Crypto: Refactor Model and signatures, fix models, add unit tests #19944
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conflicts: # cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll # cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll
…for APIs having one function to do both. Incomplete. Work in progress.
…ests for openssl, refactor still required for JCA.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…e signature or mac operation instance.
…model) and simplified unit tests in terms of the graph complexity to aid visual assessments of model correctness.
…is now just a passthrough, it is not a known implicit operation call. Some final operations generating null outputs are now removed from possible final operartions (typically used to determine buffer lenghth and not actually performing the operation). Misc. false positive/error fixes and code clean up, and added missing models.
Signature model refactor experimental
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll
Fixed
Show fixed
Hide fixed
…d in branch). Acronym casing fix.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the signature model architecture to consolidate MAC and signature operations under a unified hierarchy. The key changes include:
- Merges MAC algorithm types into the general key operation algorithm type system
- Introduces a new
SignatureOrMacOperationInstancebase class to handle APIs that can perform either signature or MAC operations - Updates OpenSSL operation modeling to better distinguish between signature-only and signature/MAC operations
- Adds comprehensive verification operation support alongside existing signing operations
Reviewed Changes
Copilot reviewed 37 out of 37 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| shared/quantum/codeql/quantum/experimental/Standardization.qll | Integrates MAC algorithm types into the main key operation algorithm hierarchy |
| shared/quantum/codeql/quantum/experimental/Model.qll | Refactors signature/MAC operation class hierarchy and removes standalone MAC classes |
| java/ql/lib/experimental/quantum/JCA.qll | Updates JCA model to use new MAC algorithm types and fixes hash algorithm name parsing |
| cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c | Restructures test code into focused individual test functions |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll | Adds comprehensive signature/verification operations and introduces SignatureOrMacFinalOperation |
| cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll | Updates MAC instances to extend KeyOperationAlgorithmInstance instead of MacAlgorithmInstance |
| cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll | Switches from DataFlow to TaintTracking and adds new IO types for hash algorithms |
…/codeql into signature_model_refactor
…ures to make the inheritance decomposition and caveats clearer, and 2) use getConsumer to establish the hash and hmac consumer. Update the Model to expect hash node types specifically for HMAC getHashALgorithmOrUnknown.
nicolaswill
approved these changes
Oct 2, 2025
nicolaswill
changed the title
nicolaswill
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A complete overhaul of how signatures are modeled to take into account that some operations are ambiguous, they can be either MAC or Signature. Significant updates to the OpenSSL models both to use the new signature/mac models but also misc. fixes and additional modeling to make the scope of the OpenSSL models wider and more accurate. Updates to the JCA models also to account for the new signature/mac models.
This PR is a culmination of many misc. updates necessary to get the openssl models to a consistent representation, with rigorous unit tests, especially as represented in the graph. Next steps are to ensure other models (e.g., the JCA) are similarly consistent with rigorous unit tests.