init work for openssl signatures

Author: GrosQuildu

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll

@@ -2866,6 +2866,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
   or
   name = "rsa-sha256" and nid = 668 and normalized = "SHA-256" and algType = "HASH"
   or
+  name = "rsa-sha256" and nid = 668 and normalized = "SHA-256" and algType = "SIGNATURE"
+  or
   name = "rsa-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
   or
   name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3-224" and algType = "HASH"

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll

@@ -0,0 +1,93 @@
+import cpp
+private import experimental.quantum.Language
+private import KnownAlgorithmConstants
+private import Crypto::KeyOpAlg as KeyOpAlg
+private import OpenSSLAlgorithmInstanceBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
+private import AlgToAVCFlow
+
+/**
+ * Gets the signature algorithm type based on the normalized algorithm name.
+ */
+private predicate knownOpenSSLConstantToSignatureFamilyType(
+  KnownOpenSSLSignatureAlgorithmConstant e, Crypto::KeyOpAlg::TAlgorithm type
+) {
+  exists(string name |
+    name = e.getNormalizedName() and
+    (
+      name.matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
+      or
+      name.matches("DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
+      or
+      name.matches("ECDSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA())
+      or
+      name.matches("ED25519%") and type = KeyOpAlg::TSignature(KeyOpAlg::Ed25519())
+      or
+      name.matches("ED448%") and type = KeyOpAlg::TSignature(KeyOpAlg::Ed448())
+      // or
+      // name.matches("sm2%") and type = KeyOpAlg::TSignature(KeyOpAlg::SM2())
+      // or
+      // name.matches("ml-dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::MLDSA())
+      // or
+      // name.matches("slh-dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::SLHDSA())
+    )
+  )
+}
+
+/**
+ * A signature algorithm instance derived from an OpenSSL constant.
+ */
+class KnownOpenSSLSignatureConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
+  Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLSignatureAlgorithmConstant
+{
+  OpenSSLAlgorithmValueConsumer getterCall;
+
+  KnownOpenSSLSignatureConstantAlgorithmInstance() {
+    // Two possibilities:
+    // 1) The source is a literal and flows to a getter, then we know we have an instance
+    // 2) The source is a KnownOpenSSLAlgorithm call, and we know we have an instance immediately from that
+    // Possibility 1:
+    this instanceof Literal and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      // Sink is an argument to a signature getter call
+      sink = getterCall.getInputNode() and
+      // Source is `this`
+      src.asExpr() = this and
+      // This traces to a getter
+      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
+    )
+    or
+    // Possibility 2:
+    this instanceof DirectAlgorithmValueConsumer and getterCall = this
+  }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
+
+  override int getKeySizeFixed() {
+    // this.(KnownOpenSSLSignatureAlgorithmConstant).getExplicitKeySize() = result
+    none()
+  }
+
+  override KeyOpAlg::Algorithm getAlgorithmType() {
+    knownOpenSSLConstantToSignatureFamilyType(this, result)
+    or
+    not knownOpenSSLConstantToSignatureFamilyType(this, _) and
+    result = KeyOpAlg::TSignature(KeyOpAlg::OtherSignatureAlgorithmType())
+  }
+
+  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
+    // TODO: trace to any key size initializer, symmetric and asymmetric
+    none()
+  }
+
+  override predicate shouldHaveModeOfOperation() { none() }
+
+  override predicate shouldHavePaddingScheme() { none() }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll

@@ -0,0 +1,32 @@
+import cpp
+private import experimental.quantum.Language
+private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
+private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
+private import OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.LibraryDetector
+
+abstract class SignatureAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
+
+class EVPSignatureAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
+  DataFlow::Node valueArgNode;
+  DataFlow::Node resultNode;
+
+  EVPSignatureAlgorithmValueConsumer() {
+    resultNode.asExpr() = this and
+    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
+    (
+      // EVP_SIGNATURE
+      this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and
+      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      // EVP_PKEY_get1_DSA, DSA_SIG_new, EVP_RSA_gen
+    )
+  }
+
+  override DataFlow::Node getResultNode() { result = resultNode }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
+  }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll

