Misc. compartmentalization and naming changes.

bdrodes · bdrodes · commit 43760b6bb125 · 2022-11-08T12:20:15.000-05:00
diff --git a/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCngPQCVulnerableUsage.ql b/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCngPQCVulnerableUsage.ql
@@ -14,7 +14,7 @@
 import cpp
 import DataFlow::PathGraph
 import WindowsCng
-import WindowsCngPQCVAsymmetricKeyUsage
+import WindowsCngPQCVulnerableUsage
 
 // CNG-specific DataFlow configuration
 class BCryptConfiguration extends DataFlow::Configuration {
@@ -30,7 +30,7 @@ class BCryptConfiguration extends DataFlow::Configuration {
     }
 
     override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-        isWindowsCngAsymmetricKeyAdditionalTaintStep( node1, node2)
+        isWindowsCngAdditionalTaintStep( node1, node2)
     }
 }
 
diff --git a/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCngPQCVulnerableUsage.qll b/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCngPQCVulnerableUsage.qll
@@ -3,10 +3,16 @@ import WindowsCng
 
 predicate vulnerableCngFunctionName(string name) { name in ["BCryptSignHash", "BCryptEncrypt"] }
 
+predicate keyGenAndImportFunctionName(string name) { name in ["BCryptImportKeyPair", "BCryptGenerateKeyPair"] }
+
 predicate vulnerableCngFunction(Function f) {
   exists(string name | f.hasGlobalName(name) and vulnerableCngFunctionName(name))
 }
 
+predicate keyGenAndImportFunction(Function f){
+    exists(string name | f.hasGlobalName(name) and keyGenAndImportFunctionName(name))
+}
+
 //TODO: Verify NCrypt calls (parameters) & find all other APIs that should be included (i.e. decrypt, etc.)
 predicate isExprKeyHandleForBCryptSignHash(Expr e) {
   exists(FunctionCall call |
@@ -42,15 +48,12 @@ predicate stepOpenAlgorithmProvider(DataFlow::Node node1, DataFlow::Node node2)
 predicate stepImportGenerateKeyPair(DataFlow::Node node1, DataFlow::Node node2) {
   exists(FunctionCall call |
     node1.asExpr() = call.getArgument(0) and
-    (
-      call.getTarget().hasGlobalName("BCryptImportKeyPair") or
-      call.getTarget().hasGlobalName("BCryptGenerateKeyPair")
-    ) and
+    keyGenAndImportFunction(call.getTarget()) and
     node2.asDefiningArgument() = call.getArgument(1)
   )
 }
 
-predicate isWindowsCngAsymmetricKeyAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+predicate isWindowsCngAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
   stepOpenAlgorithmProvider(node1, node2)
   or
   stepImportGenerateKeyPair(node1, node2)

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@`
`14`	`14`	`import cpp`
`15`	`15`	`import DataFlow::PathGraph`
`16`	`16`	`import WindowsCng`
`17`		`-import WindowsCngPQCVAsymmetricKeyUsage`
	`17`	`+import WindowsCngPQCVulnerableUsage`
`18`	`18`
`19`	`19`	`// CNG-specific DataFlow configuration`
`20`	`20`	`class BCryptConfiguration extends DataFlow::Configuration {`
`@@ -30,7 +30,7 @@ class BCryptConfiguration extends DataFlow::Configuration {`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {`
`33`		`- isWindowsCngAsymmetricKeyAdditionalTaintStep( node1, node2)`
	`33`	`+ isWindowsCngAdditionalTaintStep( node1, node2)`
`34`	`34`	`}`
`35`	`35`	`}`
`36`	`36`