Openssl key agreement instances and consumers #19632
Conversation
…ound through tests, and updating CODEOWNERS for quantum tests
…l apache license and a readme for future stub creation. Modify existing test case to reference stubs location.
…eowners on any `test/stubs/crypto`. Minor fix to HashAlgorithmValueConsumer (remove library detector logic).
…Y_EXCH). Fix for raw algorithm names in all current instances. Update constants to include key agreement algorithms, previously missing. Note added in model for the possibility of ESDH.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase | ||
| private import AlgToAVCFlow | ||
|
|
||
| predicate knownOpenSSLConstantToKeyAgreementFamilyType( |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| ) | ||
| } | ||
|
|
||
| class KnownOpenSSLHashConstantAlgorithmInstance extends OpenSSLAlgorithmInstance, |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| this instanceof Literal and | ||
| exists(DataFlow::Node src, DataFlow::Node sink | | ||
| // Sink is an argument to a CipherGetterCall | ||
| sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and |
Check warning
Code scanning / CodeQL
Redundant cast Warning
| this instanceof DirectAlgorithmValueConsumer and getterCall = this | ||
| } | ||
|
|
||
| override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall } |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| @@ -67,6 +67,10 @@ | |||
| KnownOpenSSLSignatureAlgorithmConstant() { resolveAlgorithmFromExpr(this, _, "SIGNATURE") } | |||
| } | |||
|
|
|||
| class KnownOpenSSLKeyAgreementAlgorithmConstant extends KnownOpenSSLAlgorithmConstant { | |||
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| @@ -35,13 +31,12 @@ | |||
| * The EVP digest algorithm getters | |||
| * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis | |||
| */ | |||
| class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { | |||
| class EVPDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer { | |||
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase | ||
| private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances | ||
|
|
||
| abstract class KEMAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { } |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
|
|
||
| abstract class KEMAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { } | ||
|
|
||
| class EVPKEMAlgorithmValueConsumer extends KEMAlgorithmValueConsumer { |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
|
|
||
| abstract class KeyExchangeAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { } | ||
|
|
||
| class EVPKeyExchangeAlgorithmValueConsumer extends KeyExchangeAlgorithmValueConsumer { |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
|
@nicolaswill , this branch is based on the initial openssl test branch (#19564), so when that's merged the number of changes will decrease. |
No description provided.