Skip to content

Commit

Permalink
BouncyCastle ongoing translation (#120)
Browse files Browse the repository at this point in the history
* MAX_ITERATIONS attribute

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* hash update

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* hash update

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* finish hashes

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* add HBS

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* deprecate InfoMap getDisplayName

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* digests translation

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* fix all CipherParameters tests

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* ongoing KDF translation

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* All KDF

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* fix checkstyle

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* fix KDF tests (except the ones using Mac)

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* DSA translation

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* fix DSA test

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* cleaning

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* ongoing KEM translation

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* KEM translation

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* fix KEM tests

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* naming

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* ongoing Mac translation

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* all Mac

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* mac reorganizer

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* start fixing mac tests

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* ongoing test fixing

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* tests fixing

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* TODO for mapper asKind

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* fix case-sensitive naming

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* @deprecated

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

* use getValue() instead of parseInt

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>

---------

Signed-off-by: Hugo Queinnec <hugo.queinnec@ibm.com>
  • Loading branch information
hugoqnc authored Sep 2, 2024
1 parent c969885 commit 4700a0a
Show file tree
Hide file tree
Showing 130 changed files with 2,909 additions and 820 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ public class BouncyCastleInfoMap {
public static class Info {
@Nullable private String name;

/**
* use the key of the map instead
*
* @deprecated
*/
@Deprecated(since = "2.0.0")
public String getName() {
return name;
}
Expand Down Expand Up @@ -129,7 +135,9 @@ public Set<Entry<String, Info>> entrySet() {
*
* @param key - Key of the information map, typically the cryptographic class
* @return The correct name of the cryptographic asset
* @deprecated use the key of the map instead
*/
@Deprecated(since = "2.0.0")
public String getDisplayName(@Nonnull String key) {
return getDisplayName(key, null);
}
Expand All @@ -143,7 +151,9 @@ public String getDisplayName(@Nonnull String key) {
* @param removePart - Substring to remove from the name (only when no specific name was defined
* with {@code putName}). If {@code null}, it does nothing.
* @return The correct name of the cryptographic asset
* @deprecated use the key of the map instead
*/
@Deprecated(since = "2.0.0")
public String getDisplayName(@Nonnull String key, String removePart) {
if (!map.containsKey(key)) {
throw new IllegalArgumentException("Key does not exist in the map: " + key);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
package com.ibm.plugin.rules.detection.bc.derivationfunction;

import com.ibm.engine.model.context.KeyContext;
import com.ibm.engine.model.factory.OperationModeFactory;
import com.ibm.engine.model.factory.ValueActionFactory;
import com.ibm.engine.rule.IDetectionRule;
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
Expand Down Expand Up @@ -51,7 +52,6 @@ private BcDerivationFunction() {
*/
digestDerivationFunctionMap
.putKey("BrokenKDF2BytesGenerator")
.putName("KDF2")
.putType("org.bouncycastle.jce.provider.");
digestDerivationFunctionMap
.putKey("ConcatenationKDFGenerator")
Expand All @@ -67,19 +67,15 @@ private BcDerivationFunction() {
.putType("org.bouncycastle.crypto.agreement.kdf.");
digestDerivationFunctionMap
.putKey("HKDFBytesGenerator")
.putName("HKDF")
.putType("org.bouncycastle.crypto.generators.");
digestDerivationFunctionMap
.putKey("KDF1BytesGenerator")
.putName("KDF1")
.putType("org.bouncycastle.crypto.generators.");
digestDerivationFunctionMap
.putKey("KDF2BytesGenerator")
.putName("KDF2")
.putType("org.bouncycastle.crypto.generators.");
digestDerivationFunctionMap
.putKey("MGF1BytesGenerator")
.putName("MGF1")
.putType("org.bouncycastle.crypto.generators.");