@@ -0,0 +1,108 @@
+/**
+ * Provides classes for modeling OpenSSL's EVP signature operations
+ */
+
+private import experimental.quantum.Language
+private import OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
+
+// TODO: verification
+class EVP_Cipher_Initializer extends EVPInitialize {
+  EVP_Cipher_Initializer() {
+    this.(Call).getTarget().getName() in [
+        "EVP_DigestSignInit", "EVP_DigestSignInit_ex", "EVP_SignInit", "EVP_SignInit_ex",
+        "EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex", "EVP_PKEY_sign_init_ex2",
+        "EVP_PKEY_sign_message_init"
+      ]
+  }
+
+  override Expr getAlgorithmArg() {
+    this.(Call).getTarget().getName() = "EVP_DigestSignInit" and
+    result = this.(Call).getArgument(1)
+    or
+    this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and
+    result = this.(Call).getArgument(1)
+    or
+    this.(Call).getTarget().getName() = "EVP_PKEY_sign_init_ex2" and
+    result = this.(Call).getArgument(1)
+    or
+    this.(Call).getTarget().getName() = "EVP_PKEY_sign_message_init" and
+    result = this.(Call).getArgument(1)
+  }
+
+  override Expr getKeyArg() {
+    this.(Call).getTarget().getName() = "EVP_DigestSignInit" and
+    result = this.(Call).getArgument(4)
+    or
+    this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and
+    result = this.(Call).getArgument(5)
+  }
+
+  override Expr getIVArg() { none() }
+
+  override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
+    if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
+    then result instanceof Crypto::TSignMode
+    else
+      if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
+      then result instanceof Crypto::TVerifyMode
+      else result instanceof Crypto::TUnknownKeyOperationMode
+  }
+}
+
+class EVP_Signature_Update_Call extends EVPUpdate {
+  EVP_Signature_Update_Call() {
+    this.(Call).getTarget().getName() in [
+        "EVP_DigestSignUpdate", "EVP_SignUpdate", "EVP_PKEY_sign_message_update"
+      ]
+  }
+
+  override Expr getInputArg() { result = this.(Call).getArgument(1) }
+}
+
+abstract class EVP_Signature_Operation extends EVPOperation, Crypto::KeyOperationInstance {
+  EVP_Signature_Operation() { this.(Call).getTarget().getName().matches("EVP_%") }
+
+  override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
+    if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
+    then result instanceof Crypto::TSignMode
+    else
+      if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
+      then result instanceof Crypto::TVerifyMode
+      else result instanceof Crypto::TUnknownKeyOperationMode
+  }
+
+  override Expr getOutputArg() { result = this.(Call).getArgument(1) }
+
+  override Crypto::ConsumerInputDataFlowNode getNonceConsumer() {
+    // this.getInitCall().getIVArg() = result.asExpr()
+    none()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
+    this.getInitCall().getKeyArg() = result.asExpr()
+    // todo: or track to the EVP_PKEY_CTX_new
+  }
+
+  override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() {
+    result = this.(EVPOperation).getOutputArtifact()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
+    result = this.(EVPOperation).getInputConsumer()
+  }
+}
+
+class EVP_Signature_Call extends EVPOneShot, EVP_Signature_Operation {
+  EVP_Signature_Call() { this.(Call).getTarget().getName() in ["EVP_DigestSign", "EVP_PKEY_sign"] }
+
+  override Expr getInputArg() { result = this.(Call).getArgument(3) }
+}
+
+class EVP_Signature_Final_Call extends EVPFinal, EVP_Signature_Operation {
+  EVP_Signature_Final_Call() {
+    this.(Call).getTarget().getName() in [
+        "EVP_DigestSignFinal", "EVP_SignFinal_ex", "EVP_SignFinal", "EVP_PKEY_sign_message_final"
+      ]
+  }
+}