diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql index 1e0dcadf10d..278372922b8 100644 --- a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql @@ -2,7 +2,10 @@ * @name Insecure nonce/iv (static value or weak random source) * @id java/quantum/insecure-iv-or-nonce * @description A nonce/iv is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. + * vulnerabilities such as replay attacks or key recovery. Insecure generation + * is any static nonce, or any known insecure source for a nonce/iv if + * the value is used for an encryption operation (decryption operations are ignored + * as the nonce/iv would be provided alongside the ciphertext). * @kind problem * @problem.severity error * @precision high @@ -12,8 +15,33 @@ import experimental.quantum.Language -from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src +from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg where nonce.getSourceNode() = src and - not src.asElement() instanceof SecureRandomnessInstance -select nonce, "Nonce or IV uses insecure or constant source $@", src, src.toString() + ( + // Case 1: Any constant nonce/iv is bad, regardless of how it is used + src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op = nonce and // binding op by not using it + msg = "Nonce or IV uses constant source $@" + or + // Case 2: The nonce has a non-random source and there is no known operation for the nonce + // assume it is used for encryption + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and // binding op, but not using it + msg = + "Nonce or IV uses insecure source $@ with no observed nonce usage (assuming could be for encryption)." + or + // Case 3: The nonce has a non-random source and is used in an encryption operation + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Nonce or IV uses insecure source $@ at encryption operation $@" + ) +select nonce, msg, src, src.toString(), op, op.toString() diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected index 7cf062f5c02..5cb3fb117a6 100644 --- a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected +++ b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected @@ -1,7 +1,7 @@ -| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | -| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | -| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | -| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | -| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | -| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | -| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | +| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure source $@ at encryption operation $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | InsecureIVorNonceSource.java:208:16:208:31 | EncryptOperation | EncryptOperation |