macDerivationFunctionMap.putKey("KDFCounterBytesGenerator");
Expand All @@ -94,15 +90,13 @@ private BcDerivationFunction() {
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry :
digestDerivationFunctionMap.entrySet()) {
String generator = entry.getKey();
String generatorName =
digestDerivationFunctionMap.getDisplayName(generator, "Generator");
String type = entry.getValue().getType();
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(type + generator)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(generatorName))
.shouldBeDetectedAs(new ValueActionFactory<>(generator))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new KeyContext(KeyContext.Kind.KDF))
Expand All @@ -114,14 +108,12 @@ private BcDerivationFunction() {
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry :
macDerivationFunctionMap.entrySet()) {
String generator = entry.getKey();
String generatorName =
macDerivationFunctionMap.getDisplayName(generator, "BytesGenerator");
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.generators." + generator)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(generatorName))
.shouldBeDetectedAs(new ValueActionFactory<>(generator))
.withMethodParameter("org.bouncycastle.crypto.Mac")
.addDependingDetectionRules(BcMac.rules())
.buildForContext(new KeyContext(KeyContext.Kind.KDF))
Expand All @@ -142,8 +134,8 @@ private BcDerivationFunction() {
.forObjectTypes(
"org.bouncycastle.crypto.engines.EthereumIESEngine$HandshakeKDFFunction")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("HandshakeKDF"))
.withMethodParameter("int")
.withMethodParameter("int") /* this determines whether its KDF1 or KDF2 */
.shouldBeDetectedAs(new OperationModeFactory<>())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new KeyContext(KeyContext.Kind.KDF))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,49 +61,49 @@ private BcDigests() {
* a constructor, we use `forObjectExactTypes` in associated rules otherwise we would have several
* detections (a class and its parent) instead of one.
*/
infoMap.putKey("AsconDigest").putName("Ascon");
infoMap.putKey("AsconXof").putName("Ascon-Xof");
infoMap.putKey("Blake2bDigest").putName("BLAKE2b");
infoMap.putKey("Blake2bpDigest").putName("BLAKE2bp");
infoMap.putKey("Blake2sDigest").putName("BLAKE2s");
infoMap.putKey("Blake2spDigest").putName("BLAKE2sp");
infoMap.putKey("Blake2xsDigest").putName("BLAKE2xs");
infoMap.putKey("Blake3Digest").putName("BLAKE3");
infoMap.putKey("CSHAKEDigest").putName("cSHAKE");
infoMap.putKey("DSTU7564Digest").putName("DSTU 7564");
infoMap.putKey("GOST3411_2012_256Digest"); // Contains size -> handled in translation
infoMap.putKey("GOST3411_2012_512Digest"); // Contains size -> handled in translation
infoMap.putKey("GOST3411Digest").putName("GOST R 34.11");
infoMap.putKey("Haraka256Digest"); // Contains size -> handled in translation
infoMap.putKey("Haraka512Digest"); // Contains size -> handled in translation
infoMap.putKey("HarakaBase").putName("Haraka"); // Parent class
infoMap.putKey("ISAPDigest").putName("ISAP");
infoMap.putKey("KeccakDigest").putName("Keccak"); // Parent class
infoMap.putKey("MD2Digest").putName("MD2");
infoMap.putKey("MD4Digest").putName("MD4");
infoMap.putKey("MD5Digest").putName("MD5");
infoMap.putKey("NullDigest").putName("Null");
infoMap.putKey("ParallelHash").putName("ParallelHash");
infoMap.putKey("PhotonBeetleDigest").putName("PHOTON-Beetle");
infoMap.putKey("RIPEMD128Digest"); // Contains size -> handled in translation
infoMap.putKey("RIPEMD160Digest"); // Contains size -> handled in translation
infoMap.putKey("RIPEMD256Digest"); // Contains size -> handled in translation
infoMap.putKey("RIPEMD320Digest"); // Contains size -> handled in translation
infoMap.putKey("SHA1Digest").putName("SHA-1");
infoMap.putKey("SHA224Digest").putName("SHA-224");
infoMap.putKey("SHA256Digest").putName("SHA-256");
infoMap.putKey("SHA384Digest").putName("SHA-384");
infoMap.putKey("SHA3Digest").putName("SHA-3");
infoMap.putKey("SHA512Digest").putName("SHA-512");
infoMap.putKey("SHA512tDigest").putName("SHA-512/t");
infoMap.putKey("SHAKEDigest").putName("SHAKE"); // Parent class
infoMap.putKey("SkeinDigest").putName("Skein");
infoMap.putKey("SM3Digest").putName("SM3");
infoMap.putKey("SparkleDigest").putName("Sparkle");
infoMap.putKey("TigerDigest").putName("Tiger");
infoMap.putKey("TupleHash").putName("TupleHash");
infoMap.putKey("WhirlpoolDigest").putName("Whirlpool");
infoMap.putKey("XoodyakDigest").putName("Xoodyak");
infoMap.putKey("AsconDigest");
infoMap.putKey("AsconXof");
infoMap.putKey("Blake2bDigest");
infoMap.putKey("Blake2bpDigest");
infoMap.putKey("Blake2sDigest");
infoMap.putKey("Blake2spDigest");
infoMap.putKey("Blake2xsDigest");
infoMap.putKey("Blake3Digest");
infoMap.putKey("CSHAKEDigest");
infoMap.putKey("DSTU7564Digest");
infoMap.putKey("GOST3411_2012_256Digest");
infoMap.putKey("GOST3411_2012_512Digest");
infoMap.putKey("GOST3411Digest");
infoMap.putKey("Haraka256Digest");
infoMap.putKey("Haraka512Digest");
infoMap.putKey("HarakaBase");
infoMap.putKey("ISAPDigest");
infoMap.putKey("KeccakDigest");
infoMap.putKey("MD2Digest");
infoMap.putKey("MD4Digest");
infoMap.putKey("MD5Digest");
infoMap.putKey("NullDigest");
infoMap.putKey("ParallelHash");
infoMap.putKey("PhotonBeetleDigest");
infoMap.putKey("RIPEMD128Digest");
infoMap.putKey("RIPEMD160Digest");
infoMap.putKey("RIPEMD256Digest");
infoMap.putKey("RIPEMD320Digest");
infoMap.putKey("SHA1Digest");
infoMap.putKey("SHA224Digest");
infoMap.putKey("SHA256Digest");
infoMap.putKey("SHA384Digest");
infoMap.putKey("SHA3Digest");
infoMap.putKey("SHA512Digest");
infoMap.putKey("SHA512tDigest");
infoMap.putKey("SHAKEDigest");
infoMap.putKey("SkeinDigest");
infoMap.putKey("SM3Digest");
infoMap.putKey("SparkleDigest");
infoMap.putKey("TigerDigest");
infoMap.putKey("TupleHash");
infoMap.putKey("WhirlpoolDigest");
infoMap.putKey("XoodyakDigest");
}

private static final List<IDetectionRule<Tree>> regularConstructors(
Expand All @@ -114,7 +114,6 @@ private static final List<IDetectionRule<Tree>> regularConstructors(

for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String digest = entry.getKey();
String digestName = infoMap.getDisplayName(digest, "Digest");
String digestTypePrefix =
entry.getValue().getType() != null
? entry.getValue().getType()
Expand All @@ -124,7 +123,7 @@ private static final List<IDetectionRule<Tree>> regularConstructors(
.createDetectionRule()
.forObjectExactTypes(digestTypePrefix + digest)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(digestName))
.shouldBeDetectedAs(new ValueActionFactory<>(digest))
// We want to capture all possible constructors (some have arguments)
.withAnyParameters()
.buildForContext(context)
Expand All @@ -146,7 +145,6 @@ private static final List<IDetectionRule<Tree>> otherConstructors(
.createDetectionRule()
.forObjectExactTypes("org.bouncycastle.crypto.digests.NonMemoableDigest")
.forConstructor()
// .shouldBeDetectedAs(new ValueActionFactory<>("NonMemoable"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(regularConstructors(detectionValueContext))
.buildForContext(context)
Expand All @@ -158,7 +156,6 @@ private static final List<IDetectionRule<Tree>> otherConstructors(
.createDetectionRule()
.forObjectExactTypes("org.bouncycastle.crypto.digests.ShortenedDigest")
.forConstructor()
// .shouldBeDetectedAs(new ValueActionFactory<>("Shortened"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(regularConstructors(detectionValueContext))
.withMethodParameter("int")
Expand Down
28 changes: 11 additions & 17 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,8 @@
import com.ibm.engine.model.factory.ValueActionFactory;
import com.ibm.engine.rule.IDetectionRule;
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Unmodifiable;
Expand All @@ -40,30 +38,26 @@ private BcDSA() {

