Adapt BragaCryptoGooduse tests to conform rulesets 3.0.0

CROSSINGTUD · Nov 17, 2023 · 2d77c36 · 2d77c36
1 parent e3e9c97
commit 2d77c36
Show file tree

Hide file tree

Showing 56 changed files with 2,260 additions and 621 deletions.
diff --git a/CryptoAnalysis/src/test/java/tests/headless/BragaCryptoGoodusesTest.java b/CryptoAnalysis/src/test/java/tests/headless/BragaCryptoGoodusesTest.java
diff --git a/CryptoAnalysis/src/test/java/tests/headless/BragaCryptoMisusesTest.java b/CryptoAnalysis/src/test/java/tests/headless/BragaCryptoMisusesTest.java
@@ -573,7 +573,7 @@ public void issuesDHandECDHExamples() {
 		MavenProject mavenProject = createAndCompile(mavenProjectPath);
 		HeadlessCryptoScanner scanner = createScanner(mavenProject);
 
-		// TODO size should be 1024, not 1048
+		// TODO size should be 2048, not 1048
 		setErrorsCount("<pkc.ka.issuesDHandECDH.NonAuthenticatedEphemeralDH_1024: void main(java.lang.String[])>", ConstraintError.class, 2);
 		setErrorsCount("<pkc.ka.issuesDHandECDH.NonAuthenticatedEphemeralDH_1024: void main(java.lang.String[])>", RequiredPredicateError.class, 8);
 		setErrorsCount("<pkc.ka.issuesDHandECDH.NonAuthenticatedEphemeralDH_512: void main(java.lang.String[])>", ConstraintError.class, 2);

diff --git a/...CryptoBench/cryptogooduses/avoidDeterministicRSA/src/main/java/example/UseOAEPForRSA.java b/...CryptoBench/cryptogooduses/avoidDeterministicRSA/src/main/java/example/UseOAEPForRSA.java
@@ -14,26 +14,58 @@
 
 public final class UseOAEPForRSA {
 
-  public static void main(String args[]) {
-    try {
-      Security.addProvider(new BouncyCastleProvider());
-      byte[] ptA = ("Randomized RSA").getBytes();
+	/**
+	 * Original test with updated constraints
+	 * 	kpg.initialize(2048) -> kpg.initialize(4096)
+	 */
+	public void positiveTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] ptA = ("Randomized RSA").getBytes();
+
+			KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
+			kpg.initialize(4096);
+			KeyPair kp = kpg.generateKeyPair();
+			Cipher enc = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] ct = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+			  ct[i] = enc.doFinal(ptA);
+			  byte[] ptB = dec.doFinal(ct[i]);
+			}
+		  } catch (NoSuchAlgorithmException | NoSuchPaddingException |
+				  InvalidKeyException | IllegalBlockSizeException |
+				  BadPaddingException | NoSuchProviderException e) {}
+	}
 
-      KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
-      kpg.initialize(2048);
-      KeyPair kp = kpg.generateKeyPair();
-      Cipher enc = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC");
-      enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
-      Cipher dec = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC");
-      dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+	/**
+	 * Original test without any updates
+	 */
+	public void negativeTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] ptA = ("Randomized RSA").getBytes();
+
+			KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
 
-      byte[][] ct = new byte[2][];
-      for (int i = 0; i < 2; i++) {
-        ct[i] = enc.doFinal(ptA);
-        byte[] ptB = dec.doFinal(ct[i]);
-      }
-    } catch (NoSuchAlgorithmException | NoSuchPaddingException |
-            InvalidKeyException | IllegalBlockSizeException |
-            BadPaddingException | NoSuchProviderException e) {}
-  }
+			// Since 3.0.0: key size of 2048 is not allowed
+			kpg.initialize(2048);
+			KeyPair kp = kpg.generateKeyPair();
+			Cipher enc = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] ct = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+			  ct[i] = enc.doFinal(ptA);
+			  byte[] ptB = dec.doFinal(ct[i]);
+			}
+		  } catch (NoSuchAlgorithmException | NoSuchPaddingException |
+				  InvalidKeyException | IllegalBlockSizeException |
+				  BadPaddingException | NoSuchProviderException e) {}
+	}
 }
diff --git a/...ryptoBench/cryptogooduses/avoidDeterministicRSA/src/main/java/example/UsePKCS1ForRSA.java b/...ryptoBench/cryptogooduses/avoidDeterministicRSA/src/main/java/example/UsePKCS1ForRSA.java
@@ -14,27 +14,60 @@
 
