From c5cf0ffa75ba55201346f786fe6db8cb4f610223 Mon Sep 17 00:00:00 2001 From: Mark C Date: Wed, 1 Oct 2025 11:55:51 +0100 Subject: [PATCH 01/66] added java cryptographic check queries --- .../Analysis/InsecureNonceGeneration.ql | 23 ++++++++++++++ .../quantum/Analysis/NonAESGCMCipher.ql | 25 ++++++++++++++++ .../quantum/Analysis/NonceReuse.ql | 18 +++++++++++ .../quantum/Analysis/WeakAsymmetric.ql | 25 ++++++++++++++++ .../quantum/Analysis/WeakBlockModes.ql | 30 +++++++++++++++++++ .../quantum/Analysis/WeakHashing.ql | 20 +++++++++++++ .../quantum/Analysis/WeakKDFIterationCount.ql | 21 +++++++++++++ .../quantum/Analysis/WeakKDFKeySize.ql | 21 +++++++++++++ .../experimental/quantum/Analysis/WeakRSA.ql | 25 ++++++++++++++++ .../quantum/Analysis/WeakSymmetricCiphers.ql | 20 +++++++++++++ 10 files changed, 228 insertions(+) create mode 100644 java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/NonceReuse.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakHashing.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakRSA.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql new file mode 100644 index 000000000000..792287445f07 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql @@ -0,0 +1,23 @@ +/** + * @name Insecure nonce at a cipher operation + * @id java/quantum/insecure-nonce + * @description A nonce is generated from a source that is not secure. This can lead to + * vulnerabilities such as replay attacks or key recovery. + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) { + src = n.getSourceNode() and + not src.asElement() instanceof SecureRandomnessInstance +} + +from Crypto::KeyOperationNode op, Crypto::NodeBase src +where isInsecureNonceSource(op.getANonce(), src) +select op, "Operation uses insecure nonce source $@", src, src.toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql new file mode 100644 index 000000000000..65b00f94d739 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql @@ -0,0 +1,25 @@ +/** + * @name Cipher not AES-GCM mode + * @id java/quantum/non-aes-gcm + * @description An AES cipher is in use without GCM + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +class NonAESGCMAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { + NonAESGCMAlgorithmNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + this.getModeOfOperation().getModeType() != Crypto::KeyOpAlg::GCM() + } +} + +from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode +where op.getAKnownAlgorithm() instanceof NonAESGCMAlgorithmNode and + codeNode = op.getAnOutputArtifact() +select op, "Non-AES-GCM instance." \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql b/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql new file mode 100644 index 000000000000..7f92123fe2e5 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql @@ -0,0 +1,18 @@ +/** + * @name Reuse of cryptographic nonce + * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. + * @id java/quantum/reused-nonce + * @kind problem + * @problem.severity error + * @security.severity low + * @precision medium + * @tags quantum + * experimental + */ + +import java +import ArtifactReuse + +from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2 +where isArtifactReuse(nonce1, nonce2) +select nonce1, "Reuse with nonce $@", nonce2, nonce2.toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql b/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql new file mode 100644 index 000000000000..531b7e01d60b --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql @@ -0,0 +1,25 @@ +/** + * @name Weak Asymetric Key Size + * @id java/quantum/weak-asymmetric-key-size + * @description An asymmetric cipher with a short key size is in use + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::KeyOperationAlgorithmNode op, DataFlow::Node configSrc, int keySize, string algName +where + keySize = op.getKeySizeFixed() and + keySize < 2048 and + algName = op.getAlgorithmName() and + // Can't be an elliptic curve + not Crypto::isEllipticCurveAlgorithmName(algName) +select op, + "Use of weak asymmetric key size (int bits)" + keySize.toString() + " for algorithm " + + algName.toString() + " at config source $@", configSrc, configSrc.toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql new file mode 100644 index 000000000000..dec3296a38b2 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql @@ -0,0 +1,30 @@ +/** + * @name Weak AES Block mode + * @id java/quantum/weak-block-modes + * @description An AES cipher is in use with an insecure block mode + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +class WeakAESBlockModeAlgNode extends Crypto::KeyOperationAlgorithmNode { + WeakAESBlockModeAlgNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + (this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::ECB() or + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CFB() or + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::OFB() or + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CTR() + ) + } +} + +from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode +where op.getAKnownAlgorithm() instanceof WeakAESBlockModeAlgNode and + codeNode = op.getAnOutputArtifact() +select op, "Weak AES block mode instance." diff --git a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql b/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql new file mode 100644 index 000000000000..8a725ec6a5ee --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql @@ -0,0 +1,20 @@ +/** + * @name Weak hashes + * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak. + * @id java/quantum/slices/weak-hashes + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags external/cwe/cwe-327 + */ + +import java +import experimental.quantum.Language + +from Crypto::HashAlgorithmNode alg, string name, string msg +where + name = alg.getAlgorithmName() and + not name in ["SHA256", "SHA384", "SHA512", "SHA-256", "SHA-384", "SHA-512"] and + msg = "Use of unapproved hash algorithm or API " + name + "." +select alg, msg diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql new file mode 100644 index 000000000000..c902b286b195 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql @@ -0,0 +1,21 @@ +/** + * @name Weak known key derivation function iteration count + * @description Detects key derivation operations with a known weak iteration count. + * @id java/quantum/weak-kdf-iteration-count + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::KeyDerivationOperationNode op, Literal l +where + op.getIterationCount().asElement() = l and + l.getValue().toInt() < 100000 +select op, "Key derivation operation configures iteration count below 100k: $@", l, + l.getValue().toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql new file mode 100644 index 000000000000..0161fc1186d6 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql @@ -0,0 +1,21 @@ +/** + * @name Weak known key derivation function output length + * @description Detects key derivation operations with a known weak output length + * @id java/quantum/weak-kdf-iteration-count + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::KeyDerivationOperationNode op, Literal l +where + op.getOutputKeySize().asElement() = l and + l.getValue().toInt() < 256 +select op, "Key derivation operation configures output key length below 256: $@", l, + l.getValue().toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql b/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql new file mode 100644 index 000000000000..3bc15529363d --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql @@ -0,0 +1,25 @@ +/** + * @name Cipher is Weak RSA Implementation + * @id java/quantum/weak-rsa + * @description RSA with a key length <2048 found + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +class WeakRSAAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { + WeakRSAAlgorithmNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TAsymmetricCipher(Crypto::KeyOpAlg::RSA()) and + this.getKeySizeFixed() < 2048 + } +} + +from Crypto::KeyOperationNode op, string message +where op.getAKnownAlgorithm() instanceof WeakRSAAlgorithmNode and + message = "Weak RSA instance found with key length <2048" +select op, message diff --git a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql new file mode 100644 index 000000000000..3ab18c85e54e --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql @@ -0,0 +1,20 @@ +/** + * @name Weak symmetric ciphers + * @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak. + * @id java/quantum/slices/weak-ciphers + * @kind problem + * @problem.severity error + * @security.severity low + * @precision high + * @tags external/cwe/cwe-327 + */ + +import java +import experimental.quantum.Language + +from Crypto::KeyOperationAlgorithmNode alg, string name, string msg +where + name = alg.getAlgorithmName() and + name in ["DES", "TripleDES", "DoubleDES", "RC2", "RC4", "IDEA", "Blowfish"] and + msg = "Use of unapproved symmetric cipher algorithm or API: " + name + "." +select alg, msg \ No newline at end of file From f38ab45e94fc2ed969876f490afaa04909a9ad6b Mon Sep 17 00:00:00 2001 From: Mark C Date: Wed, 1 Oct 2025 17:49:45 +0100 Subject: [PATCH 02/66] removed all @security.severity ratings to keep the main impartial --- .../src/experimental/quantum/Analysis/InsecureNonceGeneration.ql | 1 - java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql | 1 - java/ql/src/experimental/quantum/Analysis/NonceReuse.ql | 1 - .../experimental/quantum/Analysis/UnknownKDFIterationCount.ql | 1 - java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql | 1 - java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql | 1 - java/ql/src/experimental/quantum/Analysis/WeakHashing.ql | 1 - .../src/experimental/quantum/Analysis/WeakKDFIterationCount.ql | 1 - java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql | 1 - java/ql/src/experimental/quantum/Analysis/WeakRSA.ql | 1 - .../ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql | 1 - 11 files changed, 11 deletions(-) diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql index 792287445f07..2514f6b384a4 100644 --- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql +++ b/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql @@ -5,7 +5,6 @@ * vulnerabilities such as replay attacks or key recovery. * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql index 65b00f94d739..659ae4d02866 100644 --- a/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql +++ b/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql @@ -4,7 +4,6 @@ * @description An AES cipher is in use without GCM * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql b/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql index 7f92123fe2e5..f185e48d6b2b 100644 --- a/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql +++ b/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql @@ -4,7 +4,6 @@ * @id java/quantum/reused-nonce * @kind problem * @problem.severity error - * @security.severity low * @precision medium * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql index 21bca11cc1af..db22bf4a3698 100644 --- a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql @@ -4,7 +4,6 @@ * @id java/quantum/unknown-kdf-iteration-count * @kind problem * @precision medium - * @severity warning * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql b/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql index 531b7e01d60b..9ae4ea9130e6 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql @@ -4,7 +4,6 @@ * @description An asymmetric cipher with a short key size is in use * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql index dec3296a38b2..3a2d97659153 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql @@ -4,7 +4,6 @@ * @description An AES cipher is in use with an insecure block mode * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql b/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql index 8a725ec6a5ee..74a3a19d472b 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql @@ -4,7 +4,6 @@ * @id java/quantum/slices/weak-hashes * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags external/cwe/cwe-327 */ diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql index c902b286b195..3fd84c9ecc41 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql @@ -4,7 +4,6 @@ * @id java/quantum/weak-kdf-iteration-count * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql index 0161fc1186d6..789d7952997a 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql @@ -4,7 +4,6 @@ * @id java/quantum/weak-kdf-iteration-count * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql b/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql index 3bc15529363d..5ed405fe3d95 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql @@ -4,7 +4,6 @@ * @description RSA with a key length <2048 found * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql index 3ab18c85e54e..8d938e7dd1b6 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql @@ -4,7 +4,6 @@ * @id java/quantum/slices/weak-ciphers * @kind problem * @problem.severity error - * @security.severity low * @precision high * @tags external/cwe/cwe-327 */ From cf88e3f52d1930c491d4fda1f2e527c650dd2df9 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 09:54:53 -0400 Subject: [PATCH 03/66] Crypto: Standardize naming where use of "family" and "type" have been used. Prefer 'type'. --- .../EllipticCurveAlgorithmInstance.qll | 2 +- .../HashAlgorithmInstance.qll | 2 +- java/ql/lib/experimental/quantum/JCA.qll | 10 +++++----- .../codeql/quantum/experimental/Model.qll | 18 ++++++++---------- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll index ef7186d07a0e..76746eceba4e 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll @@ -40,7 +40,7 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith result = this.(Call).getTarget().getName() } - override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() { + override Crypto::EllipticCurveType getEllipticCurveType() { if Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _, _) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll index 55b2dcd7af4c..0facc99519d7 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll @@ -72,7 +72,7 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } - override Crypto::THashType getHashFamily() { + override Crypto::THashType getHashType() { knownOpenSslConstantToHashFamilyType(this, result) or not knownOpenSslConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType() diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 8b27409410a3..a599823ff11b 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -426,7 +426,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = super.getPadding() } - override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } @@ -859,7 +859,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = super.getValue() } - override Crypto::THashType getHashFamily() { + override Crypto::THashType getHashType() { result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _) } @@ -1302,7 +1302,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } - override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } @@ -1770,7 +1770,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } - override Crypto::THashType getHashFamily() { result = hashType } + override Crypto::THashType getHashType() { result = hashType } override int getFixedDigestLength() { result = digestLength } } @@ -1905,7 +1905,7 @@ module JCAModel { override string getRawEllipticCurveName() { result = super.getValue() } - override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() { + override Crypto::EllipticCurveType getEllipticCurveType() { if Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), _, _) then diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 5ee0d1eb2982..43ffc0ffb69a 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -825,20 +825,20 @@ module CryptographyBase Input> { */ abstract string getRawEllipticCurveName(); - abstract TEllipticCurveFamilyType getEllipticCurveFamilyType(); + abstract TEllipticCurveType getEllipticCurveType(); abstract int getKeySize(); /** * The 'parsed' curve name, e.g., "P-256" or "secp256r1" - * The parsed name is full name of the curve, including the family, key size, and other + * The parsed name is full name of the curve, including the type, key size, and other * typical parameters found on the name. * * In many cases this will be equivalent to `getRawEllipticCurveAlgorithmName()`, * but not always (e.g., if the curve is specified through a raw NID). * * In cases like an NID, we want the standardized name so users can quickly - * understand what the curve is, while also parsing out the family and key size + * understand what the curve is, while also parsing out the type and key size * separately. */ string getParsedEllipticCurveName() { result = this.getRawEllipticCurveName() } @@ -854,7 +854,7 @@ module CryptographyBase Input> { /** * Gets the type of this digest algorithm, e.g., "SHA1", "SHA2", "MD5" etc. */ - abstract THashType getHashFamily(); + abstract THashType getHashType(); /** * Gets the isolated name as it appears in source, e.g., "SHA-256" in "SHA-256/PKCS7Padding". @@ -2293,13 +2293,13 @@ module CryptographyBase Input> { * * When modeling a new hashing algorithm, use this predicate to specify the type of the algorithm. */ - HashType getHashFamily() { result = instance.asAlg().getHashFamily() } + HashType getHashType() { result = instance.asAlg().getHashType() } - override string getAlgorithmName() { result = this.getHashFamily().toString() } + override string getAlgorithmName() { result = this.getHashType().toString() } int getDigestLength() { result = instance.asAlg().getFixedDigestLength() or - fixedImplicitDigestLength(instance.asAlg().getHashFamily(), result) + fixedImplicitDigestLength(instance.asAlg().getHashType(), result) } final override predicate properties(string key, string value, Location location) { @@ -2340,9 +2340,7 @@ module CryptographyBase Input> { override string getAlgorithmName() { result = this.getRawAlgorithmName() } - EllipticCurveFamilyType getEllipticCurveFamilyType() { - result = instance.asAlg().getEllipticCurveFamilyType() - } + EllipticCurveType getEllipticCurveType() { result = instance.asAlg().getEllipticCurveType() } override predicate properties(string key, string value, Location location) { super.properties(key, value, location) From 1b1b333e8b5175ee89b184fd2875049b101b46c5 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 10:21:06 -0400 Subject: [PATCH 04/66] Crypto: Modify suggested queries per misc. side conversations on standards. Remove redundant query. Fix QL-for-QL issues. --- .../quantum/Analysis/NonceReuse.ql | 17 ------------- .../quantum/Analysis/ReusedNonce.ql | 2 +- .../quantum/Analysis/WeakAsymmetric.ql | 6 ++--- .../quantum/Analysis/WeakBlockModes.ql | 14 ++++++----- .../quantum/Analysis/WeakHashing.ql | 25 +++++++++++++++---- .../quantum/Analysis/WeakKDFKeySize.ql | 4 +-- .../experimental/quantum/Analysis/WeakRSA.ql | 9 ++++--- .../quantum/Analysis/WeakSymmetricCiphers.ql | 23 ++++++++++++----- .../quantum/experimental/Standardization.qll | 6 ++--- 9 files changed, 59 insertions(+), 47 deletions(-) delete mode 100644 java/ql/src/experimental/quantum/Analysis/NonceReuse.ql diff --git a/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql b/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql deleted file mode 100644 index f185e48d6b2b..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/NonceReuse.ql +++ /dev/null @@ -1,17 +0,0 @@ -/** - * @name Reuse of cryptographic nonce - * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. - * @id java/quantum/reused-nonce - * @kind problem - * @problem.severity error - * @precision medium - * @tags quantum - * experimental - */ - -import java -import ArtifactReuse - -from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2 -where isArtifactReuse(nonce1, nonce2) -select nonce1, "Reuse with nonce $@", nonce2, nonce2.toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql b/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql index ed2872bb67e1..c90dbbf5746c 100644 --- a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql +++ b/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql @@ -4,7 +4,7 @@ * @id java/quantum/reused-nonce * @kind problem * @problem.severity error - * @precision medium + * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql b/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql index 9ae4ea9130e6..57a40bf76219 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql @@ -1,5 +1,5 @@ /** - * @name Weak Asymetric Key Size + * @name Weak Asymmetric Key Size * @id java/quantum/weak-asymmetric-key-size * @description An asymmetric cipher with a short key size is in use * @kind problem @@ -20,5 +20,5 @@ where // Can't be an elliptic curve not Crypto::isEllipticCurveAlgorithmName(algName) select op, - "Use of weak asymmetric key size (int bits)" + keySize.toString() + " for algorithm " + - algName.toString() + " at config source $@", configSrc, configSrc.toString() \ No newline at end of file + "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm " + + algName.toString() + " at config source $@", configSrc, configSrc.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql index 3a2d97659153..fee895071768 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql @@ -15,15 +15,17 @@ import experimental.quantum.Language class WeakAESBlockModeAlgNode extends Crypto::KeyOperationAlgorithmNode { WeakAESBlockModeAlgNode() { this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and - (this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::ECB() or - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CFB() or - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::OFB() or - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CTR() + ( + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::ECB() or + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CFB() or + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::OFB() or + this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CTR() ) } } from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode -where op.getAKnownAlgorithm() instanceof WeakAESBlockModeAlgNode and - codeNode = op.getAnOutputArtifact() +where + op.getAKnownAlgorithm() instanceof WeakAESBlockModeAlgNode and + codeNode = op.getAnOutputArtifact() select op, "Weak AES block mode instance." diff --git a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql b/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql index 74a3a19d472b..39bd8c6e4637 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql @@ -1,19 +1,34 @@ /** * @name Weak hashes * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak. - * @id java/quantum/slices/weak-hashes + * @id java/quantum/weak-hashes * @kind problem * @problem.severity error * @precision high * @tags external/cwe/cwe-327 + * quantum + * experimental */ import java import experimental.quantum.Language -from Crypto::HashAlgorithmNode alg, string name, string msg +from Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg where - name = alg.getAlgorithmName() and - not name in ["SHA256", "SHA384", "SHA512", "SHA-256", "SHA-384", "SHA-512"] and - msg = "Use of unapproved hash algorithm or API " + name + "." + htype = alg.getHashType() and + ( + htype != Crypto::SHA2() and + msg = "Use of unapproved hash algorithm or API " + htype.toString() + "." + or + htype = Crypto::SHA2() and + not exists(alg.getDigestLength()) and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." + or + htype = Crypto::SHA2() and + alg.getDigestLength() < 256 and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + + alg.getDigestLength() + ")." + ) select alg, msg diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql index 789d7952997a..1bae9ebef4f5 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql @@ -1,7 +1,7 @@ /** * @name Weak known key derivation function output length * @description Detects key derivation operations with a known weak output length - * @id java/quantum/weak-kdf-iteration-count + * @id java/quantum/weak-kdf-key-size * @kind problem * @problem.severity error * @precision high @@ -17,4 +17,4 @@ where op.getOutputKeySize().asElement() = l and l.getValue().toInt() < 256 select op, "Key derivation operation configures output key length below 256: $@", l, - l.getValue().toString() \ No newline at end of file + l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql b/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql index 5ed405fe3d95..f365b4d7e75a 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql @@ -11,14 +11,15 @@ import experimental.quantum.Language -class WeakRSAAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { - WeakRSAAlgorithmNode() { +class WeakRsaAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { + WeakRsaAlgorithmNode() { this.getAlgorithmType() = Crypto::KeyOpAlg::TAsymmetricCipher(Crypto::KeyOpAlg::RSA()) and this.getKeySizeFixed() < 2048 } } from Crypto::KeyOperationNode op, string message -where op.getAKnownAlgorithm() instanceof WeakRSAAlgorithmNode and - message = "Weak RSA instance found with key length <2048" +where + op.getAKnownAlgorithm() instanceof WeakRsaAlgorithmNode and + message = "Weak RSA instance found with key length <2048" select op, message diff --git a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql index 8d938e7dd1b6..00e59ebe4841 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql @@ -1,19 +1,30 @@ /** * @name Weak symmetric ciphers * @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak. - * @id java/quantum/slices/weak-ciphers + * @id java/quantum/weak-ciphers * @kind problem * @problem.severity error * @precision high * @tags external/cwe/cwe-327 + * quantum + * experimental */ import java import experimental.quantum.Language +import Crypto::KeyOpAlg as KeyOpAlg -from Crypto::KeyOperationAlgorithmNode alg, string name, string msg +from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType, string msg where - name = alg.getAlgorithmName() and - name in ["DES", "TripleDES", "DoubleDES", "RC2", "RC4", "IDEA", "Blowfish"] and - msg = "Use of unapproved symmetric cipher algorithm or API: " + name + "." -select alg, msg \ No newline at end of file + algType = alg.getAlgorithmType() and + ( + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DOUBLE_DES()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) + ) and + msg = "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." +select alg, msg diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index c713865f9aca..aac9e30c3b62 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -344,7 +344,7 @@ module Types { /** * Elliptic curve algorithms */ - newtype TEllipticCurveFamilyType = + newtype TEllipticCurveType = NIST() or SEC() or NUMS() or @@ -357,7 +357,7 @@ module Types { ES() or OtherEllipticCurveType() - class EllipticCurveFamilyType extends TEllipticCurveFamilyType { + class EllipticCurveType extends TEllipticCurveType { string toString() { this = NIST() and result = "NIST" or @@ -445,7 +445,7 @@ module Types { */ bindingset[rawName] predicate ellipticCurveNameToKnownKeySizeAndFamilyMapping( - string rawName, int keySize, TEllipticCurveFamilyType curveFamily + string rawName, int keySize, TEllipticCurveType curveFamily ) { exists(string curveName | curveName = rawName.toUpperCase() | isSecCurve(curveName, keySize) and curveFamily = SEC() From 143be8cc35a6acb985757811f6897cd196a41bf4 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 10:26:05 -0400 Subject: [PATCH 05/66] Crypto: Remove redundant queries. --- .../Analysis/InsecureNonceGeneration.ql | 22 ------------------- .../Analysis/KnownWeakKDFIterationCount.ql | 20 ----------------- 2 files changed, 42 deletions(-) delete mode 100644 java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql delete mode 100644 java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql deleted file mode 100644 index 2514f6b384a4..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql +++ /dev/null @@ -1,22 +0,0 @@ -/** - * @name Insecure nonce at a cipher operation - * @id java/quantum/insecure-nonce - * @description A nonce is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) { - src = n.getSourceNode() and - not src.asElement() instanceof SecureRandomnessInstance -} - -from Crypto::KeyOperationNode op, Crypto::NodeBase src -where isInsecureNonceSource(op.getANonce(), src) -select op, "Operation uses insecure nonce source $@", src, src.toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql deleted file mode 100644 index 2dd5b0b006be..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @name Weak known key derivation function iteration count - * @description Detects key derivation operations with a known weak iteration count. - * @id java/quantum/weak-kdf-iteration-count - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import java -import experimental.quantum.Language - -from Crypto::KeyDerivationOperationNode op, Literal l -where - op.getIterationCount().asElement() = l and - l.getValue().toInt() < 100000 -select op, "Key derivation operation configures iteration count below 100k: $@", l, - l.getValue().toString() From bd34b6ce027f5d9ee20e40a3ca98545d30a937d2 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 11:41:21 -0400 Subject: [PATCH 06/66] Crypto: Removing JCA model of random, need to reassess this as this impacts the insecure IV/Nonce query. Updated name of the Insecure nonce query to be InsecureIVorNonce --- java/ql/lib/experimental/quantum/JCA.qll | 15 ------------- .../Analysis/InsecureIVorNonceSource.ql | 19 ++++++++++++++++ .../quantum/Analysis/InsecureNonceSource.ql | 22 ------------------- 3 files changed, 19 insertions(+), 37 deletions(-) create mode 100644 java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql delete mode 100644 java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index a599823ff11b..03438d1ac222 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1095,21 +1095,6 @@ module JCAModel { } } - /** - * An instance of `java.security.SecureRandom.nextBytes(byte[])` call. - * This is already generally modeled for Java in CodeQL, but - * we model it again as part of the crypto API model to have a cohesive model. - */ - class JavaSecuritySecureRandom extends Crypto::RandomNumberGenerationInstance instanceof Call { - JavaSecuritySecureRandom() { - this.getCallee().hasQualifiedName("java.security", "SecureRandom", "nextBytes") - } - - override Crypto::DataFlowNode getOutputNode() { result.asExpr() = this.(Call).getArgument(0) } - - override string getGeneratorName() { result = this.(Call).getCallee().getName() } - } - class KeyGeneratorGenerateCall extends Crypto::KeyGenerationOperationInstance instanceof MethodCall { Crypto::KeyArtifactType type; diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql new file mode 100644 index 000000000000..94f4d09e212e --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql @@ -0,0 +1,19 @@ +/** + * @name Insecure nonce (static value or weak random source) + * @id java/quantum/insecure-iv-or-nonce + * @description A nonce is generated from a source that is not secure. This can lead to + * vulnerabilities such as replay attacks or key recovery. + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src +where + nonce.getSourceNode() = src and + not src.asElement() instanceof SecureRandomnessInstance +select nonce, "Nonce or IV uses insecure nonce source $@", src, src.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql deleted file mode 100644 index f00621d4d2b6..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql +++ /dev/null @@ -1,22 +0,0 @@ -/** - * @name Insecure nonce at a cipher operation - * @id java/quantum/insecure-nonce - * @description A nonce is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) { - src = n.getSourceNode() and - not src.asElement() instanceof SecureRandomnessInstance -} - -from Crypto::KeyOperationNode op, Crypto::NodeBase src -where isInsecureNonceSource(op.getANonce(), src) -select op, "Operation uses insecure nonce source $@", src, src.toString() From 83ff70bcd868cab2aa271343a3bdc5653ec1b6d4 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 12:47:58 -0400 Subject: [PATCH 07/66] Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals. --- java/ql/lib/experimental/quantum/Language.qll | 19 +- .../Analysis/InsecureIVorNonceSource.ql | 6 +- .../InsecureIVorNonceSource.expected | 7 + .../InsecureIVorNonceSource.java | 210 ++++++++++++++++++ .../InsecureIVorNonceSource.qlref | 4 + 5 files changed, 241 insertions(+), 5 deletions(-) create mode 100644 java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java create mode 100644 java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index e203d2a15873..7d7488244a9a 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -93,8 +93,9 @@ private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource { override string getAdditionalDescription() { result = this.toString() } } -private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal { - ConstantDataSource() { +private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceInstance instanceof Literal +{ + ConstantDataSourceLiteral() { // TODO: this is an API specific workaround for JCA, as 'EC' is a constant that may be used // where typical algorithms are specified, but EC specifically means set up a // default curve container, that will later be specified explicitly (or if not a default) @@ -112,6 +113,20 @@ private class ConstantDataSource extends Crypto::GenericConstantSourceInstance i override string getAdditionalDescription() { result = this.toString() } } +private class ConstantDataSourceArrayInitializer extends Crypto::GenericConstantSourceInstance instanceof ArrayInit +{ + ConstantDataSourceArrayInitializer() { exists(Literal l | this.getAnInit() = l) } + + override DataFlow::Node getOutputNode() { result.asExpr() = this } + + override predicate flowsTo(Crypto::FlowAwareElement other) { + // TODO: separate config to avoid blowing up data-flow analysis + GenericDataSourceFlow::flow(this.getOutputNode(), other.getInputNode()) + } + + override string getAdditionalDescription() { result = this.toString() } +} + /** * An instance of random number generation, modeled as the expression * tied to an output node (i.e., the result of the source of randomness) diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql index 94f4d09e212e..1e0dcadf10d6 100644 --- a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql @@ -1,7 +1,7 @@ /** - * @name Insecure nonce (static value or weak random source) + * @name Insecure nonce/iv (static value or weak random source) * @id java/quantum/insecure-iv-or-nonce - * @description A nonce is generated from a source that is not secure. This can lead to + * @description A nonce/iv is generated from a source that is not secure. This can lead to * vulnerabilities such as replay attacks or key recovery. * @kind problem * @problem.severity error @@ -16,4 +16,4 @@ from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src where nonce.getSourceNode() = src and not src.asElement() instanceof SecureRandomnessInstance -select nonce, "Nonce or IV uses insecure nonce source $@", src, src.toString() +select nonce, "Nonce or IV uses insecure or constant source $@", src, src.toString() diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected new file mode 100644 index 000000000000..7cf062f5c02a --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected @@ -0,0 +1,7 @@ +| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | +| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | +| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | +| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | +| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | +| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | +| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java new file mode 100644 index 000000000000..35f50842dc7c --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java @@ -0,0 +1,210 @@ +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.util.Random; + +import java.security.SecureRandom; +import java.util.Arrays; + +public class InsecureIVorNonceSource { + + // BAD: AES-GCM with static IV from a byte array + public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from zero-initialized byte array + public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; // $Source + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-initialization] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-CBC with static IV from 1-initialized byte array + public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; // $Source + for (byte i = 0; i < iv.length; i++) { + iv[i] = 1; + } + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a multidimensional byte array + public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws Exception { + byte[][] staticIvs = new byte[][] { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } + }; // $Source + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a multidimensional byte array + public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws Exception { + byte[][] staticIvs = new byte[][] { + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } + }; // $Source + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a zero-initialized multidimensional byte array + public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception { + byte[][] ivs = new byte[][] { + new byte[8], // $Source + new byte[16] // $Source + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-initialization] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIv(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + + SecureRandom random = SecureRandom.getInstanceStrong(); + random.nextBytes(iv); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvByteByByte(byte[] key, byte[] plaintext) throws Exception { + SecureRandom random = SecureRandom.getInstanceStrong(); + byte[] iv = new byte[16]; + for (int i = 0; i < iv.length; i++) { + iv[i] = (byte) random.nextInt(); + } + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvWithSystemArrayCopy(byte[] key, byte[] plaintext) throws Exception { + byte[] randomBytes = new byte[16]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + + byte[] iv = new byte[16]; + System.arraycopy(randomBytes, 0, iv, 0, 16); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvWithArraysCopy(byte[] key, byte[] plaintext) throws Exception { + byte[] randomBytes = new byte[16]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + + byte[] iv = new byte[16]; + iv = Arrays.copyOf(randomBytes, 16); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + public byte[] generate(int size) throws Exception { + if (size == 0) { + return new byte[0]; + } + byte[] randomBytes = new byte[size]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + return randomBytes; + } + + // GOOD: AES-CBC with a random IV + public byte[] encryptWithGeneratedIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = generate(16); + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + public byte[] generateInsecureRandomBytes(int numBytes) { + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); // $Source + return bytes; + } + + // BAD: AES-CBC with an insecure random IV + public byte[] encryptWithGeneratedIvByteArrayInsecure(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = generateInsecureRandomBytes(16); + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]] + cipher.update(plaintext); + return cipher.doFinal(); + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref new file mode 100644 index 000000000000..4ce79ecde8f6 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Analysis/InsecureIVorNonceSource.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file From 8e10e1937d5bc60ceee5739753ae1a6497b9bc13 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 12:49:54 -0400 Subject: [PATCH 08/66] Crypto: Adding query for unknown IV initialization. --- .../Analysis/UnknownIVorNonceInitialization.ql | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql b/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql new file mode 100644 index 000000000000..b2ef2ca4e566 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql @@ -0,0 +1,17 @@ +/** + * @name Unknown nonce/iv initialization + * @id java/quantum/unknown-iv-or-nonce-initialization + * @description A nonce/iv is generated from a source that is not secure. Failure to initialize + * an IV or nonce properly can lead to vulnerabilities such as replay attacks or key recovery. + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +from Crypto::NonceArtifactNode nonce +where exists(nonce.getSourceNode()) +select nonce, "Unknown (unobserved) IV/Nonce initialization." From 75b5a9fda8d7a535238c0b84709204ac5791f23e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 12:55:11 -0400 Subject: [PATCH 09/66] Crypto: Update general regression test results to account for removal of JCA random source. --- .../library-tests/quantum/node_edges.expected | 61 ++----------------- .../quantum/node_properties.expected | 46 ++------------ .../library-tests/quantum/nodes.expected | 46 ++------------ 3 files changed, 13 insertions(+), 140 deletions(-) diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 94e4d2bf0561..064f1203d6ca 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -29,7 +29,6 @@ | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | @@ -38,7 +37,6 @@ | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | @@ -47,7 +45,6 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | -| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | @@ -56,7 +53,6 @@ | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | @@ -65,7 +61,6 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | -| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | @@ -112,7 +107,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | @@ -142,7 +136,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | @@ -187,7 +180,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | -| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:24:44:24:52 | Message | @@ -208,7 +200,6 @@ | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | -| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | @@ -233,7 +224,6 @@ | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | Source | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | -| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | @@ -244,7 +234,6 @@ | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | Source | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | -| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:100:55:100:69 | Message | @@ -255,7 +244,6 @@ | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | Source | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | -| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:105:61:105:75 | Message | @@ -266,7 +254,6 @@ | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | Source | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | -| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:52:110:75 | Message | @@ -293,7 +280,6 @@ | jca/Digest.java:75:23:75:62 | HashOperation | Digest | jca/Digest.java:75:23:75:62 | Digest | | jca/Digest.java:75:23:75:62 | HashOperation | Message | jca/Digest.java:75:43:75:61 | Message | | jca/Digest.java:75:43:75:61 | Message | Source | jca/Digest.java:73:49:73:63 | Parameter | -| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:87:23:87:56 | Digest | Source | jca/Digest.java:87:23:87:56 | Digest | | jca/Digest.java:87:23:87:56 | HashOperation | Algorithm | jca/Digest.java:85:58:85:66 | HashAlgorithm | @@ -302,7 +288,6 @@ | jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:87:37:87:55 | Message | | jca/Digest.java:87:37:87:55 | Message | Source | jca/Digest.java:83:37:83:51 | Parameter | | jca/Digest.java:97:42:97:63 | Message | Source | jca/Digest.java:95:37:95:51 | Parameter | -| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:98:65:98:86 | HMACAlgorithm | H | jca/Digest.java:98:65:98:86 | HashAlgorithm | | jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:98:65:98:86 | HMACAlgorithm | @@ -336,7 +321,6 @@ | jca/Digest.java:142:32:142:74 | EncryptOperation | Output | jca/Digest.java:142:32:142:74 | KeyOperationOutput | | jca/Digest.java:142:47:142:73 | Message | Source | jca/Digest.java:142:47:142:62 | Constant | | jca/Digest.java:176:42:176:71 | Message | Source | jca/Digest.java:171:50:171:62 | Parameter | -| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:177:65:177:86 | HMACAlgorithm | H | jca/Digest.java:177:65:177:86 | HashAlgorithm | | jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:177:65:177:86 | HMACAlgorithm | @@ -481,7 +465,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | | jca/EllipticCurve2.java:223:42:223:47 | Key | Source | jca/EllipticCurve2.java:223:42:223:47 | Key | -| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | | jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Input | jca/EllipticCurve2.java:224:44:224:52 | Message | @@ -494,7 +477,6 @@ | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | | jca/Encryption1.java:67:42:67:44 | Key | Source | jca/Encryption1.java:62:25:62:44 | Key | -| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | | jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | Algorithm | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | Input | jca/Encryption1.java:68:47:68:73 | Message | @@ -564,7 +546,6 @@ | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | | jca/Encryption1.java:175:45:175:50 | Key | Source | jca/Encryption1.java:163:28:163:47 | Key | -| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | | jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Algorithm | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Input | jca/Encryption1.java:176:50:176:64 | Message | @@ -591,7 +572,6 @@ | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | | jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:109:45:109:50 | Key | -| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | | jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Algorithm | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Input | jca/Encryption2.java:110:50:110:64 | Message | @@ -602,7 +582,6 @@ | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | | jca/Encryption2.java:149:45:149:50 | Key | Source | jca/Encryption2.java:149:45:149:50 | Key | -| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | | jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Algorithm | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Input | jca/Encryption2.java:150:50:150:97 | Message | @@ -656,6 +635,7 @@ | jca/Hash.java:174:23:174:52 | HashOperation | Message | jca/Hash.java:174:37:174:51 | Message | | jca/Hash.java:174:37:174:51 | Message | Source | jca/Hash.java:172:43:172:53 | Parameter | | jca/Hash.java:195:27:195:57 | Digest | Source | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:31:192:48 | Constant | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:32:191:38 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:41:191:49 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:52:191:60 | HashAlgorithm | @@ -682,6 +662,7 @@ | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | | jca/Hash.java:216:22:216:30 | Key | Source | jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:31:212:116 | Constant | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | @@ -696,7 +677,6 @@ | jca/Hash.java:217:27:217:55 | MACOperation | Output | jca/Hash.java:217:27:217:55 | KeyOperationOutput | | jca/Hash.java:217:39:217:54 | Message | Source | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:235:42:235:63 | Message | Source | jca/Hash.java:232:40:232:54 | Parameter | -| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:9:310:42 | RandomNumberGeneration | | jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/Hash.java:236:65:236:86 | HMACAlgorithm | H | jca/Hash.java:236:65:236:86 | HashAlgorithm | | jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:236:65:236:86 | HMACAlgorithm | @@ -712,6 +692,7 @@ | jca/Hash.java:252:37:252:69 | Message | Source | jca/Hash.java:252:37:252:58 | Constant | | jca/Hash.java:270:27:270:30 | Message | Source | jca/Hash.java:269:27:269:38 | Constant | | jca/Hash.java:271:40:271:54 | Digest | Source | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:31:266:76 | Constant | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:32:266:40 | HashAlgorithm | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:43:266:51 | HashAlgorithm | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:54:266:63 | HashAlgorithm | @@ -721,7 +702,6 @@ | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | | jca/IVArtifact.java:31:42:31:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Algorithm | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Input | jca/IVArtifact.java:32:44:32:72 | Message | @@ -730,7 +710,6 @@ | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Output | jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | | jca/IVArtifact.java:32:44:32:72 | Message | Source | jca/IVArtifact.java:32:44:32:61 | Constant | | jca/IVArtifact.java:38:42:38:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | LocalData | @@ -758,7 +737,6 @@ | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | | jca/IVArtifact.java:134:42:134:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | | jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:116:31:116:34 | Constant | -| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | | jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | | jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Input | jca/IVArtifact.java:135:31:135:39 | Message | @@ -784,7 +762,6 @@ | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | | jca/IVArtifact.java:182:46:182:48 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | -| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | | jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | | jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | | jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Input | jca/IVArtifact.java:183:45:183:57 | Message | @@ -834,7 +811,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | @@ -860,7 +836,6 @@ | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | @@ -879,7 +854,6 @@ | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | | jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | @@ -890,7 +864,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | -| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | @@ -927,13 +900,12 @@ | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | LocalData | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Output | jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Output | jca/KeyArtifact.java:73:16:73:43 | Key | | jca/KeyDerivation1.java:80:42:80:63 | Message | Source | jca/KeyDerivation1.java:78:39:78:53 | Parameter | -| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | | jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | @@ -942,7 +914,6 @@ | jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Output | jca/KeyDerivation1.java:82:22:82:49 | Key | | jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:80:66:80:69 | Salt | | jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:36:92:50 | Parameter | -| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | @@ -951,7 +922,6 @@ | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Output | jca/KeyDerivation1.java:96:22:96:49 | Key | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:94:66:94:69 | Salt | | jca/KeyDerivation1.java:108:42:108:63 | Message | Source | jca/KeyDerivation1.java:106:37:106:51 | Parameter | -| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | | jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | @@ -960,7 +930,6 @@ | jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Output | jca/KeyDerivation1.java:110:22:110:49 | Key | | jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:108:66:108:69 | Salt | | jca/KeyDerivation1.java:122:42:122:63 | Message | Source | jca/KeyDerivation1.java:120:32:120:46 | Parameter | -| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | | jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | @@ -969,7 +938,6 @@ | jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Output | jca/KeyDerivation1.java:124:22:124:49 | Key | | jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:122:66:122:69 | Salt | | jca/KeyDerivation1.java:136:42:136:63 | Message | Source | jca/KeyDerivation1.java:134:34:134:48 | Parameter | -| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | | jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | @@ -978,14 +946,12 @@ | jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Output | jca/KeyDerivation1.java:138:22:138:49 | Key | | jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:136:66:136:69 | Salt | | jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:154:28:154:42 | Parameter | -| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:72 | Constant | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Input | jca/KeyDerivation1.java:157:42:157:63 | Message | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Output | jca/KeyDerivation1.java:159:22:159:49 | Key | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:157:66:157:69 | Salt | | jca/KeyDerivation1.java:172:42:172:63 | Message | Source | jca/KeyDerivation1.java:169:30:169:44 | Parameter | -| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:173:65:173:72 | Constant | | jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Input | jca/KeyDerivation1.java:172:42:172:63 | Message | @@ -1008,7 +974,6 @@ | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | | jca/KeyDerivation1.java:314:42:314:63 | Message | Source | jca/KeyDerivation1.java:302:37:302:51 | Parameter | -| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | LocalData | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | @@ -1016,7 +981,6 @@ | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Output | jca/KeyDerivation1.java:316:26:316:53 | Key | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:314:66:314:69 | Salt | | jca/KeyDerivation1.java:333:42:333:63 | Message | Source | jca/KeyDerivation1.java:283:43:283:57 | Parameter | -| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | @@ -1062,7 +1026,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | | jca/KeyEncapsulation.java:77:45:77:50 | Key | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | -| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:78:47:78:79 | Message | @@ -1094,7 +1057,6 @@ | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | | jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:136:45:136:50 | Key | -| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:137:47:137:72 | Message | @@ -1245,7 +1207,6 @@ | jca/MACOperation.java:138:32:138:74 | EncryptOperation | Output | jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | | jca/MACOperation.java:138:47:138:73 | Message | Source | jca/MACOperation.java:138:47:138:62 | Constant | | jca/MACOperation.java:170:42:170:68 | Message | Source | jca/MACOperation.java:166:47:166:62 | Parameter | -| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | | jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | H | jca/MACOperation.java:171:65:171:86 | HashAlgorithm | | jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | @@ -1319,7 +1280,6 @@ | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:61:44:61:62 | ModeOfOperation | | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | | jca/Nonce.java:62:42:62:44 | Key | Source | jca/Nonce.java:58:37:58:49 | Parameter | -| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | | jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Algorithm | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Input | jca/Nonce.java:63:44:63:52 | Message | @@ -1369,7 +1329,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:97:44:97:52 | Message | @@ -1540,7 +1499,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:56:44:56:52 | Message | @@ -1561,7 +1519,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:99:44:99:52 | Message | @@ -1590,7 +1547,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | Source | jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | -| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:151:44:151:52 | Message | @@ -1601,7 +1557,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | Source | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | -| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | @@ -1612,7 +1567,6 @@ | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:195:44:195:52 | Message | @@ -1632,7 +1586,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | -| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | @@ -1641,7 +1594,6 @@ | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | Source | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | | jca/SymmetricAlgorithm.java:287:42:287:66 | Message | Source | jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | -| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | | jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | @@ -1652,7 +1604,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | Source | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | -| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | @@ -1689,7 +1640,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | | jca/SymmetricModesTest.java:83:42:83:44 | Key | Source | jca/SymmetricModesTest.java:78:43:78:55 | Parameter | -| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:84:44:84:52 | Message | @@ -1715,7 +1665,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | | jca/UniversalFlowTest.java:33:42:33:44 | Key | Source | jca/UniversalFlowTest.java:27:25:27:44 | Key | -| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Input | jca/UniversalFlowTest.java:34:47:34:73 | Message | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index ea071871fd94..506be879d630 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -31,7 +31,6 @@ | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:109:27:109:54 | jca/AesWrapAndPBEWith.java:109:27:109:54 | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | -| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:122:9:122:42 | jca/AesWrapAndPBEWith.java:122:9:122:42 | | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:122:38:122:41 | jca/AesWrapAndPBEWith.java:122:38:122:41 | | jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | | jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | @@ -45,7 +44,6 @@ | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:125:27:125:54 | jca/AesWrapAndPBEWith.java:125:27:125:54 | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | -| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:140:9:140:42 | jca/AesWrapAndPBEWith.java:140:9:140:42 | | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:140:38:140:41 | jca/AesWrapAndPBEWith.java:140:38:140:41 | | jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | | jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | @@ -61,11 +59,9 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | -| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:148:9:148:40 | jca/AesWrapAndPBEWith.java:148:9:148:40 | | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:148:38:148:39 | jca/AesWrapAndPBEWith.java:148:38:148:39 | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:150:42:150:47 | jca/AesWrapAndPBEWith.java:150:42:150:47 | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:151:29:151:64 | jca/AesWrapAndPBEWith.java:151:29:151:64 | -| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:167:9:167:42 | jca/AesWrapAndPBEWith.java:167:9:167:42 | | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:167:38:167:41 | jca/AesWrapAndPBEWith.java:167:38:167:41 | | jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | | jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | @@ -81,7 +77,6 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | -| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:175:9:175:40 | jca/AesWrapAndPBEWith.java:175:9:175:40 | | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:175:38:175:39 | jca/AesWrapAndPBEWith.java:175:38:175:39 | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:177:42:177:47 | jca/AesWrapAndPBEWith.java:177:42:177:47 | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:178:29:178:64 | jca/AesWrapAndPBEWith.java:178:29:178:64 | @@ -122,7 +117,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | @@ -152,7 +146,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | @@ -196,7 +189,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | -| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:21:9:21:40 | jca/ChainedEncryptionTest.java:21:9:21:40 | | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:21:38:21:39 | jca/ChainedEncryptionTest.java:21:38:21:39 | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:23:42:23:44 | jca/ChainedEncryptionTest.java:23:42:23:44 | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:24:29:24:53 | jca/ChainedEncryptionTest.java:24:29:24:53 | @@ -211,7 +203,6 @@ | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:35:16:35:41 | jca/ChainedEncryptionTest.java:35:16:35:41 | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | -| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:42:9:42:43 | jca/ChainedEncryptionTest.java:42:9:42:43 | | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:42:38:42:42 | jca/ChainedEncryptionTest.java:42:38:42:42 | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:43:42:43:44 | jca/ChainedEncryptionTest.java:43:42:43:44 | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:44:29:44:53 | jca/ChainedEncryptionTest.java:44:29:44:53 | @@ -233,7 +224,6 @@ | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | | jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:85:30:85:52 | jca/ChainedEncryptionTest.java:85:30:85:52 | -| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:89:9:89:43 | jca/ChainedEncryptionTest.java:89:9:89:43 | | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:89:38:89:42 | jca/ChainedEncryptionTest.java:89:38:89:42 | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | @@ -244,7 +234,6 @@ | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:92:45:92:52 | jca/ChainedEncryptionTest.java:92:45:92:52 | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:93:34:93:62 | jca/ChainedEncryptionTest.java:93:34:93:62 | -| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:97:9:97:49 | jca/ChainedEncryptionTest.java:97:9:97:49 | | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:97:38:97:48 | jca/ChainedEncryptionTest.java:97:38:97:48 | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | @@ -369,7 +358,6 @@ | jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | | jca/Digest.java:240:21:240:23 | Constant | Description | 256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | | jca/Digest.java:241:16:241:35 | Key | KeyType | Symmetric | jca/Digest.java:241:16:241:35 | jca/Digest.java:241:16:241:35 | -| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:253:9:253:42 | jca/Digest.java:253:9:253:42 | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:253:38:253:41 | jca/Digest.java:253:38:253:41 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | @@ -465,7 +453,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | -| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:221:9:221:40 | jca/EllipticCurve2.java:221:9:221:40 | | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:221:38:221:39 | jca/EllipticCurve2.java:221:38:221:39 | | jca/EllipticCurve2.java:223:42:223:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:42:223:47 | jca/EllipticCurve2.java:223:42:223:47 | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:224:29:224:53 | jca/EllipticCurve2.java:224:29:224:53 | @@ -484,7 +471,6 @@ | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | -| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:65:9:65:40 | jca/Encryption1.java:65:9:65:40 | | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:65:38:65:39 | jca/Encryption1.java:65:38:65:39 | | jca/Encryption1.java:67:42:67:44 | Key | KeyType | Unknown | jca/Encryption1.java:67:42:67:44 | jca/Encryption1.java:67:42:67:44 | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:68:32:68:74 | jca/Encryption1.java:68:32:68:74 | @@ -575,7 +561,6 @@ | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | -| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:173:9:173:40 | jca/Encryption1.java:173:9:173:40 | | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | | jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | @@ -600,7 +585,6 @@ | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | -| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:107:9:107:40 | jca/Encryption2.java:107:9:107:40 | | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:107:38:107:39 | jca/Encryption2.java:107:38:107:39 | | jca/Encryption2.java:109:45:109:50 | Key | KeyType | Unknown | jca/Encryption2.java:109:45:109:50 | jca/Encryption2.java:109:45:109:50 | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:110:32:110:65 | jca/Encryption2.java:110:32:110:65 | @@ -613,7 +597,6 @@ | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | -| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:147:9:147:40 | jca/Encryption2.java:147:9:147:40 | | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:147:38:147:39 | jca/Encryption2.java:147:38:147:39 | | jca/Encryption2.java:149:45:149:50 | Key | KeyType | Unknown | jca/Encryption2.java:149:45:149:50 | jca/Encryption2.java:149:45:149:50 | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:150:32:150:98 | jca/Encryption2.java:150:32:150:98 | @@ -654,6 +637,7 @@ | jca/Hash.java:173:58:173:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | | jca/Hash.java:173:58:173:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | | jca/Hash.java:190:43:190:54 | Parameter | Description | input | jca/Hash.java:190:43:190:54 | jca/Hash.java:190:43:190:54 | +| jca/Hash.java:191:31:192:48 | Constant | Description | {...} | jca/Hash.java:191:31:192:48 | jca/Hash.java:191:31:192:48 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | Name | SHA1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | @@ -683,6 +667,7 @@ | jca/Hash.java:192:43:192:47 | HashAlgorithm | RawName | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:211:43:211:54 | Parameter | Description | input | jca/Hash.java:211:43:211:54 | jca/Hash.java:211:43:211:54 | | jca/Hash.java:211:57:211:66 | Parameter | Description | key | jca/Hash.java:211:57:211:66 | jca/Hash.java:211:57:211:66 | +| jca/Hash.java:212:31:212:116 | Constant | Description | {...} | jca/Hash.java:212:31:212:116 | jca/Hash.java:212:31:212:116 | | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | @@ -711,6 +696,7 @@ | jca/Hash.java:237:23:237:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | | jca/Hash.java:237:23:237:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | | jca/Hash.java:252:37:252:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:252:37:252:58 | jca/Hash.java:252:37:252:58 | +| jca/Hash.java:266:31:266:76 | Constant | Description | {...} | jca/Hash.java:266:31:266:76 | jca/Hash.java:266:31:266:76 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | @@ -728,7 +714,6 @@ | jca/Hash.java:294:57:294:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | -| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:310:9:310:42 | jca/Hash.java:310:9:310:42 | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:310:38:310:41 | jca/Hash.java:310:38:310:41 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | @@ -757,7 +742,6 @@ | jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | | jca/IVArtifact.java:75:21:75:23 | Constant | Description | 256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | | jca/IVArtifact.java:76:16:76:35 | Key | KeyType | Symmetric | jca/IVArtifact.java:76:16:76:35 | jca/IVArtifact.java:76:16:76:35 | -| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:81:9:81:40 | jca/IVArtifact.java:81:9:81:40 | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:81:38:81:39 | jca/IVArtifact.java:81:38:81:39 | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | Description | java.util.Random | jca/IVArtifact.java:87:32:87:33 | jca/IVArtifact.java:87:32:87:33 | | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | @@ -770,7 +754,6 @@ | jca/IVArtifact.java:108:42:108:44 | Key | KeyType | Unknown | jca/IVArtifact.java:108:42:108:44 | jca/IVArtifact.java:108:42:108:44 | | jca/IVArtifact.java:109:16:109:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:109:16:109:40 | jca/IVArtifact.java:109:16:109:40 | | jca/IVArtifact.java:116:31:116:34 | Constant | Description | null | jca/IVArtifact.java:116:31:116:34 | jca/IVArtifact.java:116:31:116:34 | -| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:130:13:130:50 | jca/IVArtifact.java:130:13:130:50 | | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:130:42:130:49 | jca/IVArtifact.java:130:42:130:49 | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | @@ -794,7 +777,6 @@ | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | | jca/IVArtifact.java:158:42:158:44 | Key | KeyType | Unknown | jca/IVArtifact.java:158:42:158:44 | jca/IVArtifact.java:158:42:158:44 | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:159:16:159:40 | jca/IVArtifact.java:159:16:159:40 | -| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:177:9:177:40 | jca/IVArtifact.java:177:9:177:40 | | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:177:38:177:39 | jca/IVArtifact.java:177:38:177:39 | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | @@ -851,7 +833,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | -| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | @@ -873,7 +854,6 @@ | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | -| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | @@ -905,7 +885,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | -| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | @@ -919,7 +898,6 @@ | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | -| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | @@ -954,10 +932,10 @@ | jca/KeyArtifact.java:66:32:66:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:66:32:66:51 | jca/KeyArtifact.java:66:32:66:51 | | jca/KeyArtifact.java:72:31:72:34 | Constant | Description | 2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:73:16:73:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:73:16:73:43 | jca/KeyArtifact.java:73:16:73:43 | +| jca/KeyArtifact.java:78:31:78:54 | Constant | Description | {...} | jca/KeyArtifact.java:78:31:78:54 | jca/KeyArtifact.java:78:31:78:54 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | -| jca/KeyArtifact.java:78:45:78:53 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | Description | password | jca/KeyDerivation1.java:78:39:78:53 | jca/KeyDerivation1.java:78:39:78:53 | | jca/KeyDerivation1.java:80:72:80:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | | jca/KeyDerivation1.java:80:79:80:81 | Constant | Description | 256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | @@ -1087,7 +1065,6 @@ | jca/KeyDerivation1.java:352:19:352:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:352:19:352:54 | jca/KeyDerivation1.java:352:19:352:54 | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:353:22:353:62 | jca/KeyDerivation1.java:353:22:353:62 | | jca/KeyDerivation1.java:353:35:353:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:353:35:353:50 | jca/KeyDerivation1.java:353:35:353:50 | -| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:365:9:365:42 | jca/KeyDerivation1.java:365:9:365:42 | | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:365:38:365:41 | jca/KeyDerivation1.java:365:38:365:41 | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | @@ -1113,7 +1090,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | -| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:75:9:75:40 | jca/KeyEncapsulation.java:75:9:75:40 | | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:75:38:75:39 | jca/KeyEncapsulation.java:75:38:75:39 | | jca/KeyEncapsulation.java:77:45:77:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:77:45:77:50 | jca/KeyEncapsulation.java:77:45:77:50 | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:78:29:78:80 | jca/KeyEncapsulation.java:78:29:78:80 | @@ -1147,7 +1123,6 @@ | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | -| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:135:9:135:40 | jca/KeyEncapsulation.java:135:9:135:40 | | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:135:38:135:39 | jca/KeyEncapsulation.java:135:38:135:39 | | jca/KeyEncapsulation.java:136:45:136:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:136:45:136:50 | jca/KeyEncapsulation.java:136:45:136:50 | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:137:29:137:73 | jca/KeyEncapsulation.java:137:29:137:73 | @@ -1302,7 +1277,6 @@ | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | | jca/MACOperation.java:233:21:233:23 | Constant | Description | 256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | | jca/MACOperation.java:234:16:234:35 | Key | KeyType | Symmetric | jca/MACOperation.java:234:16:234:35 | jca/MACOperation.java:234:16:234:35 | -| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:246:9:246:42 | jca/MACOperation.java:246:9:246:42 | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:246:38:246:41 | jca/MACOperation.java:246:38:246:41 | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | @@ -1343,7 +1317,6 @@ | jca/Nonce.java:80:40:80:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:80:40:80:55 | jca/Nonce.java:80:40:80:55 | | jca/Nonce.java:92:56:92:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:92:56:92:67 | jca/Nonce.java:92:56:92:67 | | jca/Nonce.java:93:16:93:35 | Key | KeyType | Symmetric | jca/Nonce.java:93:16:93:35 | jca/Nonce.java:93:16:93:35 | -| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:98:9:98:43 | jca/Nonce.java:98:9:98:43 | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:98:38:98:42 | jca/Nonce.java:98:38:98:42 | | jca/Nonce.java:112:16:112:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:112:16:112:33 | jca/Nonce.java:112:16:112:33 | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | @@ -1384,7 +1357,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | -| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:94:9:94:28 | jca/SignEncryptCombinations.java:94:9:94:28 | | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:94:26:94:27 | jca/SignEncryptCombinations.java:94:26:94:27 | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:96:42:96:44 | jca/SignEncryptCombinations.java:96:42:96:44 | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:97:29:97:53 | jca/SignEncryptCombinations.java:97:29:97:53 | @@ -1506,7 +1478,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | -| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:53:9:53:40 | jca/SymmetricAlgorithm.java:53:9:53:40 | | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:53:38:53:39 | jca/SymmetricAlgorithm.java:53:38:53:39 | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:55:42:55:44 | jca/SymmetricAlgorithm.java:55:42:55:44 | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:56:29:56:53 | jca/SymmetricAlgorithm.java:56:29:56:53 | @@ -1528,7 +1499,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | -| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:96:9:96:40 | jca/SymmetricAlgorithm.java:96:9:96:40 | | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:96:38:96:39 | jca/SymmetricAlgorithm.java:96:38:96:39 | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:98:42:98:44 | jca/SymmetricAlgorithm.java:98:42:98:44 | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:99:29:99:53 | jca/SymmetricAlgorithm.java:99:29:99:53 | @@ -1556,7 +1526,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | -| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:148:9:148:40 | jca/SymmetricAlgorithm.java:148:9:148:40 | | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:148:38:148:39 | jca/SymmetricAlgorithm.java:148:38:148:39 | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:150:42:150:44 | jca/SymmetricAlgorithm.java:150:42:150:44 | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:151:29:151:53 | jca/SymmetricAlgorithm.java:151:29:151:53 | @@ -1568,7 +1537,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | -| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:170:9:170:40 | jca/SymmetricAlgorithm.java:170:9:170:40 | | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:170:38:170:39 | jca/SymmetricAlgorithm.java:170:38:170:39 | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:172:42:172:44 | jca/SymmetricAlgorithm.java:172:42:172:44 | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:173:29:173:53 | jca/SymmetricAlgorithm.java:173:29:173:53 | @@ -1576,7 +1544,6 @@ | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | -| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:192:9:192:43 | jca/SymmetricAlgorithm.java:192:9:192:43 | | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:192:38:192:42 | jca/SymmetricAlgorithm.java:192:38:192:42 | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:194:42:194:44 | jca/SymmetricAlgorithm.java:194:42:194:44 | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:195:29:195:53 | jca/SymmetricAlgorithm.java:195:29:195:53 | @@ -1592,7 +1559,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | -| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:220:9:220:40 | jca/SymmetricAlgorithm.java:220:9:220:40 | | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:220:38:220:39 | jca/SymmetricAlgorithm.java:220:38:220:39 | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:222:42:222:51 | jca/SymmetricAlgorithm.java:222:42:222:51 | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:223:29:223:53 | jca/SymmetricAlgorithm.java:223:29:223:53 | @@ -1619,7 +1585,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | -| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:297:9:297:40 | jca/SymmetricAlgorithm.java:297:9:297:40 | | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:297:38:297:39 | jca/SymmetricAlgorithm.java:297:38:297:39 | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:298:42:298:47 | jca/SymmetricAlgorithm.java:298:42:298:47 | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:299:29:299:53 | jca/SymmetricAlgorithm.java:299:29:299:53 | @@ -1633,7 +1598,6 @@ | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | | jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:333:16:333:31 | jca/SymmetricAlgorithm.java:333:16:333:31 | -| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:345:9:345:42 | jca/SymmetricAlgorithm.java:345:9:345:42 | | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:345:38:345:41 | jca/SymmetricAlgorithm.java:345:38:345:41 | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | @@ -1660,7 +1624,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | -| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:81:9:81:40 | jca/SymmetricModesTest.java:81:9:81:40 | | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:81:38:81:39 | jca/SymmetricModesTest.java:81:38:81:39 | | jca/SymmetricModesTest.java:83:42:83:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:83:42:83:44 | jca/SymmetricModesTest.java:83:42:83:44 | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:84:29:84:53 | jca/SymmetricModesTest.java:84:29:84:53 | @@ -1693,7 +1656,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | -| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:31:9:31:40 | jca/UniversalFlowTest.java:31:9:31:40 | | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:31:38:31:39 | jca/UniversalFlowTest.java:31:38:31:39 | | jca/UniversalFlowTest.java:33:42:33:44 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:33:42:33:44 | jca/UniversalFlowTest.java:33:42:33:44 | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:34:32:34:74 | jca/UniversalFlowTest.java:34:32:34:74 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 39816c682343..5e4c033707ad 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -27,7 +27,6 @@ | jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | @@ -38,7 +37,6 @@ | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | @@ -50,14 +48,12 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | -| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | @@ -69,7 +65,6 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | @@ -109,7 +104,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | @@ -135,7 +129,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | @@ -172,7 +165,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | @@ -188,7 +180,6 @@ | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | @@ -210,7 +201,6 @@ | jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | | jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | -| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | @@ -220,7 +210,6 @@ | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | -| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | @@ -337,7 +326,6 @@ | jca/Digest.java:240:21:240:23 | Constant | | jca/Digest.java:241:16:241:35 | Key | | jca/Digest.java:241:16:241:35 | KeyGeneration | -| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | | jca/EllipticCurve1.java:47:16:47:36 | Key | @@ -422,7 +410,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | -| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | | jca/EllipticCurve2.java:223:42:223:47 | Key | | jca/EllipticCurve2.java:223:50:223:53 | Nonce | @@ -438,7 +425,6 @@ | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | -| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | | jca/Encryption1.java:67:42:67:44 | Key | | jca/Encryption1.java:67:47:67:53 | Nonce | @@ -508,7 +494,6 @@ | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | -| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | | jca/Encryption1.java:175:45:175:50 | Key | | jca/Encryption1.java:175:53:175:59 | Nonce | @@ -532,7 +517,6 @@ | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | -| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:109:45:109:50 | Key | | jca/Encryption2.java:109:53:109:59 | Nonce | @@ -544,7 +528,6 @@ | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | -| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | | jca/Encryption2.java:149:45:149:50 | Key | | jca/Encryption2.java:149:53:149:59 | Nonce | @@ -590,6 +573,7 @@ | jca/Hash.java:174:23:174:52 | HashOperation | | jca/Hash.java:174:37:174:51 | Message | | jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:191:31:192:48 | Constant | | jca/Hash.java:191:32:191:38 | HashAlgorithm | | jca/Hash.java:191:41:191:49 | HashAlgorithm | | jca/Hash.java:191:52:191:60 | HashAlgorithm | @@ -605,6 +589,7 @@ | jca/Hash.java:195:41:195:56 | Message | | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:212:31:212:116 | Constant | | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | @@ -629,6 +614,7 @@ | jca/Hash.java:252:23:252:70 | HashOperation | | jca/Hash.java:252:37:252:58 | Constant | | jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:266:31:266:76 | Constant | | jca/Hash.java:266:32:266:40 | HashAlgorithm | | jca/Hash.java:266:43:266:51 | HashAlgorithm | | jca/Hash.java:266:54:266:63 | HashAlgorithm | @@ -639,7 +625,6 @@ | jca/Hash.java:271:40:271:54 | HashOperation | | jca/Hash.java:294:16:294:66 | LocalData | | jca/Hash.java:294:57:294:65 | HashAlgorithm | -| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | @@ -664,7 +649,6 @@ | jca/IVArtifact.java:75:21:75:23 | Constant | | jca/IVArtifact.java:76:16:76:35 | Key | | jca/IVArtifact.java:76:16:76:35 | KeyGeneration | -| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | @@ -676,7 +660,6 @@ | jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | | jca/IVArtifact.java:109:31:109:39 | Message | | jca/IVArtifact.java:116:31:116:34 | Constant | -| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | @@ -699,7 +682,6 @@ | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | | jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | | jca/IVArtifact.java:159:31:159:39 | Message | -| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | @@ -748,7 +730,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | @@ -770,7 +751,6 @@ | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | @@ -799,7 +779,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | @@ -815,7 +794,6 @@ | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | -| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | | jca/KeyArtifact.java:19:21:19:23 | Constant | @@ -844,8 +822,8 @@ | jca/KeyArtifact.java:72:31:72:34 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | +| jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:78:45:78:53 | Constant | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | | jca/KeyDerivation1.java:80:42:80:63 | Message | | jca/KeyDerivation1.java:80:66:80:69 | Salt | @@ -958,7 +936,6 @@ | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | | jca/KeyDerivation1.java:353:35:353:50 | Constant | | jca/KeyDerivation1.java:353:35:353:61 | Message | -| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:61:21:61:23 | Constant | @@ -975,7 +952,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:77:45:77:50 | Key | | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | @@ -1004,7 +980,6 @@ | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:136:45:136:50 | Key | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | @@ -1158,7 +1133,6 @@ | jca/MACOperation.java:233:21:233:23 | Constant | | jca/MACOperation.java:234:16:234:35 | Key | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | -| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | @@ -1201,7 +1175,6 @@ | jca/Nonce.java:92:56:92:67 | Constant | | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:93:16:93:35 | KeyGeneration | -| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:112:16:112:33 | Constant | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | @@ -1230,7 +1203,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | @@ -1335,7 +1307,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | @@ -1355,7 +1326,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | @@ -1379,7 +1349,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | @@ -1391,7 +1360,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | @@ -1399,7 +1367,6 @@ | jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | @@ -1416,7 +1383,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | @@ -1439,7 +1405,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | @@ -1455,7 +1420,6 @@ | jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | | jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | -| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:49:17:49:19 | Constant | @@ -1476,7 +1440,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | | jca/SymmetricModesTest.java:83:42:83:44 | Key | | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | @@ -1504,7 +1467,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | -| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | | jca/UniversalFlowTest.java:33:42:33:44 | Key | | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | From 11e81395b5ba1668741a5a51b80cfd06ca4af22e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 14:14:17 -0400 Subject: [PATCH 10/66] Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap. --- java/ql/lib/experimental/quantum/Language.qll | 2 +- .../UnknownIVorNonceInitialization.ql | 17 ---- .../Analysis/UnknownIVorNonceSource.ql | 36 +++++++++ .../library-tests/quantum/node_edges.expected | 77 +++++++++++++------ .../InsecureIVorNonceSource.expected | 0 .../InsecureIVorNonceSource.java | 20 ++--- .../InsecureIVorNonceSource.qlref | 0 .../UnknownIVorNonceSource.expected | 2 + .../UnknownIVorNonceSource.qlref | 4 + 9 files changed, 108 insertions(+), 50 deletions(-) delete mode 100644 java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql create mode 100644 java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceSource.ql rename java/ql/test/experimental/query-tests/quantum/{InsecureNonceSource => InsecureOrUnknownNonceSource}/InsecureIVorNonceSource.expected (100%) rename java/ql/test/experimental/query-tests/quantum/{InsecureNonceSource => InsecureOrUnknownNonceSource}/InsecureIVorNonceSource.java (95%) rename java/ql/test/experimental/query-tests/quantum/{InsecureNonceSource => InsecureOrUnknownNonceSource}/InsecureIVorNonceSource.qlref (100%) create mode 100644 java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index 7d7488244a9a..534ea2e1b374 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -230,7 +230,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig { module GenericDataSourceFlow = TaintTracking::Global; -module ArtifactFlow = DataFlow::Global; +module ArtifactFlow = TaintTracking::Global; // Import library-specific modeling import JCA diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql b/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql deleted file mode 100644 index b2ef2ca4e566..