hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removed hashes from NotConstantTimeCryptoComparison.ql

Browse Source
This commit is contained in:
Artem Smotrakov
2021-06-14 08:57:10 +02:00
committed by Fosstars
parent 8a69b7b3ac
commit f245dc3ac8
8 changed files with 25 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/experimental/Security/CWE/CWE-208/NotConstantTimeCryptoComparison.qhelp
View File

@@ -3,7 +3,7 @@
<overview>
<p>
When comparing results of cryptographic operations, such as MAC or cryptographic hash,
When comparing results of cryptographic operations, such as MAC or digital signature,
a constant time algorithm should be used. In other words, the comparison time should not depend on
the content of the input. Otherwise, an attacker may be able to implement a timing attack.
A successful timing attack may result in leaking secrets or authentication bypass.
@@ -20,15 +20,15 @@ and does not depend on the contents of the arrays.
<example>
<p>
The following example uses <code>Arrays.equals()</code> method for comparing cryptographic hashes.
The following example uses <code>Arrays.equals()</code> method for comparing MAC.
This method implements a not-constant time algorithm:
</p>
<sample src="UnsafeCryptoHashComparison.java" />
<sample src="UnsafeMacComparison.java" />
<p>
The next example example uses a safe not-constant time algorithm for comparing cryptographic hashes:
The next example example uses a safe not-constant time algorithm for comparing MAC:
</p>
<sample src="SafeCryptoHashComparison.java" />
<sample src="SafeMacComparison.java" />
</example>

3
java/ql/src/experimental/Security/CWE/CWE-208/NotConstantTimeCryptoComparison.ql
View File

@@ -26,9 +26,6 @@ private class ReturnCryptoOperatinoResultMethod extends Method {
or
getDeclaringType().hasQualifiedName("java.security", "Signature") and
hasName("sign")
or
getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and
hasName("digest")
}
}

5
java/ql/src/experimental/Security/CWE/CWE-208/SafeCryptoHashComparison.java
View File

@@ -1,5 +0,0 @@
public boolean checkHash(byte[] expectedHash, byte[] data) throws Exception {
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] actualHash = md.digest(data);
return MessageDigest.isEqual(expectedHash, actualHash);
}

6
java/ql/src/experimental/Security/CWE/CWE-208/SafeMacComparison.java Normal file
View File

@@ -0,0 +1,6 @@
public boolean check(byte[] expected, byte[] data, SecretKey key) throws Exception {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(key.getEncoded(), "HmacSHA256"));
byte[] actual = mac.doFinal(data);
return MessageDigest.isEqual(expected, actual);
}

5
java/ql/src/experimental/Security/CWE/CWE-208/UnsafeCryptoHashComparison.java
View File

@@ -1,5 +0,0 @@
public boolean checkHash(byte[] expectedHash, byte[] data) throws Exception {
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] actualHash = md.digest(data);
return Arrays.equals(expectedHash, actualHash);
}

6
java/ql/src/experimental/Security/CWE/CWE-208/UnsafeMacComparison.java Normal file
View File

@@ -0,0 +1,6 @@
public boolean check(byte[] expected, byte[] data, SecretKey key) throws Exception {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(key.getEncoded(), "HmacSHA256"));
byte[] actual = mac.doFinal(data);
return Arrays.equals(expected, actual);
}