Initial hash models for openssl.

Author: bdrodes

cpp/ql/lib/experimental/Quantum/Language.qll

@@ -22,82 +22,82 @@ abstract class AdditionalFlowInputStep extends DataFlow::Node {
 }
 
 
-/**
- * Generic data source to node input configuration
- */
-module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::GenericDataSourceInstance i).getOutputNode()
-  }
+// /**
+//  * Generic data source to node input configuration
+//  */
+// module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
+//   predicate isSource(DataFlow::Node source) {
+//     source = any(Crypto::GenericDataSourceInstance i).getOutputNode()
+//   }
 
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
+//   predicate isSink(DataFlow::Node sink) {
+//     sink = any(Crypto::FlowAwareElement other).getInputNode()
+//   }
 
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
+//   predicate isBarrierOut(DataFlow::Node node) {
+//     node = any(Crypto::FlowAwareElement element).getInputNode()
+//   }
 
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
+//   predicate isBarrierIn(DataFlow::Node node) {
+//     node = any(Crypto::FlowAwareElement element).getOutputNode()
+//   }
 
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
+//   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+//     node1.(AdditionalFlowInputStep).getOutput() = node2
+//   }
+// }
 
 
 
-// // TODO: I think this will be inefficient, no?
-// class ConstantDataSource extends Crypto::GenericConstantOrAllocationSource instanceof Literal {
-//   override DataFlow::Node getOutputNode() { 
-//     result.asExpr() = this 
-//   }
+// // // TODO: I think this will be inefficient, no?
+// // class ConstantDataSource extends Crypto::GenericConstantOrAllocationSource instanceof Literal {
+// //   override DataFlow::Node getOutputNode() { 
+// //     result.asExpr() = this 
+// //   }
 
-//   override predicate flowsTo(Crypto::FlowAwareElement other) {
-//     // TODO: separate config to avoid blowing up data-flow analysis
-//     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-//   }
+// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
+// //     // TODO: separate config to avoid blowing up data-flow analysis
+// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+// //   }
 
-//   override string getAdditionalDescription() { result = this.toString() }
-// }
+// //   override string getAdditionalDescription() { result = this.toString() }
+// // }
 
-/**
- * Definitions of various generic data sources
- */
-// final class DefaultFlowSource = SourceNode;
+// /**
+//  * Definitions of various generic data sources
+//  */
+// // final class DefaultFlowSource = SourceNode;
 
-// final class DefaultRemoteFlowSource = RemoteFlowSource;
+// // final class DefaultRemoteFlowSource = RemoteFlowSource;
 
-// class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
-//   GenericLocalDataSource() {
-//     any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
-//   }
+// // class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
+// //   GenericLocalDataSource() {
+// //     any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
+// //   }
 
-//   override DataFlow::Node getOutputNode() { result.asExpr() = this }
+// //   override DataFlow::Node getOutputNode() { result.asExpr() = this }
 
-//   override predicate flowsTo(Crypto::FlowAwareElement other) {
-//     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-//   }
+// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
+// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+// //   }
 
-//   override string getAdditionalDescription() { result = this.toString() }
-// }
+// //   override string getAdditionalDescription() { result = this.toString() }
+// // }
 
-// class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
-//   GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
+// // class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
+// //   GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
 
-//   override DataFlow::Node getOutputNode() { result.asExpr() = this }
+// //   override DataFlow::Node getOutputNode() { result.asExpr() = this }
 
-//   override predicate flowsTo(Crypto::FlowAwareElement other) {
-//     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-//   }
+// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
+// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+// //   }
 
-//   override string getAdditionalDescription() { result = this.toString() }
-// }
+// //   override string getAdditionalDescription() { result = this.toString() }
+// // }
 
 
-module GenericDataSourceUniversalFlow = DataFlow::Global<GenericDataSourceUniversalFlowConfig>;
+// module GenericDataSourceUniversalFlow = DataFlow::Global<GenericDataSourceUniversalFlowConfig>;
 
 module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPDigestAlgorithmSource.qll

@@ -39,11 +39,11 @@ predicate literalToHashFamilyType(Literal e, Crypto::THashType type) {
 
 class HashKnownAlgorithmLiteralAlgorithmInstance extends Crypto::HashAlgorithmInstance instanceof Literal
 {
-  OpenSSLAlgorithmGetterCall cipherGetterCall;
+  OpenSSLAlgorithmGetterCall getterCall;
 
