Brodes/openssl refactor #11
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| import cpp | ||
| import semmle.code.cpp.dataflow.new.DataFlow | ||
| import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants | ||
| import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers // import all known alg value consummers | ||
|
|
||
| /** | ||
| * Traces 'known algorithms' to AVCs, specifically | ||
| * algorithms that are in the set of known algorithm constants. | ||
| * Padding-specific consumers exist that have their own values that | ||
| * overlap with the known algorithm constants. | ||
| * Padding consumers (specific padding consumers) are excluded from the set of sinks. | ||
| */ | ||
| module KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { | ||
| predicate isSource(DataFlow::Node source) { | ||
| source.asExpr() instanceof KnownOpenSSLAlgorithmConstant | ||
| } | ||
|
|
||
| predicate isSink(DataFlow::Node sink) { | ||
| exists(OpenSSLAlgorithmValueConsumer c | | ||
| c.getInputNode() = sink and | ||
| not c instanceof PaddingAlgorithmValueConsumer | ||
| ) | ||
| } | ||
|
|
||
| predicate isBarrier(DataFlow::Node node) { | ||
| // False positive reducer, don't flow out through argv | ||
| exists(VariableAccess va, Variable v | | ||
| v.getAnAccess() = va and va = node.asExpr() | ||
| or | ||
| va = node.asIndirectExpr() | ||
| | | ||
| v.getName().matches("%argv") | ||
| ) | ||
| } | ||
|
|
||
| predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { | ||
| knownPassThroughStep(node1, node2) | ||
| } | ||
| } | ||
|
|
||
| module KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow = | ||
| DataFlow::Global<KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig>; | ||
|
|
||
| module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { | ||
| predicate isSource(DataFlow::Node source) { | ||
| source.asExpr() instanceof KnownOpenSSLAlgorithmConstant | ||
| } | ||
|
|
||
| predicate isSink(DataFlow::Node sink) { | ||
| exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink) | ||
| } | ||
|
|
||
| predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { | ||
| knownPassThroughStep(node1, node2) | ||
| } | ||
| } | ||
|
|
||
| module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow = | ||
| DataFlow::Global<RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig>; | ||
|
|
||
| class OpenSSLAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep { | ||
| OpenSSLAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) } | ||
|
|
||
| override DataFlow::Node getOutput() { | ||
| exists(AlgorithmPassthroughCall c | c.getInNode() = this and c.getOutNode() = result) | ||
| } | ||
| } | ||
|
|
||
| abstract class AlgorithmPassthroughCall extends Call { | ||
| abstract DataFlow::Node getInNode(); | ||
|
|
||
| abstract DataFlow::Node getOutNode(); | ||
| } | ||
|
|
||
| class CopyAndDupAlgorithmPassthroughCall extends AlgorithmPassthroughCall { | ||
| DataFlow::Node inNode; | ||
| DataFlow::Node outNode; | ||
|
|
||
| CopyAndDupAlgorithmPassthroughCall() { | ||
| // Flow out through any return or other argument of the same type | ||
| // Assume flow in and out is asIndirectExpr or asDefinitingArgument since a pointer is assumed | ||
| // to be involved | ||
| // NOTE: not attempting to detect openssl specific copy/dup functions, but anything suspected to be copy/dup | ||
| this.getTarget().getName().toLowerCase().matches(["%_dup%", "%_copy%"]) and | ||
| exists(Expr inArg, Type t | | ||
| inArg = this.getAnArgument() and t = inArg.getUnspecifiedType().stripType() | ||
| | | ||
| inNode.asIndirectExpr() = inArg and | ||
| ( | ||
| // Case 1: flow through another argument as an out arg of the same type | ||
| exists(Expr outArg | | ||
| outArg = this.getAnArgument() and | ||
| outArg != inArg and | ||
| outArg.getUnspecifiedType().stripType() = t | ||
| | | ||
| outNode.asDefiningArgument() = outArg | ||
| ) | ||
| or | ||
| // Case 2: flow through the return value if the result is the same as the intput type | ||
| exists(Expr outArg | outArg = this and outArg.getUnspecifiedType().stripType() = t | | ||
| outNode.asIndirectExpr() = outArg | ||
| ) | ||
| ) | ||
| ) | ||
| } | ||
|
|
||
| override DataFlow::Node getInNode() { result = inNode } | ||
|
|
||
| override DataFlow::Node getOutNode() { result = outNode } | ||
| } | ||
|
|
||
| class NIDToPointerPassthroughCall extends AlgorithmPassthroughCall { | ||
| DataFlow::Node inNode; | ||
| DataFlow::Node outNode; | ||
|
|
||
| NIDToPointerPassthroughCall() { | ||
| this.getTarget().getName() in ["OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn"] and | ||
| inNode.asExpr() = this.getArgument(0) and | ||
| outNode.asExpr() = this | ||
| //outNode.asIndirectExpr() = this | ||
| } | ||
|
|
||
| override DataFlow::Node getInNode() { result = inNode } | ||
|
|
||
| override DataFlow::Node getOutNode() { result = outNode } | ||
| } | ||
|
|
||
| class PointerToPointerPassthroughCall extends AlgorithmPassthroughCall { | ||
| DataFlow::Node inNode; | ||
