diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/BouncyCastleInfoMap.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/BouncyCastleInfoMap.java index a209a839..e30bdf44 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/BouncyCastleInfoMap.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/BouncyCastleInfoMap.java @@ -40,6 +40,12 @@ public class BouncyCastleInfoMap { public static class Info { @Nullable private String name; + /** + * use the key of the map instead + * + * @deprecated + */ + @Deprecated(since = "2.0.0") public String getName() { return name; } @@ -129,7 +135,9 @@ public Set> entrySet() { * * @param key - Key of the information map, typically the cryptographic class * @return The correct name of the cryptographic asset + * @deprecated use the key of the map instead */ + @Deprecated(since = "2.0.0") public String getDisplayName(@Nonnull String key) { return getDisplayName(key, null); } @@ -143,7 +151,9 @@ public String getDisplayName(@Nonnull String key) { * @param removePart - Substring to remove from the name (only when no specific name was defined * with {@code putName}). If {@code null}, it does nothing. * @return The correct name of the cryptographic asset + * @deprecated use the key of the map instead */ + @Deprecated(since = "2.0.0") public String getDisplayName(@Nonnull String key, String removePart) { if (!map.containsKey(key)) { throw new IllegalArgumentException("Key does not exist in the map: " + key); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java index bb08e2c4..f0d564eb 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java @@ -20,6 +20,7 @@ package com.ibm.plugin.rules.detection.bc.derivationfunction; import com.ibm.engine.model.context.KeyContext; +import com.ibm.engine.model.factory.OperationModeFactory; import com.ibm.engine.model.factory.ValueActionFactory; import com.ibm.engine.rule.IDetectionRule; import com.ibm.engine.rule.builder.DetectionRuleBuilder; @@ -51,7 +52,6 @@ private BcDerivationFunction() { */ digestDerivationFunctionMap .putKey("BrokenKDF2BytesGenerator") - .putName("KDF2") .putType("org.bouncycastle.jce.provider."); digestDerivationFunctionMap .putKey("ConcatenationKDFGenerator") @@ -67,19 +67,15 @@ private BcDerivationFunction() { .putType("org.bouncycastle.crypto.agreement.kdf."); digestDerivationFunctionMap .putKey("HKDFBytesGenerator") - .putName("HKDF") .putType("org.bouncycastle.crypto.generators."); digestDerivationFunctionMap .putKey("KDF1BytesGenerator") - .putName("KDF1") .putType("org.bouncycastle.crypto.generators."); digestDerivationFunctionMap .putKey("KDF2BytesGenerator") - .putName("KDF2") .putType("org.bouncycastle.crypto.generators."); digestDerivationFunctionMap .putKey("MGF1BytesGenerator") - .putName("MGF1") .putType("org.bouncycastle.crypto.generators."); macDerivationFunctionMap.putKey("KDFCounterBytesGenerator"); @@ -94,15 +90,13 @@ private BcDerivationFunction() { for (Map.Entry entry : digestDerivationFunctionMap.entrySet()) { String generator = entry.getKey(); - String generatorName = - digestDerivationFunctionMap.getDisplayName(generator, "Generator"); String type = entry.getValue().getType(); constructorsList.add( new DetectionRuleBuilder() .createDetectionRule() .forObjectTypes(type + generator) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(generatorName)) + .shouldBeDetectedAs(new ValueActionFactory<>(generator)) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new KeyContext(KeyContext.Kind.KDF)) @@ -114,14 +108,12 @@ private BcDerivationFunction() { for (Map.Entry entry : macDerivationFunctionMap.entrySet()) { String generator = entry.getKey(); - String generatorName = - macDerivationFunctionMap.getDisplayName(generator, "BytesGenerator"); constructorsList.add( new DetectionRuleBuilder() .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.generators." + generator) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(generatorName)) + .shouldBeDetectedAs(new ValueActionFactory<>(generator)) .withMethodParameter("org.bouncycastle.crypto.Mac") .addDependingDetectionRules(BcMac.rules()) .buildForContext(new KeyContext(KeyContext.Kind.KDF)) @@ -142,8 +134,8 @@ private BcDerivationFunction() { .forObjectTypes( "org.bouncycastle.crypto.engines.EthereumIESEngine$HandshakeKDFFunction") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("HandshakeKDF")) - .withMethodParameter("int") + .withMethodParameter("int") /* this determines whether its KDF1 or KDF2 */ + .shouldBeDetectedAs(new OperationModeFactory<>()) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new KeyContext(KeyContext.Kind.KDF)) diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/digest/BcDigests.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/digest/BcDigests.java index 37be97fc..c0ce74bf 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/digest/BcDigests.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/digest/BcDigests.java @@ -61,49 +61,49 @@ private BcDigests() { * a constructor, we use `forObjectExactTypes` in associated rules otherwise we would have several * detections (a class and its parent) instead of one. */ - infoMap.putKey("AsconDigest").putName("Ascon"); - infoMap.putKey("AsconXof").putName("Ascon-Xof"); - infoMap.putKey("Blake2bDigest").putName("BLAKE2b"); - infoMap.putKey("Blake2bpDigest").putName("BLAKE2bp"); - infoMap.putKey("Blake2sDigest").putName("BLAKE2s"); - infoMap.putKey("Blake2spDigest").putName("BLAKE2sp"); - infoMap.putKey("Blake2xsDigest").putName("BLAKE2xs"); - infoMap.putKey("Blake3Digest").putName("BLAKE3"); - infoMap.putKey("CSHAKEDigest").putName("cSHAKE"); - infoMap.putKey("DSTU7564Digest").putName("DSTU 7564"); - infoMap.putKey("GOST3411_2012_256Digest"); // Contains size -> handled in translation - infoMap.putKey("GOST3411_2012_512Digest"); // Contains size -> handled in translation - infoMap.putKey("GOST3411Digest").putName("GOST R 34.11"); - infoMap.putKey("Haraka256Digest"); // Contains size -> handled in translation - infoMap.putKey("Haraka512Digest"); // Contains size -> handled in translation - infoMap.putKey("HarakaBase").putName("Haraka"); // Parent class - infoMap.putKey("ISAPDigest").putName("ISAP"); - infoMap.putKey("KeccakDigest").putName("Keccak"); // Parent class - infoMap.putKey("MD2Digest").putName("MD2"); - infoMap.putKey("MD4Digest").putName("MD4"); - infoMap.putKey("MD5Digest").putName("MD5"); - infoMap.putKey("NullDigest").putName("Null"); - infoMap.putKey("ParallelHash").putName("ParallelHash"); - infoMap.putKey("PhotonBeetleDigest").putName("PHOTON-Beetle"); - infoMap.putKey("RIPEMD128Digest"); // Contains size -> handled in translation - infoMap.putKey("RIPEMD160Digest"); // Contains size -> handled in translation - infoMap.putKey("RIPEMD256Digest"); // Contains size -> handled in translation - infoMap.putKey("RIPEMD320Digest"); // Contains size -> handled in translation - infoMap.putKey("SHA1Digest").putName("SHA-1"); - infoMap.putKey("SHA224Digest").putName("SHA-224"); - infoMap.putKey("SHA256Digest").putName("SHA-256"); - infoMap.putKey("SHA384Digest").putName("SHA-384"); - infoMap.putKey("SHA3Digest").putName("SHA-3"); - infoMap.putKey("SHA512Digest").putName("SHA-512"); - infoMap.putKey("SHA512tDigest").putName("SHA-512/t"); - infoMap.putKey("SHAKEDigest").putName("SHAKE"); // Parent class - infoMap.putKey("SkeinDigest").putName("Skein"); - infoMap.putKey("SM3Digest").putName("SM3"); - infoMap.putKey("SparkleDigest").putName("Sparkle"); - infoMap.putKey("TigerDigest").putName("Tiger"); - infoMap.putKey("TupleHash").putName("TupleHash"); - infoMap.putKey("WhirlpoolDigest").putName("Whirlpool"); - infoMap.putKey("XoodyakDigest").putName("Xoodyak"); + infoMap.putKey("AsconDigest"); + infoMap.putKey("AsconXof"); + infoMap.putKey("Blake2bDigest"); + infoMap.putKey("Blake2bpDigest"); + infoMap.putKey("Blake2sDigest"); + infoMap.putKey("Blake2spDigest"); + infoMap.putKey("Blake2xsDigest"); + infoMap.putKey("Blake3Digest"); + infoMap.putKey("CSHAKEDigest"); + infoMap.putKey("DSTU7564Digest"); + infoMap.putKey("GOST3411_2012_256Digest"); + infoMap.putKey("GOST3411_2012_512Digest"); + infoMap.putKey("GOST3411Digest"); + infoMap.putKey("Haraka256Digest"); + infoMap.putKey("Haraka512Digest"); + infoMap.putKey("HarakaBase"); + infoMap.putKey("ISAPDigest"); + infoMap.putKey("KeccakDigest"); + infoMap.putKey("