 public final class UsePKCS1ForRSA {
 
-  public static void main(String args[]) {
-    try {
-      Security.addProvider(new BouncyCastleProvider());
-      byte[] ptA = ("Randomized RSA").getBytes();
-      KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
-      kpg.initialize(2048);
-      KeyPair kp = kpg.generateKeyPair();
+	/**
+	 * Original test with updated constraints
+	 * 	kpg.initialize(2048) -> kpg.initialize(4096)
+	 */
+	public void positiveTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] ptA = ("Randomized RSA").getBytes();
+			KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
+			kpg.initialize(4096);
+			KeyPair kp = kpg.generateKeyPair();
+
+			Cipher enc = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] cryptotext = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+			  cryptotext[i] = enc.doFinal(ptA);
+			  byte[] ptB = dec.doFinal(cryptotext[i]);
+			}
+
+		  } catch (NoSuchAlgorithmException | NoSuchPaddingException |
+				  InvalidKeyException | IllegalBlockSizeException |
+				  BadPaddingException | NoSuchProviderException e) {}
+	}
 
-      Cipher enc = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
-      enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
-      Cipher dec = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
-      dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+	/**
+	 * Original test without any updates
+	 */
+	public void negativeTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] ptA = ("Randomized RSA").getBytes();
+			KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
 
-      byte[][] cryptotext = new byte[2][];
-      for (int i = 0; i < 2; i++) {
-        cryptotext[i] = enc.doFinal(ptA);
-        byte[] ptB = dec.doFinal(cryptotext[i]);
-      }
-
-    } catch (NoSuchAlgorithmException | NoSuchPaddingException |
-            InvalidKeyException | IllegalBlockSizeException |
-            BadPaddingException | NoSuchProviderException e) {}
-  }
+			// Since 3.0.0: key size of 2048 is not allowed
+			kpg.initialize(2048);
+			KeyPair kp = kpg.generateKeyPair();
+
+			Cipher enc = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] cryptotext = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+			  cryptotext[i] = enc.doFinal(ptA);
+			  byte[] ptB = dec.doFinal(cryptotext[i]);
+			}
+
+		  } catch (NoSuchAlgorithmException | NoSuchPaddingException |
+				  InvalidKeyException | IllegalBlockSizeException |
+				  BadPaddingException | NoSuchProviderException e) {}
+	}
 }
diff --git a/...gooduses/avoidImproperKeyLen/src/main/java/example/SecureConfig112bitsRSA_2048x256_1.java b/...gooduses/avoidImproperKeyLen/src/main/java/example/SecureConfig112bitsRSA_2048x256_1.java
@@ -9,33 +9,65 @@
 
 public final class SecureConfig112bitsRSA_2048x256_1 {
 
-	public static void main(String args[])
-			throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
-			IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
-
+	/**
+	 * Original test with updated constraints:
+	 * 	int ksize = 2048 -> int ksize = 4096
+	 * 	MGF1ParameterSpec.SHA256 -> new MGF1ParameterSpec("SHA-256")
+	 */
+	public void positiveTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
 		Security.addProvider(new BouncyCastleProvider());
 
