAnArgument() = sink.asExpr()
-    )
+    exists(OpenSSLCall call | call.(Call).getAnArgument() = sink.asExpr())
   }
 }
 
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll
@@ -7,41 +7,32 @@ private import OpenSSLOperationBase
 private import experimental.quantum.OpenSSL.CtxFlow
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.PKeyAlgorithmValueConsumer
 
-
 // TODO: verification functions
 class EVP_Signature_Initializer extends EVPInitialize {
-  boolean isAlgorithmSpecifiedByKey;
-  boolean isAlgorithmSpecifiedByCtx;
-
   EVP_Signature_Initializer() {
     this.(Call).getTarget().getName() in [
         "EVP_DigestSignInit", "EVP_DigestSignInit_ex", "EVP_SignInit", "EVP_SignInit_ex",
         "EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex", "EVP_PKEY_sign_init_ex2",
         "EVP_PKEY_sign_message_init"
-      ] and
-    (
-      if this.(Call).getTarget().getName().matches("EVP_PKEY_%")
-      then isAlgorithmSpecifiedByKey = false
-      else isAlgorithmSpecifiedByKey = true
-    ) and
-    (
-      if this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex"]
-      then isAlgorithmSpecifiedByCtx = true
-      else isAlgorithmSpecifiedByCtx = false
-    )
+      ]
   }
 
   override Expr getAlgorithmArg() {
-    if this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] then
-      result = this.(Call).getArgument(1)
-    else
-      if isAlgorithmSpecifiedByKey = true then
-        result = getAlgorithmFromKey(this.getKeyArg())
-      else
-        if isAlgorithmSpecifiedByCtx = true then
-          result = getAlgorithmFromCtx(this.getContextArg())
-        else
-          none()
+    // explicit algorithm as argument
+    this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and
+    result = this.(Call).getArgument(1)
+    or
+    // algorithm (and key) specified in the context
+    this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex"] and
+    result = getAlgorithmFromCtx(this.getContextArg())
+    or
+    // algorithm specified by the key
+    this.(Call).getTarget().getName() in ["EVP_DigestSignInit", "EVP_DigestSignInit_ex"] and
+    result = getAlgorithmFromKey(this.getKeyArg())
+    or
+    // cannot determine algorithm from the initialization call
+    this.(Call).getTarget().getName() in ["EVP_SignInit", "EVP_SignInit_ex"] and
+    none()
   }
 
   /**
@@ -170,10 +161,22 @@ class EVP_Signature_Final_Call extends EVPFinal, EVP_Signature_Operation {
       ]
   }
 
+  override Expr getAlgorithmArg() {
+    // algorithm specified by the key and the key is provided in this operation
+    if this.(Call).getTarget().getName() in ["EVP_SignFinal", "EVP_SignFinal_ex"]
+    then result = getAlgorithmFromKey(this.getKeyConsumer().asExpr())
+    else
+      // or find algorithm in the initialization call
+      result = EVP_Signature_Operation.super.getAlgorithmArg()
+  }
+
   override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
+    // key provided as an argument
     if this.(Call).getTarget().getName() in ["EVP_SignFinal", "EVP_SignFinal_ex"]
     then result = DataFlow::exprNode(this.(Call).getArgument(3))
-    else result = EVP_Signature_Operation.super.getKeyConsumer()
+    else
+      // or find key in the initialization call
+      result = EVP_Signature_Operation.super.getKeyConsumer()
   }
 
   /**
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll
@@ -2,22 +2,31 @@ private import experimental.quantum.Language
 private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
 
+/**
+ * All functions from the OpenSSL API.
+ */
+class OpenSSLCall extends Call { }
+
 /**
  * All OpenSSL operations.
  */
-abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Call {
+abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof OpenSSLCall {
   /**
    * Expression that specifies the algorithm for the operation.
-   * Will be an argument of the operation in the simplest case.
+   * Will be an argument of the operation in the simplest case
+   * and EVPPKeyAlgorithmConsumer's valueArgExpr in more complex cases.
    */
   abstract Expr getAlgorithmArg();
 
