hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-08 12:47:58 -04:00
parent bd34b6ce02
commit 83ff70bcd8
5 changed files with 241 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
java/ql/lib/experimental/quantum/Language.qll
View File

@@ -93,8 +93,9 @@ private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
override string getAdditionalDescription() { result = this.toString() }
}
private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal {
ConstantDataSource() {
private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceInstance instanceof Literal
{
ConstantDataSourceLiteral() {
// TODO: this is an API specific workaround for JCA, as 'EC' is a constant that may be used
// where typical algorithms are specified, but EC specifically means set up a
// default curve container, that will later be specified explicitly (or if not a default)
@@ -112,6 +113,20 @@ private class ConstantDataSource extends Crypto::GenericConstantSourceInstance i
override string getAdditionalDescription() { result = this.toString() }
}
private class ConstantDataSourceArrayInitializer extends Crypto::GenericConstantSourceInstance instanceof ArrayInit
{
ConstantDataSourceArrayInitializer() { exists(Literal l | this.getAnInit() = l) }
override DataFlow::Node getOutputNode() { result.asExpr() = this }
override predicate flowsTo(Crypto::FlowAwareElement other) {
// TODO: separate config to avoid blowing up data-flow analysis
GenericDataSourceFlow::flow(this.getOutputNode(), other.getInputNode())
}
override string getAdditionalDescription() { result = this.toString() }
}
/**
* An instance of random number generation, modeled as the expression
* tied to an output node (i.e., the result of the source of randomness)

6
java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Insecure nonce (static value or weak random source)
* @name Insecure nonce/iv (static value or weak random source)
* @id java/quantum/insecure-iv-or-nonce
* @description A nonce is generated from a source that is not secure. This can lead to
* @description A nonce/iv is generated from a source that is not secure. This can lead to
* vulnerabilities such as replay attacks or key recovery.
* @kind problem
* @problem.severity error
@@ -16,4 +16,4 @@ from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src
where
nonce.getSourceNode() = src and
not src.asElement() instanceof SecureRandomnessInstance
select nonce, "Nonce or IV uses insecure nonce source $@", src, src.toString()
select nonce, "Nonce or IV uses insecure or constant source $@", src, src.toString()

7
java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected Normal file
View File

@@ -0,0 +1,7 @@
| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant |
| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant |
| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant |
| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant |
| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant |
| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant |
| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration |

210
java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java Normal file
View File

@@ -0,0 +1,210 @@
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.Random;
import java.security.SecureRandom;
import java.util.Arrays;
public class InsecureIVorNonceSource {
// BAD: AES-GCM with static IV from a byte array
public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception {
byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
cipher.update(plaintext);
return cipher.doFinal();
}
// BAD: AES-GCM with static IV from zero-initialized byte array
public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
byte[] iv = new byte[16]; // $Source
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-initialization]
cipher.update(plaintext);
return cipher.doFinal();
}
// BAD: AES-CBC with static IV from 1-initialized byte array
public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
byte[] iv = new byte[16]; // $Source
for (byte i = 0; i < iv.length; i++) {
iv[i] = 1;
}
IvParameterSpec ivSpec = new IvParameterSpec(iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
cipher.update(plaintext);
return cipher.doFinal();
}
// BAD: AES-GCM with static IV from a multidimensional byte array
public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws Exception {
byte[][] staticIvs = new byte[][] {
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 },
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 }
}; // $Source
GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
cipher.update(plaintext);
return cipher.doFinal();
}
// BAD: AES-GCM with static IV from a multidimensional byte array
public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws Exception {
byte[][] staticIvs = new byte[][] {
new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 },
new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 }
}; // $Source
GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
cipher.update(plaintext);
return cipher.doFinal();
}
// BAD: AES-GCM with static IV from a zero-initialized multidimensional byte array
public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception {
byte[][] ivs = new byte[][] {
new byte[8], // $Source
new byte[16] // $Source
};
GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-initialization]
cipher.update(plaintext);
return cipher.doFinal();
}
// GOOD: AES-GCM with a random IV
public byte[] encryptWithRandomIv(byte[] key, byte[] plaintext) throws Exception {
byte[] iv = new byte[16];
SecureRandom random = SecureRandom.getInstanceStrong();
random.nextBytes(iv);
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
cipher.update(plaintext);
return cipher.doFinal();
}
// GOOD: AES-GCM with a random IV
public byte[] encryptWithRandomIvByteByByte(byte[] key, byte[] plaintext) throws Exception {
SecureRandom random = SecureRandom.getInstanceStrong();
byte[] iv = new byte[16];
for (int i = 0; i < iv.length; i++) {
iv[i] = (byte) random.nextInt();
}
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
cipher.update(plaintext);
return cipher.doFinal();
}
// GOOD: AES-GCM with a random IV
public byte[] encryptWithRandomIvWithSystemArrayCopy(byte[] key, byte[] plaintext) throws Exception {
byte[] randomBytes = new byte[16];
SecureRandom.getInstanceStrong().nextBytes(randomBytes);
byte[] iv = new byte[16];
System.arraycopy(randomBytes, 0, iv, 0, 16);
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
cipher.update(plaintext);
return cipher.doFinal();
}
// GOOD: AES-GCM with a random IV
public byte[] encryptWithRandomIvWithArraysCopy(byte[] key, byte[] plaintext) throws Exception {
byte[] randomBytes = new byte[16];
SecureRandom.getInstanceStrong().nextBytes(randomBytes);
byte[] iv = new byte[16];
iv = Arrays.copyOf(randomBytes, 16);
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
cipher.update(plaintext);
return cipher.doFinal();
}
public byte[] generate(int size) throws Exception {
if (size == 0) {
return new byte[0];
}
byte[] randomBytes = new byte[size];
SecureRandom.getInstanceStrong().nextBytes(randomBytes);
return randomBytes;
}
// GOOD: AES-CBC with a random IV
public byte[] encryptWithGeneratedIvByteArray(byte[] key, byte[] plaintext) throws Exception {
byte[] iv = generate(16);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
cipher.update(plaintext);
return cipher.doFinal();
}
public byte[] generateInsecureRandomBytes(int numBytes) {
Random random = new Random();
byte[] bytes = new byte[numBytes];
random.nextBytes(bytes); // $Source
return bytes;
}
// BAD: AES-CBC with an insecure random IV
public byte[] encryptWithGeneratedIvByteArrayInsecure(byte[] key, byte[] plaintext) throws Exception {
byte[] iv = generateInsecureRandomBytes(16);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]]
cipher.update(plaintext);
return cipher.doFinal();
}
}

4
java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref Normal file
View File

@@ -0,0 +1,4 @@
query: experimental/quantum/Analysis/InsecureIVorNonceSource.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql