Merge pull request #5635 from RasmusWL/port-weak-crypto-algorithm

Approved by yoff

python/ql/test/library-tests/frameworks/crypto/README.md

@@ -0,0 +1,13 @@
+These tests are a copy of the tests in [../cryptodome](../cryptodome) with `Cryptodome` replaced by `Crypto`.
+
+You can run the following command to update the tests:
+
+```sh
+rm *.py && cp ../cryptodome/*.py . && sed -i -e 's/Cryptodome/Crypto/' *.py
+```
+
+The original [`pycrypto` PyPI package](https://pypi.org/project/pycrypto/) that provided the `Crypto` Python package has not been updated since 2013, so it is reasonable to assume that people will use the replacement [`pycryptodome` PyPI package](https://pypi.org/project/pycryptodome/) that also provides a `Crypto` Python package and has a (mostly) compatible API.
+
+The pycryptodome functionality is also available in the [`pycryptodomex` PyPI package](https://pypi.org/project/pycryptodomex/) which provides the `Cryptodome` Python package.
+
+To ensure our modeling actually covers _both_ ways of importing the same functionality, we have this convoluted test setup.

python/ql/test/library-tests/frameworks/crypto/test_aes.py

@@ -0,0 +1,36 @@
+# https://pycryptodome.readthedocs.io/en/latest/src/cipher/aes.html
+from Crypto.Cipher import AES
+
+import os
+
+key = os.urandom(256//8)
+iv = os.urandom(16)
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+padding_len = 16 - (len(secret_message) % 16)
+padding = b"\0"*padding_len
+
+cipher = AES.new(key, AES.MODE_CBC, iv=iv)
+# using separate .encrypt calls on individual lines does not work
+whole_plantext = secret_message + padding
+encrypted = cipher.encrypt(whole_plantext) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=whole_plantext
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+cipher = AES.new(key, AES.MODE_CBC, iv=iv)
+decrypted = cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=encrypted
+
+decrypted = decrypted[:-padding_len]
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message

python/ql/test/library-tests/frameworks/crypto/test_dsa.py

@@ -20,8 +20,8 @@ message = b"message"
 
 signer = DSS.new(private_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=DSA
 
 print("signature={}".format(signature))
 
@@ -29,13 +29,13 @@ print()
 
 verifier = DSS.new(public_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=DSA
 print("Signature verified (as expected)")
 
 try:
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=DSA
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/crypto/test_ec.py

@@ -17,8 +17,8 @@ message = b"message"
 
 signer = DSS.new(private_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=ECDSA
 
 print("signature={}".format(signature))
 
@@ -26,13 +26,13 @@ print()
 
 verifier = DSS.new(public_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
 print("Signature verified (as expected)")
 
 try:
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=ECDSA
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/crypto/test_md5.py

@@ -0,0 +1,10 @@
+from Crypto.Hash import MD5
+
+hasher = MD5.new(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = MD5.new() # $ CryptographicOperation CryptographicOperationAlgorithm=MD5
+hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
+hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())

python/ql/test/library-tests/frameworks/crypto/test_rc4.py

@@ -0,0 +1,30 @@
+# https://pycryptodome.readthedocs.io/en/latest/src/cipher/arc4.html
+from Crypto.Cipher import ARC4
+
+import os
+
+key = os.urandom(256//8)
+
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+cipher = ARC4.new(key)
+encrypted = cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=secret_message
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+cipher = ARC4.new(key)
+decrypted = cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=encrypted
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message

python/ql/test/library-tests/frameworks/crypto/test_rsa.py

@@ -23,7 +23,7 @@ secret_message = b"secret message"
 
 encrypt_cipher = PKCS1_OAEP.new(public_key)
 
-encrypted = encrypt_cipher.encrypt(secret_message)
+encrypted = encrypt_cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationInput=secret_message # MISSING: CryptographicOperationAlgorithm=RSA-OAEP?
 
