Crypto: Add EVP key gen and signature operation (work in progress). Add initial signature tests (no expected files yet). Add new openssl .h stubs. Clean up of OperationBase and associated uses. Update test case stubs to be closer to the actual stubs. Fix unncessary instanceof check in signatures.

Author: bdrodes

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll

@@ -42,7 +42,7 @@ class KnownOpenSSLSignatureConstantAlgorithmInstance extends OpenSSLAlgorithmIns
     // 1) The source is a literal and flows to a getter, then we know we have an instance
     // 2) The source is a KnownOpenSSLAlgorithm call, and we know we have an instance immediately from that
     // Possibility 1:
-    this instanceof KnownOpenSSLPaddingAlgorithmExpr and
+    this instanceof OpenSSLAlgorithmLiteral and
     exists(DataFlow::Node src, DataFlow::Node sink |
       // Sink is an argument to a signature getter call
       sink = getterCall.getInputNode() and

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll

@@ -94,24 +94,6 @@ class EVP_CipherInit_SKEY_Call extends EVP_EX2_Initializer {
   override Expr getOperationSubtypeArg() { result = this.(Call).getArgument(5) }
 }
 
-class EVPCipherInitializerAlgorithmArgument extends Expr {
-  EVPCipherInitializerAlgorithmArgument() {
-    exists(EVP_Cipher_Initializer initCall | this = initCall.getAlgorithmArg())
-  }
-}
-
-class EVPCipherInitializerKeyArgument extends Expr {
-  EVPCipherInitializerKeyArgument() {
-    exists(EVP_Cipher_Initializer initCall | this = initCall.getKeyArg())
-  }
-}
-
-class EVPCipherInitializerIVArgument extends Expr {
-  EVPCipherInitializerIVArgument() {
-    exists(EVP_Cipher_Initializer initCall | this = initCall.getIVArg())
-  }
-}
-
 class EVP_Cipher_Update_Call extends EVPUpdate {
   EVP_Cipher_Update_Call() {
     this.(Call).getTarget().getName() in [
@@ -164,6 +146,8 @@ class EVP_Cipher_Call extends EVPOperation, EVP_Cipher_Operation {
   EVP_Cipher_Call() { this.(Call).getTarget().getName() = "EVP_Cipher" }
 
   override Expr getInputArg() { result = this.(Call).getArgument(2) }
+
+  override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
 }
 
 class EVP_Cipher_Final_Call extends EVPFinal, EVP_Cipher_Operation {
@@ -182,4 +166,6 @@ class EVP_Cipher_Final_Call extends EVPFinal, EVP_Cipher_Operation {
     or
     result = EVP_Cipher_Operation.super.getOutputArg()
   }
+
+  override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
 }

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll

@@ -93,4 +93,6 @@ class EVP_Digest_Final_Call extends EVPFinal, Crypto::HashOperationInstance {
   override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
     result = EVPFinal.super.getInputConsumer()
   }
+
+  override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
 }

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll

@@ -0,0 +1,86 @@
+private import experimental.quantum.Language
+private import experimental.quantum.OpenSSL.CtxFlow
+private import OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
+private import semmle.code.cpp.dataflow.new.DataFlow
+
+class EVPKeyGenInitialize extends EVPInitialize {
+  EVPKeyGenInitialize() {
+    this.(Call).getTarget().getName() in [
+        "EVP_PKEY_keygen_init",
+        "EVP_PKEY_paramgen_init"
+      ]
+  }
+
+  override Expr getAlgorithmArg() {
+    // The context argument encodes the algorithm
+    result = this.getContextArg()
+  }
+}
+
+// /**
+//  * All calls that can be tracked via ctx.
+//  * For example calls used to set parameters like a key size.
+//  */
+// class EVPKeyGenUpdate extends Call {
+//   EVPKeyGenUpdate() {
+//     this.(Call).getTarget().getName() in [
+//         "EVP_PKEY_CTX_set_rsa_keygen_bits",
+//         // TODO: "EVP_PKEY_CTX_set_params"
+//       ]
+//   }
+//   /**
+//    * No input in our meaning.
+//    */
+//   override Expr getInputArg() { none() }
+//   /**
+//    * No output in our meaning.
+//    */
+//   override Expr getOutputArg() { none() }
+//   Expr getKeySizeArg() {
+//     this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_keygen_bits" and
+//     result = this.(Call).getArgument(1)
+//   }
+// }
+class EVPKeyGenOperation extends EVPOperation, Crypto::KeyGenerationOperationInstance {
+  DataFlow::Node keyResultNode;
+
+  EVPKeyGenOperation() {
+    this.(Call).getTarget().getName() in ["EVP_RSA_gen", "EVP_PKEY_Q_keygen"] and
+    keyResultNode.asExpr() = this
+    or
+    this.(Call).getTarget().getName() in [
+        "EVP_PKEY_generate", "EVP_PKEY_keygen", "EVP_PKEY_paramgen"
+      ] and
+    keyResultNode.asDefiningArgument() = this.(Call).getArgument(1)
+  }
+
+  override Expr getAlgorithmArg() {
+    this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen" and
+    result = this.(Call).getArgument(0)
+    or
+    result = this.getInitCall().getAlgorithmArg()
+  }
+
+  override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TAsymmetricKeyType() }
+
+  override Expr getInputArg() { none() }
+
+  override Expr getOutputArg() { result = this.(Call).getArgument(1) }
+
+  override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() { result = keyResultNode }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
+    none()
+    // if this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen"
+    // then result = DataFlow::exprNode(this.(Call).getArgument(3)) // TODO: may be wrong for EC keys
+    // else
+    //   if this.(Call).getTarget().getName() = "EVP_RSA_gen"
+    //   then result = DataFlow::exprNode(this.(Call).getArgument(0))
+    //   else result = DataFlow::exprNode(this.getUpdateCalls().(EVPKeyGenUpdate).getKeySizeArg())
+  }
+
+  override int getKeySizeFixed() {
+    none() // TODO
+  }
+}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll

@@ -0,0 +1,227 @@
+/**
+ * Provides classes for modeling OpenSSL's EVP signature operations
+ */
+
+private import experimental.quantum.Language
+private import OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.CtxFlow
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
+private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations
+
+module OpenSSLKeyGenToArgConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    exists(Crypto::KeyGenerationOperationInstance keygen | keygen.getOutputKeyArtifact() = source)
+  }
+
+  predicate isSink(DataFlow::Node sink) { exists(Call c | c.getAnArgument() = sink.asExpr()) }
+}
+
+module OpenSSLKeyGenToArgFlow = TaintTracking::Global<OpenSSLKeyGenToArgConfig>;
+
+// TODO: verification functions
+class EVP_Signature_Initializer extends EVPInitialize {
+  EVP_Signature_Initializer() {
+    this.(Call).getTarget().getName() in [
+        "EVP_DigestSignInit", "EVP_DigestSignInit_ex", "EVP_SignInit", "EVP_SignInit_ex",
+        "EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex", "EVP_PKEY_sign_init_ex2",
+        "EVP_PKEY_sign_message_init"
+      ]
+  }
+
+  /**
+   * Gets the algorithm associated with this initialization by following
+   * where the algorithm is set through the context argument.
+   */
+  Expr getAlgorithmArgFromCtx() {
+    // exists(EVPPKeyAlgorithmConsumer source, DataFlow::Node sink |
+    //   result = source.getInputNode().asExpr() and
+    //   sink.asExpr() = this.getContextArg() and
+    //   OpenSSLCtxSourceToArgumentFlow::flow(source.getResultNode(), sink)
+    // )
+    // or
+    result = this.getAlgorithmArgFromKey(this.getKeyArgFromCtx())
+  }
+
+  Expr getAlgorithmArgFromKey(Expr keyArg) {
+    exists(Crypto::KeyGenerationOperationInstance keygen |
+      OpenSSLKeyGenToArgFlow::flow(keygen.getOutputKeyArtifact(), DataFlow::exprNode(keyArg)) and
+      result = keygen.(OpenSSLOperation).getAlgorithmArg()
+    )
+  }
+
+  /**
+   * Gets the argument ingesting a key
+   * by tracing the context arg back to a context creation
+   */
+  Expr getKeyArgFromCtx() {
+    exists(Call contextCreationCall |
+      ctxArgOrRetFlowsToCtxArg(contextCreationCall, this.getContextArg()) and
+      (
+        contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new" and
+        result = contextCreationCall.getArgument(0)
+        or
+        contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
+        result = contextCreationCall.getArgument(1)
+      )
+    )
+  }
+
+  override Expr getAlgorithmArg() {
+    // explicit algorithm as argument
+    this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and
+    result = this.(Call).getArgument(1)
+    // or
+    // // algorithm (and key) specified in the context
+    // this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex"] and
+    // result = getAlgorithmArgFromCtx()
+    // or
+    // // algorithm specified by the key
+    // this.(Call).getTarget().getName() in ["EVP_DigestSignInit", "EVP_DigestSignInit_ex"] and
+    // result = getAlgorithmArgFromKey()
+    // // NOTE: for EVP_SignInit and EVP_SignInit_ex the algorithm is not specified
+    // // rather the algorithm is specified by the key used for signing later in a final call.
+  }
+
+  /**
+   * Returns the key argument if there is one.
+   * If the key was provided via the context, we track it to the context.
+   */
+  override Expr getKeyArg() {
+    this.(Call).getTarget().getName() = "EVP_DigestSignInit" and
+    result = this.(Call).getArgument(4)
+    or
+    this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and
+    result = this.(Call).getArgument(5)
+    or
+    this.(Call).getTarget().getName().matches("EVP_PKEY_%") and
+    result = this.getKeyArgFromCtx()
+  }
+
+  /**
+   * Signing, verification or unknown.
+   */
+  override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
+    if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
+    then result instanceof Crypto::TSignMode
+    else
+      if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
+      then result instanceof Crypto::TVerifyMode
+      else result instanceof Crypto::TUnknownKeyOperationMode
+  }
+}
+
+class EVP_Signature_Update_Call extends EVPUpdate {
+  EVP_Signature_Update_Call() {
