Crypto: Nop out signature operations for now until complete. Minor model update. Remove setting RSA bits as an RSA algorithm. Fix bug in hash algorithm. Add missing PKey encryption to cipher ops. Consolidate ctx initializers. Add unit tests, and alter unit test directory structure to allow for application to other APIs. Update expected files for unit tests (not all updated yet, a work in progress).

Author: bdrodes

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll

@@ -29,7 +29,7 @@ predicate knownOpenSSLConstantToHashFamilyType(
       or
       name.matches(["SHA", "SHA1"]) and type instanceof Crypto::SHA1
       or
-      name.matches("SHA+%") and not name.matches(["SHA1", "SHA3-"]) and type instanceof Crypto::SHA2
+      name.matches("SHA_%") and not name.matches(["SHA1", "SHA3-"]) and type instanceof Crypto::SHA2
       or
       name.matches("SHA3-%") and type instanceof Crypto::SHA3
       or

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll

@@ -147,9 +147,7 @@ class KnownOpenSSLKeyAgreementAlgorithmExpr extends Expr instanceof KnownOpenSSL
 }
 
 predicate knownOpenSSLAlgorithmOperationCall(Call c, string normalized, string algType) {
-  c.getTarget().getName() in [
-      "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "EVP_PKEY_CTX_set_rsa_keygen_bits"
-    ] and
+  c.getTarget().getName() in ["EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new"] and
   normalized = "RSA" and
   algType = "ASYMMETRIC_ENCRYPTION"
 }

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll

@@ -183,3 +183,21 @@ class EVP_Cipher_Final_Call extends EVPFinal, EVP_Cipher_Operation {
 
   override CtxPointerSource getContextArg() { result = this.(Call).getArgument(0) }
 }
+
+/**
+ * https://docs.openssl.org/3.2/man3/EVP_PKEY_decrypt/
+ * https://docs.openssl.org/3.2/man3/EVP_PKEY_encrypt
+ */
+class Evp_PKey_Cipher_Operation extends EVP_Cipher_Operation {
+  Evp_PKey_Cipher_Operation() {
+    this.(Call).getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"]
+  }
+
+  override Expr getInputArg() { result = this.(Call).getArgument(3) }
+
+  override CtxPointerSource getContextArg() { result = this.(Call).getArgument(0) }
+
+  override Expr getAlgorithmArg() {
+    result = this.getInitCall().(EvpAlgorithmInitializer).getAlgorithmArg()
+  }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll

@@ -20,36 +20,6 @@ class EVPKeyGenInitialize extends EvpAlgorithmInitializer {
   override CtxPointerSource getContextArg() { result = this.(Call).getArgument(0) }
 }
 
-/**
- * A call to `EVP_PKEY_CTX_new` or `EVP_PKEY_CTX_new_from_pkey`.
- * These calls initialize the context from a prior key.
- * The key may be generated previously, or merely had it's
- * parameters set (e.g., `EVP_PKEY_paramgen`).
- * NOTE: for the case of `EVP_PKEY_paramgen`, these calls
- * are encoded as context passthroughs, and any operation
- * will get all associated initializers for teh paramgen
- * at the final keygen operation automatically.
- */
-class EVPNewKeyCtx extends EvpKeyInitializer {
-  Expr keyArg;
-
-  EVPNewKeyCtx() {
-    this.(Call).getTarget().getName() = "EVP_PKEY_CTX_new" and
-    keyArg = this.(Call).getArgument(0)
-    or
-    this.(Call).getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
-    keyArg = this.(Call).getArgument(1)
-  }
-
-  /**
-   * Context is returned
-   */
-  override CtxPointerSource getContextArg() { result = this }
-
-  override Expr getKeyArg() { result = keyArg }
-  //TODO: do we specify the algorithm from the key as well?
-}
-
 class EVPKeyGenOperation extends EVPFinal, Crypto::KeyGenerationOperationInstance {
   DataFlow::Node keyResultNode;
 

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll

@@ -1,11 +1,42 @@
 /**
- * Initializers from https://docs.openssl.org/3.0/man3/EVP_PKEY_CTX_ctrl/
+ * Initializers for EVP PKey
+ * including https://docs.openssl.org/3.0/man3/EVP_PKEY_CTX_ctrl/
  */
 
 import cpp
 private import experimental.quantum.OpenSSL.CtxFlow
 private import OpenSSLOperationBase
 