/* TODO: maybe the function `extractSecret` would be a better entry point than the constructors? */

private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();

static {
infoMap.putKey("DSASigner");
infoMap.putKey("DSTU4145Signer").putName("DSTU 4145-2002");
infoMap.putKey("ECDSASigner");
infoMap.putKey("ECGOST3410_2012Signer").putName("GOST R 34.10-2012");
infoMap.putKey("ECGOST3410Signer").putName("GOST R 34.10-2001");
infoMap.putKey("ECNRSigner").putName("EC-NR");
infoMap.putKey("GOST3410Signer").putName("GOST R 34.10-94");
}
public static final List<String> dsas =
List.of(
"DSASigner",
"DSTU4145Signer",
"ECDSASigner",
"ECGOST3410_2012Signer",
"ECGOST3410Signer",
"ECNRSigner",
"GOST3410Signer");

private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
List<IDetectionRule<Tree>> constructorsList = new LinkedList<>();

for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String dsa = entry.getKey();
String dsaName = infoMap.getDisplayName(dsa, "Signer");
for (String dsa : dsas) {
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers." + dsa)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(dsaName))
.shouldBeDetectedAs(new ValueActionFactory<>(dsa))
// We want to capture all possible constructors (some have arguments)
.withAnyParameters()
.buildForContext(new SignatureContext(SignatureContext.Kind.DSA))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,34 +49,27 @@ private BcEncapsulatedSecretExtractor() {
static {
infoMap.putKey("BIKEKEMExtractor").putType("org.bouncycastle.pqc.crypto.bike.");
infoMap.putKey("CMCEKEMExtractor").putType("org.bouncycastle.pqc.crypto.cmce.");
infoMap.putKey("FrodoKEMExtractor")
.putName("FrodoKEM")
.putType("org.bouncycastle.pqc.crypto.frodo.");
infoMap.putKey("FrodoKEMExtractor").putType("org.bouncycastle.pqc.crypto.frodo.");
infoMap.putKey("HQCKEMExtractor").putType("org.bouncycastle.pqc.crypto.hqc.");
infoMap.putKey("KyberKEMExtractor").putType("org.bouncycastle.pqc.crypto.crystals.kyber.");
infoMap.putKey("NTRUKEMExtractor").putType("org.bouncycastle.pqc.crypto.ntru.");
infoMap.putKey("NTRULPRimeKEMExtractor")
.putName("NTRU-LPRime")
.putType("org.bouncycastle.pqc.crypto.ntruprime.");
infoMap.putKey("NTRULPRimeKEMExtractor").putType("org.bouncycastle.pqc.crypto.ntruprime.");
infoMap.putKey("SABERKEMExtractor").putType("org.bouncycastle.pqc.crypto.saber.");
infoMap.putKey("SNTRUPrimeKEMExtractor")
.putName("sNTRUprime")
.putType("org.bouncycastle.pqc.crypto.ntruprime.");
infoMap.putKey("SNTRUPrimeKEMExtractor").putType("org.bouncycastle.pqc.crypto.ntruprime.");
}

private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
List<IDetectionRule<Tree>> constructorsList = new LinkedList<>();

for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String extractor = entry.getKey();
String extractorName = infoMap.getDisplayName(extractor, "KEMExtractor");
String type = entry.getValue().getType();
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(type + extractor)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(extractorName))
.shouldBeDetectedAs(new ValueActionFactory<>(extractor))
// We want to capture all possible constructors (some have arguments)
.withAnyParameters()
.buildForContext(new KeyContext(KeyContext.Kind.KEM))
Expand All @@ -95,7 +88,7 @@ private BcEncapsulatedSecretExtractor() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.kems.RSAKEMExtractor")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("RSA"))
.shouldBeDetectedAs(new ValueActionFactory<>("RSAKEMExtractor"))
.withMethodParameter("org.bouncycastle.crypto.params.RSAKeyParameters")
.withMethodParameter("int")
.shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT))
Expand All @@ -111,7 +104,7 @@ private BcEncapsulatedSecretExtractor() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.kems.ECIESKEMExtractor")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ECIES"))
.shouldBeDetectedAs(new ValueActionFactory<>("ECIESKEMExtractor"))
.withMethodParameter(
"org.bouncycastle.crypto.params.ECPrivateKeyParameters")
.withMethodParameter("int")
Expand All @@ -128,7 +121,7 @@ private BcEncapsulatedSecretExtractor() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.kems.ECIESKEMExtractor")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ECIES"))
.shouldBeDetectedAs(new ValueActionFactory<>("ECIESKEMExtractor"))
.withMethodParameter(
"org.bouncycastle.crypto.params.ECPrivateKeyParameters")
.withMethodParameter("int")
Expand Down
Loading

0 comments on commit 4700a0a

Please sign in to comment.