Implement first stage cryptography modelling and queries

cpp/ql/lib/experimental/Quantum/Language.qll

@@ -1,12 +1,121 @@
 private import codeql.cryptography.Model
+import semmle.code.cpp.ir.IR
+import semmle.code.cpp.security.FlowSources as FlowSources
 private import cpp as Lang
 
 module CryptoInput implements InputSig<Lang::Location> {
+  class DataFlowNode = DataFlow::Node;
+
   class LocatableElement = Lang::Locatable;
 
   class UnknownLocation = Lang::UnknownDefaultLocation;
+
+  LocatableElement dfn_to_element(DataFlow::Node node) {
+    result = node.asExpr() or
+    result = node.asParameter() or
+    result = node.asVariable()
+  }
 }
 
 module Crypto = CryptographyBase<Lang::Location, CryptoInput>;
 
-import OpenSSL
+/**
+ * Artifact output to node input configuration
+ */
+abstract class AdditionalFlowInputStep extends DataFlow::Node {
+  abstract DataFlow::Node getOutput();
+
+  final DataFlow::Node getInput() { result = this }
+}
+
+/**
+ * Generic data source to node input configuration
+ */
+module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source = any(Crypto::GenericDataSourceInstance i).getOutputNode()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink = any(Crypto::FlowAwareElement other).getInputNode()
+  }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getInputNode()
+  }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getOutputNode()
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+  }
+}
+
+// // // TODO: I think this will be inefficient, no?
+// // class ConstantDataSource extends Crypto::GenericConstantOrAllocationSource instanceof Literal {
+// //   override DataFlow::Node getOutputNode() {
+// //     result.asExpr() = this
+// //   }
+// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
+// //     // TODO: separate config to avoid blowing up data-flow analysis
+// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+// //   }
+// //   override string getAdditionalDescription() { result = this.toString() }
+// // }
+// /**
+//  * Definitions of various generic data sources
+//  */
+// // final class DefaultFlowSource = SourceNode;
+// // final class DefaultRemoteFlowSource = RemoteFlowSource;
+// // class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
+// //   GenericLocalDataSource() {
+// //     any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
+// //   }
+// //   override DataFlow::Node getOutputNode() { result.asExpr() = this }
+// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
+// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+// //   }
+// //   override string getAdditionalDescription() { result = this.toString() }
+// // }
+// // class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
+// //   GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
+// //   override DataFlow::Node getOutputNode() { result.asExpr() = this }
+// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
+// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+// //   }
+// //   override string getAdditionalDescription() { result = this.toString() }
+// // }
+// module GenericDataSourceUniversalFlow = DataFlow::Global<GenericDataSourceUniversalFlowConfig>;
+module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink = any(Crypto::FlowAwareElement other).getInputNode()
+  }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getInputNode()
+  }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getOutputNode()
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+  }
+}
+
+module ArtifactUniversalFlow = DataFlow::Global<ArtifactUniversalFlowConfig>;
+
+abstract class CipherOutputArtifact extends Crypto::KeyOperationOutputArtifactInstance {
+  override predicate flowsTo(Crypto::FlowAwareElement other) {
+    ArtifactUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+  }
+}
+
+import OpenSSL.OpenSSL

cpp/ql/lib/experimental/Quantum/OpenSSL/CtxFlow.qll

@@ -0,0 +1,97 @@
+/**
+ * In OpenSSL, flow between 'context' parameters is often used to
+ * store state/config of how an operation will eventually be performed.
+ * Tracing algorithms and configurations to operations therefore
+ * requires tracing context parameters for many OpenSSL apis. 
+ * 
+ * This library provides a dataflow analysis to track context parameters
+ * between any two functions accepting openssl context parameters.
+ * The dataflow takes into consideration flowing through duplication and copy calls
+ * as well as flow through flow killers (free/reset calls).
+ *
+ * TODO: we may need to revisit 'free' as a dataflow killer, depending on how
+ * we want to model use after frees.
+ *
+ * This library also provides classes to represent context Types and relevant
+ * arguments/expressions.
+ */
+
+import semmle.code.cpp.dataflow.new.DataFlow
+
+class CTXType extends Type {
+  CTXType() {
+    // TODO: should we limit this to an openssl path?
+    this.getUnspecifiedType().stripType().getName().matches("evp_%ctx_%st")
+  }
+}
+
+class CTXPointerExpr extends Expr {
+  CTXPointerExpr() {
+    this.getType() instanceof CTXType and
+    this.getType() instanceof PointerType
+  }
+}
+
+class CTXPointerArgument extends CTXPointerExpr {
+  CTXPointerArgument() { exists(Call c | c.getAnArgument() = this) }
+
+  Call getCall() { result.getAnArgument() = this }
+}
+
+class CTXClearCall extends Call {
+  CTXClearCall() {
+    this.getTarget().getName().toLowerCase().matches(["%free%", "%reset%"]) and
+    this.getAnArgument() instanceof CTXPointerArgument
+  }
+}
+
+class CTXCopyOutArgCall extends Call {
+  CTXCopyOutArgCall() {
+    this.getTarget().getName().toLowerCase().matches(["%copy%"]) and
+    this.getAnArgument() instanceof CTXPointerArgument
+  }
+}
+
+class CTXCopyReturnCall extends Call {
+  CTXCopyReturnCall() {
+    this.getTarget().getName().toLowerCase().matches(["%dup%"]) and
+    this.getAnArgument() instanceof CTXPointerArgument and
+    this instanceof CTXPointerExpr
+  }
+}
+
+module OpenSSLCTXArgumentFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CTXPointerArgument }
+
+  predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CTXPointerArgument }
+
+  predicate isBarrier(DataFlow::Node node) {
+    exists(CTXClearCall c | c.getAnArgument() = node.asExpr())
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    exists(CTXCopyOutArgCall c |
+      c.getAnArgument() = node1.asExpr() and
+      c.getAnArgument() = node2.asExpr() and
+      node1.asExpr() != node2.asExpr() and
+      node2.asExpr().getType() instanceof CTXType
+    )
+    or
+    exists(CTXCopyReturnCall c |
+      c.getAnArgument() = node1.asExpr() and
+      c = node2.asExpr() and
+      node1.asExpr() != node2.asExpr() and
+      node2.asExpr().getType() instanceof CTXType
+    )
+  }
+}
+
+module OpenSSLCTXArgumentFlow = DataFlow::Global<OpenSSLCTXArgumentFlowConfig>;
+
+predicate ctxFlowsTo(CTXPointerArgument source, CTXPointerArgument sink) {
+  exists(DataFlow::Node a, DataFlow::Node b |
+    OpenSSLCTXArgumentFlow::flow(a, b) and
+    a.asExpr() = source and
+    b.asExpr() = sink
+  )
+}

cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherConsumers.qll

@@ -0,0 +1,25 @@
+import EVPCipherInitializer
+import EVPCipherOperation
+import EVPCipherAlgorithmSource
+
+class EVP_Cipher_Initializer_Algorithm_Consumer extends Crypto::AlgorithmConsumer instanceof EVPCipherInitializerAlgorithmArgument
+{
+  override DataFlow::Node getInputNode() { result.asExpr() = this }
+
+  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
+    result.(KnownOpenSSLCipherConstantAlgorithmInstance).getConsumer() = this
+  }
+}
+
+// //TODO: need a key consumer
+// class EVP_Initializer_Key_Consumer extends Crypto::KeyConsumer instanceof EVP_Cipher_Inititalizer isntanceof InitializerKeyArgument{
+// }
+class EVP_Cipher_Initializer_IV_Consumer extends Crypto::NonceArtifactConsumer instanceof EVPCipherInitializerIVArgument
+{
+  override DataFlow::Node getInputNode() { result.asExpr() = this }
+}
+
+class EVP_Cipher_Input_Consumer extends Crypto::CipherInputConsumer instanceof EVPCipherInputArgument
+{
+  override DataFlow::Node getInputNode() { result.asExpr() = this }
+}