Skip to content

Quantum: Add OpenSSL key agreement instances and consumers #19632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jun 2, 2025
Merged

Quantum: Add OpenSSL key agreement instances and consumers #19632

merged 9 commits into from
Jun 2, 2025
+241 −17

Conversation

bdrodes
Copy link
Contributor

@bdrodes bdrodes commented May 30, 2025

No description provided.

bdrodes added 4 commits May 27, 2025 15:23
@bdrodes
Crypto: Adding initial openssl tests, fixing a bug in hash modeling f…
41f008d 
…ound through tests, and updating CODEOWNERS for quantum tests
@bdrodes
Crypto: Move openssl stubs to a shared stubs location. Include openss…
b1ce44e 
…l apache license and a readme for future stub creation. Modify existing test case to reference stubs location.
@bdrodes
Crypto: Update crypto stubs location under 'crypto' and associate cod…
69e3a20 
…eowners on any `test/stubs/crypto`. Minor fix to HashAlgorithmValueConsumer (remove library detector logic).
@bdrodes
Crypto: Add openssl key agreement instances and consumers (KEM and KE…
cf015d1 
…Y_EXCH). Fix for raw algorithm names in all current instances. Update constants to include key agreement algorithms, previously missing. Note added in model for the possibility of ESDH.
github-advanced-security[bot]
github-advanced-security bot found potential problems May 30, 2025
View reviewed changes
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
private import AlgToAVCFlow

predicate knownOpenSSLConstantToKeyAgreementFamilyType(

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in knownOpenSSLConstantToKeyAgreementFamilyType should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll
)
}

class KnownOpenSSLHashConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in KnownOpenSSLHashConstantAlgorithmInstance should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll
this instanceof DirectAlgorithmValueConsumer and getterCall = this
}

override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in getAVC should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
@@ -67,6 +67,10 @@
KnownOpenSSLSignatureAlgorithmConstant() { resolveAlgorithmFromExpr(this, _, "SIGNATURE") }
}

class KnownOpenSSLKeyAgreementAlgorithmConstant extends KnownOpenSSLAlgorithmConstant {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in KnownOpenSSLKeyAgreementAlgorithmConstant should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll Outdated
@@ -35,13 +31,12 @@
* The EVP digest algorithm getters
* https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
*/
class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
class EVPDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in EVPDigestAlgorithmValueConsumer should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances

abstract class KEMAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in KEMAlgorithmValueConsumer should be PascalCase/camelCase.
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll

abstract class KEMAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }

class EVPKEMAlgorithmValueConsumer extends KEMAlgorithmValueConsumer {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in EVPKEMAlgorithmValueConsumer should be PascalCase/camelCase.
...b/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll

abstract class KeyExchangeAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }

class EVPKeyExchangeAlgorithmValueConsumer extends KeyExchangeAlgorithmValueConsumer {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase. Warning

Acronyms in EVPKeyExchangeAlgorithmValueConsumer should be PascalCase/camelCase.
@bdrodes bdrodes marked this pull request as ready for review May 30, 2025 16:39
@bdrodes bdrodes requested review from a team as code owners May 30, 2025 16:39
@bdrodes
Copy link
Contributor Author

bdrodes commented May 30, 2025
edited
Loading

@nicolaswill , this branch is based on the initial openssl test branch (#19564), so when that's merged the number of changes will decrease.

@nicolaswill nicolaswill changed the title Openssl key agreement instances and consumers Quantum: Add OpenSSL key agreement instances and consumers Jun 2, 2025
@github-actions github-actions bot added the Java label Jun 2, 2025
nicolaswill
nicolaswill requested changes Jun 2, 2025
View reviewed changes
Copy link
Contributor

@nicolaswill nicolaswill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The stubs (and CODEOWNERS changes) should be removed, since main already has them in another directory. Other than that, there's just the QL for QL redundant cast alert.

@nicolaswill nicolaswill requested review from nicolaswill and removed request for a team June 2, 2025 18:03
nicolaswill
nicolaswill approved these changes Jun 2, 2025
View reviewed changes
Copy link
Contributor

@nicolaswill nicolaswill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM assuming CI runs pass.

@nicolaswill nicolaswill merged commit 7d7ea72 into github:main Jun 2, 2025
39 checks passed
@nicolaswill nicolaswill deleted the openssl_keyagreement_instances_and_consumers branch June 2, 2025 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolaswill nicolaswill

Assignees
No one assigned
Labels
C++ Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bdrodes @nicolaswill