+    this.(Call).getTarget().getName() in [
+        "EVP_DigestSignUpdate", "EVP_SignUpdate", "EVP_PKEY_sign_message_update"
+      ]
+  }
+
+  /**
+   * Input is the message to sign.
+   */
+  override Expr getInputArg() { result = this.(Call).getArgument(1) }
+}
+
+/**
+ * We model output explicit output arguments as predicate to use it in constructors.
+ * The predicate must cover all EVP_Signature_Operation subclasses.
+ */
+private Expr signatureOperationOutputArg(Call call) {
+  if call.getTarget().getName() = "EVP_SignFinal_ex"
+  then result = call.getArgument(2)
+  else result = call.getArgument(1)
+}
+
+/**
+ * Base configuration for all EVP signature operations.
+ */
+abstract class EVP_Signature_Operation extends EVPOperation, Crypto::SignatureOperationInstance {
+  EVP_Signature_Operation() {
+    this.(Call).getTarget().getName().matches("EVP_%") and
+    // NULL output argument means the call is to get the size of the signature and such call is not an operation
+    (
+      not exists(signatureOperationOutputArg(this).getValue())
+      or
+      signatureOperationOutputArg(this).getValue() != "0"
+    )
+  }
+
+  /**
+   * Signing, verification or unknown.
+   */
+  override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
+    // TODO: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug
+    if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
+    then result instanceof Crypto::TSignMode
+    else
+      if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
+      then result instanceof Crypto::TVerifyMode
+      else result instanceof Crypto::TUnknownKeyOperationMode
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getNonceConsumer() {
+    // TODO: some signing operations may have explicit nonce generators
+    none()
+  }
+
+  /**
+   * Keys provided in the initialization call or in a context are found by this method.
+   * Keys in explicit arguments are found by overriden methods in extending classes.
+   */
+  override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
+    result = DataFlow::exprNode(this.getInitCall().getKeyArg())
+  }
+
+  override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() {
+    result = EVPOperation.super.getOutputArtifact()
+  }
+
+  override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
+    result = EVPOperation.super.getInputConsumer()
+  }
+
+  /**
+   * TODO: only signing operations for now, change when verificaiton is added
+   */
+  override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { none() }
+}
+// class EVP_Signature_Call extends EVPOperation, EVP_Signature_Operation {
+//   EVP_Signature_Call() { this.(Call).getTarget().getName() in ["EVP_DigestSign", "EVP_PKEY_sign"] }
+//   /**
+//    * Output is the signature.
+//    */
+//   override Expr getOutputArg() { result = signatureOperationOutputArg(this) }
+//   /**
+//    * Input is the message to sign.
+//    */
+//   override Expr getInputArg() { result = this.(Call).getArgument(3) }
+// }
+// class EVP_Signature_Final_Call extends EVPFinal, EVP_Signature_Operation {
+//   EVP_Signature_Final_Call() {
+//     this.(Call).getTarget().getName() in [
+//         "EVP_DigestSignFinal", "EVP_SignFinal_ex", "EVP_SignFinal", "EVP_PKEY_sign_message_final"
+//       ]
+//   }
+//   override Expr getAlgorithmArg() {
+//     none()
+//     // // algorithm specified by the key and the key is provided in this operation
+//     // if this.(Call).getTarget().getName() in ["EVP_SignFinal", "EVP_SignFinal_ex"]
+//     // then result = getAlgorithmFromKey(this.getKeyConsumer().asExpr())
+//     // else
+//     //   // or find algorithm in the initialization call
+//     //   result = EVP_Signature_Operation.super.getAlgorithmArg()
+//   }
+//   override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
+//     // key provided as an argument
+//     if this.(Call).getTarget().getName() in ["EVP_SignFinal", "EVP_SignFinal_ex"]
+//     then result = DataFlow::exprNode(this.(Call).getArgument(3))
+//     else
+//       // or find key in the initialization call
+//       result = EVP_Signature_Operation.super.getKeyConsumer()
+//   }
+//   /**
+//    * Output is the signature.
+//    */
+//   override Expr getOutputArg() { result = signatureOperationOutputArg(this) }
+// }