Crypto: Improve literal filtering for OpenSSL for algorithms and generic sources#19553
Conversation
… and known algorithm literals to improve dataflow performance.
| // curve is used. | ||
| this.getValue() != "EC" | ||
| } | ||
| ConstantDataSource() { this instanceof OpenSSLAlgorithmCandidateLiteral } |
There was a problem hiding this comment.
Shouldn't this be not this instanceof OpenSSLAlgorithmCandidateLiteral or even just any string or literal?
Editing for clarification: these could be any generic strings or integers used as inputs for artifacts (such as IVs, keys, RNG seeds, etc.). Maybe it's just the algorithm candidate literal language that seems too specific for what you're doing here.
There was a problem hiding this comment.
oh right... yea I had blinders on to just getting the algorithm instances accounted for... the filter I had previously was the generic can't be "EC" that is in the candidate literal class now...if we are tracing any literal then my optimizations really don't matter much at least for ints...
There was a problem hiding this comment.
I changed this to make sure it is an instance of an openssl generic. If other APIs have their own notion, we can add to it. The algorithm literals use this generic literal restriction, but generic inputs are not restricted to only those relevant to algorithms.
… now relying on the charpred of OpenSSLAlgorithmCandidateLiteral.
…ltering all constants, not just for algorithms.
# Conflicts: # cpp/ql/lib/experimental/quantum/Language.qll # cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll # cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| * Note: this predicate should only consider restrictions with respect to strings only. | ||
| * General restrictions are in the OpenSSLGenericSourceCandidateLiteral class. | ||
| */ | ||
| private predicate isOpenSSLStringLiteralGenericSourceCandidate(StringLiteral s) { |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| * "AES" may be a legitimate algorithm literal, but the literal will not be used for an operation directly | ||
| * since it is in a equality comparison, hence this case would also be filtered. | ||
| */ | ||
| class OpenSSLGenericSourceCandidateLiteral extends Literal { |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
bdrodes
force-pushed
the
generic_constant_filtering
branch
from
e007eff to
417734c
Compare
bdrodes
force-pushed
the
generic_constant_filtering
branch
from
50c36a8 to
570fdeb
Compare
nicolaswill
left a comment
nicolaswill
left a comment
There was a problem hiding this comment.
One comment + failing unit tests.
nicolaswill
changed the title
… constraints for generic input sources are heuristics to filter sources, and other constraints narrow the literals to a general type (ints). Also adding fixes in KnownAlgorithmConstants to classify some algorithms as key exchange and signature correctly, and added support for a signature constant wrapper.
| * Note: this predicate should only consider restrictions with respect to integers only. | ||
| * General restrictions are in the OpenSSLGenericSourceCandidateLiteral class. | ||
| */ | ||
| private predicate isOpenSSLIntLiteralGenericSourceCandidate(IntLiteral l) { |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
…d signature mapping for ED and X elliptic curve variants.
| } | ||
|
|
||
| class KnownOpenSSLSignatureAlgorithmConstant extends KnownOpenSSLAlgorithmConstant { | ||
| string algType; |
There was a problem hiding this comment.
This should not be a field if it's not the result of or used in a member predicate.
| } | ||
| } | ||
|
|
||
| class KnownOpenSSLSignatureAlgorithmConstant extends KnownOpenSSLAlgorithmConstant { |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
3 participants
No description provided.