-		int keysize = 2048;
-		int hashsize = 256;
-		int maxLenBytes = (keysize - 2 * hashsize) / 8 - 2;
+		int ksize = 4096;
+		int hsize = 256;
+		int maxLenBytes = (ksize - 2 * hsize) / 8 - 2;
 
 		KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
-		kpg.initialize(keysize);
+		kpg.initialize(ksize);
 		KeyPair kp = kpg.generateKeyPair();
 
-		MGF1ParameterSpec mgf1ps = MGF1ParameterSpec.SHA256;
+		MGF1ParameterSpec mgf1ps = new MGF1ParameterSpec("SHA-256");
 		OAEPParameterSpec OAEPps = new OAEPParameterSpec("SHA-256", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT);
 		Cipher c = Cipher.getInstance("RSA/None/OAEPPadding", "BC");
 
 		Key pubk = kp.getPublic();
 		c.init(Cipher.ENCRYPT_MODE, pubk, OAEPps);
-		byte[] ptA = "This is a test string".substring(0, maxLenBytes).getBytes();
-		byte[] ct = c.doFinal(ptA);
+		byte[] pt1 = "demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
 
 		Key privk = kp.getPrivate();
 		c.init(Cipher.DECRYPT_MODE, privk, OAEPps);
-		byte[] ptB = c.doFinal(ct);
-
+		byte[] pt2 = c.doFinal(ct);
 	}
 
+	/**
+	 * Original test without any changes
+	 */
+	public void negativeTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
+		Security.addProvider(new BouncyCastleProvider());
+
+		// Since 3.0.0: key size of 2048 is not allowed
+		int ksize = 2048;
+		int hsize = 256;
+		int maxLenBytes = (ksize - 2 * hsize) / 8 - 2;
+
+		KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
+		kpg.initialize(ksize);
+		KeyPair kp = kpg.generateKeyPair();
+
+		// Since 3.0.0: MGF1ParameterSpec should be initialized with the constructor
+		MGF1ParameterSpec mgf1ps = MGF1ParameterSpec.SHA256;
+		OAEPParameterSpec OAEPps = new OAEPParameterSpec("SHA-256", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT);
+		Cipher c = Cipher.getInstance("RSA/None/OAEPPadding", "BC");
+
+		Key pubk = kp.getPublic();
+		c.init(Cipher.ENCRYPT_MODE, pubk, OAEPps);
+		byte[] pt1 = "demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
+
+		Key privk = kp.getPrivate();
+		c.init(Cipher.DECRYPT_MODE, privk, OAEPps);
+		byte[] pt2 = c.doFinal(ct);
+	}
 }
diff --git a/...gooduses/avoidImproperKeyLen/src/main/java/example/SecureConfig112bitsRSA_2048x256_2.java b/...gooduses/avoidImproperKeyLen/src/main/java/example/SecureConfig112bitsRSA_2048x256_2.java
@@ -6,13 +6,15 @@
 
 public final class SecureConfig112bitsRSA_2048x256_2 {
 
-	public static void main(String args[])
-			throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
-			IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
-
+	/**
+	 * Original test with updated constraints:
+	 * 	int ksize = 2048 -> int ksize = 4096
+	 */
+	public void positiveTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
 		Security.addProvider(new BouncyCastleProvider());
 
-		int ksize = 2048;
+		int ksize = 4096;
 		int hsize = 256;
 		int maxLenBytes = (ksize - 2 * hsize) / 8 - 2;
 
@@ -24,12 +26,39 @@ public static void main(String args[])
 
 		Key pubk = kp.getPublic();
 		c.init(Cipher.ENCRYPT_MODE, pubk);
-		byte[] ptA = "This is a test string".substring(0, maxLenBytes).getBytes();
-		byte[] ct = c.doFinal(ptA);
+		byte[] pt1 = "demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
 