   HashKnownAlgorithmLiteralAlgorithmInstance() {
     exists(DataFlow::Node src, DataFlow::Node sink |
-      sink = cipherGetterCall.getValueArgNode() and
+      sink = getterCall.getValueArgNode() and
       src.asExpr() = this and
       KnownAlgorithmLiteralToAlgorithmGetterFlow::flow(src, sink) and
       // Not just any known value, but specifically a known cipher operation
@@ -56,10 +56,12 @@ class HashKnownAlgorithmLiteralAlgorithmInstance extends Crypto::HashAlgorithmIn
 
   // TODO: should this not be part of the abstract algorithm definition?
   Crypto::AlgorithmConsumer getConsumer() {
-    AlgGetterToAlgConsumerFlow::flow(cipherGetterCall.getResultNode(), DataFlow::exprNode(result))
+    AlgGetterToAlgConsumerFlow::flow(getterCall.getResultNode(), DataFlow::exprNode(result))
   }
 
   override Crypto::THashType getHashFamily() { literalToHashFamilyType(this, result) }
 
+  override int getHashSize() { none() } //TODO
+
   override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
 }

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashAlgorithmSource.qll

@@ -0,0 +1,70 @@
+import cpp
+import experimental.Quantum.Language
+import EVPHashConsumers
+import OpenSSLAlgorithmGetter
+
+predicate literalToHashFamilyType(Literal e, Crypto::THashType type) {
+  exists(string name, string algType | algType.toLowerCase().matches("hash") |
+    resolveAlgorithmFromLiteral(e, name, algType) and
+    (
+      name.matches("BLAKE2B") and type instanceof Crypto::BLAKE2B
+      or
+      name.matches("BLAKE2S") and type instanceof Crypto::BLAKE2S
+      or
+      name.matches("MD2") and type instanceof Crypto::MD2
+      or
+      name.matches("MD4") and type instanceof Crypto::MD4
+      or
+      name.matches("MD5") and type instanceof Crypto::MD5
+      or
+      name.matches("POLY1305") and type instanceof Crypto::POLY1305
+      or
+      name.matches(["SHA", "SHA1"]) and type instanceof Crypto::SHA1
+      or
+      name.matches("SHA+%") and not name.matches(["SHA1", "SHA3-"]) and type instanceof Crypto::SHA2
+      or
+      name.matches("SHA3-%") and type instanceof Crypto::SHA3
+      or
+      name.matches(["SHAKE"]) and type instanceof Crypto::SHAKE
+      or
+      name.matches("SM3") and type instanceof Crypto::SM3
+      or
+      name.matches("RIPEMD160") and type instanceof Crypto::RIPEMD160
+      or
+      //or
+      //TODO: need to handle MACs differently, including md_GOST94
+      //   name.matches("%GOST%") and type instanceof Crypto::GOST
+      name.matches("WHIRLPOOL") and type instanceof Crypto::WHIRLPOOL
+    )
+  )
+}
+
+class HashKnownAlgorithmLiteralAlgorithmInstance extends Crypto::HashAlgorithmInstance instanceof Literal
+{
+  OpenSSLAlgorithmGetterCall cipherGetterCall;
+
+  HashKnownAlgorithmLiteralAlgorithmInstance() {
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      sink = cipherGetterCall.getValueArgNode() and
+      src.asExpr() = this and
+      KnownAlgorithmLiteralToAlgorithmGetterFlow::flow(src, sink) and
+      // Not just any known value, but specifically a known cipher operation
+      exists(string algType |
+        resolveAlgorithmFromLiteral(src.asExpr(), _, algType) and
+        algType.toLowerCase().matches("hash")
+      )
+    )
+  }
+
+  Crypto::AlgorithmConsumer getConsumer() {
+    AlgGetterToAlgConsumerFlow::flow(cipherGetterCall.getResultNode(), DataFlow::exprNode(result))
+  }
+
+  override Crypto::THashType getHashFamily() {
+    literalToHashFamilyType(this, result)
+  }
+
+  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
+
+  override int getHashSize() {none() }//TODO
+}

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashConsumers.qll

@@ -0,0 +1,27 @@
+import EVPHashInitializer
+import EVPHashOperation
+import EVPHashAlgorithmSource
+
+class EVP_Digest_Initializer_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVPDigestInitializerAlgorithmArgument{ 
+    override DataFlow::Node getInputNode() { result.asExpr() = this }
+
+    override Crypto::AlgorithmElement getAKnownAlgorithmSource() {
+        result.(HashKnownAlgorithmLiteralAlgorithmInstance).getConsumer() = this
+      }
+}
+
+class EVP_Q_Digest_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVP_Q_Digest_Algorithm_Argument{ 
+    override DataFlow::Node getInputNode() { result.asExpr() = this }
+
+    override Crypto::AlgorithmElement getAKnownAlgorithmSource() {
+        result.(HashKnownAlgorithmLiteralAlgorithmInstance).getConsumer() = this
+      }
+}
+
+class EVP_Digest_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVP_Digest_Algorithm_Argument{ 
+    override DataFlow::Node getInputNode() { result.asExpr() = this }
+
+    override Crypto::AlgorithmElement getAKnownAlgorithmSource() {
+        result.(HashKnownAlgorithmLiteralAlgorithmInstance).getConsumer() = this
+      }
+}

