github · GrosQuildu · May 22, 2025 · May 23, 2025 · May 28, 2025 · May 29, 2025
@@ -86,7 +86,12 @@ class KnownOpenSSLKeyAgreementAlgorithmConstant extends KnownOpenSSLAlgorithmCon
 predicate resolveAlgorithmFromCall(Call c, string normalized, string algType) {
   exists(string name, string parsedTargetName |
     parsedTargetName =
-      c.getTarget().getName().replaceAll("EVP_", "").toLowerCase().replaceAll("_", "-") and
+      c.getTarget()
+          .getName()
+          .replaceAll("EVP_", "")
+          .replaceAll("_gen", "")
+          .toLowerCase()
+          .replaceAll("_", "-") and
     name = resolveAlgorithmAlias(parsedTargetName) and
     knownOpenSSLAlgorithmLiteral(name, _, normalized, algType)
   )
@@ -2866,6 +2871,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
   or
   name = "rsa-sha256" and nid = 668 and normalized = "SHA-256" and algType = "HASH"
   or
+  name = "rsa-sha256" and nid = 668 and normalized = "SHA-256" and algType = "SIGNATURE"
+  or
   name = "rsa-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
   or
   name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3-224" and algType = "HASH"
@@ -2910,6 +2917,8 @@ predicate knownOpenSSLAlgorithmLiteral(string name, int nid, string normalized,
   or
   name = "rsaencryption" and nid = 6 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
   or
+  name = "rsaencryption" and nid = 6 and normalized = "RSA" and algType = "SIGNATURE"
+  or
   name = "rsaes-oaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION"
   or
   name = "rsaes-oaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING"

@@ -4,3 +4,4 @@ import PaddingAlgorithmInstance
 import BlockAlgorithmInstance
 import HashAlgorithmInstance
 import EllipticCurveAlgorithmInstance
+import SignatureAlgorithmInstance
@@ -0,0 +1,103 @@
+import cpp
+private import experimental.quantum.Language
+private import KnownAlgorithmConstants
+private import Crypto::KeyOpAlg as KeyOpAlg
+private import OpenSSLAlgorithmInstanceBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
+private import AlgToAVCFlow
+
+/**
+ * Gets the signature algorithm type based on the normalized algorithm name.
+ */
+private predicate knownOpenSSLConstantToSignatureFamilyType(
+  KnownOpenSSLSignatureAlgorithmConstant e, Crypto::KeyOpAlg::TAlgorithm type
+) {
+  exists(string name |
+    name = e.getNormalizedName() and
+    (
+      name.matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
+      or
+      name.matches("DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
+      or
+      name.matches("ECDSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA())
+      or
+      name.matches("ED25519%") and type = KeyOpAlg::TSignature(KeyOpAlg::Ed25519())
+      or
+      name.matches("ED448%") and type = KeyOpAlg::TSignature(KeyOpAlg::Ed448())
+      // or
+      // name.matches("sm2%") and type = KeyOpAlg::TSignature(KeyOpAlg::SM2())
+      // or
+      // name.matches("ml-dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::MLDSA())