   /**
-   * Algorithm is specified in initialization call or is implicitly established by the key or context.
+   * Algorithm is either an argument and we track it to AlgorithmValueConsumer
+   * or we have the AlgorithmValueConsumer already and just return it.
    */
   override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
     AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
       DataFlow::exprNode(this.getAlgorithmArg()))
+    or
+    result.(EVPPKeyAlgorithmConsumer).getValueArgExpr() = this.getAlgorithmArg()
   }
 }
 
@@ -26,7 +35,7 @@ abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Cal
  * These are not operations in the sense of Crypto::OperationInstance,
  * but they are used to initialize the context for the operation.
  */
-abstract class EVPInitialize extends Call {
+abstract class EVPInitialize extends OpenSSLCall {
   /**
    * The context argument that ties together initialization, updates and/or final calls.
    */
@@ -60,7 +69,7 @@ abstract class EVPInitialize extends Call {
  * These are not operations in the sense of Crypto::OperationInstance,
  * but they are used to update the context for the operation.
  */
-abstract class EVPUpdate extends Call {
+abstract class EVPUpdate extends OpenSSLCall {
   /**
    * The context argument that ties together initialization, updates and/or final calls.
    */
@@ -86,7 +95,7 @@ private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
   }
 
   predicate isSink(DataFlow::Node sink) {
-    exists(EVPOperation c | c.getAlgorithmArg() = sink.asExpr())
+    exists(OpenSSLOperation c | c.getAlgorithmArg() = sink.asExpr())
   }
 }
 
diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl/includes/std_stubs.h b/cpp/ql/test/experimental/library-tests/quantum/openssl/includes/std_stubs.h
@@ -1,6 +1,8 @@
 #ifndef STD_STUBS_H
 #define STD_STUBS_H
 
+int printf(const char *format, ...);
+
 unsigned long strlen(const char *s) {
     return 0;
 }
diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/openssl_signature.c b/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/openssl_signature.c
@@ -322,14 +322,14 @@ int verify_using_evp_pkey_verify(const unsigned char *digest, size_t digest_len,
  */
 int sign_using_evp_pkey_sign_message(const unsigned char *message, size_t message_len,
                                      unsigned char **signature, size_t *signature_len,
-                                     EVP_PKEY *pkey, const EVP_MD *md) {
+                                     EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) {
     EVP_PKEY_CTX *pkey_ctx = NULL;
     EVP_SIGNATURE *alg = NULL;
     int ret = 0;
 
     if (!(pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto cleanup;
     
-    alg = EVP_SIGNATURE_fetch(NULL, "RSA-SHA256", NULL);
+    alg = EVP_SIGNATURE_fetch(NULL, alg_name, NULL);
     
     if (EVP_PKEY_sign_message_init(pkey_ctx, alg, NULL) != 1 ||
         EVP_PKEY_sign_message_update(pkey_ctx, message, message_len) != 1 ||
@@ -358,14 +358,14 @@ int sign_using_evp_pkey_sign_message(const unsigned char *message, size_t messag
  */
 int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t message_len,
                                         const unsigned char *signature, size_t signature_len,
-                                        EVP_PKEY *pkey, const EVP_MD *md) {
+                                        EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) {
     EVP_PKEY_CTX *pkey_ctx = NULL;
     EVP_SIGNATURE *alg = NULL;
     int ret = 0;
 
     if (!(pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto cleanup;
     
-    alg = EVP_SIGNATURE_fetch(NULL, "RSA-SHA256", NULL);
+    alg = EVP_SIGNATURE_fetch(NULL, alg_name, NULL);
     
     if (EVP_PKEY_verify_message_init(pkey_ctx, alg, NULL) != 1) goto cleanup;
     