| DataFlow::Node outNode; | ||
|
|
||
| PointerToPointerPassthroughCall() { | ||
| this.getTarget().getName() = "OBJ_txt2obj" and | ||
| inNode.asIndirectExpr() = this.getArgument(0) and | ||
| outNode.asIndirectExpr() = this | ||
| or | ||
| //outNode.asExpr() = this | ||
| this.getTarget().getName() in ["OBJ_obj2txt", "i2t_ASN1_OBJECT"] and | ||
| inNode.asIndirectExpr() = this.getArgument(2) and | ||
| outNode.asDefiningArgument() = this.getArgument(0) | ||
| } | ||
|
|
||
| override DataFlow::Node getInNode() { result = inNode } | ||
|
|
||
| override DataFlow::Node getOutNode() { result = outNode } | ||
| } | ||
|
|
||
| class PointerToNIDPassthroughCall extends AlgorithmPassthroughCall { | ||
| DataFlow::Node inNode; | ||
| DataFlow::Node outNode; | ||
|
|
||
| PointerToNIDPassthroughCall() { | ||
| this.getTarget().getName() in ["OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", "OBJ_txt2nid"] and | ||
| ( | ||
| inNode.asIndirectExpr() = this.getArgument(0) | ||
| or | ||
|
Owner
There was a problem hiding this comment. Only |
||
| inNode.asExpr() = this.getArgument(0) | ||
| ) and | ||
| outNode.asExpr() = this | ||
| } | ||
|
|
||
| override DataFlow::Node getInNode() { result = inNode } | ||
|
|
||
| override DataFlow::Node getOutNode() { result = outNode } | ||
| } | ||
|
|
||
| // TODO: pkeys pass through EVP_PKEY_CTX_new and any similar variant | ||
| predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2) { | ||
| exists(AlgorithmPassthroughCall c | c.getInNode() = node1 and c.getOutNode() = node2) | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| import cpp | ||
| import experimental.Quantum.Language | ||
| import OpenSSLAlgorithmInstanceBase | ||
| import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants | ||
| import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer | ||
| import AlgToAVCFlow | ||
|
|
||
| /** | ||
| * Given a `KnownOpenSSLBlockModeAlgorithmConstant`, converts this to a block family type. | ||
| * Does not bind if there is know mapping (no mapping to 'unknown' or 'other'). | ||
| */ | ||
| predicate knownOpenSSLConstantToBlockModeFamilyType( | ||
| KnownOpenSSLBlockModeAlgorithmConstant e, Crypto::TBlockCipherModeOfOperationType type | ||
| ) { | ||
| exists(string name | | ||
| name = e.getNormalizedName() and | ||
| ( | ||
| name.matches("CBC") and type instanceof Crypto::CBC | ||
| or | ||
| name.matches("CFB%") and type instanceof Crypto::CFB | ||
| or | ||
| name.matches("CTR") and type instanceof Crypto::CTR | ||
| or | ||
| name.matches("GCM") and type instanceof Crypto::GCM | ||
| or | ||
| name.matches("OFB") and type instanceof Crypto::OFB | ||
| or | ||
| name.matches("XTS") and type instanceof Crypto::XTS | ||
| or | ||
| name.matches("CCM") and type instanceof Crypto::CCM | ||
| or | ||
| name.matches("GCM") and type instanceof Crypto::GCM | ||
| or | ||
| name.matches("CCM") and type instanceof Crypto::CCM | ||
| or | ||
| name.matches("ECB") and type instanceof Crypto::ECB | ||
| ) | ||
| ) | ||
| } | ||
|
|
||
| class KnownOpenSSLBlockModeConstantAlgorithmInstance extends OpenSSLAlgorithmInstance, | ||
| Crypto::ModeOfOperationAlgorithmInstance instanceof KnownOpenSSLBlockModeAlgorithmConstant | ||
| { | ||
| OpenSSLAlgorithmValueConsumer getterCall; | ||
|
|
||
| KnownOpenSSLBlockModeConstantAlgorithmInstance() { | ||
| // Two possibilities: | ||
| // 1) The source is a literal and flows to a getter, then we know we have an instance | ||
| // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that | ||
| // Possibility 1: | ||
| this instanceof Literal and | ||
| exists(DataFlow::Node src, DataFlow::Node sink | | ||
| // Sink is an argument to a CipherGetterCall | ||
| sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and | ||
| // Source is `this` | ||
| src.asExpr() = this and | ||
| // This traces to a getter | ||
| KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) | ||
| ) | ||
| or | ||
| // Possibility 2: | ||
| this instanceof DirectAlgorithmValueConsumer and getterCall = this | ||
| } | ||
|
|
||
| override Crypto::TBlockCipherModeOfOperationType getModeType() { | ||
| knownOpenSSLConstantToBlockModeFamilyType(this, result) | ||
| or | ||
| not knownOpenSSLConstantToBlockModeFamilyType(this, _) and result = Crypto::OtherMode() | ||
| } | ||
|
|
||
| // NOTE: I'm not going to attempt to parse out the mode specific part, so returning | ||
| // the same as the raw name for now. | ||
| override string getRawModeAlgorithmName() { result = this.(Literal).getValue().toString() } | ||
|
|
||
| override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall } | ||
| } |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is supposed to be a heuristic, can you include examples?
Suggested change:
Also, what about type conversions, such as byte arrays to strings? Perhaps that's a different bit of logic and one handled anyway via taint-tracking, but I want to make clear what this case (vs the generic catch-all taint tracking flow steps) are for.