+      // or
+      // name.matches("slh-dsa%") and type = KeyOpAlg::TSignature(KeyOpAlg::SLHDSA())
+    )
+  )
+}
+
+/**
+ * A signature algorithm instance derived from an OpenSSL constant.
+ */
+class KnownOpenSSLSignatureConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
+  Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLSignatureAlgorithmConstant
+{
+  OpenSSLAlgorithmValueConsumer getterCall;
+
+  KnownOpenSSLSignatureConstantAlgorithmInstance() {
+    // Two possibilities:
+    // 1) The source is a literal and flows to a getter, then we know we have an instance
+    // 2) The source is a KnownOpenSSLAlgorithm call, and we know we have an instance immediately from that
+    // Possibility 1:
+    this instanceof Literal and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      // Sink is an argument to a signature getter call
+      sink = getterCall.getInputNode() and
+      // Source is `this`
+      src.asExpr() = this and
+      // This traces to a getter
+      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
+    )
+    or
+    // Possibility 2:
+    this instanceof DirectAlgorithmValueConsumer and getterCall = this
+  }
+
+  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() }
+
+  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() }
+
+  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
+
+  override int getKeySizeFixed() {
+    // TODO: use ellipticCurveNameToKeySizeAndFamilyMapping or KnownOpenSSLEllipticCurveConstantAlgorithmInstance
+    // TODO: maybe add getExplicitKeySize to KnownOpenSSLSignatureAlgorithmConstant and use it here
+    none()
+  }
+
+  override KeyOpAlg::Algorithm getAlgorithmType() {
+    knownOpenSSLConstantToSignatureFamilyType(this, result)
+    or
+    not knownOpenSSLConstantToSignatureFamilyType(this, _) and
+    result = KeyOpAlg::TSignature(KeyOpAlg::OtherSignatureAlgorithmType())
+  }
+
+  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
+
+  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
+    // TODO: trace to any key size initializer
+    // probably PKeyAlgorithmValueConsumer and SignatureAlgorithmValueConsumer
+    none()
+  }
+
+  /**
+   * No mode for signatures.
+   */
+  override predicate shouldHaveModeOfOperation() { none() }
+
+  /**
+   * Padding only for RSA.
+   */
+  override predicate shouldHavePaddingScheme() {
+    this.getAlgorithmType() instanceof KeyOpAlg::TAsymmetricCipher
+  }
+}
@@ -5,3 +5,4 @@ import PaddingAlgorithmValueConsumer
 import HashAlgorithmValueConsumer
 import EllipticCurveAlgorithmValueConsumer
 import PKeyAlgorithmValueConsumer
+import SignatureAlgorithmValueConsumer
@@ -3,6 +3,9 @@ private import experimental.quantum.Language
 private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
 private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
+private import experimental.quantum.OpenSSL.Operations.EVPKeyGenOperation
+private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase
+private import experimental.quantum.OpenSSL.CtxFlow
 