@@ -666,8 +666,8 @@ int test_signature_apis(EVP_PKEY *key, const EVP_MD *md,
     
     /* Test 6: EVP_PKEY_sign_message API */
     printf("6. EVP_PKEY_sign_message API: ");
-    if (sign_using_evp_pkey_sign_message(message, message_len, &sig6, &sig_len6, key, md) &&
-        verify_using_evp_pkey_verify_message(message, message_len, sig6, sig_len6, key, md)) {
+    if (sign_using_evp_pkey_sign_message(message, message_len, &sig6, &sig_len6, key, md, algo_name) &&
+        verify_using_evp_pkey_verify_message(message, message_len, sig6, sig_len6, key, md, algo_name)) {
         printf("PASS\n");
     } else {
         printf("FAIL\n");
@@ -708,7 +708,7 @@ int test_signature_apis_rsa(void) {
     }
     
     /* Test generic APIs */
-    if (!test_signature_apis(key, md, set_rsa_pss_padding, "RSA")) {
+    if (!test_signature_apis(key, md, set_rsa_pss_padding, "RSA-SHA256")) {
         success = 0;
     }
     
diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_algorithms.expected b/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_algorithms.expected
@@ -1,4 +1,6 @@
-| openssl_signature.c:332:37:332:48 | RSA-SHA256 | RSA | openssl_signature.c:332:11:332:29 | call to EVP_SIGNATURE_fetch |
-| openssl_signature.c:368:37:368:48 | RSA-SHA256 | RSA | openssl_signature.c:368:11:368:29 | call to EVP_SIGNATURE_fetch |
 | openssl_signature.c:552:35:552:46 | 6 | RSA | openssl_signature.c:552:15:552:33 | call to EVP_PKEY_CTX_new_id |
 | openssl_signature.c:574:50:574:54 | DSA | DSA | openssl_signature.c:574:17:574:42 | call to EVP_PKEY_CTX_new_from_name |
+| openssl_signature.c:711:60:711:71 | RSA-SHA256 | RSA | openssl_signature.c:332:11:332:29 | call to EVP_SIGNATURE_fetch |
+| openssl_signature.c:711:60:711:71 | RSA-SHA256 | RSA | openssl_signature.c:368:11:368:29 | call to EVP_SIGNATURE_fetch |
+| openssl_signature.c:767:60:767:64 | DSA | DSA | openssl_signature.c:332:11:332:29 | call to EVP_SIGNATURE_fetch |
+| openssl_signature.c:767:60:767:64 | DSA | DSA | openssl_signature.c:368:11:368:29 | call to EVP_SIGNATURE_fetch |
diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_operations.expected b/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_operations.expected
@@ -0,0 +1,12 @@
+| openssl_signature.c:89:9:89:21 | SignOperation | openssl_signature.c:79:32:79:38 | Message | openssl_signature.c:89:31:89:40 | SignatureOutput | openssl_signature.c:89:53:89:56 | Key | openssl_signature.c:552:35:552:46 | KeyOperationAlgorithm | Sign |
+| openssl_signature.c:89:9:89:21 | SignOperation | openssl_signature.c:79:32:79:38 | Message | openssl_signature.c:89:31:89:40 | SignatureOutput | openssl_signature.c:89:53:89:56 | Key | openssl_signature.c:574:50:574:54 | Constant | Sign |
+| openssl_signature.c:89:9:89:21 | SignOperation | openssl_signature.c:84:28:84:36 | Message | openssl_signature.c:89:31:89:40 | SignatureOutput | openssl_signature.c:89:53:89:56 | Key | openssl_signature.c:552:35:552:46 | KeyOperationAlgorithm | Sign |
+| openssl_signature.c:89:9:89:21 | SignOperation | openssl_signature.c:84:28:84:36 | Message | openssl_signature.c:89:31:89:40 | SignatureOutput | openssl_signature.c:89:53:89:56 | Key | openssl_signature.c:574:50:574:54 | Constant | Sign |