 print("encrypted={}".format(encrypted))
 
@@ -31,9 +31,7 @@ print()
 
 decrypt_cipher = PKCS1_OAEP.new(private_key)
 
-decrypted = decrypt_cipher.decrypt(
-    encrypted,
-)
+decrypted = decrypt_cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationInput=encrypted # MISSING: CryptographicOperationAlgorithm=RSA-OAEP?
 
 print("decrypted={}".format(decrypted))
 assert decrypted == secret_message
@@ -51,23 +49,23 @@ message = b"message"
 
 signer = pss.new(private_key)
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
 
 print("signature={}".format(signature))
 
 print()
 
-
 verifier = pss.new(public_key)
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
 print("Signature verified (as expected)")
 
 try:
     verifier = pss.new(public_key)
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_aes.py

@@ -0,0 +1,36 @@
+# https://pycryptodome.readthedocs.io/en/latest/src/cipher/aes.html
+from Cryptodome.Cipher import AES
+
+import os
+
+key = os.urandom(256//8)
+iv = os.urandom(16)
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+padding_len = 16 - (len(secret_message) % 16)
+padding = b"\0"*padding_len
+
+cipher = AES.new(key, AES.MODE_CBC, iv=iv)
+# using separate .encrypt calls on individual lines does not work
+whole_plantext = secret_message + padding
+encrypted = cipher.encrypt(whole_plantext) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=whole_plantext
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+cipher = AES.new(key, AES.MODE_CBC, iv=iv)
+decrypted = cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=encrypted
+
+decrypted = decrypted[:-padding_len]
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message

python/ql/test/library-tests/frameworks/cryptodome/test_dsa.py

@@ -20,8 +20,8 @@ message = b"message"
 
 signer = DSS.new(private_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=DSA
 
 print("signature={}".format(signature))
 
@@ -29,13 +29,13 @@ print()
 
 verifier = DSS.new(public_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=DSA
 print("Signature verified (as expected)")
 
 try:
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=DSA
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_ec.py

@@ -17,8 +17,8 @@ message = b"message"
 
 signer = DSS.new(private_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=ECDSA
 
 print("signature={}".format(signature))
 
@@ -26,13 +26,13 @@ print()
 
 verifier = DSS.new(public_key, mode='fips-186-3')
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature
 print("Signature verified (as expected)")
 
 try:
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=ECDSA
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptodome/test_md5.py

@@ -0,0 +1,10 @@
+from Cryptodome.Hash import MD5
+
+hasher = MD5.new(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = MD5.new() # $ CryptographicOperation CryptographicOperationAlgorithm=MD5
+hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
+hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())

python/ql/test/library-tests/frameworks/cryptodome/test_rc4.py

@@ -0,0 +1,30 @@
+# https://pycryptodome.readthedocs.io/en/latest/src/cipher/arc4.html
+from Cryptodome.Cipher import ARC4
+
+import os
+
+key = os.urandom(256//8)
+
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+cipher = ARC4.new(key)
+encrypted = cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=secret_message
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+cipher = ARC4.new(key)
+decrypted = cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=encrypted
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message

python/ql/test/library-tests/frameworks/cryptodome/test_rsa.py

@@ -23,7 +23,7 @@ secret_message = b"secret message"
 
 encrypt_cipher = PKCS1_OAEP.new(public_key)
 
-encrypted = encrypt_cipher.encrypt(secret_message)
+encrypted = encrypt_cipher.encrypt(secret_message) # $ CryptographicOperation CryptographicOperationInput=secret_message # MISSING: CryptographicOperationAlgorithm=RSA-OAEP?
 
 print("encrypted={}".format(encrypted))
 
@@ -31,9 +31,7 @@ print()
 
 decrypt_cipher = PKCS1_OAEP.new(private_key)
 