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceInitialization.ql +++ /dev/null @@ -1,17 +0,0 @@ -/** - * @name Unknown nonce/iv initialization - * @id java/quantum/unknown-iv-or-nonce-initialization - * @description A nonce/iv is generated from a source that is not secure. Failure to initialize - * an IV or nonce properly can lead to vulnerabilities such as replay attacks or key recovery. - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -from Crypto::NonceArtifactNode nonce -where exists(nonce.getSourceNode()) -select nonce, "Unknown (unobserved) IV/Nonce initialization." diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceSource.ql new file mode 100644 index 000000000000..fdd04f7f2176 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceSource.ql @@ -0,0 +1,36 @@ +/** + * @name Unknown nonce/iv source + * @id java/quantum/unknown-iv-or-nonce-source + * @description A nonce/iv is generated from a source that is not secure. Failure to initialize + * an IV or nonce properly can lead to vulnerabilities such as replay attacks or key recovery. + * IV may be unknown at a decryption operation (IV would be provided alongside the ciphertext). + * These cases are ignored. + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +from Crypto::NonceArtifactNode nonce, Crypto::NodeBase op, string msg +where + not exists(nonce.getSourceNode()) and + ( + // Nonce not associated with any known cipher operation, assume unknown as insecure + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and + msg = + "Unknown IV/Nonce initialization source with no observed nonce usage (assuming could be for encryption)." + or + // Nonce associated cipher operation where the mode is not explicitly encryption + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Unknown IV/Nonce initialization source at encryption operation $@" + ) +select nonce, msg, op, op.toString() diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 064f1203d6ca..0be5a459da17 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -44,7 +44,7 @@ | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | @@ -60,7 +60,7 @@ | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | @@ -155,7 +155,7 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | @@ -163,10 +163,13 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | @@ -174,7 +177,8 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | @@ -190,13 +194,13 @@ | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | -| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | @@ -206,17 +210,20 @@ | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | -| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | | jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | @@ -313,7 +320,13 @@ | jca/Digest.java:121:36:121:51 | Message | Source | jca/Digest.java:117:35:117:46 | Parameter | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:140:44:140:62 | ModeOfOperation | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:140:44:140:62 | PaddingAlgorithm | -| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:121:23:121:52 | KeyOperationOutput | | jca/Digest.java:142:32:142:74 | EncryptOperation | Algorithm | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | | jca/Digest.java:142:32:142:74 | EncryptOperation | Input | jca/Digest.java:142:47:142:73 | Message | | jca/Digest.java:142:32:142:74 | EncryptOperation | Key | jca/Digest.java:141:42:141:44 | Key | @@ -571,7 +584,7 @@ | jca/Encryption2.java:100:44:100:55 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | -| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:100:30:100:56 | Digest | | jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Algorithm | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Input | jca/Encryption2.java:110:50:110:64 | Message | @@ -752,7 +765,7 @@ | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | | jca/IVArtifact.java:158:42:158:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | -| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:154:31:154:78 | Digest | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Input | jca/IVArtifact.java:159:31:159:39 | Message | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Key | jca/IVArtifact.java:158:42:158:44 | Key | @@ -835,7 +848,7 @@ | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | @@ -964,7 +977,7 @@ | jca/KeyDerivation1.java:244:43:244:58 | Message | Source | jca/KeyDerivation1.java:242:45:242:56 | Parameter | | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | -| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:244:29:244:59 | Digest | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Input | jca/KeyDerivation1.java:251:44:251:73 | Message | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Key | jca/KeyDerivation1.java:250:55:250:57 | Key | @@ -990,7 +1003,8 @@ | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:333:66:333:69 | Salt | | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Input | jca/KeyDerivation1.java:348:35:348:37 | Message | @@ -1000,7 +1014,7 @@ | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Output | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:269:32:269:41 | Parameter | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:283:60:283:78 | Parameter | -| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Input | jca/KeyDerivation1.java:353:35:353:61 | Message | @@ -1056,7 +1070,7 @@ | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:137:47:137:72 | Message | @@ -1308,6 +1322,8 @@ | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:62:28:62:34 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | @@ -1317,12 +1333,18 @@ | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:69:30:69:35 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:69:30:69:35 | Key | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | | jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:84:16:84:31 | Key | @@ -1336,17 +1358,24 @@ | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | | jca/SignEncryptCombinations.java:112:42:112:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:113:31:113:40 | Message | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:112:42:112:44 | Key | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | @@ -1357,6 +1386,10 @@ | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Message | jca/SignEncryptCombinations.java:123:28:123:31 | Message | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Output | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignatureOperation.java:54:16:54:36 | Key | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | @@ -1585,7 +1618,7 @@ | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | Source | jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.expected rename to java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java similarity index 95% rename from java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java rename to java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java index 35f50842dc7c..a638909410a5 100644 --- a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.java +++ b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java @@ -11,7 +11,7 @@ public class InsecureIVorNonceSource { // BAD: AES-GCM with static IV from a byte array public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception { - byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source + byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); @@ -24,20 +24,20 @@ public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] pla // BAD: AES-GCM with static IV from zero-initialized byte array public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { - byte[] iv = new byte[16]; // $Source + byte[] iv = new byte[16]; GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-initialization] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source] cipher.update(plaintext); return cipher.doFinal(); } // BAD: AES-CBC with static IV from 1-initialized byte array public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { - byte[] iv = new byte[16]; // $Source + byte[] iv = new byte[16]; for (byte i = 0; i < iv.length; i++) { iv[i] = 1; } @@ -56,7 +56,7 @@ public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws E byte[][] staticIvs = new byte[][] { { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } - }; // $Source + }; GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); @@ -72,7 +72,7 @@ public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws E byte[][] staticIvs = new byte[][] { new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } - }; // $Source + }; GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); @@ -86,15 +86,15 @@ public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws E // BAD: AES-GCM with static IV from a zero-initialized multidimensional byte array public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception { byte[][] ivs = new byte[][] { - new byte[8], // $Source - new byte[16] // $Source + new byte[8], + new byte[16] }; GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-initialization] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source] cipher.update(plaintext); return cipher.doFinal(); } @@ -191,7 +191,7 @@ public byte[] encryptWithGeneratedIvByteArray(byte[] key, byte[] plaintext) thro public byte[] generateInsecureRandomBytes(int numBytes) { Random random = new Random(); byte[] bytes = new byte[numBytes]; - random.nextBytes(bytes); // $Source + random.nextBytes(bytes); return bytes; } diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/InsecureNonceSource/InsecureIVorNonceSource.qlref rename to java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected new file mode 100644 index 000000000000..afa5f061cb09 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected @@ -0,0 +1,2 @@ +| InsecureIVorNonceSource.java:33:51:33:56 | Nonce | Unknown IV/Nonce initialization source. | +| InsecureIVorNonceSource.java:97:51:97:56 | Nonce | Unknown IV/Nonce initialization source. | diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref new file mode 100644 index 000000000000..9dfd0e282007 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Analysis/UnknownIVorNonceSource.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file From 7a57496c54f9765dd688241d8696e09bc9692cde Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 14:16:47 -0400 Subject: [PATCH 11/66] Crypto: Missing test update. --- .../UnknownIVorNonceSource.expected | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected index afa5f061cb09..3759e19826b5 100644 --- a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected +++ b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected @@ -1,2 +1,2 @@ -| InsecureIVorNonceSource.java:33:51:33:56 | Nonce | Unknown IV/Nonce initialization source. | -| InsecureIVorNonceSource.java:97:51:97:56 | Nonce | Unknown IV/Nonce initialization source. | +| InsecureIVorNonceSource.java:33:51:33:56 | Nonce | Unknown IV/Nonce initialization source at encryption operation $@ | InsecureIVorNonceSource.java:35:16:35:31 | EncryptOperation | EncryptOperation | +| InsecureIVorNonceSource.java:97:51:97:56 | Nonce | Unknown IV/Nonce initialization source at encryption operation $@ | InsecureIVorNonceSource.java:99:16:99:31 | EncryptOperation | EncryptOperation | From f524de4afc2a73f841cebe5be9074159384074b5 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 16:27:18 -0400 Subject: [PATCH 12/66] Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption --- .../Analysis/InsecureIVorNonceSource.ql | 36 ++++++++++++++++--- .../InsecureIVorNonceSource.expected | 14 ++++---- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql index 1e0dcadf10d6..278372922b8d 100644 --- a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql @@ -2,7 +2,10 @@ * @name Insecure nonce/iv (static value or weak random source) * @id java/quantum/insecure-iv-or-nonce * @description A nonce/iv is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. + * vulnerabilities such as replay attacks or key recovery. Insecure generation + * is any static nonce, or any known insecure source for a nonce/iv if + * the value is used for an encryption operation (decryption operations are ignored + * as the nonce/iv would be provided alongside the ciphertext). * @kind problem * @problem.severity error * @precision high @@ -12,8 +15,33 @@ import experimental.quantum.Language -from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src +from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg where nonce.getSourceNode() = src and - not src.asElement() instanceof SecureRandomnessInstance -select nonce, "Nonce or IV uses insecure or constant source $@", src, src.toString() + ( + // Case 1: Any constant nonce/iv is bad, regardless of how it is used + src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op = nonce and // binding op by not using it + msg = "Nonce or IV uses constant source $@" + or + // Case 2: The nonce has a non-random source and there is no known operation for the nonce + // assume it is used for encryption + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and // binding op, but not using it + msg = + "Nonce or IV uses insecure source $@ with no observed nonce usage (assuming could be for encryption)." + or + // Case 3: The nonce has a non-random source and is used in an encryption operation + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Nonce or IV uses insecure source $@ at encryption operation $@" + ) +select nonce, msg, src, src.toString(), op, op.toString() diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected index 7cf062f5c02a..5cb3fb117a64 100644 --- a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected +++ b/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected @@ -1,7 +1,7 @@ -| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | -| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | -| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | -| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | -| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | -| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | -| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure or constant source $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | +| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure source $@ at encryption operation $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | InsecureIVorNonceSource.java:208:16:208:31 | EncryptOperation | EncryptOperation | From fdba3acc4ba212b68fb5b64e88c9b233d88e4013 Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Thu, 9 Oct 2025 13:59:51 +0200 Subject: [PATCH 13/66] Crypto: Fix QL-for-QL alert and auto-format --- java/ql/lib/experimental/quantum/Language.qll | 2 +- .../src/experimental/quantum/Analysis/NonAESGCMCipher.ql | 7 ++++--- .../experimental/quantum/Analysis/WeakKDFIterationCount.ql | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index 534ea2e1b374..4b198dd69b52 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -115,7 +115,7 @@ private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceIns private class ConstantDataSourceArrayInitializer extends Crypto::GenericConstantSourceInstance instanceof ArrayInit { - ConstantDataSourceArrayInitializer() { exists(Literal l | this.getAnInit() = l) } + ConstantDataSourceArrayInitializer() { this.getAnInit() instanceof Literal } override DataFlow::Node getOutputNode() { result.asExpr() = this } diff --git a/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql index 659ae4d02866..aa05f7695c6f 100644 --- a/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql +++ b/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql @@ -19,6 +19,7 @@ class NonAESGCMAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { } from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode -where op.getAKnownAlgorithm() instanceof NonAESGCMAlgorithmNode and - codeNode = op.getAnOutputArtifact() -select op, "Non-AES-GCM instance." \ No newline at end of file +where + op.getAKnownAlgorithm() instanceof NonAESGCMAlgorithmNode and + codeNode = op.getAnOutputArtifact() +select op, "Non-AES-GCM instance." diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql index 3fd84c9ecc41..2dd5b0b006be 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql @@ -17,4 +17,4 @@ where op.getIterationCount().asElement() = l and l.getValue().toInt() < 100000 select op, "Key derivation operation configures iteration count below 100k: $@", l, - l.getValue().toString() \ No newline at end of file + l.getValue().toString() From c6cc4fff51c71daf739d340a23ade7ab58f9346c Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 9 Oct 2025 08:16:28 -0400 Subject: [PATCH 14/66] Crypto: Minor fixes to WeakBlockModes, WeakHash to consider SHA3 ok, Added unknown hash. --- .../quantum/Analysis/UnknownHash.ql | 17 ++++++++++++++++ .../quantum/Analysis/WeakBlockModes.ql | 20 ++++++++++--------- .../Analysis/{WeakHashing.ql => WeakHash.ql} | 8 ++++---- 3 files changed, 32 insertions(+), 13 deletions(-) create mode 100644 java/ql/src/experimental/quantum/Analysis/UnknownHash.ql rename java/ql/src/experimental/quantum/Analysis/{WeakHashing.ql => WeakHash.ql} (80%) diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownHash.ql b/java/ql/src/experimental/quantum/Analysis/UnknownHash.ql new file mode 100644 index 000000000000..d9dce7a7aba5 --- /dev/null +++ b/java/ql/src/experimental/quantum/Analysis/UnknownHash.ql @@ -0,0 +1,17 @@ +/** + * @name Unknown hashes + * @description Finds uses of cryptographic hashing algorithms of unknown type. + * @id java/quantum/unknown-hash + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::HashAlgorithmNode alg +where not exists(alg.getHashType()) +select alg, "Use of unknown hash algorithm or API." diff --git a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql index fee895071768..189f58eebad3 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql @@ -13,19 +13,21 @@ import java import experimental.quantum.Language class WeakAESBlockModeAlgNode extends Crypto::KeyOperationAlgorithmNode { + Crypto::ModeOfOperationAlgorithmNode mode; + WeakAESBlockModeAlgNode() { this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + mode = super.getModeOfOperation() and ( - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::ECB() or - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CFB() or - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::OFB() or - this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CTR() + mode.getModeType() = Crypto::KeyOpAlg::ECB() or + mode.getModeType() = Crypto::KeyOpAlg::CFB() or + mode.getModeType() = Crypto::KeyOpAlg::OFB() or + mode.getModeType() = Crypto::KeyOpAlg::CTR() ) } + + Crypto::ModeOfOperationAlgorithmNode getMode() { result = mode } } -from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode -where - op.getAKnownAlgorithm() instanceof WeakAESBlockModeAlgNode and - codeNode = op.getAnOutputArtifact() -select op, "Weak AES block mode instance." +from WeakAESBlockModeAlgNode alg +select alg, "Weak AES block mode instance $@.", alg.getMode(), alg.getMode().toString() diff --git a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql b/java/ql/src/experimental/quantum/Analysis/WeakHash.ql similarity index 80% rename from java/ql/src/experimental/quantum/Analysis/WeakHashing.ql rename to java/ql/src/experimental/quantum/Analysis/WeakHash.ql index 39bd8c6e4637..737643a8f9f4 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakHashing.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakHash.ql @@ -1,7 +1,7 @@ /** * @name Weak hashes * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak. - * @id java/quantum/weak-hashes + * @id java/quantum/weak-hash * @kind problem * @problem.severity error * @precision high @@ -17,15 +17,15 @@ from Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg where htype = alg.getHashType() and ( - htype != Crypto::SHA2() and + (htype != Crypto::SHA2() and htype != Crypto::SHA2()) and msg = "Use of unapproved hash algorithm or API " + htype.toString() + "." or - htype = Crypto::SHA2() and + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and not exists(alg.getDigestLength()) and msg = "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." or - htype = Crypto::SHA2() and + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and alg.getDigestLength() < 256 and msg = "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + From deb43735be446124c46d7879e53b9e68957b5910 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 9 Oct 2025 08:39:39 -0400 Subject: [PATCH 15/66] Crypto: Minor fixes to WeakSymmetricCipher, change to a singular name for consistency. --- .../{WeakSymmetricCiphers.ql => WeakSymmetricCipher.ql} | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) rename java/ql/src/experimental/quantum/Analysis/{WeakSymmetricCiphers.ql => WeakSymmetricCipher.ql} (87%) diff --git a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCipher.ql similarity index 87% rename from java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql rename to java/ql/src/experimental/quantum/Analysis/WeakSymmetricCipher.ql index 00e59ebe4841..a7e03c62a53c 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCiphers.ql +++ b/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCipher.ql @@ -14,7 +14,7 @@ import java import experimental.quantum.Language import Crypto::KeyOpAlg as KeyOpAlg -from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType, string msg +from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType where algType = alg.getAlgorithmType() and ( @@ -25,6 +25,5 @@ where algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) - ) and - msg = "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." -select alg, msg + ) +select alg, "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." From fba80870a6c184d8c2b22660f8c409d623b32bd3 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 9 Oct 2025 09:03:00 -0400 Subject: [PATCH 16/66] Crypto: Example query reorg - moving queries of this PR into 'examples' subdirectories. --- .../quantum/{Analysis => Examples}/ArtifactReuse.qll | 0 .../{Analysis => Examples}/InsecureIVorNonceSource.ql | 0 .../quantum/{Analysis => Examples}/NonAESGCMCipher.ql | 0 .../quantum/{Analysis => Examples}/ReusedNonce.ql | 0 .../quantum/{Analysis => Examples}/UnknownHash.ql | 0 .../{Analysis => Examples}/UnknownIVorNonceSource.ql | 0 .../{Analysis => Examples}/UnknownKDFIterationCount.ql | 1 + .../quantum/{Analysis => Examples}/WeakAsymmetric.ql | 8 +++----- .../quantum/{Analysis => Examples}/WeakBlockModes.ql | 0 .../quantum/{Analysis => Examples}/WeakHash.ql | 0 .../{Analysis => Examples}/WeakKDFIterationCount.ql | 0 .../quantum/{Analysis => Examples}/WeakKDFKeySize.ql | 0 .../quantum/{Analysis => Examples}/WeakRSA.ql | 0 .../quantum/{Analysis => Examples}/WeakSymmetricCipher.ql | 0 .../query-tests/quantum/NonceReuse/NonceReuse.qlref | 1 - .../InsecureIVorNonceSource.expected | 0 .../InsecureIVorNonceSource.java | 0 .../InsecureIVorNonceSource.qlref | 2 +- .../UnknownIVorNonceSource.expected | 0 .../UnknownIVorNonceSource.qlref | 2 +- .../quantum/{ => examples}/NonceReuse/NonceReuse.expected | 0 .../quantum/examples/NonceReuse/NonceReuse.qlref | 1 + .../quantum/{ => examples}/NonceReuse/Test.java | 0 23 files changed, 7 insertions(+), 8 deletions(-) rename java/ql/src/experimental/quantum/{Analysis => Examples}/ArtifactReuse.qll (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/InsecureIVorNonceSource.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/NonAESGCMCipher.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/ReusedNonce.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/UnknownHash.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/UnknownIVorNonceSource.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/UnknownKDFIterationCount.ql (96%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakAsymmetric.ql (57%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakBlockModes.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakHash.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakKDFIterationCount.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakKDFKeySize.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakRSA.ql (100%) rename java/ql/src/experimental/quantum/{Analysis => Examples}/WeakSymmetricCipher.ql (100%) delete mode 100644 java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref rename java/ql/test/experimental/query-tests/quantum/{ => examples}/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected (100%) rename java/ql/test/experimental/query-tests/quantum/{ => examples}/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java (100%) rename java/ql/test/experimental/query-tests/quantum/{ => examples}/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref (59%) rename java/ql/test/experimental/query-tests/quantum/{ => examples}/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected (100%) rename java/ql/test/experimental/query-tests/quantum/{ => examples}/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref (59%) rename java/ql/test/experimental/query-tests/quantum/{ => examples}/NonceReuse/NonceReuse.expected (100%) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref rename java/ql/test/experimental/query-tests/quantum/{ => examples}/NonceReuse/Test.java (100%) diff --git a/java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll rename to java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/InsecureIVorNonceSource.ql rename to java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql diff --git a/java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/NonAESGCMCipher.ql rename to java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql diff --git a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql rename to java/ql/src/experimental/quantum/Examples/ReusedNonce.ql diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownHash.ql b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/UnknownHash.ql rename to java/ql/src/experimental/quantum/Examples/UnknownHash.ql diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/UnknownIVorNonceSource.ql rename to java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql similarity index 96% rename from java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql rename to java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql index db22bf4a3698..b0c41298eb27 100644 --- a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql @@ -4,6 +4,7 @@ * @id java/quantum/unknown-kdf-iteration-count * @kind problem * @precision medium + * @problem.severity error * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql similarity index 57% rename from java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql rename to java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql index 57a40bf76219..299aa8d8cbd2 100644 --- a/java/ql/src/experimental/quantum/Analysis/WeakAsymmetric.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql @@ -12,13 +12,11 @@ import java import experimental.quantum.Language -from Crypto::KeyOperationAlgorithmNode op, DataFlow::Node configSrc, int keySize, string algName +from Crypto::KeyOperationAlgorithmNode op, int keySize, string algName where keySize = op.getKeySizeFixed() and keySize < 2048 and algName = op.getAlgorithmName() and // Can't be an elliptic curve - not Crypto::isEllipticCurveAlgorithmName(algName) -select op, - "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm " + - algName.toString() + " at config source $@", configSrc, configSrc.toString() + op.getAlgorithmType() != Crypto::KeyOpAlg::AlgorithmType::EllipticCurveType() +select "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm " + algName diff --git a/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql rename to java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql diff --git a/java/ql/src/experimental/quantum/Analysis/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/WeakHash.ql rename to java/ql/src/experimental/quantum/Examples/WeakHash.ql diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/WeakKDFIterationCount.ql rename to java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql diff --git a/java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/WeakKDFKeySize.ql rename to java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql diff --git a/java/ql/src/experimental/quantum/Analysis/WeakRSA.ql b/java/ql/src/experimental/quantum/Examples/WeakRSA.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/WeakRSA.ql rename to java/ql/src/experimental/quantum/Examples/WeakRSA.ql diff --git a/java/ql/src/experimental/quantum/Analysis/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql similarity index 100% rename from java/ql/src/experimental/quantum/Analysis/WeakSymmetricCipher.ql rename to java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref deleted file mode 100644 index bfe67a6c2e8e..000000000000 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/quantum/Analysis/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected rename to java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java rename to java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref similarity index 59% rename from java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref rename to java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref index 4ce79ecde8f6..1b26475bb356 100644 --- a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref @@ -1,4 +1,4 @@ -query: experimental/quantum/Analysis/InsecureIVorNonceSource.ql +query: experimental/quantum/Examples/InsecureIVorNonceSource.ql postprocess: - utils/test/PrettyPrintModels.ql - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected rename to java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected diff --git a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref similarity index 59% rename from java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref rename to java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref index 9dfd0e282007..8bdc38026ad0 100644 --- a/java/ql/test/experimental/query-tests/quantum/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref @@ -1,4 +1,4 @@ -query: experimental/quantum/Analysis/UnknownIVorNonceSource.ql +query: experimental/quantum/Examples/UnknownIVorNonceSource.ql postprocess: - utils/test/PrettyPrintModels.ql - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected rename to java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref new file mode 100644 index 000000000000..6f8aa4b838b8 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref @@ -0,0 +1 @@ +experimental/quantum/Examples/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java rename to java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java From 758759a304559a22ea25895ccd1e737686986e7e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 10 Oct 2025 12:25:31 -0400 Subject: [PATCH 17/66] Crypto: Reused nonce query updates and test updates to address false positives. --- .../quantum/Examples/ArtifactReuse.qll | 56 +++++++++++++++---- .../quantum/Examples/ReusedNonce.ql | 40 ++++++++++++- .../examples/NonceReuse/NonceReuse.expected | 8 +-- .../quantum/examples/NonceReuse/Test.java | 28 ++++++++++ 4 files changed, 115 insertions(+), 17 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll index 0e28d9ffe5e3..776510b52ad1 100644 --- a/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll +++ b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll @@ -8,7 +8,7 @@ import experimental.quantum.Language * NOTE: TODO: need to handle call by refernece for now. Need to re-evaluate (see notes below) * Such functions may be 'wrappers' for some derived value. */ -private module WrapperConfig implements DataFlow::ConfigSig { +private module ArtifactGeneratingWrapperConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof Call and // not handling references yet, I think we want to flat say references are only ok @@ -28,25 +28,41 @@ private module WrapperConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(Crypto::ArtifactNode i).asElement() } } -module WrapperFlow = DataFlow::Global; +module ArtifactGeneratingWrapperFlow = TaintTracking::Global; /** * Using a set approach to determine if reuse of an artifact exists. * This predicate produces a set of 'wrappers' that flow to the artifact node. * This set can be compared with the set to another artifact node to determine if they are the same. */ -private DataFlow::Node getWrapperSet(Crypto::NonceArtifactNode a) { - WrapperFlow::flow(result, DataFlow::exprNode(a.asElement())) +private DataFlow::Node getGeneratingWrapperSet(Crypto::NonceArtifactNode a) { + ArtifactGeneratingWrapperFlow::flow(result, DataFlow::exprNode(a.asElement())) or result.asExpr() = a.getSourceElement() } +private predicate ancestorOfArtifact( + Crypto::ArtifactNode a, Callable enclosingCallable, ControlFlow::Node midOrTarget +) { + a.asElement().(Expr).getEnclosingCallable() = enclosingCallable and + ( + midOrTarget.asExpr() = a.asElement() or + midOrTarget.asExpr().(Call).getCallee().calls*(a.asElement().(Expr).getEnclosingCallable()) + ) +} + /** * Two different artifact nodes are considered reuse if any of the following conditions are met: * 1. The source for artifact `a` and artifact `b` are the same and the source is a literal. * 2. The source for artifact `a` and artifact `b` are not the same and the source is a literal of the same value. - * 3. For all 'wrappers' that return the source of artifact `a`, and that wrapper also exists for artifact `b`. - * 4. For all 'wrappers' that return the source of artifact `b`, and that wrapper also exists for artifact `a`. + * 3. For all 'wrappers' that return the source of artifact `a`, and each wrapper also exists for artifact `b`. + * 4. For all 'wrappers' that return the source of artifact `b`, and each wrapper also exists for artifact `a`. + * + * The above conditions determine that the use of the IV is from the same source, but the use may + * be on separate code paths that do not occur sequentially. We must therefore also find a common callable ancestor + * for both uses, and in that ancestor, there must be control flow from the call or use of one to the call or use of the other. + * Note that if no shared ancestor callable exists, it means the flow is more nuanced and ignore the shared ancestor + * use flow. */ predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) { a != b and @@ -55,12 +71,32 @@ predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) { or a.getSourceElement().(Literal).getValue() = b.getSourceElement().(Literal).getValue() or - forex(DataFlow::Node e | e = getWrapperSet(a) | - exists(DataFlow::Node e2 | e2 = getWrapperSet(b) | e = e2) + forex(DataFlow::Node e | e = getGeneratingWrapperSet(a) | + exists(DataFlow::Node e2 | e2 = getGeneratingWrapperSet(b) | e = e2) ) or - forex(DataFlow::Node e | e = getWrapperSet(b) | - exists(DataFlow::Node e2 | e2 = getWrapperSet(a) | e = e2) + forex(DataFlow::Node e | e = getGeneratingWrapperSet(b) | + exists(DataFlow::Node e2 | e2 = getGeneratingWrapperSet(a) | e = e2) + ) + ) and + // If there is a common parent, there is control flow between the two uses in the parent + // TODO: this logic needs to be examined/revisited to ensure it is correct + ( + exists(Callable commonParent | + ancestorOfArtifact(a, commonParent, _) and + ancestorOfArtifact(b, commonParent, _) + ) + implies + exists(Callable commonParent, ControlFlow::Node aMid, ControlFlow::Node bMid | + ancestorOfArtifact(a, commonParent, aMid) and + ancestorOfArtifact(b, commonParent, bMid) and + a instanceof Crypto::NonceArtifactNode and + b instanceof Crypto::NonceArtifactNode and + ( + aMid.getASuccessor*() = bMid + or + bMid.getASuccessor*() = aMid + ) ) ) } diff --git a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql index c90dbbf5746c..2236df8ce335 100644 --- a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql +++ b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql @@ -12,6 +12,40 @@ import java import ArtifactReuse -from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2 -where isArtifactReuse(nonce1, nonce2) -select nonce1, "Reuse with nonce $@", nonce2, nonce2.toString() +from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2, Crypto::NodeBase sourceNode +where + isArtifactReuse(nonce1, nonce2) and + // NOTE: in general we may not know a source, but see possible reuse, + // we are not detecting these cases here (only where the source is the same). + sourceNode = nonce1.getSourceNode() and + sourceNode = nonce2.getSourceNode() and + // Null literals are typically used for initialization, and if two 'nulls' + // are reused, it is likely an uninitialization path that would result in a NullPointerException. + not sourceNode.asElement() instanceof NullLiteral and + // if the nonce is used in an encryption and decryption, ignore that reuse + not exists(Crypto::CipherOperationNode op1, Crypto::CipherOperationNode op2 | + op1 != op2 and + op1.getANonce() = nonce1 and + op2.getANonce() = nonce2 and + ( + ( + op1.getKeyOperationSubtype() instanceof Crypto::TEncryptMode or + op1.getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + ( + op2.getKeyOperationSubtype() instanceof Crypto::TDecryptMode or + op2.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode + ) + or + ( + op2.getKeyOperationSubtype() instanceof Crypto::TEncryptMode or + op2.getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + ( + op1.getKeyOperationSubtype() instanceof Crypto::TDecryptMode or + op1.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode + ) + ) + ) +select sourceNode, "Nonce source is reused, see $@ and $@", nonce1, nonce1.toString(), nonce2, + nonce2.toString() diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected index 38ba6187b595..f5e9382a40c4 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected @@ -1,4 +1,4 @@ -| Test.java:40:47:40:52 | Nonce | Reuse with nonce $@ | Test.java:49:47:49:52 | Nonce | Nonce | -| Test.java:49:47:49:52 | Nonce | Reuse with nonce $@ | Test.java:40:47:40:52 | Nonce | Nonce | -| Test.java:76:48:76:54 | Nonce | Reuse with nonce $@ | Test.java:82:49:82:55 | Nonce | Nonce | -| Test.java:82:49:82:55 | Nonce | Reuse with nonce $@ | Test.java:76:48:76:54 | Nonce | Nonce | +| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:40:47:40:52 | Nonce | Nonce | Test.java:49:47:49:52 | Nonce | Nonce | +| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:49:47:49:52 | Nonce | Nonce | Test.java:40:47:40:52 | Nonce | Nonce | +| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:76:48:76:54 | Nonce | Nonce | Test.java:82:49:82:55 | Nonce | Nonce | +| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:82:49:82:55 | Nonce | Nonce | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java index 1b65e324275b..e384143db086 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java @@ -83,6 +83,34 @@ private static void funcA3() throws Exception { byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); } + public void falsePositive1() throws Exception { + byte[] iv = null; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + if (iv != null) { + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } else if(iv.length > 0) { + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + } + + public void falsePositive2() throws Exception { + byte[] iv = null; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + + cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); // GOOD + byte[] decryptedData = cipher.doFinal(ciphertext); + } + public static void main(String[] args) { try { funcA2(); From 36673659adcdc8c481c78ebb5b3e3662403b6433 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 10 Oct 2025 14:49:35 -0400 Subject: [PATCH 18/66] Crypto: Weak asymmetric key gen size fixes and test. --- java/ql/lib/experimental/quantum/JCA.qll | 8 ++++-- .../quantum/Examples/WeakAsymmetric.ql | 22 --------------- .../Examples/WeakAsymmetricKeyGenSize.ql | 22 +++++++++++++++ .../InsufficientAsymmetricKeySize.java | 28 +++++++++++++++++++ ...WeakOrUnknownAsymmetricKeyGenSize.expected | 1 + .../WeakOrUnknownAsymmetricKeyGenSize.qlref | 1 + 6 files changed, 58 insertions(+), 24 deletions(-) delete mode 100644 java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql create mode 100644 java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 03438d1ac222..76031c506ea1 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -110,7 +110,8 @@ module JCAModel { predicate signature_names(string name) { name.toUpperCase().splitAt("WITH", 1).matches(["RSA%", "ECDSA%", "DSA%"]) or - name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"]) + name.toUpperCase() + .matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS", "DSA"]) } bindingset[name] @@ -257,6 +258,8 @@ module JCAModel { name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) or name.toUpperCase() = "HSS/LMS" and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) + or + name.toUpperCase() = "DSA" and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) } bindingset[name] @@ -1019,7 +1022,8 @@ module JCAModel { } class KeyGenerationAlgorithmValueConsumer extends CipherAlgorithmValueConsumer, - KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer instanceof Expr + KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer, + SignatureAlgorithmValueConsumer instanceof Expr { KeyGeneratorGetInstanceCall instantiationCall; diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql deleted file mode 100644 index 299aa8d8cbd2..000000000000 --- a/java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql +++ /dev/null @@ -1,22 +0,0 @@ -/** - * @name Weak Asymmetric Key Size - * @id java/quantum/weak-asymmetric-key-size - * @description An asymmetric cipher with a short key size is in use - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import java -import experimental.quantum.Language - -from Crypto::KeyOperationAlgorithmNode op, int keySize, string algName -where - keySize = op.getKeySizeFixed() and - keySize < 2048 and - algName = op.getAlgorithmName() and - // Can't be an elliptic curve - op.getAlgorithmType() != Crypto::KeyOpAlg::AlgorithmType::EllipticCurveType() -select "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm " + algName diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql new file mode 100644 index 000000000000..7b1330a768ae --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -0,0 +1,22 @@ +/** + * @name Weak Asymmetric Key Size + * @id java/quantum/weak-asymmetric-key-gen-size + * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation. + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::KeyArtifactNode key, int keySize, Crypto::AlgorithmNode alg +where + key.getCreatingOperation().getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and + alg = key.getAKnownAlgorithm() and // NOTE: if algorithm is not known (doesn't bind) we need a separate query + not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm + keySize < 2048 +select key, "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", + alg, alg.getAlgorithmName() diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java new file mode 100644 index 000000000000..35b9dd407485 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java @@ -0,0 +1,28 @@ +import java.security.*; +public class InsufficientAsymmetricKeySize{ + public static void test() throws Exception{ + KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA"); + keyPairGen1.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen1.generateKeyPair(); + + KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA"); + keyPairGen2.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen2.generateKeyPair(); + + KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH"); + keyPairGen3.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen3.generateKeyPair(); + + KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("RSA"); + keyPairGen4.initialize(2048); // GOOD + keyPairGen4.generateKeyPair(); + + KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("DSA"); + keyPairGen5.initialize(2048); // GOOD + keyPairGen5.generateKeyPair(); + + KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("DH"); + keyPairGen6.initialize(2048); // GOOD + keyPairGen6.generateKeyPair(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected new file mode 100644 index 000000000000..2e65efe2a145 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected @@ -0,0 +1 @@ +a \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref new file mode 100644 index 000000000000..1229e635fd88 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref @@ -0,0 +1 @@ +experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql \ No newline at end of file From ffd191d0e1d7696c7ab91068789479f9b6e6c53e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 10 Oct 2025 14:50:50 -0400 Subject: [PATCH 19/66] Crypto: missing new endpoint to get the creating operation for a key if known. --- shared/quantum/codeql/quantum/experimental/Model.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 43ffc0ffb69a..517142de1efb 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1497,6 +1497,10 @@ module CryptographyBase Input> { .getAGenericSourceNode() } + KeyCreationOperationNode getCreatingOperation() { + instance.(KeyArtifactOutputInstance).getCreator() = result.asElement() + } + KeyCreationCandidateAlgorithmNode getAKnownAlgorithm() { result = instance From d68f3cff8bf625ca304bef27aaa4b7d1c1f71e7b Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 10 Oct 2025 14:51:16 -0400 Subject: [PATCH 20/66] Crypto: InsecureIVorNonceSource now ignored null to avoid being too noisy. --- .../experimental/quantum/Examples/InsecureIVorNonceSource.ql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql index 278372922b8d..b1f040692189 100644 --- a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql @@ -18,6 +18,10 @@ import experimental.quantum.Language from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg where nonce.getSourceNode() = src and + // NOTE: null nonces should be handled seaparately, often used for default values prior to initialization + // failure to initialize should, in practice, lead to a NullPointerException, which is a separate concern + // however there may be APIs where NULL uses a default nonce or action. + not src.asElement() instanceof NullLiteral and ( // Case 1: Any constant nonce/iv is bad, regardless of how it is used src.asElement() instanceof Crypto::GenericConstantSourceInstance and From e76ced1513785fdbbb538a18f3a62cf64935b746 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 10 Oct 2025 15:32:39 -0400 Subject: [PATCH 21/66] Crypto: Updating weak asymmetric key gen to include key exchange. --- .../experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql | 1 + shared/quantum/codeql/quantum/experimental/Model.qll | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql index 7b1330a768ae..d478f2383a56 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -17,6 +17,7 @@ where key.getCreatingOperation().getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and alg = key.getAKnownAlgorithm() and // NOTE: if algorithm is not known (doesn't bind) we need a separate query not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm + alg instanceof Crypto::AsymmetricAlgorithmNode and keySize < 2048 select key, "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg, alg.getAlgorithmName() diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 517142de1efb..4de99ccb46ab 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1467,7 +1467,8 @@ module CryptographyBase Input> { class AsymmetricAlgorithmNode extends TKeyCreationCandidateAlgorithm instanceof AlgorithmNode { AsymmetricAlgorithmNode() { this instanceof EllipticCurveNode or - this.(KeyOperationAlgorithmNode).isAsymmetric() + this.(KeyOperationAlgorithmNode).isAsymmetric() or + this instanceof KeyAgreementAlgorithmNode } string toString() { result = super.toString() } From 08abdb8c852e87389840e969ce32ee16643ab3c2 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 12:03:41 -0400 Subject: [PATCH 22/66] Crypto: Adding a "javaConstant" concept to handle config files. --- java/ql/lib/experimental/quantum/JCA.qll | 108 +++++++++--------- java/ql/lib/experimental/quantum/Language.qll | 61 +++++++++- 2 files changed, 113 insertions(+), 56 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 76031c506ea1..be91a0158721 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -52,11 +52,7 @@ module JCAModel { } bindingset[hash] - predicate hash_names(string hash) { - hash.toUpperCase() - .matches(["SHA-%", "SHA3-%", "BLAKE2b%", "BLAKE2s%", "MD5", "RIPEMD160", "Whirlpool"] - .toUpperCase()) - } + predicate hash_names(string hash) { exists(hash_name_to_type_known(hash, _)) } bindingset[kdf] predicate kdf_names(string kdf) { @@ -132,41 +128,43 @@ module JCAModel { // TODO: add additional } - bindingset[name] - Crypto::HashType hash_name_to_type_known(string name, int digestLength) { - name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 - or - name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and - result instanceof Crypto::SHA2 and - digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() - or - name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and - result instanceof Crypto::SHA3 and - digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() - or - ( - name.matches("BLAKE2b%") and - result instanceof Crypto::BLAKE2B + bindingset[nameRaw] + Crypto::HashType hash_name_to_type_known(string nameRaw, int digestLength) { + exists(string name | name = nameRaw.toUpperCase() | + name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 or - name = "BLAKE2s" and result instanceof Crypto::BLAKE2S - ) and - ( - if exists(name.indexOf("-")) - then name.splitAt("-", 1).toInt() = digestLength - else digestLength = 512 + name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and + result instanceof Crypto::SHA2 and + digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() + or + name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and + result instanceof Crypto::SHA3 and + digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() + or + ( + name.toUpperCase().matches("BLAKE2B%") and + result instanceof Crypto::BLAKE2B + or + name.toUpperCase() = "BLAKE2S" and result instanceof Crypto::BLAKE2S + ) and + ( + if exists(name.indexOf("-")) + then name.splitAt("-", 1).toInt() = digestLength + else digestLength = 512 + ) + or + name = "MD5" and + result instanceof Crypto::MD5 and + digestLength = 128 + or + name = "RIPEMD160" and + result instanceof Crypto::RIPEMD160 and + digestLength = 160 + or + name = "WHIRLPOOL" and + result instanceof Crypto::WHIRLPOOL and + digestLength = 512 // TODO: verify ) - or - name = "MD5" and - result instanceof Crypto::MD5 and - digestLength = 128 - or - name = "RIPEMD160" and - result instanceof Crypto::RIPEMD160 and - digestLength = 160 - or - name = "Whirlpool" and - result instanceof Crypto::WHIRLPOOL and - digestLength = 512 // TODO: verify } bindingset[name] @@ -268,9 +266,9 @@ module JCAModel { } /** - * A `StringLiteral` in the `"ALG/MODE/PADDING"` or `"ALG"` format + * A `JavaConstant` in the `"ALG/MODE/PADDING"` or `"ALG"` format */ - class CipherStringLiteral extends StringLiteral { + class CipherStringLiteral extends JavaConstant { CipherStringLiteral() { cipher_names(this.getValue().splitAt("/")) } string getAlgorithmName() { result = this.getValue().splitAt("/", 0) } @@ -839,7 +837,7 @@ module JCAModel { * Flow from a known hash algorithm name to a `MessageDigest.getInstance(sink)` call. */ module KnownHashAlgorithmLiteralToMessageDigestConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { hash_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { hash_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(HashAlgorithmValueConsumer consumer | sink = consumer.getInputNode()) @@ -849,7 +847,7 @@ module JCAModel { module KnownHashAlgorithmLiteralToMessageDigestFlow = DataFlow::Global; - class KnownHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof StringLiteral { + class KnownHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof JavaConstant { HashAlgorithmValueConsumer consumer; KnownHashAlgorithm() { @@ -1195,7 +1193,7 @@ module JCAModel { } module KDFAlgorithmStringToGetInstanceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { kdf_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { kdf_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(SecretKeyFactoryGetInstanceCall call | sink.asExpr() = call.getAlgorithmArg()) @@ -1236,7 +1234,7 @@ module JCAModel { predicate isIntermediate() { none() } } - class KdfAlgorithmStringLiteral extends Crypto::KeyDerivationAlgorithmInstance instanceof StringLiteral + class KdfAlgorithmStringLiteral extends Crypto::KeyDerivationAlgorithmInstance instanceof JavaConstant { SecretKeyFactoryKDFAlgorithmValueConsumer consumer; @@ -1257,7 +1255,7 @@ module JCAModel { class Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral() { - this.