+| openssl_signature.c:151:9:151:27 | SignOperation | openssl_signature.c:143:38:143:44 | Message | openssl_signature.c:151:37:151:46 | SignatureOutput | openssl_signature.c:142:52:142:55 | Key | openssl_signature.c:552:35:552:46 | KeyOperationAlgorithm | Sign |
+| openssl_signature.c:151:9:151:27 | SignOperation | openssl_signature.c:143:38:143:44 | Message | openssl_signature.c:151:37:151:46 | SignatureOutput | openssl_signature.c:142:52:142:55 | Key | openssl_signature.c:574:50:574:54 | Constant | Sign |
+| openssl_signature.c:213:9:213:27 | SignOperation | openssl_signature.c:205:38:205:44 | Message | openssl_signature.c:213:37:213:46 | SignatureOutput | openssl_signature.c:199:57:199:60 | Key | openssl_signature.c:552:35:552:46 | KeyOperationAlgorithm | Sign |
+| openssl_signature.c:213:9:213:27 | SignOperation | openssl_signature.c:205:38:205:44 | Message | openssl_signature.c:213:37:213:46 | SignatureOutput | openssl_signature.c:199:57:199:60 | Key | openssl_signature.c:574:50:574:54 | Constant | Sign |
+| openssl_signature.c:279:9:279:21 | SignOperation | openssl_signature.c:279:60:279:65 | Message | openssl_signature.c:279:33:279:42 | SignatureOutput | openssl_signature.c:269:39:269:42 | Key | openssl_signature.c:552:35:552:46 | KeyOperationAlgorithm | Sign |
+| openssl_signature.c:279:9:279:21 | SignOperation | openssl_signature.c:279:60:279:65 | Message | openssl_signature.c:279:33:279:42 | SignatureOutput | openssl_signature.c:269:39:269:42 | Key | openssl_signature.c:574:50:574:54 | Constant | Sign |
+| openssl_signature.c:343:9:343:35 | SignOperation | openssl_signature.c:335:48:335:54 | Message | openssl_signature.c:343:47:343:56 | SignatureOutput | openssl_signature.c:330:39:330:42 | Key | openssl_signature.c:711:60:711:71 | KeyOperationAlgorithm | Sign |
+| openssl_signature.c:343:9:343:35 | SignOperation | openssl_signature.c:335:48:335:54 | Message | openssl_signature.c:343:47:343:56 | SignatureOutput | openssl_signature.c:330:39:330:42 | Key | openssl_signature.c:767:60:767:64 | Constant | Sign |
diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_operations.ql b/cpp/ql/test/experimental/library-tests/quantum/openssl/signature/signature_operations.ql
@@ -6,7 +6,7 @@ import experimental.quantum.OpenSSL.Operations.EVPSignatureOperation
 import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase
 
 from Crypto::SignatureOperationNode n
-select n, n.asElement(), n.getAnInputArtifact(), n.getAnOutputArtifact(), n.getAKey(), 
-  n.asElement().(OpenSSLOperation).getAlgorithmArg()
-  // n.asElement().(Crypto::OperationInstance).getAnAlgorithmValueConsumer(),
-  // n.getAnAlgorithmOrGenericSource()
+select n, n.getAnInputArtifact(), n.getAnOutputArtifact(), n.getAKey(),
+  n.getAnAlgorithmOrGenericSource(), n.getKeyOperationSubtype()
+  // , n.getASignatureArtifact()
+  

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
`1`	`1`	`#ifndef STD_STUBS_H`
`2`	`2`	`#define STD_STUBS_H`
`3`	`3`
	`4`	`+int printf(const char *format, ...);`
	`5`	`+`
`4`	`6`	`unsigned long strlen(const char *s) {`
`5`	`7`	`return 0;`
`6`	`8`	`}`