+/**
+ * A call to `EVP_PKEY_CTX_new` or `EVP_PKEY_CTX_new_from_pkey`.
+ * These calls initialize the context from a prior key.
+ * The key may be generated previously, or merely had it's
+ * parameters set (e.g., `EVP_PKEY_paramgen`).
+ * NOTE: for the case of `EVP_PKEY_paramgen`, these calls
+ * are encoded as context passthroughs, and any operation
+ * will get all associated initializers for teh paramgen
+ * at the final keygen operation automatically.
+ */
+class EVPNewKeyCtx extends EvpKeyInitializer {
+  Expr keyArg;
+
+  EVPNewKeyCtx() {
+    this.(Call).getTarget().getName() = "EVP_PKEY_CTX_new" and
+    keyArg = this.(Call).getArgument(0)
+    or
+    this.(Call).getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
+    keyArg = this.(Call).getArgument(1)
+  }
+
+  /**
+   * Context is returned
+   */
+  override CtxPointerSource getContextArg() { result = this }
+
+  override Expr getKeyArg() { result = keyArg }
+  //TODO: do we specify the algorithm from the key as well?
+}
+
 class EvpCtxSetAlgorithmInitializer extends EvpAlgorithmInitializer {
   EvpCtxSetAlgorithmInitializer() {
     this.(Call).getTarget().getName() in [

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll

@@ -2,6 +2,6 @@ import OpenSSLOperationBase
 import EVPCipherOperation
 import EVPHashOperation
 import ECKeyGenOperation
-import EVPSignatureOperation
+//import EVPSignatureOperation
 import EVPKeyGenOperation
 import EVPPKeyCtxInitializer

cpp/ql/test/experimental/library-tests/quantum/algorithm_names.expected

@@ -0,0 +1,17 @@
+| openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm | AES |
+| openssl_basic.c:23:37:23:51 | ModeOfOperation | GCM |
+| openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | AES |
+| openssl_basic.c:69:33:69:47 | ModeOfOperation | GCM |
+| openssl_basic.c:116:38:116:47 | HashAlgorithm | SHA2 |
+| openssl_basic.c:144:67:144:73 | HashAlgorithm | MD5 |
+| openssl_basic.c:160:39:160:48 | HashAlgorithm | SHA2 |
+| openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | RSA |
+| openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | RSA |
+| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | PSS |
+| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | RSA |
+| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | DSA |
+| openssl_signature.c:684:24:684:33 | HashAlgorithm | SHA2 |
+| openssl_signature.c:702:60:702:71 | HashAlgorithm | SHA2 |
+| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | RSA |
+| openssl_signature.c:740:24:740:33 | HashAlgorithm | SHA2 |
+| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | DSA |

cpp/ql/test/experimental/library-tests/quantum/algorithm_names.ql

@@ -0,0 +1,5 @@
+import cpp
+import experimental.quantum.Language
+
+from Crypto::AlgorithmNode n
+select n, n.getAlgorithmName()

cpp/ql/test/experimental/library-tests/quantum/algorithms.expected

@@ -0,0 +1,17 @@
+| openssl_basic.c:23:37:23:51 | KeyOperationAlgorithm |
+| openssl_basic.c:23:37:23:51 | ModeOfOperation |
+| openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm |
+| openssl_basic.c:69:33:69:47 | ModeOfOperation |
+| openssl_basic.c:116:38:116:47 | HashAlgorithm |
+| openssl_basic.c:144:67:144:73 | HashAlgorithm |
+| openssl_basic.c:160:39:160:48 | HashAlgorithm |
+| openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm |
+| openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm |
+| openssl_signature.c:521:46:521:66 | PaddingAlgorithm |
+| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm |
+| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm |
+| openssl_signature.c:684:24:684:33 | HashAlgorithm |
+| openssl_signature.c:702:60:702:71 | HashAlgorithm |
+| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm |
+| openssl_signature.c:740:24:740:33 | HashAlgorithm |
+| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm |

cpp/ql/test/experimental/library-tests/quantum/algorithms.ql

@@ -0,0 +1,5 @@
+import cpp
+import experimental.quantum.Language
+
+from Crypto::AlgorithmNode n
+select n