 abstract class PKeyValueConsumer extends OpenSSLAlgorithmValueConsumer { }
 
@@ -23,7 +26,7 @@ class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
       or
       this.(Call).getTarget().getName() in [
           "EVP_PKEY_CTX_new_from_name", "EVP_PKEY_new_raw_private_key_ex",
-          "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name"
+          "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name",
         ] and
       valueArgNode.asExpr() = this.(Call).getArgument(1)
       or
@@ -42,6 +45,7 @@ class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
           // All other cases
           valueArgNode.asExpr() = this.(Call).getArgument(2)
       )
+      // TODO: data flow for EVP_PKEY_CTX_dup
     )
   }
 
@@ -52,4 +56,62 @@ class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
   override DataFlow::Node getResultNode() { result = resultNode }
 
   override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
+
+  // expose the valueArg as an Expr to avoid circular dependency that may arise
+  // when trying to get the valueArg with getInputNode.
+  Expr getValueArgExpr() { result = valueArgNode.asExpr() }
+}
+
+// TODO: not sure where to put all these predicates below
+/**
+ * Given context expression (EVP_PKEY_CTX), finds the algorithm.
+ */
+Expr getAlgorithmFromCtx(CtxPointerExpr ctx) {
+  exists(EVPPKeyAlgorithmConsumer source |
+    result = source.getValueArgExpr() and
+    ctxFlowsToCtxArg(source.getResultNode().asExpr(), ctx)
+  )
+  or
+  result = getAlgorithmFromKey(getKeyFromCtx(ctx))
+}
+
+/**
+ * Given context expression (EVP_PKEY_CTX), finds the key used to initialize the context.
+ */
+Expr getKeyFromCtx(CtxPointerExpr ctx) {
+  exists(Call contextCreationCall |
+    ctxFlowsToCtxArg(contextCreationCall, ctx) and
+    (
+      contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new" and
+      result = contextCreationCall.getArgument(0)
+      or
+      contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
+      result = contextCreationCall.getArgument(1)
+    )
+  )
+}
+
+/**
+ * Flow from key creation to key used in a call
+ */
+module OpenSSLKeyFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    exists(EVPKeyGenOperation keygen | keygen.getOutputKeyArtifact() = source)
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(OpenSSLCall call | call.(Call).getAnArgument() = sink.asExpr())
+  }
+}
+
+module OpenSSLKeyFlow = TaintTracking::Global<OpenSSLKeyFlowConfig>;
+
+/**
+ * Given key expression (EVP_PKEY), finds the algorithm.
+ */
+Expr getAlgorithmFromKey(Expr key) {
+  exists(EVPKeyGenOperation keygen |
+    OpenSSLKeyFlow::flow(keygen.getOutputKeyArtifact(), DataFlow::exprNode(key)) and
+    result = keygen.getAlgorithmArg()
+  )
 }
@@ -0,0 +1,32 @@
+import cpp
+private import experimental.quantum.Language
+private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
+private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
+private import OpenSSLAlgorithmValueConsumerBase
+private import experimental.quantum.OpenSSL.LibraryDetector
+
+abstract class SignatureAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
+
+class EVPSignatureAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer {
+  DataFlow::Node valueArgNode;
+  DataFlow::Node resultNode;
+
+  EVPSignatureAlgorithmValueConsumer() {
+    resultNode.asExpr() = this and
+    (
+      // EVP_SIGNATURE
+      this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and
+      valueArgNode.asExpr() = this.(Call).getArgument(1)
+      // EVP_PKEY_get1_DSA, EVP_PKEY_get1_RSA
+      // DSA_SIG_new, DSA_SIG_get0, RSA_sign ?
+    )
+  }
+
+  override DataFlow::Node getResultNode() { result = resultNode }
+
+  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
+  }
+}
@@ -47,7 +47,7 @@ private class CtxType extends Type {
 /**
  * A pointer to a CtxType
  */
-private class CtxPointerExpr extends Expr {
+class CtxPointerExpr extends Expr {
   CtxPointerExpr() {
     this.getType() instanceof CtxType and
     this.getType() instanceof PointerType
@@ -100,7 +100,7 @@ private class CtxCopyReturnCall extends Call, CtxPointerExpr {
  * Flow from any CtxPointerArgument to any other CtxPointerArgument
  */
 module OpenSSLCtxArgumentFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CtxPointerArgument }
+  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CtxPointerExpr }
 
   predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CtxPointerArgument }
 
@@ -128,7 +128,8 @@ module OpenSSLCtxArgumentFlowConfig implements DataFlow::ConfigSig {
 module OpenSSLCtxArgumentFlow = DataFlow::Global<OpenSSLCtxArgumentFlowConfig>;
 
 /**
- * Holds if there is a context flow from the source to the sink.
+ * Holds if there is a context flow from the source to the sink,
+ * where the source and sink are arguments to function calls.
  */
 predicate ctxArgFlowsToCtxArg(CtxPointerArgument source, CtxPointerArgument sink) {
   exists(DataFlow::Node a, DataFlow::Node b |
@@ -137,3 +138,15 @@ predicate ctxArgFlowsToCtxArg(CtxPointerArgument source, CtxPointerArgument sink
     b.asExpr() = sink
   )
 }
+
+/**
+ * Holds if there is a context flow from the source to the sink,
+ * where the source is a variable and the sink is an argument to a function call.
+ */
+predicate ctxFlowsToCtxArg(CtxPointerExpr source, CtxPointerArgument sink) {
+  exists(DataFlow::Node a, DataFlow::Node b |
+    OpenSSLCtxArgumentFlow::flow(a, b) and
+    a.asExpr() = source and
+    b.asExpr() = sink
+  )
+}