 		Key privk = kp.getPrivate();
 		c.init(Cipher.DECRYPT_MODE, privk);
-		byte[] ptB = c.doFinal(ct);
+		byte[] pt2 = c.doFinal(ct);
+	}
+
+	/**
+	 * Original test without any changes
+	 */
+	public void negativeTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
+		Security.addProvider(new BouncyCastleProvider());
+
+		// Since 3.0.0: key size of 2048 is not allowed
+		int ksize = 2048;
+		int hsize = 256;
+		int maxLenBytes = (ksize - 2 * hsize) / 8 - 2;
 
+		KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
+		kpg.initialize(ksize);
+		KeyPair kp = kpg.generateKeyPair();
+
+		Cipher c = Cipher.getInstance("RSA/None/OAEPwithSHA256andMGF1Padding", "BC");
+
+		Key pubk = kp.getPublic();
+		c.init(Cipher.ENCRYPT_MODE, pubk);
+		byte[] pt1 = "demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
+
+		Key privk = kp.getPrivate();
+		c.init(Cipher.DECRYPT_MODE, privk);
+		byte[] pt2 = c.doFinal(ct);
 	}
 }
diff --git a/...gooduses/avoidImproperKeyLen/src/main/java/example/SecureConfig128bitsRSA_3072x384_1.java b/...gooduses/avoidImproperKeyLen/src/main/java/example/SecureConfig128bitsRSA_3072x384_1.java
@@ -9,10 +9,41 @@
 
 public final class SecureConfig128bitsRSA_3072x384_1 {
 
-	public static void main(String args[])
-			throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
-			IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
+	/**
+	 * Original test with updated constraints:
+	 * 	MGF1ParameterSpec.SHA384 -> new MGF1ParameterSpec("SHA-384")
+	 */
+	public void positiveTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
+		Security.addProvider(new BouncyCastleProvider());
+
+		int ksize = 3072;
+		int hsize = 384;
+		int maxLenBytes = (ksize - 2 * hsize) / 8 - 2;
 
+		KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
+		kpg.initialize(ksize);
+		KeyPair kp = kpg.generateKeyPair();
+
+		MGF1ParameterSpec mgf1ps = new MGF1ParameterSpec("SHA-384");
+		OAEPParameterSpec OAEPps = new OAEPParameterSpec("SHA-384", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT);
+		Cipher c = Cipher.getInstance("RSA/None/OAEPPadding", "BC");
+
+		Key pubk = kp.getPublic();
+		c.init(Cipher.ENCRYPT_MODE, pubk, OAEPps);
+		byte[] pt1 = "demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
+
+		Key privk = kp.getPrivate();
+		c.init(Cipher.DECRYPT_MODE, privk, OAEPps);
+		byte[] pt2 = c.doFinal(ct);
+	}
+
+	/**
+	 * Original test without any changes
+	 */
+	public void negativeTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
 		Security.addProvider(new BouncyCastleProvider());
 
 		int ksize = 3072;
@@ -23,19 +54,18 @@ public static void main(String args[])
 		kpg.initialize(ksize);
 		KeyPair kp = kpg.generateKeyPair();
 
+		// Since 3.0.0: MGF1ParameterSpec should be initialized with the constructor
 		MGF1ParameterSpec mgf1ps = MGF1ParameterSpec.SHA384;
 		OAEPParameterSpec OAEPps = new OAEPParameterSpec("SHA-384", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT);
 		Cipher c = Cipher.getInstance("RSA/None/OAEPPadding", "BC");
 
 		Key pubk = kp.getPublic();
 		c.init(Cipher.ENCRYPT_MODE, pubk, OAEPps);
-		byte[] ptA = "This is a test string".substring(0, maxLenBytes).getBytes();
-		byte[] ct = c.doFinal(ptA);
+		byte[] pt1 = "demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
 
 		Key privk = kp.getPrivate();
 		c.init(Cipher.DECRYPT_MODE, privk, OAEPps);
-		byte[] ptB = c.doFinal(ct);
-
+		byte[] pt2 = c.doFinal(ct);
 	}
-
 }