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashInitializer.qll

@@ -0,0 +1,25 @@
+import cpp
+
+abstract class EVP_Hash_Inititalizer extends Call {
+  Expr getContextArg() { result = this.(Call).getArgument(0) }
+
+  abstract Expr getAlgorithmArg();
+}
+
+class EVP_DigestInit_Variant_Calls extends EVP_Hash_Inititalizer {
+  EVP_DigestInit_Variant_Calls() {
+    this.(Call).getTarget().getName() in [
+      "EVP_DigestInit", "EVP_DigestInit_ex", "EVP_DigestInit_ex2"
+    ]
+  }
+
+  override Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
+  
+}
+
+
+class EVPDigestInitializerAlgorithmArgument extends Expr {
+    EVPDigestInitializerAlgorithmArgument() {
+    exists(EVP_Hash_Inititalizer initCall | this = initCall.getAlgorithmArg())
+  }
+}

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashOperation.qll

@@ -1,5 +1,83 @@
 import experimental.Quantum.Language
 import CtxFlow as CTXFlow
+import LibraryDetector
+import EVPHashInitializer
+import EVPHashConsumers
 
+abstract class EVP_Hash_Operation extends Crypto::HashOperationInstance instanceof Call {
+  Expr getContextArg() { result = this.(Call).getArgument(0) }
 
-//https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
+  EVP_Hash_Inititalizer getInitCall() {
+    CTXFlow::ctxFlowsTo(result.getContextArg(), this.getContextArg())
+  }
+}
+
+//https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
+class EVP_Q_Digest_Operation extends EVP_Hash_Operation {
+  EVP_Q_Digest_Operation() {
+    this.(Call).getTarget().getName() = "EVP_Q_digest" and
+    isPossibleOpenSSLFunction(this.(Call).getTarget())
+  }
+
+  override Crypto::AlgorithmConsumer getAlgorithmConsumer() { this.(Call).getArgument(1) = result }
+
+  override EVP_Hash_Inititalizer getInitCall() {
+    // This variant of digest does not use an init
+    // and even if it were used, the init would be ignored/undefined
+    none()
+  }
+}
+
+class EVP_Q_Digest_Algorithm_Argument extends Expr {
+  EVP_Q_Digest_Algorithm_Argument() {
+    exists(EVP_Q_Digest_Operation op | this = op.(Call).getArgument(1))
+  }
+}
+
+class EVP_Digest_Operation extends EVP_Hash_Operation {
+  EVP_Digest_Operation() {
+    this.(Call).getTarget().getName() = "EVP_Digest" and
+    isPossibleOpenSSLFunction(this.(Call).getTarget())
+  }
+
+  // There is no context argument for this function
+  override Expr getContextArg() { none() }
+
+  override Crypto::AlgorithmConsumer getAlgorithmConsumer() { this.(Call).getArgument(4) = result }
+
+  override EVP_Hash_Inititalizer getInitCall() {
+    // This variant of digest does not use an init
+    // and even if it were used, the init would be ignored/undefined
+    none()
+  }
+}
+
+class EVP_Digest_Algorithm_Argument extends Expr {
+  EVP_Digest_Algorithm_Argument() {
+    exists(EVP_Digest_Operation op | this = op.(Call).getArgument(4))
+  }
+}
+
+class EVP_DigestUpdate_Operation extends EVP_Hash_Operation {
+  EVP_DigestUpdate_Operation() {
+    this.(Call).getTarget().getName() = "EVP_DigestUpdate" and
+    isPossibleOpenSSLFunction(this.(Call).getTarget())
+  }
+
+  override Crypto::AlgorithmConsumer getAlgorithmConsumer() {
+    this.getInitCall().getAlgorithmArg() = result
+  }
+}
+
+class EVP_DigestFinal_Variants_Operation extends EVP_Hash_Operation {
+  EVP_DigestFinal_Variants_Operation() {
+    this.(Call).getTarget().getName() in [
+        "EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"
+      ] and
+    isPossibleOpenSSLFunction(this.(Call).getTarget())
+  }
+
+  override Crypto::AlgorithmConsumer getAlgorithmConsumer() {
+    this.getInitCall().getAlgorithmArg() = result
+  }
+}