(StringLiteral).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) + this.(JavaConstant).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) } override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { @@ -1278,7 +1276,7 @@ module JCAModel { override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } - override string getRawAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawAlgorithmName() { result = this.(JavaConstant).getValue() } } class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral @@ -1286,10 +1284,10 @@ module JCAModel { string hashName; Pbkdf2WithHmac_HashAlgorithmStringLiteral() { - hashName = this.(StringLiteral).getValue().splitAt("WithHmac", 1) + hashName = this.(JavaConstant).getValue().splitAt("WithHmac", 1) } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = this.(JavaConstant).getValue() } override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } @@ -1403,7 +1401,7 @@ module JCAModel { GetInstanceInitUseFlowAnalysis; - class KeyAgreementStringLiteral extends StringLiteral { + class KeyAgreementStringLiteral extends JavaConstant { KeyAgreementStringLiteral() { key_agreement_names(this.getValue()) } } @@ -1521,7 +1519,7 @@ module JCAModel { */ module MacKnownAlgorithmToConsumerConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { mac_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { mac_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(MacGetInstanceCall call | sink.asExpr() = call.getAlgorithmArg()) @@ -1555,7 +1553,7 @@ module JCAModel { module MacInitCallToMacOperationFlow = DataFlow::Global; - class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof StringLiteral { + class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof JavaConstant { MacGetInstanceAlgorithmValueConsumer consumer; KnownMacAlgorithm() { @@ -1711,7 +1709,7 @@ module JCAModel { } } - class SignatureStringLiteral extends StringLiteral { + class SignatureStringLiteral extends JavaConstant { SignatureStringLiteral() { signature_names(this.getValue()) } } @@ -1754,10 +1752,10 @@ module JCAModel { int digestLength; SignatureHashAlgorithmInstance() { - hashType = signature_name_to_hash_type_known(this.(StringLiteral).getValue(), digestLength) + hashType = signature_name_to_hash_type_known(this.(JavaConstant).getValue(), digestLength) } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = this.(JavaConstant).getValue() } override Crypto::THashType getHashType() { result = hashType } @@ -1880,7 +1878,7 @@ module JCAModel { module EllipticCurveStringToConsumerFlow = DataFlow::Global; - class EllipticCurveStringLiteral extends StringLiteral { + class EllipticCurveStringLiteral extends JavaConstant { EllipticCurveStringLiteral() { elliptic_curve_names(this.getValue()) } } diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index 4b198dd69b52..b4464a875644 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -93,7 +93,66 @@ private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource { override string getAdditionalDescription() { result = this.toString() } } -private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceInstance instanceof Literal +// /** +// * A property access value (constant from a file) +// */ +// class PropertyConstant extends Crypto::GenericConstantSourceInstance instanceof Literal{ +// PropertyConstant() { +// value = this.getPropertyValue() and +// // Since properties pairs are not included in the java/weak-cryptographic-algorithm, +// // the check for values from properties files can be less strict than `InsecureAlgoLiteral`. +// not value.regexpMatch(getSecureAlgorithmRegex()) +// } +// override string getStringValue() { result = value } +// } +import semmle.code.java.dataflow.RangeUtils +// TODO: import all frameworks? +import semmle.code.java.frameworks.Properties +private import semmle.code.configfiles.ConfigFiles + +/** + * A class to represent constants in Java code, either literals or + * values retrieved from properties files. + * Java CodeQL does not consider the values of known properties to be literals, + * hence we need to model both literals and property calls. + */ +class JavaConstant extends Expr { + string value; + + JavaConstant() { + // If arg 0 in a getProperty call, consider it a literal only if + // we haven't resolved it to a known property value, otherwise + // use the resolved config value. + // If getProperty is used, always assume the default value is potentially used. + // CAVEAT/ASSUMPTION: this assumes the literal is immediately known at arg0 + // of a getProperty call. + // also if the properties file is reloaded in a way where the reloaded file + // wouldn't have the property but the original does, we would erroneously + // consider the literal to be mapped to that property value. + exists(ConfigPair p, PropertiesGetPropertyMethodCall c | + c.getArgument(0).(Literal).getValue() = p.getNameElement().getName() and + value = p.getValueElement().getValue() and + this = c + ) + or + // in this case, the property value is not known, use the literal property name as the value + exists(PropertiesGetPropertyMethodCall c | + value = c.getArgument(0).(Literal).getValue() and + not exists(ConfigPair p | + c.getArgument(0).(Literal).getValue() = p.getNameElement().getName() + ) and + this = c + ) + or + // in this case, there is not propery getter, we just have a literal + not exists(PropertiesGetPropertyMethodCall c | c.getArgument(0) = this) and + value = this.(Literal).getValue() + } + + string getValue() { result = value } +} + +private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceInstance instanceof JavaConstant { ConstantDataSourceLiteral() { // TODO: this is an API specific workaround for JCA, as 'EC' is a constant that may be used From 4b241d7065db23c1d320180e62e137adfe505b0d Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 12:04:51 -0400 Subject: [PATCH 23/66] Crypto: adding initial weak hash query overhaul and tests, but no expected file yet. --- .../experimental/quantum/Examples/WeakHash.ql | 17 ++++--- .../examples/WeakOrUnknownHash/WeakHash.qlref | 4 ++ .../WeakOrUnknownHash/WeakHashing.java | 44 +++++++++++++++++++ .../WeakOrUnknownHash/example.properties | 2 + 4 files changed, 60 insertions(+), 7 deletions(-) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql index 737643a8f9f4..ecbe9318c3d9 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakHash.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql @@ -17,18 +17,21 @@ from Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg where htype = alg.getHashType() and ( - (htype != Crypto::SHA2() and htype != Crypto::SHA2()) and - msg = "Use of unapproved hash algorithm or API " + htype.toString() + "." + (htype != Crypto::SHA2() and htype != Crypto::SHA3()) and + msg = "Use of unapproved hash algorithm or API: " + htype.toString() + "." or (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and not exists(alg.getDigestLength()) and msg = "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." or - (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and - alg.getDigestLength() < 256 and - msg = - "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + - alg.getDigestLength() + ")." + exists(int digestLength | + digestLength = alg.getDigestLength() and + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + digestLength < 256 and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + + digestLength + ")." + ) ) select alg, msg diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref new file mode 100644 index 000000000000..c5faee88aba7 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakHash.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java new file mode 100644 index 000000000000..9fbe12e8b87b --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java @@ -0,0 +1,44 @@ +package test.cwe327.semmle.tests; + +import java.util.Properties; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class WeakHashing { + void hashing() throws NoSuchAlgorithmException, IOException { + java.util.Properties props = new java.util.Properties(); + props.load(new FileInputStream("example.properties")); + + // BAD: Using a weak hashing algorithm even with a secure default + MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); + + // BAD: Using a weak hashing algorithm even with a secure default + MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); + + // BAD: Using a strong hashing algorithm but with a weak default + MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); + + // BAD: Property does not exist and default (used value) is unknown + MessageDigest bad4 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); + + // BAD?: Property does not exist (considered unknown) and but default is secure + MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok3 = MessageDigest.getInstance("SHA3-512"); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok4 = MessageDigest.getInstance("SHA384"); + + props.load(new FileInputStream("unobserved-file.properties")); + + // BAD: "hashalg1" is not visible since the file isn't known, this is an 'unknown' hash + // False positive/negative + MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties new file mode 100644 index 000000000000..512e8090bee6 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties @@ -0,0 +1,2 @@ +hashAlg1=MD5 +hashAlg2=SHA-256 \ No newline at end of file From bd068c2a69fef1c314bc7e5eabeffac56b9172d6 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 12:08:07 -0400 Subject: [PATCH 24/66] Crypto: Updating expected file for weak asymmetric key gen size. --- .../WeakOrUnknownAsymmetricKeyGenSize.expected | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected index 2e65efe2a145..23d1e17366be 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected @@ -1 +1,3 @@ -a \ No newline at end of file +| InsufficientAsymmetricKeySize.java:6:9:6:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA | +| InsufficientAsymmetricKeySize.java:10:9:10:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA | +| InsufficientAsymmetricKeySize.java:14:9:14:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH | From 76128ed8dc4a7c2bf93dcb9f117ee21d79d2b043 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 15:29:57 -0400 Subject: [PATCH 25/66] Crypto: Update InsecureIVorNonce to be a path problem. --- java/ql/lib/experimental/quantum/Language.qll | 14 -- .../Examples/InsecureIVorNonceSource.ql | 48 +++++- .../InsecureIVorNonceSource.expected | 137 +++++++++++++++++- .../InsecureIVorNonceSource.java | 12 +- 4 files changed, 179 insertions(+), 32 deletions(-) diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index b4464a875644..d30b30f8ef1e 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -93,20 +93,6 @@ private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource { override string getAdditionalDescription() { result = this.toString() } } -// /** -// * A property access value (constant from a file) -// */ -// class PropertyConstant extends Crypto::GenericConstantSourceInstance instanceof Literal{ -// PropertyConstant() { -// value = this.getPropertyValue() and -// // Since properties pairs are not included in the java/weak-cryptographic-algorithm, -// // the check for values from properties files can be less strict than `InsecureAlgoLiteral`. -// not value.regexpMatch(getSecureAlgorithmRegex()) -// } -// override string getStringValue() { result = value } -// } -import semmle.code.java.dataflow.RangeUtils -// TODO: import all frameworks? import semmle.code.java.frameworks.Properties private import semmle.code.configfiles.ConfigFiles diff --git a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql index b1f040692189..773f5a3c448b 100644 --- a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql @@ -6,7 +6,7 @@ * is any static nonce, or any known insecure source for a nonce/iv if * the value is used for an encryption operation (decryption operations are ignored * as the nonce/iv would be provided alongside the ciphertext). - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @tags quantum @@ -15,7 +15,42 @@ import experimental.quantum.Language -from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg +module NonceSrcFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::NonceArtifactNode nonce | sink.asExpr() = nonce.asElement()) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module NonceSrcFlow = TaintTracking::Global; + +import NonceSrcFlow::PathGraph + +from + Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg, + NonceSrcFlow::PathNode srcNode, NonceSrcFlow::PathNode sinkNode where nonce.getSourceNode() = src and // NOTE: null nonces should be handled seaparately, often used for default values prior to initialization @@ -25,7 +60,7 @@ where ( // Case 1: Any constant nonce/iv is bad, regardless of how it is used src.asElement() instanceof Crypto::GenericConstantSourceInstance and - op = nonce and // binding op by not using it + op = nonce and // binding op but not using it msg = "Nonce or IV uses constant source $@" or // Case 2: The nonce has a non-random source and there is no known operation for the nonce @@ -47,5 +82,8 @@ where op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode ) and msg = "Nonce or IV uses insecure source $@ at encryption operation $@" - ) -select nonce, msg, src, src.toString(), op, op.toString() + ) and + srcNode.getNode().asExpr() = src.asElement() and + sinkNode.getNode().asExpr() = nonce.asElement() and + NonceSrcFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, msg, src, src.toString(), op, op.toString() diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected index 5cb3fb117a64..3ad1b08e4762 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected @@ -1,7 +1,130 @@ -| InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce | -| InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce | -| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | -| InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | -| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | -| InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | -| InsecureIVorNonceSource.java:206:51:206:56 | Nonce | Nonce or IV uses insecure source $@ at encryption operation $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | InsecureIVorNonceSource.java:208:16:208:31 | EncryptOperation | EncryptOperation | +#select +| InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | Nonce or IV uses insecure source $@ at encryption operation $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | InsecureIVorNonceSource.java:208:16:208:31 | EncryptOperation | EncryptOperation | +edges +| InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | provenance | | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | provenance | | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:107:26:107:27 | iv : byte[] | InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:113:51:113:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:123:28:123:43 | nextInt(...) : Number | InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | provenance | | +| InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:130:51:130:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:138:52:138:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | provenance | MaD:2 | +| InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:147:51:147:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:155:52:155:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | provenance | | +| InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | provenance | MaD:3 | +| InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:164:51:164:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:174:52:174:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | provenance | | +| InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:186:51:186:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:5 | +| InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | provenance | | +| InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:5 | +models +| 1 | Sink: javax.crypto; Cipher; true; init; (int,Key,AlgorithmParameterSpec); ; Argument[2]; encryption-iv; manual | +| 2 | Summary: java.lang; System; false; arraycopy; ; ; Argument[0]; Argument[2]; taint; manual | +| 3 | Summary: java.util; Arrays; false; copyOf; ; ; Argument[0].ArrayElement; ReturnValue.ArrayElement; value; manual | +| 4 | Summary: javax.crypto.spec; GCMParameterSpec; true; GCMParameterSpec; ; ; Argument[1]; Argument[this]; taint; manual | +| 5 | Summary: javax.crypto.spec; IvParameterSpec; true; IvParameterSpec; ; ; Argument[0]; Argument[this]; taint; manual | +nodes +| InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | semmle.label | iv [post update] : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | semmle.label | 1 : Number | +| InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | semmle.label | iv : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | semmle.label | {...} : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | semmle.label | staticIvs : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | semmle.label | ...[...] : byte[] | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | semmle.label | {...} : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | semmle.label | staticIvs : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | semmle.label | ...[...] : byte[] | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:107:26:107:27 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:113:51:113:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | semmle.label | iv [post update] : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | semmle.label | (...)... : Number | +| InsecureIVorNonceSource.java:123:28:123:43 | nextInt(...) : Number | semmle.label | nextInt(...) : Number | +| InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | semmle.label | iv : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:130:51:130:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:138:52:138:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | semmle.label | iv [post update] : byte[] | +| InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:147:51:147:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:155:52:155:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | semmle.label | copyOf(...) : byte[] [[]] : Object | +| InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | semmle.label | iv : byte[] [[]] : Object | +| InsecureIVorNonceSource.java:164:51:164:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:174:52:174:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | semmle.label | generate(...) : byte[] | +| InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:186:51:186:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | semmle.label | bytes : byte[] | +| InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | semmle.label | bytes : byte[] | +| InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | semmle.label | generateInsecureRandomBytes(...) : byte[] | +| InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec | +subpaths +testFailures +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | Unexpected result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java index a638909410a5..f1b8878d63ad 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java @@ -11,7 +11,7 @@ public class InsecureIVorNonceSource { // BAD: AES-GCM with static IV from a byte array public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception { - byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; + byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); @@ -54,8 +54,8 @@ public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws // BAD: AES-GCM with static IV from a multidimensional byte array public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws Exception { byte[][] staticIvs = new byte[][] { - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, // $Source + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } // $Source }; GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); @@ -70,8 +70,8 @@ public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws E // BAD: AES-GCM with static IV from a multidimensional byte array public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws Exception { byte[][] staticIvs = new byte[][] { - new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, - new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, // $Source + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } // $Source }; GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); @@ -191,7 +191,7 @@ public byte[] encryptWithGeneratedIvByteArray(byte[] key, byte[] plaintext) thro public byte[] generateInsecureRandomBytes(int numBytes) { Random random = new Random(); byte[] bytes = new byte[numBytes]; - random.nextBytes(bytes); + random.nextBytes(bytes); // $Source return bytes; } From 7847e926705efc53ce830cce9405649df1832801 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 15:30:53 -0400 Subject: [PATCH 26/66] Crypto: Update KDF iteration and count to be path problems --- .../quantum/Examples/WeakKDFIterationCount.ql | 50 +++++++++++++++++-- .../quantum/Examples/WeakKDFKeySize.ql | 50 +++++++++++++++++-- .../codeql/quantum/experimental/Model.qll | 14 +++++- 3 files changed, 102 insertions(+), 12 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql index 2dd5b0b006be..fc07c30e6772 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql @@ -2,7 +2,7 @@ * @name Weak known key derivation function iteration count * @description Detects key derivation operations with a known weak iteration count. * @id java/quantum/weak-kdf-iteration-count - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @tags quantum @@ -12,9 +12,49 @@ import java import experimental.quantum.Language -from Crypto::KeyDerivationOperationNode op, Literal l +module IterationCountConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyDerivationOperationInstance kdev | + sink = kdev.getIterationCountConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module IterationCountFlow = TaintTracking::Global; + +import IterationCountFlow::PathGraph + +from + Crypto::KeyDerivationOperationNode op, Literal l, IterationCountFlow::PathNode srcNode, + IterationCountFlow::PathNode sinkNode where op.getIterationCount().asElement() = l and - l.getValue().toInt() < 100000 -select op, "Key derivation operation configures iteration count below 100k: $@", l, - l.getValue().toString() + l.getValue().toInt() < 100000 and + srcNode.getNode().asExpr() = l and + sinkNode.getNode() = op.getIterationCountConsumer().getConsumer().getInputNode() and + IterationCountFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Key derivation operation configures iteration count below 100k: $@", l, l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql index 1bae9ebef4f5..3bd93cf8e0dc 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql @@ -2,7 +2,7 @@ * @name Weak known key derivation function output length * @description Detects key derivation operations with a known weak output length * @id java/quantum/weak-kdf-key-size - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @tags quantum @@ -12,9 +12,49 @@ import java import experimental.quantum.Language -from Crypto::KeyDerivationOperationNode op, Literal l +module KeySizeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyDerivationOperationInstance kdev | + sink = kdev.getKeySizeConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module KeySizeFlow = TaintTracking::Global; + +import KeySizeFlow::PathGraph + +from + Crypto::KeyDerivationOperationNode op, Literal l, KeySizeFlow::PathNode srcNode, + KeySizeFlow::PathNode sinkNode where op.getOutputKeySize().asElement() = l and - l.getValue().toInt() < 256 -select op, "Key derivation operation configures output key length below 256: $@", l, - l.getValue().toString() + l.getValue().toInt() < 256 and + srcNode.getNode().asExpr() = l and + sinkNode.getNode() = op.getKeySizeConsumer().getConsumer().getInputNode() and + KeySizeFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Key derivation operation configures output key length below 256: $@", l, l.getValue().toString() diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 4de99ccb46ab..b6bf30964f63 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1580,6 +1580,8 @@ module CryptographyBase Input> { result = instance.getKeySizeConsumer().getConsumer().getAKnownSourceNode() } + ConsumerInputDataFlowNode getKeySizeConsumer() { result = instance.getKeySizeConsumer() } + /** * Gets the key artifact produced by this operation. */ @@ -1753,11 +1755,19 @@ module CryptographyBase Input> { } GenericSourceNode getIterationCount() { - result.asElement() = kdfInstance.getIterationCountConsumer().getConsumer().getAGenericSource() + result.asElement() = this.getIterationCountConsumer().getConsumer().getAGenericSource() } GenericSourceNode getOutputKeySize() { - result.asElement() = kdfInstance.getOutputKeySizeConsumer().getConsumer().getAGenericSource() + result.asElement() = this.getOutputKeySizeConsumer().getConsumer().getAGenericSource() + } + + ConsumerInputDataFlowNode getIterationCountConsumer() { + result = kdfInstance.getIterationCountConsumer() + } + + ConsumerInputDataFlowNode getOutputKeySizeConsumer() { + result = kdfInstance.getOutputKeySizeConsumer() } override predicate isCandidateAlgorithmNode(AlgorithmNode node) { From 8b5a42328e29ec95902c62ae7861c6205a4ad566 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 15:34:41 -0400 Subject: [PATCH 27/66] Crypto: Convert ReusedNonce.ql into a path problem. --- .../quantum/Examples/ReusedNonce.ql | 52 ++++++++-- .../examples/NonceReuse/NonceReuse.expected | 95 ++++++++++++++++++- 2 files changed, 136 insertions(+), 11 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql index 2236df8ce335..736b28d22111 100644 --- a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql +++ b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql @@ -2,7 +2,7 @@ * @name Reuse of cryptographic nonce * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. * @id java/quantum/reused-nonce - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @tags quantum @@ -12,16 +12,51 @@ import java import ArtifactReuse -from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2, Crypto::NodeBase sourceNode +module NonceSrcFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::NonceArtifactNode nonce | sink.asExpr() = nonce.asElement()) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module NonceSrcFlow = TaintTracking::Global; + +import NonceSrcFlow::PathGraph + +from + Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2, Crypto::NodeBase src, + NonceSrcFlow::PathNode srcNode, NonceSrcFlow::PathNode sinkNode where isArtifactReuse(nonce1, nonce2) and // NOTE: in general we may not know a source, but see possible reuse, // we are not detecting these cases here (only where the source is the same). - sourceNode = nonce1.getSourceNode() and - sourceNode = nonce2.getSourceNode() and + src = nonce1.getSourceNode() and + src = nonce2.getSourceNode() and // Null literals are typically used for initialization, and if two 'nulls' // are reused, it is likely an uninitialization path that would result in a NullPointerException. - not sourceNode.asElement() instanceof NullLiteral and + not src.asElement() instanceof NullLiteral and // if the nonce is used in an encryption and decryption, ignore that reuse not exists(Crypto::CipherOperationNode op1, Crypto::CipherOperationNode op2 | op1 != op2 and @@ -46,6 +81,9 @@ where op1.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode ) ) - ) -select sourceNode, "Nonce source is reused, see $@ and $@", nonce1, nonce1.toString(), nonce2, + ) and + srcNode.getNode().asExpr() = src.asElement() and + sinkNode.getNode().asExpr() = nonce1.asElement() and + NonceSrcFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, "Nonce source is reused, see alternate sink $@", nonce2, nonce2.toString() diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected index f5e9382a40c4..cf03a9053eb5 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected @@ -1,4 +1,91 @@ -| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:40:47:40:52 | Nonce | Nonce | Test.java:49:47:49:52 | Nonce | Nonce | -| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:49:47:49:52 | Nonce | Nonce | Test.java:40:47:40:52 | Nonce | Nonce | -| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:76:48:76:54 | Nonce | Nonce | Test.java:82:49:82:55 | Nonce | Nonce | -| Test.java:19:38:19:40 | RandomNumberGeneration | Nonce source is reused, see $@ and $@ | Test.java:82:49:82:55 | Nonce | Nonce | Test.java:76:48:76:54 | Nonce | Nonce | +edges +| Test.java:19:38:19:40 | val : byte[] | Test.java:20:16:20:18 | val : byte[] | provenance | | +| Test.java:20:16:20:18 | val : byte[] | Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | provenance | | +| Test.java:20:16:20:18 | val : byte[] | Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | provenance | | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | Test.java:26:16:26:18 | val : byte[] | provenance | | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | Test.java:27:16:27:18 | val : byte[] | provenance | | +| Test.java:26:16:26:18 | val : byte[] | Test.java:36:32:36:40 | iv : byte[] | provenance | | +| Test.java:27:16:27:18 | val : byte[] | Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | provenance | | +| Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | Test.java:33:16:33:18 | val : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:36:32:36:40 | iv : byte[] | Test.java:37:54:37:55 | iv : byte[] | provenance | | +| Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:40:47:40:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:37:54:37:55 | iv : byte[] | Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:37:54:37:55 | iv : byte[] | Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | Test.java:46:54:46:55 | iv : byte[] | provenance | | +| Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:49:47:49:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:46:54:46:55 | iv : byte[] | Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:46:54:46:55 | iv : byte[] | Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | Test.java:55:54:55:55 | iv : byte[] | provenance | | +| Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:58:47:58:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:55:54:55:55 | iv : byte[] | Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:55:54:55:55 | iv : byte[] | Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | Test.java:64:54:64:55 | iv : byte[] | provenance | | +| Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:67:47:67:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:64:54:64:55 | iv : byte[] | Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:64:54:64:55 | iv : byte[] | Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | Test.java:73:55:73:56 | iv : byte[] | provenance | | +| Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | Test.java:76:48:76:54 | ivSpec1 | provenance | Sink:MaD:45890 | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:79:55:79:56 | iv : byte[] | provenance | | +| Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | Test.java:82:49:82:55 | ivSpec2 | provenance | Sink:MaD:45890 | +| Test.java:79:55:79:56 | iv : byte[] | Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:79:55:79:56 | iv : byte[] | Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:88:38:88:39 | iv : byte[] | Test.java:89:54:89:55 | iv : byte[] | provenance | | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:93:51:93:56 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:96:51:96:56 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:89:54:89:55 | iv : byte[] | Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:89:54:89:55 | iv : byte[] | Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:103:38:103:39 | iv : byte[] | Test.java:104:54:104:55 | iv : byte[] | provenance | | +| Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:107:47:107:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:104:54:104:55 | iv : byte[] | Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:104:54:104:55 | iv : byte[] | Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +nodes +| Test.java:19:38:19:40 | val : byte[] | semmle.label | val : byte[] | +| Test.java:20:16:20:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | semmle.label | getRandomWrapper1(...) : byte[] | +| Test.java:26:16:26:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:27:16:27:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | semmle.label | getRandomWrapper1(...) : byte[] | +| Test.java:33:16:33:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:36:32:36:40 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:37:54:37:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:40:47:40:52 | ivSpec | semmle.label | ivSpec | +| Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | semmle.label | getRandomWrapper2A(...) : byte[] | +| Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:46:54:46:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:49:47:49:52 | ivSpec | semmle.label | ivSpec | +| Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:55:54:55:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:58:47:58:52 | ivSpec | semmle.label | ivSpec | +| Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:64:54:64:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:67:47:67:52 | ivSpec | semmle.label | ivSpec | +| Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:73:55:73:56 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:76:48:76:54 | ivSpec1 | semmle.label | ivSpec1 | +| Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:79:55:79:56 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:82:49:82:55 | ivSpec2 | semmle.label | ivSpec2 | +| Test.java:88:38:88:39 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:89:54:89:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:93:51:93:56 | ivSpec | semmle.label | ivSpec | +| Test.java:96:51:96:56 | ivSpec | semmle.label | ivSpec | +| Test.java:103:38:103:39 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:104:54:104:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:107:47:107:52 | ivSpec | semmle.label | ivSpec | +subpaths +#select +| Test.java:40:47:40:52 | ivSpec | Test.java:19:38:19:40 | val : byte[] | Test.java:40:47:40:52 | ivSpec | Nonce source is reused, see alternate sink $@ | Test.java:49:47:49:52 | Nonce | Nonce | +| Test.java:49:47:49:52 | ivSpec | Test.java:19:38:19:40 | val : byte[] | Test.java:49:47:49:52 | ivSpec | Nonce source is reused, see alternate sink $@ | Test.java:40:47:40:52 | Nonce | Nonce | +| Test.java:76:48:76:54 | ivSpec1 | Test.java:19:38:19:40 | val : byte[] | Test.java:76:48:76:54 | ivSpec1 | Nonce source is reused, see alternate sink $@ | Test.java:82:49:82:55 | Nonce | Nonce | +| Test.java:82:49:82:55 | ivSpec2 | Test.java:19:38:19:40 | val : byte[] | Test.java:82:49:82:55 | ivSpec2 | Nonce source is reused, see alternate sink $@ | Test.java:76:48:76:54 | Nonce | Nonce | From 7e8acd76c3bc99e723bc4597bc63054fc3636c85 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 15:48:32 -0400 Subject: [PATCH 28/66] Crypto: Update WeakAsymmetricKeyGenSize to a path problem. --- .../Examples/WeakAsymmetricKeyGenSize.ql | 59 ++++++++++++++++--- ...WeakOrUnknownAsymmetricKeyGenSize.expected | 16 ++++- 2 files changed, 65 insertions(+), 10 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql index d478f2383a56..93fc58775d95 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -2,7 +2,7 @@ * @name Weak Asymmetric Key Size * @id java/quantum/weak-asymmetric-key-gen-size * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @tags quantum @@ -12,12 +12,57 @@ import java import experimental.quantum.Language -from Crypto::KeyArtifactNode key, int keySize, Crypto::AlgorithmNode alg +module KeySizeFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyCreationOperationNode kgen | + sink = kgen.getKeySizeConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module KeySizeFlow = TaintTracking::Global; + +import KeySizeFlow::PathGraph + +from + Crypto::KeyCreationOperationNode keygen, int keySize, Crypto::AlgorithmNode alg, + KeySizeFlow::PathNode srcNode, KeySizeFlow::PathNode sinkNode where - key.getCreatingOperation().getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and - alg = key.getAKnownAlgorithm() and // NOTE: if algorithm is not known (doesn't bind) we need a separate query + // ASSUMPTION/NOTE: if the key size is set on a key creation, but the key creation itself is not observed + // (i.e., the size is initialized but the operation not observed) currently we will not + // detect the size. A key creation operation currently must be observed. + keygen.getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and + // NOTE: if algorithm is not known (doesn't bind) we need a separate query + // Also note the algorithm may also be re-specified at a use of the key + alg = keygen.getAKnownAlgorithm() and not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm alg instanceof Crypto::AsymmetricAlgorithmNode and - keySize < 2048 -select key, "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", - alg, alg.getAlgorithmName() + keySize < 2048 and + srcNode.getNode().asExpr() = keygen.getAKeySizeSource().asElement() and + sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode() +select sinkNode, srcNode, sinkNode, + "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg, + alg.getAlgorithmName() diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected index 23d1e17366be..26dc1bfad245 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected @@ -1,3 +1,13 @@ -| InsufficientAsymmetricKeySize.java:6:9:6:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA | -| InsufficientAsymmetricKeySize.java:10:9:10:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA | -| InsufficientAsymmetricKeySize.java:14:9:14:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH | +edges +nodes +| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:17:32:17:35 | 2048 | semmle.label | 2048 | +| InsufficientAsymmetricKeySize.java:21:32:21:35 | 2048 | semmle.label | 2048 | +| InsufficientAsymmetricKeySize.java:25:32:25:35 | 2048 | semmle.label | 2048 | +subpaths +#select +| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA | +| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA | +| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH | From 55bbcee3015efb6465fc39ee438583d423afab3a Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 13 Oct 2025 17:04:29 -0400 Subject: [PATCH 29/66] Crypto: Make WeakAsymmetricKeyGenSize a path problem. --- .../experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql | 4 +++- shared/quantum/codeql/quantum/experimental/Model.qll | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql index 93fc58775d95..c72e73b84ad4 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -59,10 +59,12 @@ where // Also note the algorithm may also be re-specified at a use of the key alg = keygen.getAKnownAlgorithm() and not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm + not alg.(Crypto::KeyAgreementAlgorithmNode).getKeyAgreementType() = Crypto::ECDH() and // ECDH key sizes should be handled with elliptic curves alg instanceof Crypto::AsymmetricAlgorithmNode and keySize < 2048 and srcNode.getNode().asExpr() = keygen.getAKeySizeSource().asElement() and - sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode() + sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode() and + KeySizeFlow::flowPath(srcNode, sinkNode) select sinkNode, srcNode, sinkNode, "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg, alg.getAlgorithmName() diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index b6bf30964f63..a2bbc0e59fb9 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1712,6 +1712,8 @@ module CryptographyBase Input> { } override string getAlgorithmName() { result = this.getRawAlgorithmName() } // TODO: standardize? + + KeyAgreementType getKeyAgreementType() { result = instance.asAlg().getKeyAgreementType() } } class KeyGenerationOperationNode extends KeyCreationOperationNode { From ee08385e313627af75c3be1fa46ca9588256195f Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 08:06:19 -0400 Subject: [PATCH 30/66] Crytpo: Update JCA keyagreement to type conversion, XDH is a type of ECDH. --- java/ql/lib/experimental/quantum/JCA.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index be91a0158721..e288467ae97f 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -221,13 +221,13 @@ module JCAModel { bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and - name.toUpperCase() in ["DH", "XDH"] + name.toUpperCase() in ["DH"] or type = Crypto::EDH() and name.toUpperCase() = "EDH" or type = Crypto::ECDH() and - name.toUpperCase() in ["ECDH", "X25519", "X448"] + name.toUpperCase() in ["ECDH", "X25519", "X448", "XDH"] or type = Crypto::OtherKeyAgreementType() and name.toUpperCase().matches("ML-KEM%") From bf9a249624f019deff451ee51793e462ae52f516 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 08:06:50 -0400 Subject: [PATCH 31/66] Crypto: Experimental queries for mac ordering --- .../Examples/BadMacOrderDecryptToMac.ql | 27 +++++++++ .../BadMacOrderMacOnEncryptPlaintext.ql | 57 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql create mode 100644 java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql new file mode 100644 index 000000000000..b69dd3be2c91 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -0,0 +1,27 @@ +/** + * @name Bad MAC order: decrypt to mac + * @description MAC should be on a cipher, not a raw message + * @id java/quantum/bad-mac-order-decrypt-to-mac + * @kind path-problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language +import ArtifactFlow::PathGraph + +from ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink +where + ArtifactFlow::flowPath(src, sink) and + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TDecryptMode() and + cipherOp.getAnOutputArtifact().asElement() = src.getNode().asExpr() + ) and + exists(Crypto::MacOperationNode macOp | + macOp.getAnInputArtifact().asElement() = sink.getNode().asExpr() + ) +select sink, src, sink, + "MAC order potentially wrong: observed decrypt output to MAC implying the MAC is on plaintext, and not a cipher." diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql new file mode 100644 index 000000000000..b0cce3101206 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -0,0 +1,57 @@ +/** + * @name Bad MAC order: MAC on an encrypt plaintext + * @description MAC should be on a cipher, not a raw message + * @id java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +// NOTE: I must look for a common data flow node rather than +// starting from a message source, since the message source +// might not be known. +// TODO: can we approximate a message source better? +module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { exists(source.asParameter()) } + + predicate isSink(DataFlow::Node sink) { + sink = any(Crypto::FlowAwareElement other).getInputNode() + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module CommonDataFlowNodeFlow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink1, DataFlow::Node sink2 +where + CommonDataFlowNodeFlow::flow(src, sink1) and + CommonDataFlowNodeFlow::flow(src, sink2) and + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = sink1.asExpr() + ) and + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = sink2.asExpr()) +select src, "Message used for encryption operation at $@, also used for MAC at $@.", sink1, + sink1.toString(), sink2, sink2.toString() From c7be23e1fe11329cb86c25e129981480f754ffc7 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 09:22:04 -0400 Subject: [PATCH 32/66] Crypto: Remove all precision tags from all experimental queries. Precision is largely in flux while the models are being developed. --- .../src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql | 1 - .../quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql | 1 - .../src/experimental/quantum/Examples/InsecureIVorNonceSource.ql | 1 - java/ql/src/experimental/quantum/Examples/ReusedNonce.ql | 1 - java/ql/src/experimental/quantum/Examples/UnknownHash.ql | 1 - .../src/experimental/quantum/Examples/UnknownIVorNonceSource.ql | 1 - .../experimental/quantum/Examples/UnknownKDFIterationCount.ql | 1 - .../experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql | 1 - java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql | 1 - java/ql/src/experimental/quantum/Examples/WeakHash.ql | 1 - java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql | 1 - java/ql/src/experimental/quantum/Examples/WeakRSA.ql | 1 - java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql | 1 - 13 files changed, 13 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql index b69dd3be2c91..77f5e81b366b 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -4,7 +4,6 @@ * @id java/quantum/bad-mac-order-decrypt-to-mac * @kind path-problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index b0cce3101206..fdc41dcc1a64 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -4,7 +4,6 @@ * @id java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac * @kind problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql index 773f5a3c448b..3bf6a05a113b 100644 --- a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql @@ -8,7 +8,6 @@ * as the nonce/iv would be provided alongside the ciphertext). * @kind path-problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql index 736b28d22111..9b419ac2d414 100644 --- a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql +++ b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql @@ -4,7 +4,6 @@ * @id java/quantum/reused-nonce * @kind path-problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql index d9dce7a7aba5..b9bb1905c113 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql @@ -4,7 +4,6 @@ * @id java/quantum/unknown-hash * @kind problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql index fdd04f7f2176..33601ef49c3e 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql @@ -7,7 +7,6 @@ * These cases are ignored. * @kind problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql index b0c41298eb27..80c0b2195eb3 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql @@ -3,7 +3,6 @@ * @description Detects key derivation operations with an unknown iteration count. * @id java/quantum/unknown-kdf-iteration-count * @kind problem - * @precision medium * @problem.severity error * @tags quantum * experimental diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql index c72e73b84ad4..f0b2cb705532 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -4,7 +4,6 @@ * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation. * @kind path-problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql index 189f58eebad3..53e4d38216a9 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql @@ -4,7 +4,6 @@ * @description An AES cipher is in use with an insecure block mode * @kind problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql index ecbe9318c3d9..573265705ba3 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakHash.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql @@ -4,7 +4,6 @@ * @id java/quantum/weak-hash * @kind problem * @problem.severity error - * @precision high * @tags external/cwe/cwe-327 * quantum * experimental diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql index 3bd93cf8e0dc..772f2e7a5a3c 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql @@ -4,7 +4,6 @@ * @id java/quantum/weak-kdf-key-size * @kind path-problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/WeakRSA.ql b/java/ql/src/experimental/quantum/Examples/WeakRSA.ql index f365b4d7e75a..ee78b4b8ed3c 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakRSA.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakRSA.ql @@ -4,7 +4,6 @@ * @description RSA with a key length <2048 found * @kind problem * @problem.severity error - * @precision high * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql index a7e03c62a53c..2f67a4c97674 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql @@ -4,7 +4,6 @@ * @id java/quantum/weak-ciphers * @kind problem * @problem.severity error - * @precision high * @tags external/cwe/cwe-327 * quantum * experimental From 631e482fd6cf1d887cf383e10605806247b95c3d Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 11:01:49 -0400 Subject: [PATCH 33/66] Crytpo: when key encapsulation or cipher operations have multiple modes at a node, the node name must reflect that it may be any mode. --- .../codeql/quantum/experimental/Model.qll | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index a2bbc0e59fb9..70bcafa502e7 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1993,9 +1993,20 @@ module CryptographyBase Input> { string nodeName; CipherOperationNode() { - this.getKeyOperationSubtype() = TEncryptMode() and nodeName = "EncryptOperation" - or - this.getKeyOperationSubtype() = TDecryptMode() and nodeName = "DecryptOperation" + ( + if + this.getKeyOperationSubtype() = TEncryptMode() and + this.getKeyOperationSubtype() = TDecryptMode() + then nodeName = "CipherOperation" + else ( + if this.getKeyOperationSubtype() = TEncryptMode() + then nodeName = "EncryptOperation" + else ( + this.getKeyOperationSubtype() = TDecryptMode() and + nodeName = "DecryptOperation" + ) + ) + ) } override string getInternalType() { result = nodeName } @@ -2005,9 +2016,20 @@ module CryptographyBase Input> { string nodeName; KeyEncapsulationOperationNode() { - this.getKeyOperationSubtype() = TWrapMode() and nodeName = "WrapOperation" - or - this.getKeyOperationSubtype() = TUnwrapMode() and nodeName = "UnwrapOperation" + ( + if + this.getKeyOperationSubtype() = TWrapMode() and + this.getKeyOperationSubtype() = TUnwrapMode() + then nodeName = "KeyEncapsulationOperation" + else ( + if this.getKeyOperationSubtype() = TWrapMode() + then nodeName = "WrapOperation" + else ( + this.getKeyOperationSubtype() = TUnwrapMode() and + nodeName = "UnwrapOperation" + ) + ) + ) } override string getInternalType() { result = nodeName } From c6174fbb936d4d14d4d242dc36b9e26fc011e2a3 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 14:10:16 -0400 Subject: [PATCH 34/66] Crypto: remove precision tag --- .../src/experimental/quantum/Examples/WeakKDFIterationCount.ql | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql index fc07c30e6772..71dfb87b70cb 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql @@ -4,7 +4,6 @@ * @id java/quantum/weak-kdf-iteration-count * @kind path-problem * @problem.severity error - * @precision high * @tags quantum * experimental */ From 9a6aac130036f291982918c11d4c7084e9605bb1 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 14:20:16 -0400 Subject: [PATCH 35/66] Crypto: To get unreferenced parameters as general sources for Java, I've included the caveat that if a function is called, all the calls appear to be in test files. --- java/ql/lib/experimental/quantum/Language.qll | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index d30b30f8ef1e..8c57b525de81 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -55,7 +55,18 @@ final class DefaultRemoteFlowSource = RemoteFlowSource; private class GenericUnreferencedParameterSource extends Crypto::GenericUnreferencedParameterSource { GenericUnreferencedParameterSource() { - exists(Parameter p | this = p and not exists(p.getAnArgument())) + exists(Parameter p | + this = p and + ( + not exists(p.getAnArgument()) + or + // If all calls to a function occur in a test file, ignore those calls + // and consider the parameter to the function a potential source as well. + forall(Call testCall | testCall.getCallee() = p.getCallable() | + testCall.getFile().getBaseName().toUpperCase().matches("%TEST%") + ) + ) + ) } override predicate flowsTo(Crypto::FlowAwareElement other) { From 15e266db9427be24e650297d0071daf3243b7afe Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 14:20:40 -0400 Subject: [PATCH 36/66] Crypto: Tweaks to bad crypto ordering queries. --- .../quantum/Examples/BadMacOrderDecryptToMac.ql | 2 +- .../Examples/BadMacOrderMacOnEncryptPlaintext.ql | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql index 77f5e81b366b..2eea84cbec54 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -23,4 +23,4 @@ where macOp.getAnInputArtifact().asElement() = sink.getNode().asExpr() ) select sink, src, sink, - "MAC order potentially wrong: observed decrypt output to MAC implying the MAC is on plaintext, and not a cipher." + "MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher." diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index fdc41dcc1a64..3eef5daad597 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -16,7 +16,13 @@ import experimental.quantum.Language // might not be known. // TODO: can we approximate a message source better? module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { exists(source.asParameter()) } + predicate isSource(DataFlow::Node source) { + exists(source.asParameter()) + or + exists(Crypto::GenericSourceNode other | + other.asElement() = CryptoInput::dfn_to_element(source) + ) + } predicate isSink(DataFlow::Node sink) { sink = any(Crypto::FlowAwareElement other).getInputNode() @@ -41,7 +47,7 @@ module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { } } -module CommonDataFlowNodeFlow = DataFlow::Global; +module CommonDataFlowNodeFlow = TaintTracking::Global; from DataFlow::Node src, DataFlow::Node sink1, DataFlow::Node sink2 where From 25599e9b4b8108041fb4d6d0a2adea8c7a91eaec Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 15 Oct 2025 16:25:36 -0400 Subject: [PATCH 37/66] crypto: Update JCA model macs to take into consideration update calls (use prior pattern for signatures). Misc. bug fixes. --- java/ql/lib/experimental/quantum/JCA.qll | 56 +++++++++++++------ java/ql/lib/experimental/quantum/Language.qll | 18 +++--- .../library-tests/quantum/node_edges.expected | 37 +++++++++--- .../quantum/node_properties.expected | 29 +++++++--- .../library-tests/quantum/nodes.expected | 19 +++++-- 5 files changed, 115 insertions(+), 44 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index e288467ae97f..db40b40e0e55 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -133,7 +133,7 @@ module JCAModel { exists(string name | name = nameRaw.toUpperCase() | name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 or - name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and + name in ["SHA-256", "SHA-224", "SHA-384", "SHA-512", "SHA224", "SHA256", "SHA384", "SHA512"] and result instanceof Crypto::SHA2 and digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() or @@ -1628,7 +1628,7 @@ module JCAModel { } } - class MacOperationCall extends Crypto::MacOperationInstance instanceof MethodCall { + class MacOperationCall extends MethodCall { Expr output; MacOperationCall() { @@ -1638,30 +1638,52 @@ module JCAModel { or super.getMethod().hasStringSignature("doFinal(byte[], int)") and this.getArgument(0) = output + or + super.getMethod().hasStringSignature("update(byte[])") and this = output ) } - override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { - exists(MacGetInstanceCall instantiation | - instantiation.getOperation() = this and result = instantiation.getAlgorithmArg() - ) + predicate isIntermediate() { super.getMethod().getName() = "update" } + + Expr getOutput() { result = output } + + Expr getInput() { + super.getMethod().hasStringSignature(["doFinal(byte[])"]) and result = this.getArgument(0) + or + super.getMethod().hasStringSignature("update(byte[])") and result = this.getArgument(0) } + } - override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { - exists(MacGetInstanceCall instantiation, MacInitCall initCall | - instantiation.getOperation() = this and - initCall.getOperation() = this and - instantiation.getInitCall() = initCall and - result.asExpr() = initCall.getKeyArg() - ) + module MacFlowAnalysisImpl = + GetInstanceInitUseFlowAnalysis; + + class MacOperationInstance extends Crypto::MacOperationInstance instanceof MacOperationCall { + MacOperationInstance() { not super.isIntermediate() } + + MacGetInstanceCall getInstantiationCall() { + result = MacFlowAnalysisImpl::getInstantiationFromUse(this, _, _) } + MacInitCall getInitCall() { result = MacFlowAnalysisImpl::getInitFromUse(this, _, _) } + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { - result.asExpr() = super.getArgument(0) and - super.getMethod().getParameterType(0).hasName("byte[]") + result.asExpr() = super.getInput() or + result.asExpr() = MacFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getInput() + } + + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + result = this.getInstantiationCall().getAlgorithmArg() + } + + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + result.asExpr() = this.getInitCall().getKeyArg() } - override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result.asExpr() = output } + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + result.asExpr() = super.getOutput() or + result.asExpr() = + MacFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getOutput() + } override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { none() } @@ -1773,7 +1795,7 @@ module JCAModel { } } - private class SignatureOperationCall extends MethodCall { + class SignatureOperationCall extends MethodCall { SignatureOperationCall() { this.getMethod().hasQualifiedName("java.security", "Signature", ["update", "sign", "verify"]) } diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index 8c57b525de81..7eff427569df 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -57,15 +57,15 @@ private class GenericUnreferencedParameterSource extends Crypto::GenericUnrefere GenericUnreferencedParameterSource() { exists(Parameter p | this = p and - ( - not exists(p.getAnArgument()) - or - // If all calls to a function occur in a test file, ignore those calls - // and consider the parameter to the function a potential source as well. - forall(Call testCall | testCall.getCallee() = p.getCallable() | - testCall.getFile().getBaseName().toUpperCase().matches("%TEST%") - ) - ) + not exists(p.getAnArgument()) + // TODO: this is test code which causes regression in unit tests, but will + // find sources where ordinarily a source might be missing + // or + // // If all calls to a function occur in a test file, ignore those calls + // // and consider the parameter to the function a potential source as well. + // forall(Call testCall | testCall.getCallee() = p.getCallable() | + // testCall.getFile().getBaseName().toUpperCase().matches("%TEST%") + // ) ) } diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 0be5a459da17..7407dcaff08b 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -393,8 +393,10 @@ | jca/EllipticCurve1.java:106:16:106:36 | Key | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | | jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | | jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Output | jca/EllipticCurve1.java:106:16:106:36 | Key | -| jca/EllipticCurve1.java:115:16:115:36 | Key | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | -| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | +| jca/EllipticCurve1.java:115:16:115:36 | Key | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | | jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Output | jca/EllipticCurve1.java:115:16:115:36 | Key | | jca/EllipticCurve2.java:47:16:47:36 | Key | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | | jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | @@ -408,8 +410,10 @@ | jca/EllipticCurve2.java:73:16:73:36 | Key | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | | jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | | jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Output | jca/EllipticCurve2.java:73:16:73:36 | Key | -| jca/EllipticCurve2.java:81:16:81:36 | Key | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | -| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:81:16:81:36 | Key | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Output | jca/EllipticCurve2.java:81:16:81:36 | Key | | jca/EllipticCurve2.java:106:17:106:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | | jca/EllipticCurve2.java:107:20:107:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | @@ -657,7 +661,6 @@ | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:85:191:94 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:97:191:106 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:13:192:25 | HashAlgorithm | -| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:28:192:40 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:43:192:47 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Digest | jca/Hash.java:195:27:195:57 | Digest | | jca/Hash.java:195:27:195:57 | HashOperation | Message | jca/Hash.java:195:41:195:56 | Message | @@ -698,6 +701,7 @@ | jca/Hash.java:237:23:237:50 | KeyDerivation | Output | jca/Hash.java:237:23:237:50 | Key | | jca/Hash.java:237:23:237:50 | KeyDerivation | Salt | jca/Hash.java:235:66:235:69 | Salt | | jca/Hash.java:252:23:252:70 | Digest | Source | jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:16:294:66 | Constant | | jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:16:294:66 | LocalData | | jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:57:294:65 | HashAlgorithm | | jca/Hash.java:252:23:252:70 | HashOperation | Digest | jca/Hash.java:252:23:252:70 | Digest | @@ -725,6 +729,7 @@ | jca/IVArtifact.java:38:42:38:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | Constant | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | LocalData | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Input | jca/IVArtifact.java:39:44:39:52 | Message | @@ -910,14 +915,19 @@ | jca/KeyArtifact.java:42:26:42:53 | Key | Algorithm | jca/KeyArtifact.java:42:26:42:53 | Key | | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Algorithm | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Output | jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | Constant | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | LocalData | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Output | jca/KeyArtifact.java:66:32:66:51 | Key | | jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Output | jca/KeyArtifact.java:73:16:73:43 | Key | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | Mode | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | Padding | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:80:42:80:63 | Message | Source | jca/KeyDerivation1.java:78:39:78:53 | Parameter | | jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | @@ -988,6 +998,7 @@ | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | | jca/KeyDerivation1.java:314:42:314:63 | Message | Source | jca/KeyDerivation1.java:302:37:302:51 | Parameter | | jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | Constant | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | LocalData | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Input | jca/KeyDerivation1.java:314:42:314:63 | Message | @@ -1262,10 +1273,13 @@ | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:26:20:26:24 | Message | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | | jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:27:40:27:68 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Key | jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:27:28:27:69 | MACOperation | Message | jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Message | jca/Nonce.java:27:40:27:68 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Nonce | jca/Nonce.java:27:28:27:69 | MACOperation | | jca/Nonce.java:27:28:27:69 | MACOperation | Output | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | @@ -1273,10 +1287,13 @@ | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | | jca/Nonce.java:38:18:38:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:39:20:39:24 | Message | Source | jca/Nonce.java:35:24:35:41 | Constant | | jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | | jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:40:40:40:66 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Key | jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:40:28:40:67 | MACOperation | Message | jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Message | jca/Nonce.java:40:40:40:66 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Nonce | jca/Nonce.java:40:28:40:67 | MACOperation | | jca/Nonce.java:40:28:40:67 | MACOperation | Output | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | @@ -1304,10 +1321,14 @@ | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | | jca/Nonce.java:78:18:78:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:79:20:79:24 | Message | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:79:20:79:24 | Message | Source | jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | | jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | | jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:80:40:80:66 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Key | jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:80:28:80:67 | MACOperation | Message | jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Message | jca/Nonce.java:80:40:80:66 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Nonce | jca/Nonce.java:80:28:80:67 | MACOperation | | jca/Nonce.java:80:28:80:67 | MACOperation | Output | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | @@ -1438,8 +1459,10 @@ | jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Signature | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:236:27:236:30 | Constant | -| jca/SignatureOperation.java:133:16:133:36 | Key | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | -| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:133:16:133:36 | Key | Algorithm | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Output | jca/SignatureOperation.java:133:16:133:36 | Key | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index 506be879d630..9879b4cc5152 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -387,7 +387,8 @@ | jca/EllipticCurve1.java:95:16:95:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:95:16:95:36 | jca/EllipticCurve1.java:95:16:95:36 | | jca/EllipticCurve1.java:105:66:105:76 | Constant | Description | "sm2p256v1" | jca/EllipticCurve1.java:105:66:105:76 | jca/EllipticCurve1.java:105:66:105:76 | | jca/EllipticCurve1.java:106:16:106:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:106:16:106:36 | jca/EllipticCurve1.java:106:16:106:36 | -| jca/EllipticCurve1.java:114:61:114:69 | Constant | Description | "Ed25519" | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | | jca/EllipticCurve1.java:115:16:115:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:115:16:115:36 | jca/EllipticCurve1.java:115:16:115:36 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | @@ -407,7 +408,8 @@ | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | | jca/EllipticCurve2.java:73:16:73:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:73:16:73:36 | jca/EllipticCurve2.java:73:16:73:36 | -| jca/EllipticCurve2.java:80:61:80:69 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | | jca/EllipticCurve2.java:81:16:81:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:81:16:81:36 | jca/EllipticCurve2.java:81:16:81:36 | | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | @@ -641,7 +643,8 @@ | jca/Hash.java:191:32:191:38 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | Name | SHA1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | -| jca/Hash.java:191:41:191:49 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | DigestSize | 224 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | | jca/Hash.java:191:41:191:49 | HashAlgorithm | RawName | SHA-224 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | | jca/Hash.java:191:52:191:60 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | | jca/Hash.java:191:52:191:60 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | @@ -658,10 +661,9 @@ | jca/Hash.java:191:97:191:106 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | | jca/Hash.java:191:97:191:106 | HashAlgorithm | Name | SHA3 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | | jca/Hash.java:191:97:191:106 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | -| jca/Hash.java:192:13:192:25 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | Name | BLAKE2B | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | | jca/Hash.java:192:13:192:25 | HashAlgorithm | RawName | BLAKE2B-512 | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | -| jca/Hash.java:192:28:192:40 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | -| jca/Hash.java:192:28:192:40 | HashAlgorithm | RawName | BLAKE2S-256 | jca/Hash.java:192:28:192:40 | jca/Hash.java:192:28:192:40 | | jca/Hash.java:192:43:192:47 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:192:43:192:47 | HashAlgorithm | Name | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:192:43:192:47 | HashAlgorithm | RawName | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | @@ -710,6 +712,7 @@ | jca/Hash.java:266:66:266:75 | HashAlgorithm | Name | SHA3 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | | jca/Hash.java:266:66:266:75 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | | jca/Hash.java:269:27:269:38 | Constant | Description | "fixed-seed" | jca/Hash.java:269:27:269:38 | jca/Hash.java:269:27:269:38 | +| jca/Hash.java:294:16:294:66 | Constant | Description | getProperty(...) | jca/Hash.java:294:16:294:66 | jca/Hash.java:294:16:294:66 | | jca/Hash.java:294:16:294:66 | LocalData | Description | getProperty(...) | jca/Hash.java:294:16:294:66 | jca/Hash.java:294:16:294:66 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | @@ -728,6 +731,7 @@ | jca/IVArtifact.java:38:42:38:44 | Key | KeyType | Unknown | jca/IVArtifact.java:38:42:38:44 | jca/IVArtifact.java:38:42:38:44 | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:39:29:39:53 | jca/IVArtifact.java:39:29:39:53 | | jca/IVArtifact.java:49:27:49:42 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:49:27:49:42 | jca/IVArtifact.java:49:27:49:42 | +| jca/IVArtifact.java:70:16:70:81 | Constant | Description | getProperty(...) | jca/IVArtifact.java:70:16:70:81 | jca/IVArtifact.java:70:16:70:81 | | jca/IVArtifact.java:70:16:70:81 | LocalData | Description | getProperty(...) | jca/IVArtifact.java:70:16:70:81 | jca/IVArtifact.java:70:16:70:81 | | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | @@ -923,6 +927,7 @@ | jca/KeyArtifact.java:37:29:37:56 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:37:29:37:56 | jca/KeyArtifact.java:37:29:37:56 | | jca/KeyArtifact.java:41:31:41:33 | Constant | Description | 256 | jca/KeyArtifact.java:41:31:41:33 | jca/KeyArtifact.java:41:31:41:33 | | jca/KeyArtifact.java:42:26:42:53 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:42:26:42:53 | jca/KeyArtifact.java:42:26:42:53 | +| jca/KeyArtifact.java:62:28:62:73 | Constant | Description | getProperty(...) | jca/KeyArtifact.java:62:28:62:73 | jca/KeyArtifact.java:62:28:62:73 | | jca/KeyArtifact.java:62:28:62:73 | LocalData | Description | getProperty(...) | jca/KeyArtifact.java:62:28:62:73 | jca/KeyArtifact.java:62:28:62:73 | | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:65:21:65:23 | jca/KeyArtifact.java:65:21:65:23 | | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | @@ -936,6 +941,8 @@ | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | Name | EDSA | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | RawName | Ed25519 | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | Description | password | jca/KeyDerivation1.java:78:39:78:53 | jca/KeyDerivation1.java:78:39:78:53 | | jca/KeyDerivation1.java:80:72:80:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | | jca/KeyDerivation1.java:80:79:80:81 | Constant | Description | 256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | @@ -1033,6 +1040,7 @@ | jca/KeyDerivation1.java:283:43:283:57 | Parameter | Description | password | jca/KeyDerivation1.java:283:43:283:57 | jca/KeyDerivation1.java:283:43:283:57 | | jca/KeyDerivation1.java:283:60:283:78 | Parameter | Description | sharedSecret | jca/KeyDerivation1.java:283:60:283:78 | jca/KeyDerivation1.java:283:60:283:78 | | jca/KeyDerivation1.java:302:37:302:51 | Parameter | Description | password | jca/KeyDerivation1.java:302:37:302:51 | jca/KeyDerivation1.java:302:37:302:51 | +| jca/KeyDerivation1.java:309:25:309:76 | Constant | Description | getProperty(...) | jca/KeyDerivation1.java:309:25:309:76 | jca/KeyDerivation1.java:309:25:309:76 | | jca/KeyDerivation1.java:309:25:309:76 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:309:25:309:76 | jca/KeyDerivation1.java:309:25:309:76 | | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | @@ -1041,10 +1049,14 @@ | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:310:43:310:86 | Constant | Description | getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | | jca/KeyDerivation1.java:310:43:310:86 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:311:40:311:78 | Constant | Description | getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:311:40:311:78 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:316:26:316:53 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:316:26:316:53 | jca/KeyDerivation1.java:316:26:316:53 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Iterations | Constant:getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Iterations | LocalData:getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | KeySize | Constant:getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | KeySize | LocalData:getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:333:72:333:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | | jca/KeyDerivation1.java:333:79:333:81 | Constant | Description | 256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | @@ -1283,6 +1295,7 @@ | jca/Nonce.java:25:18:25:20 | Key | KeyType | Unknown | jca/Nonce.java:25:18:25:20 | jca/Nonce.java:25:18:25:20 | | jca/Nonce.java:27:28:27:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:27:28:27:69 | jca/Nonce.java:27:28:27:69 | | jca/Nonce.java:27:40:27:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:27:40:27:57 | jca/Nonce.java:27:40:27:57 | +| jca/Nonce.java:35:24:35:41 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:35:24:35:41 | jca/Nonce.java:35:24:35:41 | | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | | jca/Nonce.java:38:18:38:20 | Key | KeyType | Unknown | jca/Nonce.java:38:18:38:20 | jca/Nonce.java:38:18:38:20 | @@ -1318,6 +1331,7 @@ | jca/Nonce.java:92:56:92:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:92:56:92:67 | jca/Nonce.java:92:56:92:67 | | jca/Nonce.java:93:16:93:35 | Key | KeyType | Symmetric | jca/Nonce.java:93:16:93:35 | jca/Nonce.java:93:16:93:35 | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:98:38:98:42 | jca/Nonce.java:98:38:98:42 | +| jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | Description | java.util.Random | jca/Nonce.java:104:32:104:36 | jca/Nonce.java:104:32:104:36 | | jca/Nonce.java:112:16:112:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:112:16:112:33 | jca/Nonce.java:112:16:112:33 | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Name | AES | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | @@ -1412,7 +1426,8 @@ | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | | jca/SignatureOperation.java:116:30:116:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:116:30:116:38 | jca/SignatureOperation.java:116:30:116:38 | | jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:118:16:118:41 | jca/SignatureOperation.java:118:16:118:41 | -| jca/SignatureOperation.java:132:61:132:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | | jca/SignatureOperation.java:133:16:133:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:133:16:133:36 | jca/SignatureOperation.java:133:16:133:36 | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 5e4c033707ad..80042576adfa 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -348,7 +348,7 @@ | jca/EllipticCurve1.java:105:66:105:76 | Constant | | jca/EllipticCurve1.java:106:16:106:36 | Key | | jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | -| jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | | jca/EllipticCurve1.java:115:16:115:36 | Key | | jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | @@ -363,7 +363,7 @@ | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | | jca/EllipticCurve2.java:73:16:73:36 | Key | | jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | -| jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:81:16:81:36 | Key | | jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | @@ -582,7 +582,6 @@ | jca/Hash.java:191:85:191:94 | HashAlgorithm | | jca/Hash.java:191:97:191:106 | HashAlgorithm | | jca/Hash.java:192:13:192:25 | HashAlgorithm | -| jca/Hash.java:192:28:192:40 | HashAlgorithm | | jca/Hash.java:192:43:192:47 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | Digest | | jca/Hash.java:195:27:195:57 | HashOperation | @@ -623,6 +622,7 @@ | jca/Hash.java:270:27:270:30 | Message | | jca/Hash.java:271:40:271:54 | Digest | | jca/Hash.java:271:40:271:54 | HashOperation | +| jca/Hash.java:294:16:294:66 | Constant | | jca/Hash.java:294:16:294:66 | LocalData | | jca/Hash.java:294:57:294:65 | HashAlgorithm | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | @@ -641,6 +641,7 @@ | jca/IVArtifact.java:39:29:39:53 | KeyOperationOutput | | jca/IVArtifact.java:39:44:39:52 | Message | | jca/IVArtifact.java:49:27:49:42 | Constant | +| jca/IVArtifact.java:70:16:70:81 | Constant | | jca/IVArtifact.java:70:16:70:81 | LocalData | | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | | jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | @@ -814,6 +815,7 @@ | jca/KeyArtifact.java:41:31:41:33 | Constant | | jca/KeyArtifact.java:42:26:42:53 | Key | | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | +| jca/KeyArtifact.java:62:28:62:73 | Constant | | jca/KeyArtifact.java:62:28:62:73 | LocalData | | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | | jca/KeyArtifact.java:65:21:65:23 | Constant | @@ -824,6 +826,7 @@ | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | | jca/KeyDerivation1.java:80:42:80:63 | Message | | jca/KeyDerivation1.java:80:66:80:69 | Salt | @@ -907,11 +910,14 @@ | jca/KeyDerivation1.java:283:43:283:57 | Parameter | | jca/KeyDerivation1.java:283:60:283:78 | Parameter | | jca/KeyDerivation1.java:302:37:302:51 | Parameter | +| jca/KeyDerivation1.java:309:25:309:76 | Constant | | jca/KeyDerivation1.java:309:25:309:76 | LocalData | | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:310:43:310:86 | Constant | | jca/KeyDerivation1.java:310:43:310:86 | LocalData | +| jca/KeyDerivation1.java:311:40:311:78 | Constant | | jca/KeyDerivation1.java:311:40:311:78 | LocalData | | jca/KeyDerivation1.java:314:42:314:63 | Message | | jca/KeyDerivation1.java:314:66:314:69 | Salt | @@ -1136,12 +1142,15 @@ | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | | jca/Nonce.java:27:28:27:69 | MACOperation | | jca/Nonce.java:27:40:27:57 | Constant | | jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:35:24:35:41 | Constant | | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | | jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | | jca/Nonce.java:40:28:40:67 | MACOperation | | jca/Nonce.java:40:40:40:55 | Constant | @@ -1168,6 +1177,7 @@ | jca/Nonce.java:63:44:63:52 | Message | | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | | jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | | jca/Nonce.java:80:28:80:67 | MACOperation | | jca/Nonce.java:80:40:80:55 | Constant | @@ -1176,6 +1186,7 @@ | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:93:16:93:35 | KeyGeneration | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | | jca/Nonce.java:112:16:112:33 | Constant | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | | jca/PrngTest.java:153:21:153:23 | Constant | @@ -1254,7 +1265,7 @@ | jca/SignatureOperation.java:117:26:117:29 | Message | | jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | -| jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:133:16:133:36 | Key | | jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | From 4860034d4122a6efc09b8dfd0aa2f3e43e4bdf1d Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 10:40:53 -0400 Subject: [PATCH 38/66] Crypto: Weak Hash test cases update and expected file. --- .../WeakOrUnknownHash/WeakHash.expected | 9 +++++++ .../WeakOrUnknownHash/WeakHashing.java | 25 +++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected new file mode 100644 index 000000000000..612cc1f62850 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected @@ -0,0 +1,9 @@ +#select +| WeakHashing.java:15:55:15:83 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +| WeakHashing.java:18:56:18:95 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +| WeakHashing.java:21:86:21:90 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +| WeakHashing.java:24:56:24:62 | HashAlgorithm | Use of unapproved hash algorithm or API: SHA1. | +| WeakHashing.java:34:56:34:96 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +testFailures +| WeakHashing.java:27:125:27:133 | // $Alert | Missing result: Alert | +| WeakHashing.java:40:111:40:119 | // $Alert | Missing result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java index 9fbe12e8b87b..9f207274c52b 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java @@ -12,22 +12,32 @@ void hashing() throws NoSuchAlgorithmException, IOException { props.load(new FileInputStream("example.properties")); // BAD: Using a weak hashing algorithm even with a secure default - MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); + MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/weak-hash] // BAD: Using a weak hashing algorithm even with a secure default - MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); + MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash] // BAD: Using a strong hashing algorithm but with a weak default - MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); + MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/weak-hash] + + // BAD: Using a weak hash + MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/weak-hash] // BAD: Property does not exist and default (used value) is unknown - MessageDigest bad4 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); + MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/unknown-hash] + + java.util.Properties props2 = new java.util.Properties(); + + props2.load(new FileInputStream("unobserved-file.properties")); + + // BAD: "hashalg1" is not visible in the file loaded for props2 + MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash] // GOOD: Using a strong hashing algorithm MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); // BAD?: Property does not exist (considered unknown) and but default is secure - MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); + MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/unknown-hash] // GOOD: Using a strong hashing algorithm MessageDigest ok3 = MessageDigest.getInstance("SHA3-512"); @@ -35,10 +45,5 @@ void hashing() throws NoSuchAlgorithmException, IOException { // GOOD: Using a strong hashing algorithm MessageDigest ok4 = MessageDigest.getInstance("SHA384"); - props.load(new FileInputStream("unobserved-file.properties")); - - // BAD: "hashalg1" is not visible since the file isn't known, this is an 'unknown' hash - // False positive/negative - MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); } } From d2598d4f5d221506c6d99d4db20dd0e8d576d1ab Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 10:56:08 -0400 Subject: [PATCH 39/66] Crypto: Updating weak hash tests --- .../quantum/examples/WeakOrUnknownHash/WeakHash.expected | 5 ----- .../quantum/examples/WeakOrUnknownHash/WeakHashing.java | 5 +++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected index 612cc1f62850..77eadf06cd3f 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected @@ -1,9 +1,4 @@ -#select | WeakHashing.java:15:55:15:83 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | | WeakHashing.java:18:56:18:95 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | | WeakHashing.java:21:86:21:90 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | | WeakHashing.java:24:56:24:62 | HashAlgorithm | Use of unapproved hash algorithm or API: SHA1. | -| WeakHashing.java:34:56:34:96 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | -testFailures -| WeakHashing.java:27:125:27:133 | // $Alert | Missing result: Alert | -| WeakHashing.java:40:111:40:119 | // $Alert | Missing result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java index 9f207274c52b..6435004931ac 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java @@ -30,8 +30,9 @@ void hashing() throws NoSuchAlgorithmException, IOException { props2.load(new FileInputStream("unobserved-file.properties")); - // BAD: "hashalg1" is not visible in the file loaded for props2 - MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash] + // BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown + // FALSE NEGATIVE for unknown hash + MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/unknown-hash] // GOOD: Using a strong hashing algorithm MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); From 79ccef3a5850528ea9c3348807b32547a6ded480 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 11:03:16 -0400 Subject: [PATCH 40/66] Crypto: Initial sketch for unknown hash, the model needs to recognize unknowns but where the algorithm category (e.g., hashing) is known. --- java/ql/src/experimental/quantum/Examples/UnknownHash.ql | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql index b9bb1905c113..5fd8e6fd5063 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql @@ -12,5 +12,8 @@ import java import experimental.quantum.Language from Crypto::HashAlgorithmNode alg -where not exists(alg.getHashType()) -select alg, "Use of unknown hash algorithm or API." +where + not exists(alg.getHashType()) + or + alg.getHashType() = Crypto::OtherHashType() +select alg, "Use of unknown hash algorithm." From a64a24d25d0a00a6db8dc57a4ab636562ed8b354 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 11:03:49 -0400 Subject: [PATCH 41/66] Crypto: Comment in Language.qll --- java/ql/lib/experimental/quantum/Language.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index 7eff427569df..3a33b763a6f2 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -58,9 +58,9 @@ private class GenericUnreferencedParameterSource extends Crypto::GenericUnrefere exists(Parameter p | this = p and not exists(p.getAnArgument()) - // TODO: this is test code which causes regression in unit tests, but will - // find sources where ordinarily a source might be missing // or + // // TODO: this is test code which causes regression in unit tests, but will + // // find sources where ordinarily a source might be missing // // If all calls to a function occur in a test file, ignore those calls // // and consider the parameter to the function a potential source as well. // forall(Call testCall | testCall.getCallee() = p.getCallable() | From 3f36b09b3c706587223fef88c3e420f064f47759 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 11:18:36 -0400 Subject: [PATCH 42/66] Crypto: Rename tests for weak asymmetric key gen size. --- ...etricKeyGenSize.expected => WeakAsymmetricKeyGenSize.expected} | 0 ...nAsymmetricKeyGenSize.qlref => WeakAsymmetricKeyGenSize.qlref} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/{WeakOrUnknownAsymmetricKeyGenSize.expected => WeakAsymmetricKeyGenSize.expected} (100%) rename java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/{WeakOrUnknownAsymmetricKeyGenSize.qlref => WeakAsymmetricKeyGenSize.qlref} (100%) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.expected similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected rename to java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.expected diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref similarity index 100% rename from java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref rename to java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref From b9b0037e077f320666218fdf0fc7059ca2c228e4 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 14:07:45 -0400 Subject: [PATCH 43/66] Crypto: Comment todo for observed missing modeled case. Tests for weak and unknown KDF iteration count. --- java/ql/lib/experimental/quantum/JCA.qll | 2 + .../WeakOrUnknownKDFIterationCount/Test.java | 63 +++++++++++++++++++ .../UnknownKDFIterationCount.expected | 5 ++ .../UnknownKDFIterationCount.qlref | 4 ++ .../WeakKDFIterationCount.expected | 16 +++++ .../WeakKDFIterationCount.qlref | 4 ++ 6 files changed, 94 insertions(+) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index db40b40e0e55..b74b20d98360 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -697,6 +697,8 @@ module JCAModel { abstract DataFlow::Node getInputNode(); } + // TODO: for all parametert specs, I think they can be set through the constructor + // and through setter methods class IvParameterSpecInstance extends NonceParameterInstantiation { IvParameterSpecInstance() { super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec") diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java new file mode 100644 index 000000000000..c5d55a941d2f --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java @@ -0,0 +1,63 @@ +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; +import java.util.Properties; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +public class Test { + + public static byte[] generateSalt(int length) { + SecureRandom random = new SecureRandom(); + byte[] salt = new byte[length]; + random.nextBytes(salt); + return salt; + } + + /** + * PBKDF2 derivation with a very low iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far + * below acceptable security standards. - Flagged as insecure. + */ + public void pbkdf2LowIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 10; // $Source + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/weak-kdf-iteration-count] + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } + + /** + * PBKDF2 derivation with a very low iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far + * below acceptable security standards. - Flagged as insecure. + */ + public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $Source + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/unknown-kdf-iteration-count] + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } + + /** + * PBKDF2 derivation with a high iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Uses 1,000,000 iterations; this is secure + * but may impact performance. + */ + public void pbkdf2HighIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 1_000_000; + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected new file mode 100644 index 000000000000..5792287fae68 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected @@ -0,0 +1,5 @@ +#select +| Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount | +testFailures +| Test.java:45:94:45:145 | // $Alert[java/quantum/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/unknown-kdf-iteration-count] | +| Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref new file mode 100644 index 000000000000..a285aac54ade --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/UnknownKDFIterationCount.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected new file mode 100644 index 000000000000..5b93bccd0b25 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected @@ -0,0 +1,16 @@ +#select +| Test.java:32:72:32:85 | iterationCount | Test.java:31:30:31:31 | 10 : Number | Test.java:32:72:32:85 | iterationCount | Key derivation operation configures iteration count below 100k: $@ | Test.java:31:30:31:31 | 10 | 10 | +edges +| Test.java:31:30:31:31 | 10 : Number | Test.java:32:72:32:85 | iterationCount | provenance | | +| Test.java:43:53:43:70 | iterationCount : Number | Test.java:45:72:45:85 | iterationCount | provenance | | +| Test.java:58:30:58:38 | 1_000_000 : Number | Test.java:59:72:59:85 | iterationCount | provenance | | +nodes +| Test.java:31:30:31:31 | 10 : Number | semmle.label | 10 : Number | +| Test.java:32:72:32:85 | iterationCount | semmle.label | iterationCount | +| Test.java:43:53:43:70 | iterationCount : Number | semmle.label | iterationCount : Number | +| Test.java:45:72:45:85 | iterationCount | semmle.label | iterationCount | +| Test.java:58:30:58:38 | 1_000_000 : Number | semmle.label | 1_000_000 : Number | +| Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount | +subpaths +testFailures +| Test.java:43:92:43:102 | // $Source | Missing result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref new file mode 100644 index 000000000000..1145083bf0d8 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakKDFIterationCount.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file From 700f34e53a3cec06821a63f2745f0dd23b8d0c5f Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 15:44:57 -0400 Subject: [PATCH 44/66] Crypto: Bad Mac use tests, and fix for BadMacOrderMacOnEncryptPlaintext (barriers were blocking flow through an encrypt to a subsequent mac on the same plaintext) --- .../BadMacOrderMacOnEncryptPlaintext.ql | 8 -- .../BadMacOrderDecryptToMac.expected | 0 .../BadMacUse/BadMacOrderDecryptToMac.qlref | 4 + .../BadMacOrderMacOnEncryptPlaintext.expected | 0 .../BadMacOrderMacOnEncryptPlaintext.qlref | 4 + .../quantum/examples/BadMacUse/BadMacUse.java | 87 +++++++++++++++++++ 6 files changed, 95 insertions(+), 8 deletions(-) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index 3eef5daad597..50b8b1caeb28 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -28,14 +28,6 @@ module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { sink = any(Crypto::FlowAwareElement other).getInputNode() } - predicate isBarrierOut(DataFlow::Node node) { - node = any(Crypto::FlowAwareElement element).getInputNode() - } - - predicate isBarrierIn(DataFlow::Node node) { - node = any(Crypto::FlowAwareElement element).getOutputNode() - } - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { node1.(AdditionalFlowInputStep).getOutput() = node2 or diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref new file mode 100644 index 000000000000..6ee58d936818 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref new file mode 100644 index 000000000000..f094aa14a467 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java new file mode 100644 index 000000000000..86a080b6924d --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -0,0 +1,87 @@ +import java.security.*; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + + +class BadMacUse { + + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } + + public void CipherThenMac(byte[] encryptionKeyBytes, byte[] macKeyBytes) throws Exception { + // Create keys directly from provided byte arrays + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // Encrypt some sample data using the encryption key + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] plaintext = "Further Use Test Data".getBytes(); + byte[] ciphertext = cipher.doFinal(plaintext); + + // Compute HMAC over the ciphertext using the MAC key + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(ciphertext); + + // Concatenate ciphertext and MAC + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + } + + + public void BadDecryptThenMacOnPlaintextVerify(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] input) throws Exception { + // Split input into ciphertext and MAC + int macLength = 32; // HMAC-SHA256 output length + byte[] ciphertext = Arrays.copyOfRange(input, 0, input.length - macLength); + byte[] receivedMac = Arrays.copyOfRange(input, input.length - macLength, input.length); + + // Decrypt first (unsafe) + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] plaintext = cipher.doFinal(ciphertext); // $Source + + // Now verify MAC (too late) + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(plaintext); // $Alert[java/quantum/bad-mac-order-decrypt-to-mac] + + if (!MessageDigest.isEqual(receivedMac, computedMac)) { + throw new SecurityException("MAC verification failed"); + } + } + + public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $Alert[java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac] + // Create keys directly from provided byte arrays + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // BAD Compute MAC over plaintext (not ciphertext) + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(plaintext); // Integrity not tied to encrypted data + + // Encrypt the plaintext + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] ciphertext = cipher.doFinal(plaintext); + + // Concatenate ciphertext and MAC + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + } +} \ No newline at end of file From 5923e5cbb0bc15401a0923ced5489a5e71411fb4 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 15:45:27 -0400 Subject: [PATCH 45/66] Crypto: Bad expected files in last push. --- .../BadMacUse/BadMacOrderDecryptToMac.expected | 11 +++++++++++ .../BadMacOrderMacOnEncryptPlaintext.expected | 1 + 2 files changed, 12 insertions(+) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected index e69de29bb2d1..78617fd73771 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected @@ -0,0 +1,11 @@ +#select +| BadMacUse.java:60:42:60:50 | plaintext | BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | BadMacUse.java:60:42:60:50 | plaintext | MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher. | +edges +| BadMacUse.java:30:29:30:53 | doFinal(...) : byte[] | BadMacUse.java:35:42:35:51 | ciphertext | provenance | | +| BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | BadMacUse.java:60:42:60:50 | plaintext | provenance | | +nodes +| BadMacUse.java:30:29:30:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:35:42:35:51 | ciphertext | semmle.label | ciphertext | +| BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:60:42:60:50 | plaintext | semmle.label | plaintext | +subpaths diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected index e69de29bb2d1..a46eeaf11f0b 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected @@ -0,0 +1 @@ +| BadMacUse.java:67:82:67:97 | plaintext | Message used for encryption operation at $@, also used for MAC at $@. | BadMacUse.java:80:44:80:52 | plaintext | plaintext | BadMacUse.java:75:42:75:50 | plaintext | plaintext | From ef6f0222f29aefbd23541777804c2a989a546b3f Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 16 Oct 2025 16:11:42 -0400 Subject: [PATCH 46/66] Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext --- .../Examples/BadMacOrderMacOnEncryptPlaintext.ql | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index 50b8b1caeb28..8128e29fc656 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -28,6 +28,15 @@ module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { sink = any(Crypto::FlowAwareElement other).getInputNode() } + // Don't go in to a known out node, this will prevent the plaintext + // from tracing out of cipher operations for example, we just want to trace + // the plaintext to uses. + // NOTE: we are not using a barrier out on input nodes, because + // that would remove 'use-use' flows, which we need + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { node1.(AdditionalFlowInputStep).getOutput() = node2 or @@ -43,6 +52,7 @@ module CommonDataFlowNodeFlow = TaintTracking::Global; from DataFlow::Node src, DataFlow::Node sink1, DataFlow::Node sink2 where + not src.asExpr() instanceof NullLiteral and CommonDataFlowNodeFlow::flow(src, sink1) and CommonDataFlowNodeFlow::flow(src, sink2) and exists(Crypto::CipherOperationNode cipherOp | From ff7840dc9f6c1da7f665d53a6e0deb47b1e76242 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 10:52:32 -0400 Subject: [PATCH 47/66] Crypto: removing precision tags on experimental queries. --- java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql | 1 - java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql | 1 - 2 files changed, 2 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql b/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql index 1aee95152328..b449f118bc34 100644 --- a/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql +++ b/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql @@ -4,7 +4,6 @@ * @kind problem * @problem.severity warning * @security-severity 7.5 - * @precision high * @id java/weak-cryptographic-algorithm-new-model * @tags security * external/cwe/cwe-327 diff --git a/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql index aa05f7695c6f..4dc3130adf9d 100644 --- a/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql +++ b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql @@ -4,7 +4,6 @@ * @description An AES cipher is in use without GCM * @kind problem * @problem.severity error - * @precision high * @tags quantum * experimental */ From 628bab92fc6025a255849e9331712131611dd76b Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 12:06:34 -0400 Subject: [PATCH 48/66] Crypto: Modify BadMacOrderMacOnEncryptPlaintext to be a path query that traces through any intermediate encrypt or mac to the final encrypt or mac. --- .../BadMacOrderMacOnEncryptPlaintext.ql | 147 +++++++++++++++--- .../BadMacOrderMacOnEncryptPlaintext.expected | 15 +- .../quantum/examples/BadMacUse/BadMacUse.java | 4 +- 3 files changed, 140 insertions(+), 26 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index 8128e29fc656..1f9c9f11e342 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -1,8 +1,8 @@ /** - * @name Bad MAC order: MAC on an encrypt plaintext + * @name Bad MAC order: Mac and Encryption share the same plaintext * @description MAC should be on a cipher, not a raw message * @id java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac - * @kind problem + * @kind path-problem * @problem.severity error * @tags quantum * experimental @@ -10,22 +10,110 @@ import java import experimental.quantum.Language +import codeql.util.Option -// NOTE: I must look for a common data flow node rather than -// starting from a message source, since the message source -// might not be known. -// TODO: can we approximate a message source better? -module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - exists(source.asParameter()) +module ArgToSinkConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { exists(Call c | c.getAnArgument() = source.asExpr()) } + + predicate isSink(DataFlow::Node sink) { targetSinks(sink) } + + // Don't go in to a known out node, this will prevent the plaintext + // from tracing out of cipher operations for example, we just want to trace + // the plaintext to uses. + // NOTE: we are not using a barrier out on input nodes, because + // that would remove 'use-use' flows, which we need + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module ArgToSinkFlow = TaintTracking::Global; + +/** + * Target sinks for this query are either encryption operations or mac operation message inputs + */ +predicate targetSinks(DataFlow::Node n) { + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = n.asExpr() + ) + or + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = n.asExpr()) +} + +/** + * An argument of a target sink or a parent call whose parameter flows to a target sink + */ +class InterimArg extends DataFlow::Node { + DataFlow::Node targetSink; + + InterimArg() { + targetSinks(targetSink) and + ( + this = targetSink + or + ArgToSinkFlow::flow(this, targetSink) and + this.getEnclosingCallable().calls+(targetSink.getEnclosingCallable()) + ) + } + + DataFlow::Node getTargetSink() { result = targetSink } +} + +/** + * A wrapper class to represent a target argument dataflow node. + */ +class TargetArg extends DataFlow::Node { + TargetArg() { targetSinks(this) } + + predicate isCipher() { + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = this.asExpr() + ) + } + + predicate isMac() { + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = this.asExpr()) + } +} + +module PlaintextUseAsMacAndCipherInputConfig implements DataFlow::StateConfigSig { + class FlowState = Option::Option; + + // TODO: can we approximate a message source better? + predicate isSource(DataFlow::Node source, FlowState state) { + // TODO: can we find the 'closest' parameter to the sinks? + // i.e., use a generic source if we have it, but also isolate the + // lowest level in the flow to the closest parameter node in the call graph? exists(Crypto::GenericSourceNode other | other.asElement() = CryptoInput::dfn_to_element(source) + ) and + state.isNone() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof TargetArg and + ( + sink.(TargetArg).isMac() and state.asSome().isCipher() + or + sink.(TargetArg).isCipher() and state.asSome().isMac() ) } - predicate isSink(DataFlow::Node sink) { - sink = any(Crypto::FlowAwareElement other).getInputNode() + predicate isBarrierOut(DataFlow::Node node, FlowState state) { + // Stop at the first sink for now + isSink(node, state) } // Don't go in to a known out node, this will prevent the plaintext @@ -46,19 +134,32 @@ module CommonDataFlowNodeConfig implements DataFlow::ConfigSig { node2.asExpr() = m ) } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + (exists(state1.asSome()) or state1.isNone()) and + targetSinks(node1) and + node1 instanceof TargetArg and + //use-use flow, either flow directly from the node1 use + //or find a parent call in the call in the call stack + //and continue flow from that parameter + node2.(InterimArg).getTargetSink() = node1 and + state2.asSome() = node1 + } } -module CommonDataFlowNodeFlow = TaintTracking::Global; +module PlaintextUseAsMacAndCipherInputFlow = + TaintTracking::GlobalWithState; -from DataFlow::Node src, DataFlow::Node sink1, DataFlow::Node sink2 +import PlaintextUseAsMacAndCipherInputFlow::PathGraph + +from + PlaintextUseAsMacAndCipherInputFlow::PathNode src, + PlaintextUseAsMacAndCipherInputFlow::PathNode sink, InterimArg arg where - not src.asExpr() instanceof NullLiteral and - CommonDataFlowNodeFlow::flow(src, sink1) and - CommonDataFlowNodeFlow::flow(src, sink2) and - exists(Crypto::CipherOperationNode cipherOp | - cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and - cipherOp.getAnInputArtifact().asElement() = sink1.asExpr() - ) and - exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = sink2.asExpr()) -select src, "Message used for encryption operation at $@, also used for MAC at $@.", sink1, - sink1.toString(), sink2, sink2.toString() + PlaintextUseAsMacAndCipherInputFlow::flowPath(src, sink) and + arg = sink.getState().asSome() +select sink, src, sink, + "Source is used as plaintext to MAC and encryption operation. Indicates possible misuse of MAC. Path shows plaintext to final use through intermediate mac or encryption operation here $@", + arg.asExpr(), arg.asExpr().toString() diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected index a46eeaf11f0b..993811a16c90 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected @@ -1 +1,14 @@ -| BadMacUse.java:67:82:67:97 | plaintext | Message used for encryption operation at $@, also used for MAC at $@. | BadMacUse.java:80:44:80:52 | plaintext | plaintext | BadMacUse.java:75:42:75:50 | plaintext | plaintext | +#select +| BadMacUse.java:80:44:80:52 | plaintext | BadMacUse.java:67:82:67:97 | plaintext : byte[] | BadMacUse.java:80:44:80:52 | plaintext | Source is used as plaintext to MAC and encryption operation. Indicates possible misuse of MAC. Path shows plaintext to final use through intermediate mac or encryption operation here $@ | BadMacUse.java:75:42:75:50 | plaintext | plaintext | +edges +| BadMacUse.java:67:82:67:97 | plaintext : byte[] | BadMacUse.java:75:42:75:50 | plaintext : byte[] | provenance | | +| BadMacUse.java:75:42:75:50 | plaintext : byte[] | BadMacUse.java:75:42:75:50 | plaintext : byte[] | provenance | Config | +| BadMacUse.java:75:42:75:50 | plaintext : byte[] | BadMacUse.java:80:44:80:52 | plaintext | provenance | | +nodes +| BadMacUse.java:67:82:67:97 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:75:42:75:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:75:42:75:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:80:44:80:52 | plaintext | semmle.label | plaintext | +subpaths +testFailures +| BadMacUse.java:54:56:54:66 | // $Source | Missing result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java index 86a080b6924d..2a65a8baa753 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -64,7 +64,7 @@ public void BadDecryptThenMacOnPlaintextVerify(byte[] encryptionKeyBytes, byte[] } } - public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $Alert[java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac] + public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $Source // Create keys directly from provided byte arrays SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); @@ -77,7 +77,7 @@ public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byt // Encrypt the plaintext Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); - byte[] ciphertext = cipher.doFinal(plaintext); + byte[] ciphertext = cipher.doFinal(plaintext); // $Alert[java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac] // Concatenate ciphertext and MAC byte[] output = new byte[ciphertext.length + computedMac.length]; From e12734162fef9fff3bca242aa41f95dae569aa67 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 12:32:24 -0400 Subject: [PATCH 49/66] Crypto: WeakKDFKeySize tests. --- .../WeakOrUnknownKDFKeySize/Test.java | 42 +++++++++++++++++++ .../WeakKDFKeySize.expected | 11 +++++ .../WeakKDFKeySize.qlref | 4 ++ 3 files changed, 57 insertions(+) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java new file mode 100644 index 000000000000..9e2487ff32df --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java @@ -0,0 +1,42 @@ +import java.security.SecureRandom; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; + +public class Test { + + public static byte[] generateSalt(int length) { + SecureRandom random = new SecureRandom(); + byte[] salt = new byte[length]; + random.nextBytes(salt); + return salt; + } + + /** + * PBKDF2 derivation with a weak key size. + * + * SAST/CBOM: - Parent: PBKDF2. - Key size is only 64 bits, which is far below acceptable security standards. + * - Flagged as insecure. + */ + public void pbkdf2WeakKeySize(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 100_000; + int keySize = 64; // $Source + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); // $Alert[java/quantum/weak-kdf-key-size] + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } + + /** + * PBKDF2 derivation with a secure key size. + * + * SAST/CBOM: - Parent: PBKDF2. - Key size is 256 bits, which meets modern security standards. + */ + public void pbkdf2SecureKeySize(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 100_000; + int keySize = 256; + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected new file mode 100644 index 000000000000..63df79a9f9b2 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected @@ -0,0 +1,11 @@ +#select +| Test.java:24:88:24:94 | keySize | Test.java:23:23:23:24 | 64 : Number | Test.java:24:88:24:94 | keySize | Key derivation operation configures output key length below 256: $@ | Test.java:23:23:23:24 | 64 | 64 | +edges +| Test.java:23:23:23:24 | 64 : Number | Test.java:24:88:24:94 | keySize | provenance | | +| Test.java:37:23:37:25 | 256 : Number | Test.java:38:88:38:94 | keySize | provenance | | +nodes +| Test.java:23:23:23:24 | 64 : Number | semmle.label | 64 : Number | +| Test.java:24:88:24:94 | keySize | semmle.label | keySize | +| Test.java:37:23:37:25 | 256 : Number | semmle.label | 256 : Number | +| Test.java:38:88:38:94 | keySize | semmle.label | keySize | +subpaths diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref new file mode 100644 index 000000000000..2b2b1228de27 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakKDFKeySize.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file From f480d90a68e8d179bef46871ad70e63ad13fe515 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 13:13:14 -0400 Subject: [PATCH 50/66] Crypto: Add missing block mode JCA Models, add block mode unit tests --- java/ql/lib/experimental/quantum/JCA.qll | 18 +++--- .../examples/WeakOrUnknownBlockMode/Test.java | 57 +++++++++++++++++++ .../WeakBlockMode.expected | 4 ++ .../WeakBlockMode.qlref | 4 ++ .../quantum/experimental/Standardization.qll | 2 + 5 files changed, 75 insertions(+), 10 deletions(-) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index b74b20d98360..d0b32b51f350 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -30,16 +30,6 @@ module JCAModel { ].toUpperCase()) } - // TODO: Verify that the CFB% case works correctly - bindingset[mode] - predicate cipher_modes(string mode) { - mode.toUpperCase() - .matches([ - "NONE", "CBC", "CCM", "CFB", "CFB%", "CTR", "CTS", "ECB", "GCM", "KW", "KWP", "OFB", - "OFB%", "PCBC" - ].toUpperCase()) - } - // TODO: Verify that the OAEPWith% case works correctly bindingset[padding] predicate cipher_padding(string padding) { @@ -184,6 +174,14 @@ module JCAModel { type = KeyOpAlg::SIV() and name = "SIV" or type = KeyOpAlg::OCB() and name = "OCB" + or + type = KeyOpAlg::CFB() and name = "CFB" + or + type = KeyOpAlg::OFB() and name = "OFB" + or + type = KeyOpAlg::PCBC() and name = "PCBC" + or + type = KeyOpAlg::KWP() and name = "KWP" } bindingset[name] diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java new file mode 100644 index 000000000000..0c8b3b6691db --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java @@ -0,0 +1,57 @@ +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; + +public class Test { + public static void main(String[] args) throws Exception { + SecretKey key = KeyGenerator.getInstance("AES").generateKey(); + IvParameterSpec iv = new IvParameterSpec(new byte[16]); + byte[] data = "SensitiveData".getBytes(); + + // Insecure block mode: ECB + Cipher cipherECB = Cipher.getInstance("AES/ECB/PKCS5Padding"); // $Alert + cipherECB.init(Cipher.ENCRYPT_MODE, key); + byte[] ecbEncrypted = cipherECB.doFinal(data); + System.out.println("ECB encrypted: " + bytesToHex(ecbEncrypted)); + + // Insecure block mode: CFB + Cipher cipherCFB = Cipher.getInstance("AES/CFB/PKCS5Padding"); // $Alert + cipherCFB.init(Cipher.ENCRYPT_MODE, key, iv); + byte[] cfbEncrypted = cipherCFB.doFinal(data); + System.out.println("CFB encrypted: " + bytesToHex(cfbEncrypted)); + + // Insecure block mode: OFB + Cipher cipherOFB = Cipher.getInstance("AES/OFB/PKCS5Padding"); // $Alert + cipherOFB.init(Cipher.ENCRYPT_MODE, key, iv); + byte[] ofbEncrypted = cipherOFB.doFinal(data); + System.out.println("OFB encrypted: " + bytesToHex(ofbEncrypted)); + + // Insecure block mode: CTR + Cipher cipherCTR = Cipher.getInstance("AES/CTR/NoPadding"); // $Alert + cipherCTR.init(Cipher.ENCRYPT_MODE, key, iv); + byte[] ctrEncrypted = cipherCTR.doFinal(data); + System.out.println("CTR encrypted: " + bytesToHex(ctrEncrypted)); + + // Secure block mode: CBC with random IV + IvParameterSpec randomIv = new IvParameterSpec(KeyGenerator.getInstance("AES").generateKey().getEncoded()); + Cipher cipherCBCRandomIV = Cipher.getInstance("AES/CBC/PKCS5Padding"); + cipherCBCRandomIV.init(Cipher.ENCRYPT_MODE, key, randomIv); + byte[] cbcRandomIVEncrypted = cipherCBCRandomIV.doFinal(data); + System.out.println("CBC (random IV) encrypted: " + bytesToHex(cbcRandomIVEncrypted)); + + // Secure block mode: GCM (authenticated encryption) + IvParameterSpec gcmIv = new IvParameterSpec(new byte[12]); + Cipher cipherGCM = Cipher.getInstance("AES/GCM/NoPadding"); + cipherGCM.init(Cipher.ENCRYPT_MODE, key, gcmIv); + byte[] gcmEncrypted = cipherGCM.doFinal(data); + System.out.println("GCM encrypted: " + bytesToHex(gcmEncrypted)); + } + + private static String bytesToHex(byte[] bytes) { + StringBuilder sb = new StringBuilder(); + for (byte b : bytes) + sb.append(String.format("%02x", b)); + return sb.toString(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected new file mode 100644 index 000000000000..859a138d3ebd --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected @@ -0,0 +1,4 @@ +| Test.java:13:47:13:68 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:13:47:13:68 | ModeOfOperation | ModeOfOperation | +| Test.java:19:47:19:68 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:19:47:19:68 | ModeOfOperation | ModeOfOperation | +| Test.java:25:47:25:68 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:25:47:25:68 | ModeOfOperation | ModeOfOperation | +| Test.java:31:47:31:65 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:31:47:31:65 | ModeOfOperation | ModeOfOperation | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref new file mode 100644 index 000000000000..ec8500ddda7c --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakBlockModes.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index aac9e30c3b62..be281e2fbfd5 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -214,7 +214,9 @@ module Types { CCM() or // Used in lightweight cryptography (IoT, WPA2) SIV() or // Misuse-resistant encryption, used in secure storage OCB() or // Efficient AEAD mode + KWP() or OFB() or + PCBC() or OtherMode() class ModeOfOperationType extends TModeOfOperationType { From b4ecb91c8384f584f022672c2013dd6fd1f32d90 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 13:38:47 -0400 Subject: [PATCH 51/66] Crypto: Add missing cipher algorithms to JCA. Update node tests to account for missing cipher algorithms. --- java/ql/lib/experimental/quantum/JCA.qll | 15 +++++++++++++-- .../quantum/node_properties.expected | 4 +++- .../quantum/experimental/Standardization.qll | 3 +++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index d0b32b51f350..fac7165134d6 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -26,7 +26,8 @@ module JCAModel { algo.toUpperCase() .matches([ "AES", "AESWrap", "AESWrapPad", "ARCFOUR", "Blowfish", "ChaCha20", "ChaCha20-Poly1305", - "DES", "DESede", "DESedeWrap", "ECIES", "PBEWith%", "RC2", "RC4", "RC5", "RSA" + "DES", "DESede", "DESedeWrap", "ECIES", "PBEWith%", "RC2", "RC4", "RC5", "RSA", + "Skipjack", "Idea" ].toUpperCase()) } @@ -190,7 +191,8 @@ module JCAModel { upper.matches("AES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) or - upper = "DES" and + // NOTE: there is DES and DESede + upper.matches("DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or upper = "TRIPLEDES" and @@ -205,6 +207,9 @@ module JCAModel { upper = "CHACHA20" and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CHACHA20()) or + upper = "RC2" and + type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) + or upper = "RC4" and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or @@ -213,6 +218,12 @@ module JCAModel { or upper = "RSA" and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + or + upper = "SKIPJACK" and + type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SKIPJACK()) + or + upper = "BLOWFISH" and + type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) ) } diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index 9879b4cc5152..77ef8a820b0d 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -1546,8 +1546,10 @@ | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:151:29:151:53 | jca/SymmetricAlgorithm.java:151:29:151:53 | | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | Description | key | jca/SymmetricAlgorithm.java:167:42:167:54 | jca/SymmetricAlgorithm.java:167:42:167:54 | | jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:167:57:167:72 | jca/SymmetricAlgorithm.java:167:57:167:72 | -| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Name | Unknown | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | KeySize | 56 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Name | DES | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | RawName | DESede/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index be281e2fbfd5..cc43fcec6e2f 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -39,6 +39,7 @@ module Types { RC5() or SEED() or SM4() or + SKIPJACK() or OtherSymmetricCipherType() newtype TAsymmetricCipherType = @@ -118,6 +119,8 @@ module Types { or type = SM4() and name = "SM4" and s = Block() or + type = SKIPJACK() and name = "Skipjack" and s = Block() + or type = OtherSymmetricCipherType() and name = "UnknownSymmetricCipher" and s = OtherCipherStructureType() From 1b205d867380612d4f1c22f4938ad0b5e5521103 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 13:39:05 -0400 Subject: [PATCH 52/66] Removing WeakRSA, this is redundant with weak asymmetric key size. --- .../experimental/quantum/Examples/WeakRSA.ql | 24 ------------------- 1 file changed, 24 deletions(-) delete mode 100644 java/ql/src/experimental/quantum/Examples/WeakRSA.ql diff --git a/java/ql/src/experimental/quantum/Examples/WeakRSA.ql b/java/ql/src/experimental/quantum/Examples/WeakRSA.ql deleted file mode 100644 index ee78b4b8ed3c..000000000000 --- a/java/ql/src/experimental/quantum/Examples/WeakRSA.ql +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @name Cipher is Weak RSA Implementation - * @id java/quantum/weak-rsa - * @description RSA with a key length <2048 found - * @kind problem - * @problem.severity error - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -class WeakRsaAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { - WeakRsaAlgorithmNode() { - this.getAlgorithmType() = Crypto::KeyOpAlg::TAsymmetricCipher(Crypto::KeyOpAlg::RSA()) and - this.getKeySizeFixed() < 2048 - } -} - -from Crypto::KeyOperationNode op, string message -where - op.getAKnownAlgorithm() instanceof WeakRsaAlgorithmNode and - message = "Weak RSA instance found with key length <2048" -select op, message From b06e05362bf95e97ebf81233a2c06ffec28a63bb Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 13:39:50 -0400 Subject: [PATCH 53/66] Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production. --- .../quantum/Examples/WeakBlockModes.ql | 2 +- .../src/experimental/quantum/Examples/WeakHash.ql | 2 +- .../quantum/Examples/WeakKDFIterationCount.ql | 2 +- .../quantum/Examples/WeakKDFKeySize.ql | 2 +- .../quantum/Examples/WeakSymmetricCipher.ql | 5 ++++- .../InventorySlices/UnknownOperationAlgorithm.ql | 2 +- .../quantum/examples/BadMacUse/BadMacUse.java | 4 ++-- .../InsecureIVorNonceSource.java | 14 +++++++------- .../InsufficientAsymmetricKeySize.java | 6 +++--- .../examples/WeakOrUnknownHash/WeakHashing.java | 14 +++++++------- .../WeakOrUnknownKDFIterationCount/Test.java | 4 ++-- .../UnknownKDFIterationCount.expected | 2 +- .../examples/WeakOrUnknownKDFKeySize/Test.java | 2 +- 13 files changed, 32 insertions(+), 29 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql index 53e4d38216a9..c5fb224ea1f5 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql @@ -1,6 +1,6 @@ /** * @name Weak AES Block mode - * @id java/quantum/weak-block-modes + * @id java/quantum/examples/weak-block-modes * @description An AES cipher is in use with an insecure block mode * @kind problem * @problem.severity error diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql index 573265705ba3..e7b9c95a9c08 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakHash.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql @@ -1,7 +1,7 @@ /** * @name Weak hashes * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak. - * @id java/quantum/weak-hash + * @id java/quantum/examples/weak-hash * @kind problem * @problem.severity error * @tags external/cwe/cwe-327 diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql index 71dfb87b70cb..98f97335eaeb 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql @@ -1,7 +1,7 @@ /** * @name Weak known key derivation function iteration count * @description Detects key derivation operations with a known weak iteration count. - * @id java/quantum/weak-kdf-iteration-count + * @id java/quantum/examples/weak-kdf-iteration-count * @kind path-problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql index 772f2e7a5a3c..3d0be43392f2 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql @@ -1,7 +1,7 @@ /** * @name Weak known key derivation function output length * @description Detects key derivation operations with a known weak output length - * @id java/quantum/weak-kdf-key-size + * @id java/quantum/examples/weak-kdf-key-size * @kind path-problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql index 2f67a4c97674..6b5ca79de0f6 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql @@ -1,7 +1,7 @@ /** * @name Weak symmetric ciphers * @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak. - * @id java/quantum/weak-ciphers + * @id java/quantum/examples/weak-ciphers * @kind problem * @problem.severity error * @tags external/cwe/cwe-327 @@ -16,6 +16,9 @@ import Crypto::KeyOpAlg as KeyOpAlg from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType where algType = alg.getAlgorithmType() and + // NOTE: an org may disallow all but AES we could similarly look for + // algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) + // This is a more comprehensive check than looking for all weak ciphers ( algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or diff --git a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql index 8469924a8501..08f6cae731fe 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql @@ -1,7 +1,7 @@ /** * @name Operations with unknown algorithm * @description Outputs operations where the algorithm applied is unknown - * @id java/quantum/slices/operation-with-unknown-algorithm + * @id java/quantum/examples/slices/operation-with-unknown-algorithm * @kind problem * @severity info * @tags quantum diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java index 2a65a8baa753..03fd21386cf9 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -57,7 +57,7 @@ public void BadDecryptThenMacOnPlaintextVerify(byte[] encryptionKeyBytes, byte[] SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); Mac mac = Mac.getInstance("HmacSHA256"); mac.init(macKey); - byte[] computedMac = mac.doFinal(plaintext); // $Alert[java/quantum/bad-mac-order-decrypt-to-mac] + byte[] computedMac = mac.doFinal(plaintext); // $Alert[java/quantum/examples/bad-mac-order-decrypt-to-mac] if (!MessageDigest.isEqual(receivedMac, computedMac)) { throw new SecurityException("MAC verification failed"); @@ -77,7 +77,7 @@ public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byt // Encrypt the plaintext Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); - byte[] ciphertext = cipher.doFinal(plaintext); // $Alert[java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac] + byte[] ciphertext = cipher.doFinal(plaintext); // $Alert[java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac] // Concatenate ciphertext and MAC byte[] output = new byte[ciphertext.length + computedMac.length]; diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java index f1b8878d63ad..549c56dbd981 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java @@ -17,7 +17,7 @@ public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] pla SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] cipher.update(plaintext); return cipher.doFinal(); } @@ -30,7 +30,7 @@ public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) thr SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/unknown-iv-or-nonce-source] cipher.update(plaintext); return cipher.doFinal(); } @@ -46,7 +46,7 @@ public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] cipher.update(plaintext); return cipher.doFinal(); } @@ -62,7 +62,7 @@ public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws E SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] cipher.update(plaintext); return cipher.doFinal(); } @@ -78,7 +78,7 @@ public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws E SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] cipher.update(plaintext); return cipher.doFinal(); } @@ -94,7 +94,7 @@ public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/unknown-iv-or-nonce-source] cipher.update(plaintext); return cipher.doFinal(); } @@ -203,7 +203,7 @@ public byte[] encryptWithGeneratedIvByteArrayInsecure(byte[] key, byte[] plainte SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]] + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce]] cipher.update(plaintext); return cipher.doFinal(); } diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java index 35b9dd407485..c330bf82a054 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java @@ -2,15 +2,15 @@ public class InsufficientAsymmetricKeySize{ public static void test() throws Exception{ KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA"); - keyPairGen1.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen1.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size] keyPairGen1.generateKeyPair(); KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA"); - keyPairGen2.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen2.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size] keyPairGen2.generateKeyPair(); KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH"); - keyPairGen3.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen3.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size] keyPairGen3.generateKeyPair(); KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("RSA"); diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java index 6435004931ac..cc3b9a859d1d 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java @@ -12,19 +12,19 @@ void hashing() throws NoSuchAlgorithmException, IOException { props.load(new FileInputStream("example.properties")); // BAD: Using a weak hashing algorithm even with a secure default - MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/weak-hash] + MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/examples/weak-hash] // BAD: Using a weak hashing algorithm even with a secure default - MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash] + MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/examples/weak-hash] // BAD: Using a strong hashing algorithm but with a weak default - MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/weak-hash] + MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/examples/weak-hash] // BAD: Using a weak hash - MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/weak-hash] + MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/examples/weak-hash] // BAD: Property does not exist and default (used value) is unknown - MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/unknown-hash] + MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/examples/unknown-hash] java.util.Properties props2 = new java.util.Properties(); @@ -32,13 +32,13 @@ void hashing() throws NoSuchAlgorithmException, IOException { // BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown // FALSE NEGATIVE for unknown hash - MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/unknown-hash] + MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash] // GOOD: Using a strong hashing algorithm MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); // BAD?: Property does not exist (considered unknown) and but default is secure - MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/unknown-hash] + MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash] // GOOD: Using a strong hashing algorithm MessageDigest ok3 = MessageDigest.getInstance("SHA3-512"); diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java index c5d55a941d2f..13f6d03ec720 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java @@ -29,7 +29,7 @@ public static byte[] generateSalt(int length) { public void pbkdf2LowIteration(String password) throws Exception { byte[] salt = generateSalt(16); int iterationCount = 10; // $Source - PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/weak-kdf-iteration-count] + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/examples/weak-kdf-iteration-count] SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] key = factory.generateSecret(spec).getEncoded(); } @@ -42,7 +42,7 @@ public void pbkdf2LowIteration(String password) throws Exception { */ public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $Source byte[] salt = generateSalt(16); - PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/unknown-kdf-iteration-count] + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/examples/unknown-kdf-iteration-count] SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] key = factory.generateSecret(spec).getEncoded(); } diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected index 5792287fae68..c9e5a5b8a81b 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected @@ -1,5 +1,5 @@ #select | Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount | testFailures -| Test.java:45:94:45:145 | // $Alert[java/quantum/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/unknown-kdf-iteration-count] | +| Test.java:45:94:45:145 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] | | Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java index 9e2487ff32df..21619c8c5743 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java @@ -21,7 +21,7 @@ public void pbkdf2WeakKeySize(String password) throws Exception { byte[] salt = generateSalt(16); int iterationCount = 100_000; int keySize = 64; // $Source - PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); // $Alert[java/quantum/weak-kdf-key-size] + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); // $Alert[java/quantum/examples/weak-kdf-key-size] SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] key = factory.generateSecret(spec).getEncoded(); } From 540daa6df20d1d0e98360e15924c3f7dfa0ed0c2 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 13:40:15 -0400 Subject: [PATCH 54/66] Crypto: weak symmetric cipher tests. --- .../WeakOrUnknownSymmetricCipher/Test.java | 77 +++++++++++++++++++ .../WeakSymmetricCipher.expected | 15 ++++ .../WeakSymmetricCipher.qlref | 4 + 3 files changed, 96 insertions(+) create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java new file mode 100644 index 000000000000..f20582085dd9 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java @@ -0,0 +1,77 @@ +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import java.security.Key; +import java.security.NoSuchAlgorithmException; + +public class Test { + public static void main(String[] args) throws Exception { + byte[] data = "Sensitive Data".getBytes(); + + // BAD: DES (unsafe) + KeyGenerator desKeyGen = KeyGenerator.getInstance("DES"); // $Alert + SecretKey desKey = desKeyGen.generateKey(); + Cipher desCipher = Cipher.getInstance("DES"); // $Alert + desCipher.init(Cipher.ENCRYPT_MODE, desKey); + byte[] desEncrypted = desCipher.doFinal(data); + + // BAD: DESede (Triple DES, considered weak) + KeyGenerator desedeKeyGen = KeyGenerator.getInstance("DESede"); // $Alert + SecretKey desedeKey = desedeKeyGen.generateKey(); + Cipher desedeCipher = Cipher.getInstance("DESede"); // $Alert + desedeCipher.init(Cipher.ENCRYPT_MODE, desedeKey); + byte[] desedeEncrypted = desedeCipher.doFinal(data); + + // BAD: Blowfish (considered weak) + KeyGenerator blowfishKeyGen = KeyGenerator.getInstance("Blowfish"); // $Alert + SecretKey blowfishKey = blowfishKeyGen.generateKey(); + Cipher blowfishCipher = Cipher.getInstance("Blowfish"); // $Alert + blowfishCipher.init(Cipher.ENCRYPT_MODE, blowfishKey); + byte[] blowfishEncrypted = blowfishCipher.doFinal(data); + + // BAD: RC2 (unsafe) + KeyGenerator rc2KeyGen = KeyGenerator.getInstance("RC2"); + SecretKey rc2Key = rc2KeyGen.generateKey(); + Cipher rc2Cipher = Cipher.getInstance("RC2"); // $Alert + rc2Cipher.init(Cipher.ENCRYPT_MODE, rc2Key); + byte[] rc2Encrypted = rc2Cipher.doFinal(data); + + // BAD: RC4 (stream cipher, unsafe) + KeyGenerator rc4KeyGen = KeyGenerator.getInstance("RC4"); // $Alert + SecretKey rc4Key = rc4KeyGen.generateKey(); + Cipher rc4Cipher = Cipher.getInstance("RC4"); // $Alert + rc4Cipher.init(Cipher.ENCRYPT_MODE, rc4Key); + byte[] rc4Encrypted = rc4Cipher.doFinal(data); + + // BAD: IDEA (considered weak) + KeyGenerator ideaKeyGen = KeyGenerator.getInstance("IDEA"); // $Alert + SecretKey ideaKey = ideaKeyGen.generateKey(); + Cipher ideaCipher = Cipher.getInstance("IDEA"); // $Alert + ideaCipher.init(Cipher.ENCRYPT_MODE, ideaKey); + byte[] ideaEncrypted = ideaCipher.doFinal(data); + + // BAD: Skipjack (unsafe) + KeyGenerator skipjackKeyGen = KeyGenerator.getInstance("Skipjack"); // $Alert + SecretKey skipjackKey = skipjackKeyGen.generateKey(); + Cipher skipjackCipher = Cipher.getInstance("Skipjack"); // $Alert + skipjackCipher.init(Cipher.ENCRYPT_MODE, skipjackKey); + byte[] skipjackEncrypted = skipjackCipher.doFinal(data); + + // GOOD: AES (safe) + KeyGenerator aesKeyGen = KeyGenerator.getInstance("AES"); + SecretKey aesKey = aesKeyGen.generateKey(); + Cipher aesCipher = Cipher.getInstance("AES"); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey); + byte[] aesEncrypted = aesCipher.doFinal(data); + + // GOOD: AES with CBC mode and PKCS5Padding + Cipher aesCbcCipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + aesCbcCipher.init(Cipher.ENCRYPT_MODE, aesKey); + byte[] aesCbcEncrypted = aesCbcCipher.doFinal(data); + + // GOOD: AES with GCM mode (authenticated encryption) + Cipher aesGcmCipher = Cipher.getInstance("AES/GCM/NoPadding"); + aesGcmCipher.init(Cipher.ENCRYPT_MODE, aesKey); + byte[] aesGcmEncrypted = aesGcmCipher.doFinal(data); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected new file mode 100644 index 000000000000..899de12643fc --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected @@ -0,0 +1,15 @@ +#select +| Test.java:12:59:12:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:14:47:14:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:40:59:40:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC4. | +| Test.java:42:47:42:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC4. | +testFailures +| Test.java:19:73:19:82 | // $Alert | Missing result: Alert | +| Test.java:21:61:21:70 | // $Alert | Missing result: Alert | +| Test.java:26:77:26:86 | // $Alert | Missing result: Alert | +| Test.java:28:65:28:74 | // $Alert | Missing result: Alert | +| Test.java:35:55:35:64 | // $Alert | Missing result: Alert | +| Test.java:47:69:47:78 | // $Alert | Missing result: Alert | +| Test.java:49:57:49:66 | // $Alert | Missing result: Alert | +| Test.java:54:77:54:86 | // $Alert | Missing result: Alert | +| Test.java:56:65:56:74 | // $Alert | Missing result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref new file mode 100644 index 000000000000..d27fed11bfcd --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakSymmetricCipher.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file From c01c0604760443c0c25359fd96f432c6688024c6 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 17 Oct 2025 14:13:53 -0400 Subject: [PATCH 55/66] Crypto: more ID renaming to include "examples", fix singleton issues with ql-for-ql, use formatted test for WeakAsymmetricKeyGenSize (add post processing in the qlref), misc expected files updated (test passed locally but on rerun vscode reports failures, known bug with vscode unit tests). --- java/ql/lib/experimental/quantum/JCA.qll | 4 ++-- .../Examples/BadMacOrderDecryptToMac.ql | 2 +- .../BadMacOrderMacOnEncryptPlaintext.ql | 2 +- .../Examples/InsecureIVorNonceSource.ql | 2 +- .../quantum/Examples/NonAESGCMCipher.ql | 2 +- .../quantum/Examples/ReusedNonce.ql | 2 +- .../quantum/Examples/UnknownHash.ql | 2 +- .../Examples/UnknownIVorNonceSource.ql | 2 +- .../Examples/UnknownKDFIterationCount.ql | 2 +- .../Examples/WeakAsymmetricKeyGenSize.ql | 2 +- .../quantum/Examples/WeakSymmetricCipher.ql | 3 ++- .../BadMacOrderDecryptToMac.expected | 2 ++ .../WeakAsymmetricKeyGenSize.qlref | 5 ++++- .../UnknownKDFIterationCount.expected | 2 +- .../WeakOrUnknownSymmetricCipher/Test.java | 2 +- .../WeakSymmetricCipher.expected | 21 +++++++++---------- 16 files changed, 31 insertions(+), 26 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index fac7165134d6..29820aa95cd0 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -230,7 +230,7 @@ module JCAModel { bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and - name.toUpperCase() in ["DH"] + name.toUpperCase() = "DH" or type = Crypto::EDH() and name.toUpperCase() = "EDH" @@ -1659,7 +1659,7 @@ module JCAModel { Expr getOutput() { result = output } Expr getInput() { - super.getMethod().hasStringSignature(["doFinal(byte[])"]) and result = this.getArgument(0) + super.getMethod().hasStringSignature("doFinal(byte[])") and result = this.getArgument(0) or super.getMethod().hasStringSignature("update(byte[])") and result = this.getArgument(0) } diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql index 2eea84cbec54..fea29f9fc145 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -1,7 +1,7 @@ /** * @name Bad MAC order: decrypt to mac * @description MAC should be on a cipher, not a raw message - * @id java/quantum/bad-mac-order-decrypt-to-mac + * @id java/quantum/examples/bad-mac-order-decrypt-to-mac * @kind path-problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index 1f9c9f11e342..8d8fb5ee4804 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -1,7 +1,7 @@ /** * @name Bad MAC order: Mac and Encryption share the same plaintext * @description MAC should be on a cipher, not a raw message - * @id java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac + * @id java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac * @kind path-problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql index 3bf6a05a113b..1c35d50a2d92 100644 --- a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql @@ -1,6 +1,6 @@ /** * @name Insecure nonce/iv (static value or weak random source) - * @id java/quantum/insecure-iv-or-nonce + * @id java/quantum/examples/insecure-iv-or-nonce * @description A nonce/iv is generated from a source that is not secure. This can lead to * vulnerabilities such as replay attacks or key recovery. Insecure generation * is any static nonce, or any known insecure source for a nonce/iv if diff --git a/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql index 4dc3130adf9d..affe7917cf29 100644 --- a/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql +++ b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql @@ -1,6 +1,6 @@ /** * @name Cipher not AES-GCM mode - * @id java/quantum/non-aes-gcm + * @id java/quantum/examples/non-aes-gcm * @description An AES cipher is in use without GCM * @kind problem * @problem.severity error diff --git a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql index 9b419ac2d414..54eddd8fc06c 100644 --- a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql +++ b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql @@ -1,7 +1,7 @@ /** * @name Reuse of cryptographic nonce * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. - * @id java/quantum/reused-nonce + * @id java/quantum/examples/reused-nonce * @kind path-problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql index 5fd8e6fd5063..32d8fa3b753f 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql @@ -1,7 +1,7 @@ /** * @name Unknown hashes * @description Finds uses of cryptographic hashing algorithms of unknown type. - * @id java/quantum/unknown-hash + * @id java/quantum/examples/unknown-hash * @kind problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql index 33601ef49c3e..3537fca594ae 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql @@ -1,6 +1,6 @@ /** * @name Unknown nonce/iv source - * @id java/quantum/unknown-iv-or-nonce-source + * @id java/quantum/examples/unknown-iv-or-nonce-source * @description A nonce/iv is generated from a source that is not secure. Failure to initialize * an IV or nonce properly can lead to vulnerabilities such as replay attacks or key recovery. * IV may be unknown at a decryption operation (IV would be provided alongside the ciphertext). diff --git a/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql index 80c0b2195eb3..3f8f1306a1d3 100644 --- a/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql @@ -1,7 +1,7 @@ /** * @name Unknown key derivation function iteration count * @description Detects key derivation operations with an unknown iteration count. - * @id java/quantum/unknown-kdf-iteration-count + * @id java/quantum/examples/unknown-kdf-iteration-count * @kind problem * @problem.severity error * @tags quantum diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql index f0b2cb705532..ee81e7bd6d0a 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -1,6 +1,6 @@ /** * @name Weak Asymmetric Key Size - * @id java/quantum/weak-asymmetric-key-gen-size + * @id java/quantum/examples/weak-asymmetric-key-gen-size * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation. * @kind path-problem * @problem.severity error diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql index 6b5ca79de0f6..59cd22ac5923 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql @@ -26,6 +26,7 @@ where algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SKIPJACK()) ) select alg, "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected index 78617fd73771..ac7b1b9c3c0a 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected @@ -9,3 +9,5 @@ nodes | BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | | BadMacUse.java:60:42:60:50 | plaintext | semmle.label | plaintext | subpaths +testFailures +| BadMacUse.java:67:118:67:128 | // $Source | Missing result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref index 1229e635fd88..085cf3e0b2a2 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref @@ -1 +1,4 @@ -experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql \ No newline at end of file +query: experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected index c9e5a5b8a81b..33d8a1555517 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected @@ -1,5 +1,5 @@ #select | Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount | testFailures -| Test.java:45:94:45:145 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] | +| Test.java:45:94:45:154 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] | | Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java index f20582085dd9..5f48f75eeb00 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java @@ -30,7 +30,7 @@ public static void main(String[] args) throws Exception { byte[] blowfishEncrypted = blowfishCipher.doFinal(data); // BAD: RC2 (unsafe) - KeyGenerator rc2KeyGen = KeyGenerator.getInstance("RC2"); + KeyGenerator rc2KeyGen = KeyGenerator.getInstance("RC2"); // $Alert SecretKey rc2Key = rc2KeyGen.generateKey(); Cipher rc2Cipher = Cipher.getInstance("RC2"); // $Alert rc2Cipher.init(Cipher.ENCRYPT_MODE, rc2Key); diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected index 899de12643fc..13a316ee9b50 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected @@ -1,15 +1,14 @@ -#select | Test.java:12:59:12:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | | Test.java:14:47:14:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:19:62:19:69 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:21:50:21:57 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:26:64:26:73 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Blowfish. | +| Test.java:28:52:28:61 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Blowfish. | +| Test.java:33:59:33:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC2. | +| Test.java:35:47:35:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC2. | | Test.java:40:59:40:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC4. | | Test.java:42:47:42:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC4. | -testFailures -| Test.java:19:73:19:82 | // $Alert | Missing result: Alert | -| Test.java:21:61:21:70 | // $Alert | Missing result: Alert | -| Test.java:26:77:26:86 | // $Alert | Missing result: Alert | -| Test.java:28:65:28:74 | // $Alert | Missing result: Alert | -| Test.java:35:55:35:64 | // $Alert | Missing result: Alert | -| Test.java:47:69:47:78 | // $Alert | Missing result: Alert | -| Test.java:49:57:49:66 | // $Alert | Missing result: Alert | -| Test.java:54:77:54:86 | // $Alert | Missing result: Alert | -| Test.java:56:65:56:74 | // $Alert | Missing result: Alert | +| Test.java:47:60:47:65 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: IDEA. | +| Test.java:49:48:49:53 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: IDEA. | +| Test.java:54:64:54:73 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Skipjack. | +| Test.java:56:52:56:61 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Skipjack. | From 354effe82944d5d8362d7d7691430f69c3e46c75 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 20 Oct 2025 15:24:18 -0400 Subject: [PATCH 56/66] Crypto: Missing hash algorithms for HMAC operations in jca. --- java/ql/lib/experimental/quantum/JCA.qll | 75 ++++++- .../library-tests/quantum/node_edges.expected | 183 ++++++++++-------- .../quantum/node_properties.expected | 154 ++++++++++----- .../library-tests/quantum/nodes.expected | 66 ++++--- 4 files changed, 322 insertions(+), 156 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 29820aa95cd0..c0ddd1ae7fa4 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -20,6 +20,8 @@ module JCAModel { abstract class SignatureAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + abstract class MacAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + // TODO: Verify that the PBEWith% case works correctly bindingset[algo] predicate cipher_names(string algo) { @@ -85,7 +87,7 @@ module JCAModel { name.toUpperCase() .matches([ "HMAC%", "AESCMAC", "DESCMAC", "GMAC", "Poly1305", "SipHash", "BLAKE2BMAC", - "HMACRIPEMD160" + "HMACRIPEMD160", "%CMAC" ].toUpperCase()) } @@ -128,6 +130,10 @@ module JCAModel { result instanceof Crypto::SHA2 and digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() or + name in ["SHA-512/224", "SHA-512/256", "SHA512/224", "SHA512/256"] and + result instanceof Crypto::SHA2 and + digestLength = name.replaceAll("-", "").splitAt("SHA-512/", 1).toInt() + or name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and result instanceof Crypto::SHA3 and digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() @@ -1580,7 +1586,7 @@ module JCAModel { if super.getValue().toUpperCase().matches("HMAC%") then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) else - if super.getValue().toUpperCase().matches("CMAC%") + if super.getValue().toUpperCase().matches("%CMAC%") then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) } @@ -1600,6 +1606,54 @@ module JCAModel { override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } + class KnownHmacAlgorithmInstance extends Crypto::HmacAlgorithmInstance instanceof KnownMacAlgorithm + { + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + result = this.(KnownMacAlgorithm).getConsumer() + } + + override int getKeySizeFixed() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeFixed() + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeConsumer() + } + + override string getRawAlgorithmName() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getRawAlgorithmName() + } + + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } + } + + class KnownMacHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof KnownMacAlgorithm, + JavaConstant + { + Crypto::THashType hashType; + int digestLength; + + KnownMacHashAlgorithm() { + super.getValue().toUpperCase().matches("HMAC%") and + hashType = + hash_name_to_type_known(super.getValue().toUpperCase().splitAt("HMAC", 1), digestLength) + } + + override string getRawHashAlgorithmName() { result = super.getValue() } + + override Crypto::THashType getHashType() { result = hashType } + + override int getFixedDigestLength() { result = digestLength } + } + class MacGetInstanceCall extends MethodCall { MacGetInstanceCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "getInstance") } @@ -1629,7 +1683,9 @@ module JCAModel { } } - class MacGetInstanceAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { + class MacGetInstanceAlgorithmValueConsumer extends MacAlgorithmValueConsumer, + HashAlgorithmValueConsumer + { MacGetInstanceAlgorithmValueConsumer() { this = any(MacGetInstanceCall c).getAlgorithmArg() } override Crypto::ConsumerInputDataFlowNode getInputNode() { result.asExpr() = this } @@ -1696,9 +1752,18 @@ module JCAModel { MacFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getOutput() } - override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { none() } + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + result = this.getInstantiationCall().getAlgorithmArg() + } - override predicate hasHashAlgorithmConsumer() { none() } + override predicate hasHashAlgorithmConsumer() { + // TODO: do we consider that these operations have no hash and that it is only associated to the mac algorithm node? + // in JCA that seems to be correct, but would removing the hash consumer here break things generally? + this.getHashAlgorithmValueConsumer() + .getAKnownAlgorithmSource() + .(Crypto::KeyOperationAlgorithmInstance) + .getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } override Crypto::KeyOperationSubtype getKeyOperationSubtype() { result instanceof Crypto::TMacMode diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 7407dcaff08b..905304ac7715 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -153,11 +153,10 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | H | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | @@ -167,11 +166,10 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | H | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | @@ -307,11 +305,10 @@ | jca/Digest.java:109:23:109:57 | HashOperation | Digest | jca/Digest.java:109:23:109:57 | Digest | | jca/Digest.java:109:23:109:57 | HashOperation | Message | jca/Digest.java:109:41:109:56 | Message | | jca/Digest.java:109:41:109:56 | Message | Source | jca/Digest.java:107:40:107:51 | Parameter | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Mode | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Padding | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | H | jca/Digest.java:118:36:118:47 | HashAlgorithm | | jca/Digest.java:120:19:120:27 | Key | Source | jca/Digest.java:117:49:117:58 | Parameter | -| jca/Digest.java:121:23:121:52 | MACOperation | Algorithm | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | -| jca/Digest.java:121:23:121:52 | MACOperation | HashAlgorithm | jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:23:121:52 | MACOperation | Algorithm | jca/Digest.java:118:36:118:47 | HMACAlgorithm | +| jca/Digest.java:121:23:121:52 | MACOperation | HashAlgorithm | jca/Digest.java:118:36:118:47 | HashAlgorithm | | jca/Digest.java:121:23:121:52 | MACOperation | Input | jca/Digest.java:121:36:121:51 | Message | | jca/Digest.java:121:23:121:52 | MACOperation | Key | jca/Digest.java:120:19:120:27 | Key | | jca/Digest.java:121:23:121:52 | MACOperation | Message | jca/Digest.java:121:36:121:51 | Message | @@ -350,11 +347,10 @@ | jca/Digest.java:188:29:188:78 | EncryptOperation | Nonce | jca/Digest.java:188:29:188:78 | EncryptOperation | | jca/Digest.java:188:29:188:78 | EncryptOperation | Output | jca/Digest.java:188:29:188:78 | KeyOperationOutput | | jca/Digest.java:188:44:188:77 | Message | Source | jca/Digest.java:188:44:188:66 | Constant | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Mode | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Padding | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | H | jca/Digest.java:191:35:191:46 | HashAlgorithm | | jca/Digest.java:192:18:192:23 | Key | Source | jca/Digest.java:192:18:192:23 | Key | -| jca/Digest.java:193:30:193:52 | MACOperation | Algorithm | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | -| jca/Digest.java:193:30:193:52 | MACOperation | HashAlgorithm | jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:30:193:52 | MACOperation | Algorithm | jca/Digest.java:191:35:191:46 | HMACAlgorithm | +| jca/Digest.java:193:30:193:52 | MACOperation | HashAlgorithm | jca/Digest.java:191:35:191:46 | HashAlgorithm | | jca/Digest.java:193:30:193:52 | MACOperation | Input | jca/Digest.java:193:42:193:51 | Message | | jca/Digest.java:193:30:193:52 | MACOperation | Key | jca/Digest.java:192:18:192:23 | Key | | jca/Digest.java:193:30:193:52 | MACOperation | Message | jca/Digest.java:193:42:193:51 | Message | @@ -606,11 +602,10 @@ | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Nonce | jca/Encryption2.java:149:53:149:59 | Nonce | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Output | jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | | jca/Encryption2.java:150:50:150:97 | Message | Source | jca/Encryption2.java:150:50:150:86 | Constant | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | H | jca/Encryption2.java:173:36:173:47 | HashAlgorithm | | jca/Encryption2.java:175:19:175:27 | Key | Source | jca/Encryption2.java:132:68:132:88 | Parameter | -| jca/Encryption2.java:176:31:176:52 | MACOperation | Algorithm | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:176:31:176:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Algorithm | jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | +| jca/Encryption2.java:176:31:176:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:173:36:173:47 | HashAlgorithm | | jca/Encryption2.java:176:31:176:52 | MACOperation | Input | jca/Encryption2.java:176:44:176:51 | Message | | jca/Encryption2.java:176:31:176:52 | MACOperation | Key | jca/Encryption2.java:175:19:175:27 | Key | | jca/Encryption2.java:176:31:176:52 | MACOperation | Message | jca/Encryption2.java:176:44:176:51 | Message | @@ -665,27 +660,56 @@ | jca/Hash.java:195:27:195:57 | HashOperation | Digest | jca/Hash.java:195:27:195:57 | Digest | | jca/Hash.java:195:27:195:57 | HashOperation | Message | jca/Hash.java:195:41:195:56 | Message | | jca/Hash.java:195:41:195:56 | Message | Source | jca/Hash.java:190:43:190:54 | Parameter | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | | jca/Hash.java:216:22:216:30 | Key | Source | jca/Hash.java:211:57:211:66 | Parameter | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:31:212:116 | Constant | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:72:212:83 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:86:212:99 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:102:212:115 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:102:212:115 | HashAlgorithm | | jca/Hash.java:217:27:217:55 | MACOperation | Input | jca/Hash.java:217:39:217:54 | Message | | jca/Hash.java:217:27:217:55 | MACOperation | Key | jca/Hash.java:216:22:216:30 | Key | | jca/Hash.java:217:27:217:55 | MACOperation | Message | jca/Hash.java:217:39:217:54 | Message | @@ -889,11 +913,10 @@ | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | -| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Input | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Key | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Message | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | @@ -1012,12 +1035,11 @@ | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Input | jca/KeyDerivation1.java:333:42:333:63 | Message | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Output | jca/KeyDerivation1.java:335:16:335:43 | Key | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:333:66:333:69 | Salt | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | H | jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:335:16:335:43 | Key | | jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Input | jca/KeyDerivation1.java:348:35:348:37 | Message | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Message | jca/KeyDerivation1.java:348:35:348:37 | Message | @@ -1026,8 +1048,8 @@ | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:269:32:269:41 | Parameter | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:283:60:283:78 | Parameter | | jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | -| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Input | jca/KeyDerivation1.java:353:35:353:61 | Message | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:352:19:352:54 | Key | @@ -1158,22 +1180,20 @@ | jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:212:20:212:28 | Key | | jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:211:17:211:26 | Key | | jca/KeyExchange.java:213:16:213:34 | SharedSecret | Source | jca/KeyExchange.java:213:16:213:34 | SharedSecret | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | H | jca/MACOperation.java:60:35:60:46 | HashAlgorithm | | jca/MACOperation.java:62:18:62:26 | Key | Source | jca/MACOperation.java:59:52:59:61 | Parameter | -| jca/MACOperation.java:63:16:63:46 | MACOperation | Algorithm | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:63:16:63:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Algorithm | jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | +| jca/MACOperation.java:63:16:63:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:60:35:60:46 | HashAlgorithm | | jca/MACOperation.java:63:16:63:46 | MACOperation | Input | jca/MACOperation.java:63:28:63:45 | Message | | jca/MACOperation.java:63:16:63:46 | MACOperation | Key | jca/MACOperation.java:62:18:62:26 | Key | | jca/MACOperation.java:63:16:63:46 | MACOperation | Message | jca/MACOperation.java:63:28:63:45 | Message | | jca/MACOperation.java:63:16:63:46 | MACOperation | Nonce | jca/MACOperation.java:63:16:63:46 | MACOperation | | jca/MACOperation.java:63:16:63:46 | MACOperation | Output | jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | | jca/MACOperation.java:63:28:63:45 | Message | Source | jca/MACOperation.java:59:36:59:49 | Parameter | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | H | jca/MACOperation.java:71:35:71:48 | HashAlgorithm | | jca/MACOperation.java:73:18:73:26 | Key | Source | jca/MACOperation.java:70:50:70:59 | Parameter | -| jca/MACOperation.java:74:16:74:46 | MACOperation | Algorithm | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:74:16:74:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Algorithm | jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | +| jca/MACOperation.java:74:16:74:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:71:35:71:48 | HashAlgorithm | | jca/MACOperation.java:74:16:74:46 | MACOperation | Input | jca/MACOperation.java:74:28:74:45 | Message | | jca/MACOperation.java:74:16:74:46 | MACOperation | Key | jca/MACOperation.java:73:18:73:26 | Key | | jca/MACOperation.java:74:16:74:46 | MACOperation | Message | jca/MACOperation.java:74:28:74:45 | Message | @@ -1211,11 +1231,10 @@ | jca/MACOperation.java:110:16:110:46 | MACOperation | Nonce | jca/MACOperation.java:110:16:110:46 | MACOperation | | jca/MACOperation.java:110:16:110:46 | MACOperation | Output | jca/MACOperation.java:110:16:110:46 | KeyOperationOutput | | jca/MACOperation.java:110:28:110:45 | Message | Source | jca/MACOperation.java:106:30:106:43 | Parameter | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | H | jca/MACOperation.java:118:35:118:44 | HashAlgorithm | | jca/MACOperation.java:120:18:120:26 | Key | Source | jca/MACOperation.java:117:52:117:61 | Parameter | -| jca/MACOperation.java:121:16:121:46 | MACOperation | Algorithm | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:121:16:121:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Algorithm | jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | +| jca/MACOperation.java:121:16:121:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:118:35:118:44 | HashAlgorithm | | jca/MACOperation.java:121:16:121:46 | MACOperation | Input | jca/MACOperation.java:121:28:121:45 | Message | | jca/MACOperation.java:121:16:121:46 | MACOperation | Key | jca/MACOperation.java:120:18:120:26 | Key | | jca/MACOperation.java:121:16:121:46 | MACOperation | Message | jca/MACOperation.java:121:28:121:45 | Message | @@ -1248,11 +1267,10 @@ | jca/MACOperation.java:182:29:182:78 | EncryptOperation | Nonce | jca/MACOperation.java:182:29:182:78 | EncryptOperation | | jca/MACOperation.java:182:29:182:78 | EncryptOperation | Output | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | | jca/MACOperation.java:182:44:182:77 | Message | Source | jca/MACOperation.java:182:44:182:66 | Constant | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | H | jca/MACOperation.java:185:35:185:46 | HashAlgorithm | | jca/MACOperation.java:186:18:186:30 | Key | Source | jca/MACOperation.java:186:18:186:30 | Key | -| jca/MACOperation.java:187:30:187:52 | MACOperation | Algorithm | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:187:30:187:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Algorithm | jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | +| jca/MACOperation.java:187:30:187:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:185:35:185:46 | HashAlgorithm | | jca/MACOperation.java:187:30:187:52 | MACOperation | Input | jca/MACOperation.java:187:42:187:51 | Message | | jca/MACOperation.java:187:30:187:52 | MACOperation | Key | jca/MACOperation.java:186:18:186:30 | Key | | jca/MACOperation.java:187:30:187:52 | MACOperation | Message | jca/MACOperation.java:187:42:187:51 | Message | @@ -1270,12 +1288,11 @@ | jca/MACOperation.java:219:47:219:50 | Message | Source | jca/MACOperation.java:150:36:150:51 | Parameter | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | Algorithm | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | Output | jca/MACOperation.java:234:16:234:35 | Key | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | H | jca/Nonce.java:24:35:24:46 | HashAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:26:20:26:24 | Message | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | -| jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | -| jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | HMACAlgorithm | +| jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:24:35:24:46 | HashAlgorithm | | jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:27:40:27:68 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Key | jca/Nonce.java:25:18:25:20 | Key | @@ -1284,12 +1301,11 @@ | jca/Nonce.java:27:28:27:69 | MACOperation | Nonce | jca/Nonce.java:27:28:27:69 | MACOperation | | jca/Nonce.java:27:28:27:69 | MACOperation | Output | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | | jca/Nonce.java:27:40:27:68 | Message | Source | jca/Nonce.java:27:40:27:57 | Constant | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | H | jca/Nonce.java:37:35:37:46 | HashAlgorithm | | jca/Nonce.java:38:18:38:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:39:20:39:24 | Message | Source | jca/Nonce.java:35:24:35:41 | Constant | -| jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | -| jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | HMACAlgorithm | +| jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:37:35:37:46 | HashAlgorithm | | jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:40:40:40:66 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Key | jca/Nonce.java:38:18:38:20 | Key | @@ -1318,13 +1334,12 @@ | jca/Nonce.java:63:29:63:53 | EncryptOperation | Nonce | jca/Nonce.java:62:47:62:53 | Nonce | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Output | jca/Nonce.java:63:29:63:53 | KeyOperationOutput | | jca/Nonce.java:63:44:63:52 | Message | Source | jca/Nonce.java:58:52:58:67 | Parameter | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | H | jca/Nonce.java:70:53:70:64 | HashAlgorithm | | jca/Nonce.java:78:18:78:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:79:20:79:24 | Message | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:79:20:79:24 | Message | Source | jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | -| jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | -| jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | HMACAlgorithm | +| jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:70:53:70:64 | HashAlgorithm | | jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:80:40:80:66 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Key | jca/Nonce.java:78:18:78:20 | Key | @@ -1397,11 +1412,10 @@ | jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | H | jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Input | jca/SignEncryptCombinations.java:123:28:123:31 | Message | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Key | jca/SignEncryptCombinations.java:122:18:122:20 | Key | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Message | jca/SignEncryptCombinations.java:123:28:123:31 | Message | @@ -1667,11 +1681,10 @@ | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | Source | jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | Source | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | -| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Input | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Key | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Message | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index 77ef8a820b0d..3fa66c616290 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -168,12 +168,18 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | Description | plaintext | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | DigestSize | 160 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | Name | SHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | @@ -301,8 +307,11 @@ | jca/Digest.java:108:62:108:68 | HashAlgorithm | RawName | SHA-1 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | | jca/Digest.java:117:35:117:46 | Parameter | Description | input | jca/Digest.java:117:35:117:46 | jca/Digest.java:117:35:117:46 | | jca/Digest.java:117:49:117:58 | Parameter | Description | key | jca/Digest.java:117:49:117:58 | jca/Digest.java:117:49:117:58 | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | Name | HMAC | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | Name | SHA2 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | | jca/Digest.java:120:19:120:27 | Key | KeyType | Unknown | jca/Digest.java:120:19:120:27 | jca/Digest.java:120:19:120:27 | | jca/Digest.java:121:23:121:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:121:23:121:52 | jca/Digest.java:121:23:121:52 | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | @@ -339,8 +348,11 @@ | jca/Digest.java:187:42:187:54 | Key | KeyType | Unknown | jca/Digest.java:187:42:187:54 | jca/Digest.java:187:42:187:54 | | jca/Digest.java:188:29:188:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:188:29:188:78 | jca/Digest.java:188:29:188:78 | | jca/Digest.java:188:44:188:66 | Constant | Description | "Further Use Test Data" | jca/Digest.java:188:44:188:66 | jca/Digest.java:188:44:188:66 | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | Name | HMAC | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | Name | SHA2 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | | jca/Digest.java:192:18:192:23 | Key | KeyType | Unknown | jca/Digest.java:192:18:192:23 | jca/Digest.java:192:18:192:23 | | jca/Digest.java:193:30:193:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:193:30:193:52 | jca/Digest.java:193:30:193:52 | | jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | @@ -603,8 +615,11 @@ | jca/Encryption2.java:149:45:149:50 | Key | KeyType | Unknown | jca/Encryption2.java:149:45:149:50 | jca/Encryption2.java:149:45:149:50 | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:150:32:150:98 | jca/Encryption2.java:150:32:150:98 | | jca/Encryption2.java:150:50:150:86 | Constant | Description | "Post-Quantum Hybrid Encryption Data" | jca/Encryption2.java:150:50:150:86 | jca/Encryption2.java:150:50:150:86 | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Name | HMAC | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | Name | HMAC | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | DigestSize | 256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | Name | SHA2 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | | jca/Encryption2.java:175:19:175:27 | Key | KeyType | Unknown | jca/Encryption2.java:175:19:175:27 | jca/Encryption2.java:175:19:175:27 | | jca/Encryption2.java:176:31:176:52 | MACOperation | KeyOperationSubtype | Mac | jca/Encryption2.java:176:31:176:52 | jca/Encryption2.java:176:31:176:52 | | jca/Hash.java:75:58:75:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | @@ -670,18 +685,36 @@ | jca/Hash.java:211:43:211:54 | Parameter | Description | input | jca/Hash.java:211:43:211:54 | jca/Hash.java:211:43:211:54 | | jca/Hash.java:211:57:211:66 | Parameter | Description | key | jca/Hash.java:211:57:211:66 | jca/Hash.java:211:57:211:66 | | jca/Hash.java:212:31:212:116 | Constant | Description | {...} | jca/Hash.java:212:31:212:116 | jca/Hash.java:212:31:212:116 | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | Name | SHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | Name | SHA2 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | DigestSize | 384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | Name | SHA2 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | Name | SHA2 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | Name | SHA3 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | Name | SHA3 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | | jca/Hash.java:216:22:216:30 | Key | KeyType | Unknown | jca/Hash.java:216:22:216:30 | jca/Hash.java:216:22:216:30 | | jca/Hash.java:217:27:217:55 | MACOperation | KeyOperationSubtype | Mac | jca/Hash.java:217:27:217:55 | jca/Hash.java:217:27:217:55 | | jca/Hash.java:232:40:232:54 | Parameter | Description | password | jca/Hash.java:232:40:232:54 | jca/Hash.java:232:40:232:54 | @@ -892,8 +925,11 @@ | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | KeyOperationSubtype | Mac | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | @@ -1070,8 +1106,11 @@ | jca/KeyDerivation1.java:335:16:335:43 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:335:16:335:43 | jca/KeyDerivation1.java:335:16:335:43 | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Name | HMAC | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | | jca/KeyDerivation1.java:347:19:347:27 | Key | KeyType | Unknown | jca/KeyDerivation1.java:347:19:347:27 | jca/KeyDerivation1.java:347:19:347:27 | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:348:22:348:38 | jca/KeyDerivation1.java:348:22:348:38 | | jca/KeyDerivation1.java:352:19:352:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:352:19:352:54 | jca/KeyDerivation1.java:352:19:352:54 | @@ -1202,14 +1241,20 @@ | jca/KeyExchange.java:212:20:212:28 | Key | KeyType | Unknown | jca/KeyExchange.java:212:20:212:28 | jca/KeyExchange.java:212:20:212:28 | | jca/MACOperation.java:59:36:59:49 | Parameter | Description | message | jca/MACOperation.java:59:36:59:49 | jca/MACOperation.java:59:36:59:49 | | jca/MACOperation.java:59:52:59:61 | Parameter | Description | key | jca/MACOperation.java:59:52:59:61 | jca/MACOperation.java:59:52:59:61 | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | | jca/MACOperation.java:62:18:62:26 | Key | KeyType | Unknown | jca/MACOperation.java:62:18:62:26 | jca/MACOperation.java:62:18:62:26 | | jca/MACOperation.java:63:16:63:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:63:16:63:46 | jca/MACOperation.java:63:16:63:46 | | jca/MACOperation.java:70:34:70:47 | Parameter | Description | message | jca/MACOperation.java:70:34:70:47 | jca/MACOperation.java:70:34:70:47 | | jca/MACOperation.java:70:50:70:59 | Parameter | Description | key | jca/MACOperation.java:70:50:70:59 | jca/MACOperation.java:70:50:70:59 | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | Name | SHA3 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | | jca/MACOperation.java:73:18:73:26 | Key | KeyType | Unknown | jca/MACOperation.java:73:18:73:26 | jca/MACOperation.java:73:18:73:26 | | jca/MACOperation.java:74:16:74:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:74:16:74:46 | jca/MACOperation.java:74:16:74:46 | | jca/MACOperation.java:81:34:81:47 | Parameter | Description | message | jca/MACOperation.java:81:34:81:47 | jca/MACOperation.java:81:34:81:47 | @@ -1231,8 +1276,11 @@ | jca/MACOperation.java:110:16:110:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:110:16:110:46 | jca/MACOperation.java:110:16:110:46 | | jca/MACOperation.java:117:36:117:49 | Parameter | Description | message | jca/MACOperation.java:117:36:117:49 | jca/MACOperation.java:117:36:117:49 | | jca/MACOperation.java:117:52:117:61 | Parameter | Description | key | jca/MACOperation.java:117:52:117:61 | jca/MACOperation.java:117:52:117:61 | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | DigestSize | 160 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | Name | SHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | | jca/MACOperation.java:120:18:120:26 | Key | KeyType | Unknown | jca/MACOperation.java:120:18:120:26 | jca/MACOperation.java:120:18:120:26 | | jca/MACOperation.java:121:16:121:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:121:16:121:46 | jca/MACOperation.java:121:16:121:46 | | jca/MACOperation.java:133:34:133:49 | Parameter | Description | macOutput | jca/MACOperation.java:133:34:133:49 | jca/MACOperation.java:133:34:133:49 | @@ -1270,8 +1318,11 @@ | jca/MACOperation.java:181:42:181:54 | Key | KeyType | Unknown | jca/MACOperation.java:181:42:181:54 | jca/MACOperation.java:181:42:181:54 | | jca/MACOperation.java:182:29:182:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:182:29:182:78 | jca/MACOperation.java:182:29:182:78 | | jca/MACOperation.java:182:44:182:66 | Constant | Description | "Further Use Test Data" | jca/MACOperation.java:182:44:182:66 | jca/MACOperation.java:182:44:182:66 | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | | jca/MACOperation.java:186:18:186:30 | Key | KeyType | Unknown | jca/MACOperation.java:186:18:186:30 | jca/MACOperation.java:186:18:186:30 | | jca/MACOperation.java:187:30:187:52 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:187:30:187:52 | jca/MACOperation.java:187:30:187:52 | | jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | @@ -1290,14 +1341,20 @@ | jca/MACOperation.java:233:21:233:23 | Constant | Description | 256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | | jca/MACOperation.java:234:16:234:35 | Key | KeyType | Symmetric | jca/MACOperation.java:234:16:234:35 | jca/MACOperation.java:234:16:234:35 | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:246:38:246:41 | jca/MACOperation.java:246:38:246:41 | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | DigestSize | 256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | Name | SHA2 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | | jca/Nonce.java:25:18:25:20 | Key | KeyType | Unknown | jca/Nonce.java:25:18:25:20 | jca/Nonce.java:25:18:25:20 | | jca/Nonce.java:27:28:27:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:27:28:27:69 | jca/Nonce.java:27:28:27:69 | | jca/Nonce.java:27:40:27:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:27:40:27:57 | jca/Nonce.java:27:40:27:57 | | jca/Nonce.java:35:24:35:41 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:35:24:35:41 | jca/Nonce.java:35:24:35:41 | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | DigestSize | 256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | Name | SHA2 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | | jca/Nonce.java:38:18:38:20 | Key | KeyType | Unknown | jca/Nonce.java:38:18:38:20 | jca/Nonce.java:38:18:38:20 | | jca/Nonce.java:40:28:40:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:40:28:40:67 | jca/Nonce.java:40:28:40:67 | | jca/Nonce.java:40:40:40:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:40:40:40:55 | jca/Nonce.java:40:40:40:55 | @@ -1323,8 +1380,11 @@ | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | | jca/Nonce.java:62:42:62:44 | Key | KeyType | Unknown | jca/Nonce.java:62:42:62:44 | jca/Nonce.java:62:42:62:44 | | jca/Nonce.java:63:29:63:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:63:29:63:53 | jca/Nonce.java:63:29:63:53 | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | Name | HMAC | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | DigestSize | 256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | Name | SHA2 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | | jca/Nonce.java:78:18:78:20 | Key | KeyType | Unknown | jca/Nonce.java:78:18:78:20 | jca/Nonce.java:78:18:78:20 | | jca/Nonce.java:80:28:80:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:80:28:80:67 | jca/Nonce.java:80:28:80:67 | | jca/Nonce.java:80:40:80:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:80:40:80:55 | jca/Nonce.java:80:40:80:55 | @@ -1383,8 +1443,11 @@ | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | | jca/SignEncryptCombinations.java:112:42:112:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:112:42:112:44 | jca/SignEncryptCombinations.java:112:42:112:44 | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/SignEncryptCombinations.java:113:16:113:41 | jca/SignEncryptCombinations.java:113:16:113:41 | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:122:18:122:20 | jca/SignEncryptCombinations.java:122:18:122:20 | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | KeyOperationSubtype | Mac | jca/SignEncryptCombinations.java:123:16:123:32 | jca/SignEncryptCombinations.java:123:16:123:32 | | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | Description | "Hello, combinations!" | jca/SignEncryptCombinations.java:335:26:335:47 | jca/SignEncryptCombinations.java:335:26:335:47 | @@ -1605,8 +1668,11 @@ | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:297:38:297:39 | jca/SymmetricAlgorithm.java:297:38:297:39 | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:298:42:298:47 | jca/SymmetricAlgorithm.java:298:42:298:47 | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:299:29:299:53 | jca/SymmetricAlgorithm.java:299:29:299:53 | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | DigestSize | 256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | Name | SHA2 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:302:18:302:30 | jca/SymmetricAlgorithm.java:302:18:302:30 | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:303:30:303:52 | jca/SymmetricAlgorithm.java:303:30:303:52 | | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 80042576adfa..b9661aaf64f9 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -148,12 +148,14 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | @@ -278,7 +280,8 @@ | jca/Digest.java:109:41:109:56 | Message | | jca/Digest.java:117:35:117:46 | Parameter | | jca/Digest.java:117:49:117:58 | Parameter | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | | jca/Digest.java:120:19:120:27 | Key | | jca/Digest.java:121:23:121:52 | KeyOperationOutput | | jca/Digest.java:121:23:121:52 | MACOperation | @@ -310,7 +313,8 @@ | jca/Digest.java:188:29:188:78 | KeyOperationOutput | | jca/Digest.java:188:44:188:66 | Constant | | jca/Digest.java:188:44:188:77 | Message | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | | jca/Digest.java:192:18:192:23 | Key | | jca/Digest.java:193:30:193:52 | KeyOperationOutput | | jca/Digest.java:193:30:193:52 | MACOperation | @@ -535,7 +539,8 @@ | jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | | jca/Encryption2.java:150:50:150:86 | Constant | | jca/Encryption2.java:150:50:150:97 | Message | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | | jca/Encryption2.java:175:19:175:27 | Key | | jca/Encryption2.java:176:31:176:52 | KeyOperationOutput | | jca/Encryption2.java:176:31:176:52 | MACOperation | @@ -589,12 +594,18 @@ | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:211:57:211:66 | Parameter | | jca/Hash.java:212:31:212:116 | Constant | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | | jca/Hash.java:216:22:216:30 | Key | | jca/Hash.java:217:27:217:55 | KeyOperationOutput | | jca/Hash.java:217:27:217:55 | MACOperation | @@ -786,7 +797,8 @@ | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | @@ -932,7 +944,8 @@ | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | | jca/KeyDerivation1.java:335:16:335:43 | Key | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:347:19:347:27 | Key | | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | @@ -1055,14 +1068,16 @@ | jca/KeyExchange.java:213:16:213:34 | SharedSecret | | jca/MACOperation.java:59:36:59:49 | Parameter | | jca/MACOperation.java:59:52:59:61 | Parameter | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | | jca/MACOperation.java:62:18:62:26 | Key | | jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | | jca/MACOperation.java:63:16:63:46 | MACOperation | | jca/MACOperation.java:63:28:63:45 | Message | | jca/MACOperation.java:70:34:70:47 | Parameter | | jca/MACOperation.java:70:50:70:59 | Parameter | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | | jca/MACOperation.java:73:18:73:26 | Key | | jca/MACOperation.java:74:16:74:46 | KeyOperationOutput | | jca/MACOperation.java:74:16:74:46 | MACOperation | @@ -1090,7 +1105,8 @@ | jca/MACOperation.java:110:28:110:45 | Message | | jca/MACOperation.java:117:36:117:49 | Parameter | | jca/MACOperation.java:117:52:117:61 | Parameter | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | | jca/MACOperation.java:120:18:120:26 | Key | | jca/MACOperation.java:121:16:121:46 | KeyOperationOutput | | jca/MACOperation.java:121:16:121:46 | MACOperation | @@ -1123,7 +1139,8 @@ | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | | jca/MACOperation.java:182:44:182:66 | Constant | | jca/MACOperation.java:182:44:182:77 | Message | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | | jca/MACOperation.java:186:18:186:30 | Key | | jca/MACOperation.java:187:30:187:52 | KeyOperationOutput | | jca/MACOperation.java:187:30:187:52 | MACOperation | @@ -1140,7 +1157,8 @@ | jca/MACOperation.java:234:16:234:35 | Key | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | | jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | @@ -1148,7 +1166,8 @@ | jca/Nonce.java:27:40:27:57 | Constant | | jca/Nonce.java:27:40:27:68 | Message | | jca/Nonce.java:35:24:35:41 | Constant | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | | jca/Nonce.java:38:18:38:20 | Key | | jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | @@ -1175,7 +1194,8 @@ | jca/Nonce.java:63:29:63:53 | EncryptOperation | | jca/Nonce.java:63:29:63:53 | KeyOperationOutput | | jca/Nonce.java:63:44:63:52 | Message | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | | jca/Nonce.java:78:18:78:20 | Key | | jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | @@ -1228,7 +1248,8 @@ | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | | jca/SignEncryptCombinations.java:113:31:113:40 | Message | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | @@ -1422,7 +1443,8 @@ | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | | jca/SymmetricAlgorithm.java:303:30:303:52 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | From eff94ef91f86587b46dc4ecbf9dbdfb1b4805a8f Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 20 Oct 2025 15:51:07 -0400 Subject: [PATCH 57/66] Crypto: To allow for graph generation to have properties informed by assessments, altering a few queries weak/vuln/bad crypto to have qll files that can be accessed for other purposes, like graph generation. Also altering weak symmetric cipher to look for non-aes algorithms to be more comprehensive. --- .../quantum/Examples/BadMacOrder.qll | 171 ++++++++++++++++++ .../Examples/BadMacOrderDecryptToMac.ql | 11 +- .../BadMacOrderMacOnEncryptPlaintext.ql | 147 +-------------- .../experimental/quantum/Examples/WeakHash.ql | 24 +-- .../quantum/Examples/WeakHash.qll | 23 +++ .../quantum/Examples/WeakSymmetricCipher.ql | 24 +-- .../quantum/Examples/WeakSymmetricCipher.qll | 24 +++ 7 files changed, 228 insertions(+), 196 deletions(-) create mode 100644 java/ql/src/experimental/quantum/Examples/BadMacOrder.qll create mode 100644 java/ql/src/experimental/quantum/Examples/WeakHash.qll create mode 100644 java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll new file mode 100644 index 000000000000..13adba0e436c --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll @@ -0,0 +1,171 @@ +import java +import experimental.quantum.Language +import codeql.util.Option + +/** + * Holds when the src node is the output artifact of a decrypt operation + * that flows to the input artifact of a mac operation. + */ +predicate isDecryptToMacFlow(ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink) { + ArtifactFlow::flowPath(src, sink) and + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TDecryptMode() and + cipherOp.getAnOutputArtifact().asElement() = src.getNode().asExpr() + ) and + exists(Crypto::MacOperationNode macOp | + macOp.getAnInputArtifact().asElement() = sink.getNode().asExpr() + ) +} + +/** + * Holds when the src node is used as plaintext input to both + * an encryption operation and a mac operation, via the + * argument represented by InterimArg. + */ +predicate isPlaintextInEncryptionAndMac( + PlaintextUseAsMacAndCipherInputFlow::PathNode src, + PlaintextUseAsMacAndCipherInputFlow::PathNode sink, InterimArg arg +) { + PlaintextUseAsMacAndCipherInputFlow::flowPath(src, sink) and + arg = sink.getState().asSome() +} + +module ArgToSinkConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { exists(Call c | c.getAnArgument() = source.asExpr()) } + + predicate isSink(DataFlow::Node sink) { targetSinks(sink) } + + // Don't go in to a known out node, this will prevent the plaintext + // from tracing out of cipher operations for example, we just want to trace + // the plaintext to uses. + // NOTE: we are not using a barrier out on input nodes, because + // that would remove 'use-use' flows, which we need + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module ArgToSinkFlow = TaintTracking::Global; + +/** + * Target sinks for this query are either encryption operations or mac operation message inputs + */ +predicate targetSinks(DataFlow::Node n) { + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = n.asExpr() + ) + or + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = n.asExpr()) +} + +/** + * An argument of a target sink or a parent call whose parameter flows to a target sink + */ +class InterimArg extends DataFlow::Node { + DataFlow::Node targetSink; + + InterimArg() { + targetSinks(targetSink) and + ( + this = targetSink + or + ArgToSinkFlow::flow(this, targetSink) and + this.getEnclosingCallable().calls+(targetSink.getEnclosingCallable()) + ) + } + + DataFlow::Node getTargetSink() { result = targetSink } +} + +/** + * A wrapper class to represent a target argument dataflow node. + */ +class TargetArg extends DataFlow::Node { + TargetArg() { targetSinks(this) } + + predicate isCipher() { + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = this.asExpr() + ) + } + + predicate isMac() { + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = this.asExpr()) + } +} + +module PlaintextUseAsMacAndCipherInputConfig implements DataFlow::StateConfigSig { + class FlowState = Option::Option; + + // TODO: can we approximate a message source better? + predicate isSource(DataFlow::Node source, FlowState state) { + // TODO: can we find the 'closest' parameter to the sinks? + // i.e., use a generic source if we have it, but also isolate the + // lowest level in the flow to the closest parameter node in the call graph? + exists(Crypto::GenericSourceNode other | + other.asElement() = CryptoInput::dfn_to_element(source) + ) and + state.isNone() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof TargetArg and + ( + sink.