-decrypted = decrypt_cipher.decrypt(
-    encrypted,
-)
+decrypted = decrypt_cipher.decrypt(encrypted) # $ CryptographicOperation CryptographicOperationInput=encrypted # MISSING: CryptographicOperationAlgorithm=RSA-OAEP?
 
 print("decrypted={}".format(decrypted))
 assert decrypted == secret_message
@@ -51,8 +49,8 @@ message = b"message"
 
 signer = pss.new(private_key)
 
-hasher = SHA256.new(message)
-signature = signer.sign(hasher)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = signer.sign(hasher) # $ CryptographicOperation CryptographicOperationInput=hasher # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
 
 print("signature={}".format(signature))
 
@@ -60,14 +58,14 @@ print()
 
 verifier = pss.new(public_key)
 
-hasher = SHA256.new(message)
-verifier.verify(hasher, signature)
+hasher = SHA256.new(message) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
 print("Signature verified (as expected)")
 
 try:
     verifier = pss.new(public_key)
-    hasher = SHA256.new(b"other message")
-    verifier.verify(hasher, signature)
+    hasher = SHA256.new(b"other message") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=b"other message"
+    verifier.verify(hasher, signature) # $ CryptographicOperation CryptographicOperationInput=hasher CryptographicOperationInput=signature # MISSING: CryptographicOperationAlgorithm=RSA-PSS?
     raise Exception("Signature verified (unexpected)")
 except ValueError:
     print("Signature mismatch (as expected)")

python/ql/test/library-tests/frameworks/cryptography/test_aes.py

@@ -0,0 +1,40 @@
+from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes
+import os
+
+key = os.urandom(256//8)
+iv = os.urandom(16)
+
+algorithm = algorithms.AES(key)
+cipher = Cipher(algorithm, mode=modes.CBC(iv))
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+# following https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.Cipher
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+padding_len = 16 - (len(secret_message) % 16)
+padding = b"\0"*padding_len
+
+encryptor = cipher.encryptor()
+print(padding_len)
+encrypted = encryptor.update(secret_message) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=secret_message
+encrypted += encryptor.update(padding) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=padding
+encrypted += encryptor.finalize()
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+decryptor = cipher.decryptor()
+decrypted = decryptor.update(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=AES CryptographicOperationInput=encrypted
+decrypted += decryptor.finalize()
+
+decrypted = decrypted[:-padding_len]
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message

python/ql/test/library-tests/frameworks/cryptography/test_md5.py

@@ -0,0 +1,10 @@
+from cryptography.hazmat.primitives import hashes
+
+from binascii import hexlify
+
+
+hasher = hashes.Hash(hashes.MD5())
+hasher.update(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+
+digest = hasher.finalize()
+print(hexlify(digest).decode('utf-8'))

python/ql/test/library-tests/frameworks/cryptography/test_rc4.py

@@ -0,0 +1,32 @@
+from cryptography.hazmat.primitives.ciphers import algorithms, Cipher
+import os
+
+key = os.urandom(256//8)
+
+algorithm = algorithms.ARC4(key)
+cipher = Cipher(algorithm, mode=None)
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+# following https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption.html#cryptography.hazmat.primitives.ciphers.algorithms.ARC4
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+encryptor = cipher.encryptor()
+encrypted = encryptor.update(secret_message) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=secret_message
+encrypted += encryptor.finalize()
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+decryptor = cipher.decryptor()
+decrypted = decryptor.update(encrypted) # $ CryptographicOperation CryptographicOperationAlgorithm=ARC4 CryptographicOperationInput=encrypted
+decrypted += decryptor.finalize()
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message

python/ql/test/library-tests/frameworks/stdlib/test_md5.py

@@ -0,0 +1,29 @@
+import hashlib
+
+
+hasher = hashlib.md5(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = hashlib.md5(string=b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = hashlib.md5()
+hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
+hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = hashlib.new('md5', b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = hashlib.new('md5', data=b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())
+
+
+hasher = hashlib.new('md5')
+hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
+hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
+print(hasher.hexdigest())