Add more tests

2026-05-02 12:15:17 +02:00 · 2022-08-31 15:59:51 +01:00
parent 13d1a4fdc1
commit 56d48e6264
1 changed files with 20 additions and 1 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.py
@@ -5,8 +5,26 @@
 """
 import hashlib
 import hmac
+from cryptography.hazmat.primitives import cmac
+from cryptography.hazmat.primitives.ciphers import algorithms
+from Crypto.Signature import pkcs1_15
+from Crypto.Hash import SHA256
+from Crypto.PublicKey import RSA

-key = "e179017a-62b0-4996-8a38-e91aa9f1"
+
+def UnsafeCmacCheck(actualCmac):
+    expected = cmac.CMAC(algorithms.AES(key))
+    expected.update(b"message to authenticate")
+    expected.finalize()
+    return actualCmac == expected 
+
+
+def UnsafeCheckSignature(expected):
+    message = b'To be signed'
+    key = RSA.import_key(open('private_key.der').read())
+    h = SHA256.new(message)
+    signature = pkcs1_15.new(key).sign(h)
+    return expected == signature 

 def sign(pre_key, msg, alg):
    return hmac.new(pre_key, msg, alg).digest()
@@ -15,6 +33,7 @@ def verifyGood(msg, sig):
    return constant_time_string_compare(sig, sign(key, msg, hashlib.sha256)) #good
 
 def verifyBad(msg, sig):
+    key = "e179017a-62b0-4996-8a38-e91aa9f1"
    return sig == sign(key, msg, hashlib.sha256) #bad

 def constant_time_string_compare(a, b):