(TargetArg).isMac() and state.asSome().isCipher() + or + sink.(TargetArg).isCipher() and state.asSome().isMac() + ) + } + + predicate isBarrierOut(DataFlow::Node node, FlowState state) { + // Stop at the first sink for now + isSink(node, state) + } + + // Don't go in to a known out node, this will prevent the plaintext + // from tracing out of cipher operations for example, we just want to trace + // the plaintext to uses. + // NOTE: we are not using a barrier out on input nodes, because + // that would remove 'use-use' flows, which we need + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + (exists(state1.asSome()) or state1.isNone()) and + targetSinks(node1) and + node1 instanceof TargetArg and + //use-use flow, either flow directly from the node1 use + //or find a parent call in the call in the call stack + //and continue flow from that parameter + node2.(InterimArg).getTargetSink() = node1 and + state2.asSome() = node1 + } +} + +module PlaintextUseAsMacAndCipherInputFlow = + TaintTracking::GlobalWithState; diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql index fea29f9fc145..8d8871592825 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -11,16 +11,9 @@ import java import experimental.quantum.Language import ArtifactFlow::PathGraph +import BadMacOrder from ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink -where - ArtifactFlow::flowPath(src, sink) and - exists(Crypto::CipherOperationNode cipherOp | - cipherOp.getKeyOperationSubtype() = Crypto::TDecryptMode() and - cipherOp.getAnOutputArtifact().asElement() = src.getNode().asExpr() - ) and - exists(Crypto::MacOperationNode macOp | - macOp.getAnInputArtifact().asElement() = sink.getNode().asExpr() - ) +where isDecryptToMacFlow(src, sink) select sink, src, sink, "MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher." diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index 8d8fb5ee4804..fde5fa6baa00 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -10,156 +10,13 @@ import java import experimental.quantum.Language -import codeql.util.Option - -module ArgToSinkConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { exists(Call c | c.getAnArgument() = source.asExpr()) } - - predicate isSink(DataFlow::Node sink) { targetSinks(sink) } - - // Don't go in to a known out node, this will prevent the plaintext - // from tracing out of cipher operations for example, we just want to trace - // the plaintext to uses. - // NOTE: we are not using a barrier out on input nodes, because - // that would remove 'use-use' flows, which we need - predicate isBarrierIn(DataFlow::Node node) { - node = any(Crypto::FlowAwareElement element).getOutputNode() - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - node1.(AdditionalFlowInputStep).getOutput() = node2 - or - exists(MethodCall m | - m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and - node1.asExpr() = m.getQualifier() and - node2.asExpr() = m - ) - } -} - -module ArgToSinkFlow = TaintTracking::Global; - -/** - * Target sinks for this query are either encryption operations or mac operation message inputs - */ -predicate targetSinks(DataFlow::Node n) { - exists(Crypto::CipherOperationNode cipherOp | - cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and - cipherOp.getAnInputArtifact().asElement() = n.asExpr() - ) - or - exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = n.asExpr()) -} - -/** - * An argument of a target sink or a parent call whose parameter flows to a target sink - */ -class InterimArg extends DataFlow::Node { - DataFlow::Node targetSink; - - InterimArg() { - targetSinks(targetSink) and - ( - this = targetSink - or - ArgToSinkFlow::flow(this, targetSink) and - this.getEnclosingCallable().calls+(targetSink.getEnclosingCallable()) - ) - } - - DataFlow::Node getTargetSink() { result = targetSink } -} - -/** - * A wrapper class to represent a target argument dataflow node. - */ -class TargetArg extends DataFlow::Node { - TargetArg() { targetSinks(this) } - - predicate isCipher() { - exists(Crypto::CipherOperationNode cipherOp | - cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and - cipherOp.getAnInputArtifact().asElement() = this.asExpr() - ) - } - - predicate isMac() { - exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = this.asExpr()) - } -} - -module PlaintextUseAsMacAndCipherInputConfig implements DataFlow::StateConfigSig { - class FlowState = Option::Option; - - // TODO: can we approximate a message source better? - predicate isSource(DataFlow::Node source, FlowState state) { - // TODO: can we find the 'closest' parameter to the sinks? - // i.e., use a generic source if we have it, but also isolate the - // lowest level in the flow to the closest parameter node in the call graph? - exists(Crypto::GenericSourceNode other | - other.asElement() = CryptoInput::dfn_to_element(source) - ) and - state.isNone() - } - - predicate isSink(DataFlow::Node sink, FlowState state) { - sink instanceof TargetArg and - ( - sink.(TargetArg).isMac() and state.asSome().isCipher() - or - sink.(TargetArg).isCipher() and state.asSome().isMac() - ) - } - - predicate isBarrierOut(DataFlow::Node node, FlowState state) { - // Stop at the first sink for now - isSink(node, state) - } - - // Don't go in to a known out node, this will prevent the plaintext - // from tracing out of cipher operations for example, we just want to trace - // the plaintext to uses. - // NOTE: we are not using a barrier out on input nodes, because - // that would remove 'use-use' flows, which we need - predicate isBarrierIn(DataFlow::Node node) { - node = any(Crypto::FlowAwareElement element).getOutputNode() - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - node1.(AdditionalFlowInputStep).getOutput() = node2 - or - exists(MethodCall m | - m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and - node1.asExpr() = m.getQualifier() and - node2.asExpr() = m - ) - } - - predicate isAdditionalFlowStep( - DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 - ) { - (exists(state1.asSome()) or state1.isNone()) and - targetSinks(node1) and - node1 instanceof TargetArg and - //use-use flow, either flow directly from the node1 use - //or find a parent call in the call in the call stack - //and continue flow from that parameter - node2.(InterimArg).getTargetSink() = node1 and - state2.asSome() = node1 - } -} - -module PlaintextUseAsMacAndCipherInputFlow = - TaintTracking::GlobalWithState; - +import BadMacOrder import PlaintextUseAsMacAndCipherInputFlow::PathGraph from PlaintextUseAsMacAndCipherInputFlow::PathNode src, PlaintextUseAsMacAndCipherInputFlow::PathNode sink, InterimArg arg -where - PlaintextUseAsMacAndCipherInputFlow::flowPath(src, sink) and - arg = sink.getState().asSome() +where isPlaintextInEncryptionAndMac(src, sink, arg) select sink, src, sink, "Source is used as plaintext to MAC and encryption operation. Indicates possible misuse of MAC. Path shows plaintext to final use through intermediate mac or encryption operation here $@", arg.asExpr(), arg.asExpr().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql index e7b9c95a9c08..cb61c2f860aa 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakHash.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql @@ -9,28 +9,8 @@ * experimental */ -import java -import experimental.quantum.Language +import WeakHash from Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg -where - htype = alg.getHashType() and - ( - (htype != Crypto::SHA2() and htype != Crypto::SHA3()) and - msg = "Use of unapproved hash algorithm or API: " + htype.toString() + "." - or - (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and - not exists(alg.getDigestLength()) and - msg = - "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." - or - exists(int digestLength | - digestLength = alg.getDigestLength() and - (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and - digestLength < 256 and - msg = - "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" - + digestLength + ")." - ) - ) +where isUnapprovedHash(alg, htype, msg) select alg, msg diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.qll b/java/ql/src/experimental/quantum/Examples/WeakHash.qll new file mode 100644 index 000000000000..add6cc870aed --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.qll @@ -0,0 +1,23 @@ +import experimental.quantum.Language + +predicate isUnapprovedHash(Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg) { + htype = alg.getHashType() and + ( + (htype != Crypto::SHA2() and htype != Crypto::SHA3()) and + msg = "Use of unapproved hash algorithm or API: " + htype.toString() + "." + or + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + not exists(alg.getDigestLength()) and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." + or + exists(int digestLength | + digestLength = alg.getDigestLength() and + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + digestLength < 256 and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + + digestLength + ")." + ) + ) +} diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql index 59cd22ac5923..fe08599b6603 100644 --- a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql @@ -9,24 +9,8 @@ * experimental */ -import java -import experimental.quantum.Language -import Crypto::KeyOpAlg as KeyOpAlg +import WeakSymmetricCipher -from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType -where - algType = alg.getAlgorithmType() and - // NOTE: an org may disallow all but AES we could similarly look for - // algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) - // This is a more comprehensive check than looking for all weak ciphers - ( - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DOUBLE_DES()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) or - algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SKIPJACK()) - ) -select alg, "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." +from Crypto::KeyOperationAlgorithmNode alg, string msg +where isUnapprovedSymmetricCipher(alg, msg) +select alg, msg diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll new file mode 100644 index 000000000000..457d2b6cd18d --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll @@ -0,0 +1,24 @@ +import experimental.quantum.Language +import Crypto::KeyOpAlg as KeyOpAlg + +/** + * Holds when the given symmetric cipher algorithm is unapproved or weak. + */ +predicate isUnapprovedSymmetricCipher(Crypto::KeyOperationAlgorithmNode alg, string msg) { + exists(KeyOpAlg::AlgorithmType algType | + algType = alg.getAlgorithmType() and + msg = "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." and + algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) + ) + // NOTE: an org could decide to disallow very specific algorithms as well, shown below + // ( + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DOUBLE_DES()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SKIPJACK()) + // ) +} From 22c0f9fa91447e47b3958f8af4028addeaf8bb14 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 20 Oct 2025 16:24:31 -0400 Subject: [PATCH 58/66] Crypto: Adding a proof of concept bad mac ordering predicate that takes in an ArtifactNode to be used for graph generation to intercept nodes with known mac ordering issues, in order to format the node and output error messages in the graph. --- java/ql/src/experimental/quantum/Examples/BadMacOrder.qll | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll index 13adba0e436c..09eb2c31ff19 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll @@ -17,6 +17,13 @@ predicate isDecryptToMacFlow(ArtifactFlow::PathNode src, ArtifactFlow::PathNode ) } +predicate isDecryptToMacNode(Crypto::ArtifactNode node) { + exists(ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink | + isDecryptToMacFlow(src, sink) and + node.asElement() = src.getNode().asExpr() + ) +} + /** * Holds when the src node is used as plaintext input to both * an encryption operation and a mac operation, via the From c50175bc9b8c42fddb4a32b81a1cbc446be73502 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 21 Oct 2025 10:32:00 -0400 Subject: [PATCH 59/66] Crypto: ql-for-ql alert fixes. --- java/ql/src/experimental/quantum/Examples/BadMacOrder.qll | 4 ++-- .../experimental/quantum/Examples/BadMacOrderDecryptToMac.ql | 1 - .../quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll index 09eb2c31ff19..645a092d57ca 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll @@ -18,8 +18,8 @@ predicate isDecryptToMacFlow(ArtifactFlow::PathNode src, ArtifactFlow::PathNode } predicate isDecryptToMacNode(Crypto::ArtifactNode node) { - exists(ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink | - isDecryptToMacFlow(src, sink) and + exists(ArtifactFlow::PathNode src | + isDecryptToMacFlow(src, _) and node.asElement() = src.getNode().asExpr() ) } diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql index 8d8871592825..85b34a926a61 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -9,7 +9,6 @@ */ import java -import experimental.quantum.Language import ArtifactFlow::PathGraph import BadMacOrder diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index fde5fa6baa00..741a969605e0 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -9,7 +9,6 @@ */ import java -import experimental.quantum.Language import BadMacOrder import PlaintextUseAsMacAndCipherInputFlow::PathGraph From ddeb42cddb4cd9c3b624c20eb88af720b7eb485c Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 21 Oct 2025 11:04:57 -0400 Subject: [PATCH 60/66] Crypto: Adding false positive to BadMacUse.java, we have no way to avoid this FP currently but should note it exists in the test case. --- .../BadMacOrderDecryptToMac.expected | 39 +++++++++--- .../quantum/examples/BadMacUse/BadMacUse.java | 61 ++++++++++++++++--- 2 files changed, 84 insertions(+), 16 deletions(-) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected index ac7b1b9c3c0a..ac338cbfa7a0 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected @@ -1,13 +1,36 @@ #select -| BadMacUse.java:60:42:60:50 | plaintext | BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | BadMacUse.java:60:42:60:50 | plaintext | MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher. | +| BadMacUse.java:56:42:56:50 | plaintext | BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher. | +| BadMacUse.java:124:42:124:51 | ciphertext | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | BadMacUse.java:124:42:124:51 | ciphertext | MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher. | edges -| BadMacUse.java:30:29:30:53 | doFinal(...) : byte[] | BadMacUse.java:35:42:35:51 | ciphertext | provenance | | -| BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | BadMacUse.java:60:42:60:50 | plaintext | provenance | | +| BadMacUse.java:27:29:27:53 | doFinal(...) : byte[] | BadMacUse.java:32:42:32:51 | ciphertext | provenance | | +| BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | provenance | | +| BadMacUse.java:84:83:84:91 | iv : byte[] | BadMacUse.java:90:63:90:64 | iv : byte[] | provenance | | +| BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | BadMacUse.java:91:42:91:56 | ivParameterSpec | provenance | Sink:MaD:1 | +| BadMacUse.java:90:63:90:64 | iv : byte[] | BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| BadMacUse.java:90:63:90:64 | iv : byte[] | BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:2 | +| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | BadMacUse.java:118:29:118:106 | cipherOperationWrapper(...) : byte[] | provenance | | +| BadMacUse.java:117:38:117:39 | iv : byte[] | BadMacUse.java:118:83:118:84 | iv : byte[] | provenance | | +| BadMacUse.java:118:29:118:106 | cipherOperationWrapper(...) : byte[] | BadMacUse.java:124:42:124:51 | ciphertext | provenance | | +| BadMacUse.java:118:83:118:84 | iv : byte[] | BadMacUse.java:84:83:84:91 | iv : byte[] | provenance | | +models +| 1 | Sink: javax.crypto; Cipher; true; init; (int,Key,AlgorithmParameterSpec); ; Argument[2]; encryption-iv; manual | +| 2 | Summary: javax.crypto.spec; IvParameterSpec; true; IvParameterSpec; ; ; Argument[0]; Argument[this]; taint; manual | nodes -| BadMacUse.java:30:29:30:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | -| BadMacUse.java:35:42:35:51 | ciphertext | semmle.label | ciphertext | -| BadMacUse.java:54:28:54:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | -| BadMacUse.java:60:42:60:50 | plaintext | semmle.label | plaintext | +| BadMacUse.java:27:29:27:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:32:42:32:51 | ciphertext | semmle.label | ciphertext | +| BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:56:42:56:50 | plaintext | semmle.label | plaintext | +| BadMacUse.java:84:83:84:91 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| BadMacUse.java:90:63:90:64 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:91:42:91:56 | ivParameterSpec | semmle.label | ivParameterSpec | +| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:117:38:117:39 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:118:29:118:106 | cipherOperationWrapper(...) : byte[] | semmle.label | cipherOperationWrapper(...) : byte[] | +| BadMacUse.java:118:83:118:84 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext | subpaths testFailures -| BadMacUse.java:67:118:67:128 | // $Source | Missing result: Source | +| BadMacUse.java:63:118:63:128 | // $Source | Missing result: Source | +| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | Unexpected result: Source | +| BadMacUse.java:124:42:124:51 | ciphertext | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java index 03fd21386cf9..597c2a106d82 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -1,15 +1,12 @@ + import java.security.*; import java.util.Arrays; -import java.util.Base64; import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; - class BadMacUse { private byte[] generateSalt(int length) { @@ -17,7 +14,7 @@ private byte[] generateSalt(int length) { new SecureRandom().nextBytes(salt); return salt; } - + public void CipherThenMac(byte[] encryptionKeyBytes, byte[] macKeyBytes) throws Exception { // Create keys directly from provided byte arrays SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); @@ -40,7 +37,6 @@ public void CipherThenMac(byte[] encryptionKeyBytes, byte[] macKeyBytes) throws System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); } - public void BadDecryptThenMacOnPlaintextVerify(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] input) throws Exception { // Split input into ciphertext and MAC int macLength = 32; // HMAC-SHA256 output length @@ -84,4 +80,53 @@ public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byt System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); } -} \ No newline at end of file + + public byte[] cipherOperationWrapper(byte[] bytes, byte[] encryptionKeyBytes, byte[] iv, int mode) + throws Exception { + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKeySpec secretKeySpec = new SecretKeySpec(encryptionKeyBytes, "AES"); + + IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); + cipher.init(mode, secretKeySpec, ivParameterSpec); + return cipher.doFinal(bytes); + } + + /** + * A use of the cipher operation wrapper for decryption to throw off the + * analysis + */ + public byte[] decryptUsingWrapper(byte[] ciphertext, byte[] encryptionKeyBytes, byte[] iv) throws Exception { + return cipherOperationWrapper(ciphertext, encryptionKeyBytes, iv, Cipher.DECRYPT_MODE); + } + + /** + * A use of the cipher operation wrapper for encryption to throw off the + * analysis + */ + public byte[] encryptUsingWrapper(byte[] plaintext, byte[] encryptionKeyBytes, byte[] iv) throws Exception { + return cipherOperationWrapper(plaintext, encryptionKeyBytes, iv, Cipher.ENCRYPT_MODE); + } + + /** + * Encrypt then mac using the wrapper function + */ + public byte[] falsePositiveDecryptToMac(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception { + // Encrypt the plaintext + byte[] iv = new byte[16]; + new SecureRandom().nextBytes(iv); + byte[] ciphertext = cipherOperationWrapper(plaintext, encryptionKeyBytes, iv, Cipher.ENCRYPT_MODE); + + // Compute HMAC over the ciphertext using the MAC key + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(ciphertext); // False Positive + + // Concatenate ciphertext and MAC + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + return output; + } +} From b374ba3d0c8ffbcc0613ae41e39cf6ea29ef1653 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 21 Oct 2025 11:48:37 -0400 Subject: [PATCH 61/66] Crypto: Updating java 'location' information to be just a location's toString to be more verbose/precise. --- java/ql/lib/experimental/quantum/Language.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index 3a33b763a6f2..bcc8b62ca87f 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -30,7 +30,7 @@ module CryptoInput implements InputSig { class UnknownLocation = UnknownDefaultLocation; string locationToFileBaseNameAndLineNumberString(Location location) { - result = location.getFile().getBaseName() + ":" + location.getStartLine() + result = location.toString() } LocatableElement dfn_to_element(DataFlow::Node node) { From dd60cf9395044c7423c7426bfaa0aee1950d199c Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 22 Oct 2025 10:29:31 -0400 Subject: [PATCH 62/66] Crypto: Adjust output of bad mac order queries, update associated bad mac order expected results, fix erroneous change to ID for a slicing query, update model to specify elliptic curve type as a property, update associated graph test expected files, update the not_included_in_qls.expected to reflect all queries now under quantum. --- .../query-suite/not_included_in_qls.expected | 18 ++++++++++++++---- .../Examples/BadMacOrderDecryptToMac.ql | 2 +- .../BadMacOrderMacOnEncryptPlaintext.ql | 2 +- .../UnknownOperationAlgorithm.ql | 2 +- .../quantum/node_properties.expected | 16 ++++++++++++++++ .../BadMacUse/BadMacOrderDecryptToMac.expected | 4 ++-- .../BadMacOrderMacOnEncryptPlaintext.expected | 18 +++++++++--------- .../codeql/quantum/experimental/Model.qll | 4 ++++ 8 files changed, 48 insertions(+), 18 deletions(-) diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected index 1aa63644947a..8670493799fe 100644 --- a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -228,14 +228,24 @@ ql/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfig ql/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql ql/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql ql/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql -ql/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql -ql/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql -ql/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql -ql/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql +ql/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +ql/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql ql/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql +ql/java/ql/src/experimental/quantum/Examples/InsecInseInsecureIVorNonceSource.ql +ql/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql ql/java/ql/src/experimental/quantum/Examples/TestAESGCMNonce.ql ql/java/ql/src/experimental/quantum/Examples/TestCipher.ql ql/java/ql/src/experimental/quantum/Examples/TestHash.ql +ql/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql +ql/java/ql/src/experimental/quantum/Examples/UnknownHash.ql +ql/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql +ql/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql +ql/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +ql/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql +ql/java/ql/src/experimental/quantum/Examples/WeakHash.ql +ql/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql +ql/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql +ql/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql ql/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql ql/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql ql/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql index 85b34a926a61..fb9d8795b4d1 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -15,4 +15,4 @@ import BadMacOrder from ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink where isDecryptToMacFlow(src, sink) select sink, src, sink, - "MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher." + "Incorrect decryption and MAC order: decryption output plaintext flows to MAC message input." diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql index 741a969605e0..b3ff84b091ac 100644 --- a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -17,5 +17,5 @@ from PlaintextUseAsMacAndCipherInputFlow::PathNode sink, InterimArg arg where isPlaintextInEncryptionAndMac(src, sink, arg) select sink, src, sink, - "Source is used as plaintext to MAC and encryption operation. Indicates possible misuse of MAC. Path shows plaintext to final use through intermediate mac or encryption operation here $@", + "Incorrect MAC usage: Encryption plaintext also used for MAC. Flow shows plaintext to final use through intermediate mac or encryption operation here $@", arg.asExpr(), arg.asExpr().toString() diff --git a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql index 08f6cae731fe..8469924a8501 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql @@ -1,7 +1,7 @@ /** * @name Operations with unknown algorithm * @description Outputs operations where the algorithm applied is unknown - * @id java/quantum/examples/slices/operation-with-unknown-algorithm + * @id java/quantum/slices/operation-with-unknown-algorithm * @kind problem * @severity info * @tags quantum diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index 3fa66c616290..20c7276cc4f6 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -82,6 +82,7 @@ | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:178:29:178:64 | jca/AesWrapAndPBEWith.java:178:29:178:64 | | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | Description | password | jca/AesWrapAndPBEWith.java:200:55:200:69 | jca/AesWrapAndPBEWith.java:200:55:200:69 | | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | Description | plaintext | jca/AesWrapAndPBEWith.java:200:72:200:87 | jca/AesWrapAndPBEWith.java:200:72:200:87 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | CurveType | SEC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | KeySize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | Name | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | ParsedName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | @@ -371,16 +372,19 @@ | jca/Digest.java:240:21:240:23 | Constant | Description | 256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | | jca/Digest.java:241:16:241:35 | Key | KeyType | Symmetric | jca/Digest.java:241:16:241:35 | jca/Digest.java:241:16:241:35 | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:253:38:253:41 | jca/Digest.java:253:38:253:41 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | CurveType | SEC | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:47:16:47:36 | jca/EllipticCurve1.java:47:16:47:36 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | CurveType | SEC | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:57:16:57:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:57:16:57:36 | jca/EllipticCurve1.java:57:16:57:36 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | CurveType | BRAINPOOL | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | @@ -392,6 +396,7 @@ | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | Name | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | RawName | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | | jca/EllipticCurve1.java:84:16:84:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:84:16:84:36 | jca/EllipticCurve1.java:84:16:84:36 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | CurveType | SEC | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | KeySize | 163 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | Name | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | ParsedName | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | @@ -402,16 +407,19 @@ | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | | jca/EllipticCurve1.java:115:16:115:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:115:16:115:36 | jca/EllipticCurve1.java:115:16:115:36 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | CurveType | SEC | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:47:16:47:36 | jca/EllipticCurve2.java:47:16:47:36 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | CurveType | SEC | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:56:16:56:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:56:16:56:36 | jca/EllipticCurve2.java:56:16:56:36 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | CurveType | BRAINPOOL | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | @@ -578,6 +586,7 @@ | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | | jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | CurveType | SEC | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | | jca/Encryption2.java:55:60:55:70 | EllipticCurve | KeySize | 256 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | | jca/Encryption2.java:55:60:55:70 | EllipticCurve | Name | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | | jca/Encryption2.java:55:60:55:70 | EllipticCurve | ParsedName | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | @@ -847,6 +856,7 @@ | jca/IVArtifact.java:275:34:275:46 | Constant | Description | "Message One" | jca/IVArtifact.java:275:34:275:46 | jca/IVArtifact.java:275:34:275:46 | | jca/IVArtifact.java:275:60:275:72 | Constant | Description | "Message Two" | jca/IVArtifact.java:275:60:275:72 | jca/IVArtifact.java:275:60:275:72 | | jca/IVArtifact.java:275:86:275:100 | Constant | Description | "Message Three" | jca/IVArtifact.java:275:86:275:100 | jca/IVArtifact.java:275:86:275:100 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | CurveType | SEC | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | KeySize | 256 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | Name | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | @@ -1158,6 +1168,7 @@ | jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | | jca/KeyEncapsulation.java:93:45:93:51 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:93:45:93:51 | jca/KeyEncapsulation.java:93:45:93:51 | | jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/KeyEncapsulation.java:94:30:94:58 | jca/KeyEncapsulation.java:94:30:94:58 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | CurveType | SEC | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | @@ -1178,6 +1189,7 @@ | jca/KeyEncapsulation.java:136:45:136:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:136:45:136:50 | jca/KeyEncapsulation.java:136:45:136:50 | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:137:29:137:73 | jca/KeyEncapsulation.java:137:29:137:73 | | jca/KeyEncapsulation.java:137:47:137:61 | Constant | Description | "ECIES message" | jca/KeyEncapsulation.java:137:47:137:61 | jca/KeyEncapsulation.java:137:47:137:61 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | CurveType | SEC | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | @@ -1192,6 +1204,7 @@ | jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | RawName | RSA | jca/KeyEncapsulation.java:207:64:207:68 | jca/KeyEncapsulation.java:207:64:207:68 | | jca/KeyEncapsulation.java:208:27:208:30 | Constant | Description | 2048 | jca/KeyEncapsulation.java:208:27:208:30 | jca/KeyEncapsulation.java:208:27:208:30 | | jca/KeyEncapsulation.java:209:25:209:48 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:209:25:209:48 | jca/KeyEncapsulation.java:209:25:209:48 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | CurveType | SEC | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | @@ -1214,6 +1227,7 @@ | jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:99:52:99:55 | jca/KeyExchange.java:99:52:99:55 | | jca/KeyExchange.java:100:17:100:26 | Key | KeyType | Unknown | jca/KeyExchange.java:100:17:100:26 | jca/KeyExchange.java:100:17:100:26 | | jca/KeyExchange.java:101:20:101:28 | Key | KeyType | Unknown | jca/KeyExchange.java:101:20:101:28 | jca/KeyExchange.java:101:20:101:28 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | CurveType | SEC | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | KeySize | 256 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | Name | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | @@ -1399,6 +1413,7 @@ | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Structure | Block | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | | jca/PrngTest.java:153:21:153:23 | Constant | Description | 256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | | jca/PrngTest.java:154:16:154:35 | Key | KeyType | Symmetric | jca/PrngTest.java:154:16:154:35 | jca/PrngTest.java:154:16:154:35 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | CurveType | SEC | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | KeySize | 256 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | Name | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | @@ -1470,6 +1485,7 @@ | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | | jca/SignatureOperation.java:76:30:76:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:76:30:76:38 | jca/SignatureOperation.java:76:30:76:38 | | jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:78:16:78:41 | jca/SignatureOperation.java:78:16:78:41 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | CurveType | SEC | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | Name | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected index ac338cbfa7a0..b7a86c558cd6 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected @@ -1,6 +1,6 @@ #select -| BadMacUse.java:56:42:56:50 | plaintext | BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher. | -| BadMacUse.java:124:42:124:51 | ciphertext | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | BadMacUse.java:124:42:124:51 | ciphertext | MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher. | +| BadMacUse.java:56:42:56:50 | plaintext | BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | Incorrect decryption and MAC order: decryption output plaintext flows to MAC message input. | +| BadMacUse.java:124:42:124:51 | ciphertext | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | BadMacUse.java:124:42:124:51 | ciphertext | Incorrect decryption and MAC order: decryption output plaintext flows to MAC message input. | edges | BadMacUse.java:27:29:27:53 | doFinal(...) : byte[] | BadMacUse.java:32:42:32:51 | ciphertext | provenance | | | BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | provenance | | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected index 993811a16c90..da2c35d1d6d9 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected @@ -1,14 +1,14 @@ #select -| BadMacUse.java:80:44:80:52 | plaintext | BadMacUse.java:67:82:67:97 | plaintext : byte[] | BadMacUse.java:80:44:80:52 | plaintext | Source is used as plaintext to MAC and encryption operation. Indicates possible misuse of MAC. Path shows plaintext to final use through intermediate mac or encryption operation here $@ | BadMacUse.java:75:42:75:50 | plaintext | plaintext | +| BadMacUse.java:76:44:76:52 | plaintext | BadMacUse.java:63:82:63:97 | plaintext : byte[] | BadMacUse.java:76:44:76:52 | plaintext | Incorrect MAC usage: Encryption plaintext also used for MAC. Flow shows plaintext to final use through intermediate mac or encryption operation here $@ | BadMacUse.java:71:42:71:50 | plaintext | plaintext | edges -| BadMacUse.java:67:82:67:97 | plaintext : byte[] | BadMacUse.java:75:42:75:50 | plaintext : byte[] | provenance | | -| BadMacUse.java:75:42:75:50 | plaintext : byte[] | BadMacUse.java:75:42:75:50 | plaintext : byte[] | provenance | Config | -| BadMacUse.java:75:42:75:50 | plaintext : byte[] | BadMacUse.java:80:44:80:52 | plaintext | provenance | | +| BadMacUse.java:63:82:63:97 | plaintext : byte[] | BadMacUse.java:71:42:71:50 | plaintext : byte[] | provenance | | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | BadMacUse.java:71:42:71:50 | plaintext : byte[] | provenance | Config | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | BadMacUse.java:76:44:76:52 | plaintext | provenance | | nodes -| BadMacUse.java:67:82:67:97 | plaintext : byte[] | semmle.label | plaintext : byte[] | -| BadMacUse.java:75:42:75:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | -| BadMacUse.java:75:42:75:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | -| BadMacUse.java:80:44:80:52 | plaintext | semmle.label | plaintext | +| BadMacUse.java:63:82:63:97 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:76:44:76:52 | plaintext | semmle.label | plaintext | subpaths testFailures -| BadMacUse.java:54:56:54:66 | // $Source | Missing result: Source | +| BadMacUse.java:50:56:50:66 | // $Source | Missing result: Source | diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 70bcafa502e7..f5ab5190e1ff 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -2393,6 +2393,10 @@ module CryptographyBase Input> { key = "ParsedName" and value = instance.asAlg().getParsedEllipticCurveName() and location = this.getLocation() + or + key = "CurveType" and + value = this.getEllipticCurveType().toString() and + location = this.getLocation() } } } From db6d3ad0545cde11f2df8abba9d7dcae4d1f4c17 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 22 Oct 2025 10:31:19 -0400 Subject: [PATCH 63/66] Crypto: Fix typo in not_included_in_qls.expected. --- .../java/query-suite/not_included_in_qls.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected index 8670493799fe..485c6711dc9e 100644 --- a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -231,7 +231,7 @@ ql/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql ql/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql ql/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql ql/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql -ql/java/ql/src/experimental/quantum/Examples/InsecInseInsecureIVorNonceSource.ql +ql/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql ql/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql ql/java/ql/src/experimental/quantum/Examples/TestAESGCMNonce.ql ql/java/ql/src/experimental/quantum/Examples/TestCipher.ql From 3561d01144a169c9d9cd67d7563095d638317d13 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 22 Oct 2025 14:16:12 -0400 Subject: [PATCH 64/66] Crytpo: Trying to fix in pipeline test failure, experimentally altering a line to see if this forces the test to pass. The test is off by one column in the piepline --- .../query-tests/quantum/examples/BadMacUse/BadMacUse.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java index 597c2a106d82..f985a64a8ba3 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -122,7 +122,7 @@ public byte[] falsePositiveDecryptToMac(byte[] encryptionKeyBytes, byte[] macKey Mac mac = Mac.getInstance("HmacSHA256"); mac.init(macKey); byte[] computedMac = mac.doFinal(ciphertext); // False Positive - + // Concatenate ciphertext and MAC byte[] output = new byte[ciphertext.length + computedMac.length]; System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); From 08379393b32b7d361d63a4f1f37c906cd5df9ecd Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 22 Oct 2025 15:50:33 -0400 Subject: [PATCH 65/66] Crypto: Fix off by one column issue in unit tests. --- .../quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected | 2 +- .../BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected | 2 +- .../query-tests/quantum/examples/BadMacUse/BadMacUse.java | 2 +- .../UnknownKDFIterationCount.expected | 2 +- .../WeakKDFIterationCount.expected | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected index b7a86c558cd6..2a3c1d533dfb 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected @@ -31,6 +31,6 @@ nodes | BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext | subpaths testFailures -| BadMacUse.java:63:118:63:128 | // $Source | Missing result: Source | +| BadMacUse.java:63:118:63:127 | // $Source | Missing result: Source | | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | Unexpected result: Source | | BadMacUse.java:124:42:124:51 | ciphertext | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected index da2c35d1d6d9..70733bbf8d35 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected @@ -11,4 +11,4 @@ nodes | BadMacUse.java:76:44:76:52 | plaintext | semmle.label | plaintext | subpaths testFailures -| BadMacUse.java:50:56:50:66 | // $Source | Missing result: Source | +| BadMacUse.java:50:56:50:65 | // $Source | Missing result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java index f985a64a8ba3..597c2a106d82 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -122,7 +122,7 @@ public byte[] falsePositiveDecryptToMac(byte[] encryptionKeyBytes, byte[] macKey Mac mac = Mac.getInstance("HmacSHA256"); mac.init(macKey); byte[] computedMac = mac.doFinal(ciphertext); // False Positive - + // Concatenate ciphertext and MAC byte[] output = new byte[ciphertext.length + computedMac.length]; System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected index 33d8a1555517..472d79090496 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected @@ -1,5 +1,5 @@ #select | Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount | testFailures -| Test.java:45:94:45:154 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] | +| Test.java:45:94:45:153 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] | | Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected index 5b93bccd0b25..3567afd03221 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected @@ -13,4 +13,4 @@ nodes | Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount | subpaths testFailures -| Test.java:43:92:43:102 | // $Source | Missing result: Source | +| Test.java:43:92:43:101 | // $Source | Missing result: Source | From bdad95d810ffe53de16ce8c89f62d6f28323f0ca Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 22 Oct 2025 15:56:14 -0400 Subject: [PATCH 66/66] Crypto: Fixed alphabetical ordering issue in not_included_in_qls.expected --- .../java/query-suite/not_included_in_qls.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected index 485c6711dc9e..58b6b5766f2f 100644 --- a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -233,10 +233,10 @@ ql/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql ql/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql ql/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql ql/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql +ql/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql ql/java/ql/src/experimental/quantum/Examples/TestAESGCMNonce.ql ql/java/ql/src/experimental/quantum/Examples/TestCipher.ql ql/java/ql/src/experimental/quantum/Examples/TestHash.ql -ql/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql ql/java/ql/src/experimental/quantum/Examples/UnknownHash.ql ql/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql ql/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql