Quantum: OpenSSL signatures #19628
Open
Quantum: OpenSSL signatures #19628
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ound through tests, and updating CODEOWNERS for quantum tests
add initial work for openssl signatures add basic C test files for ciphers and signatures more signature classes, comments for evp base classes more signature tests fix super calls for input consumers fix getOutputArtifact for tests formatting delete redundant test files move algorithm methods to OpenSSLOperation refactor ECKeyGenOperation for new EVP classes formatting fix getOutputArtifact fix cipher and digest operation test results mv openssl signature to another PR
…ationBase.qll Co-authored-by: Ben Rodes <[email protected]>
Co-authored-by: Ben Rodes <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
This PR introduces support for OpenSSL signatures and key generation within the Quantum library while updating the associated data flows. Key changes include test updates to reflect new nonce and key source expectations, new and updated QL classes for modeling signature operations (EVPSignatureOperation.qll), and modifications to existing base classes and data flow modules (e.g. OpenSSLOperationBase.qll, CtxFlow.qll) to support these changes.
Reviewed Changes
Copilot reviewed 48 out of 48 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_nonce_sources.expected | Updated expected test output for nonce sources. |
| cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_key_sources.ql | Added query to support new cipher key sources tracking. |
| cpp/ql/test/experimental/library-tests/quantum/openssl/cipher_key_sources.expected | Updated expected test output for key sources. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll | Added import for EVPSignatureOperation for signature support. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll | Updated base operations including algorithm value consumer flow handling. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll | New module modeling EVP signature operations, including initialization, update, and final call classes. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll | New module for EVP key generation operations supporting both keygen and parameter generation. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll | Updates to hash operations with changes to input/output and data flow tracking. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashInitializer.qll | Changed inheritance to extend EVPInitialize. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll | Updated cipher operation modeling with revised data flow implementations. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherInitializer.qll | Modified to use EVPInitialize and updated key operation subtype handling. |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll | Simplified EC key generation operation implementation. |
| cpp/ql/lib/experimental/quantum/OpenSSL/CtxFlow.qll | Revised CtxPointerExpr and updated context flow predicates. |
| cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/* | New files for modeling signature and PKey algorithm consumers integrated into the value consumer framework. |
| cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/* | New and modified files to support signature algorithm instances and update known algorithm constants. |
| CODEOWNERS | Adjusted pattern matching for experimental quantum code ownership. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now in progress: basic data flows for tracking of algorithms, contexts, and keys.