MD2Digest"); + infoMap.putKey("MD4Digest"); + infoMap.putKey("MD5Digest"); + infoMap.putKey("NullDigest"); + infoMap.putKey("ParallelHash"); + infoMap.putKey("PhotonBeetleDigest"); + infoMap.putKey("RIPEMD128Digest"); + infoMap.putKey("RIPEMD160Digest"); + infoMap.putKey("RIPEMD256Digest"); + infoMap.putKey("RIPEMD320Digest"); + infoMap.putKey("SHA1Digest"); + infoMap.putKey("SHA224Digest"); + infoMap.putKey("SHA256Digest"); + infoMap.putKey("SHA384Digest"); + infoMap.putKey("SHA3Digest"); + infoMap.putKey("SHA512Digest"); + infoMap.putKey("SHA512tDigest"); + infoMap.putKey("SHAKEDigest"); + infoMap.putKey("SkeinDigest"); + infoMap.putKey("SM3Digest"); + infoMap.putKey("SparkleDigest"); + infoMap.putKey("TigerDigest"); + infoMap.putKey("TupleHash"); + infoMap.putKey("WhirlpoolDigest"); + infoMap.putKey("XoodyakDigest"); } private static final List> regularConstructors( @@ -114,7 +114,6 @@ private static final List> regularConstructors( for (Map.Entry entry : infoMap.entrySet()) { String digest = entry.getKey(); - String digestName = infoMap.getDisplayName(digest, "Digest"); String digestTypePrefix = entry.getValue().getType() != null ? entry.getValue().getType() @@ -124,7 +123,7 @@ private static final List> regularConstructors( .createDetectionRule() .forObjectExactTypes(digestTypePrefix + digest) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(digestName)) + .shouldBeDetectedAs(new ValueActionFactory<>(digest)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() .buildForContext(context) @@ -146,7 +145,6 @@ private static final List> otherConstructors( .createDetectionRule() .forObjectExactTypes("org.bouncycastle.crypto.digests.NonMemoableDigest") .forConstructor() - // .shouldBeDetectedAs(new ValueActionFactory<>("NonMemoable")) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(regularConstructors(detectionValueContext)) .buildForContext(context) @@ -158,7 +156,6 @@ private static final List> otherConstructors( .createDetectionRule() .forObjectExactTypes("org.bouncycastle.crypto.digests.ShortenedDigest") .forConstructor() - // .shouldBeDetectedAs(new ValueActionFactory<>("Shortened")) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(regularConstructors(detectionValueContext)) .withMethodParameter("int") diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java index 3ede18c6..396de4a1 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java @@ -23,10 +23,8 @@ import com.ibm.engine.model.factory.ValueActionFactory; import com.ibm.engine.rule.IDetectionRule; import com.ibm.engine.rule.builder.DetectionRuleBuilder; -import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap; import java.util.LinkedList; import java.util.List; -import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Unmodifiable; @@ -40,30 +38,26 @@ private BcDSA() { /* TODO: maybe the function `extractSecret` would be a better entry point than the constructors? */ - private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap(); - - static { - infoMap.putKey("DSASigner"); - infoMap.putKey("DSTU4145Signer").putName("DSTU 4145-2002"); - infoMap.putKey("ECDSASigner"); - infoMap.putKey("ECGOST3410_2012Signer").putName("GOST R 34.10-2012"); - infoMap.putKey("ECGOST3410Signer").putName("GOST R 34.10-2001"); - infoMap.putKey("ECNRSigner").putName("EC-NR"); - infoMap.putKey("GOST3410Signer").putName("GOST R 34.10-94"); - } + public static final List dsas = + List.of( + "DSASigner", + "DSTU4145Signer", + "ECDSASigner", + "ECGOST3410_2012Signer", + "ECGOST3410Signer", + "ECNRSigner", + "GOST3410Signer"); private static @NotNull List> simpleConstructors() { List> constructorsList = new LinkedList<>(); - for (Map.Entry entry : infoMap.entrySet()) { - String dsa = entry.getKey(); - String dsaName = infoMap.getDisplayName(dsa, "Signer"); + for (String dsa : dsas) { constructorsList.add( new DetectionRuleBuilder() .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.signers." + dsa) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(dsaName)) + .shouldBeDetectedAs(new ValueActionFactory<>(dsa)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() .buildForContext(new SignatureContext(SignatureContext.Kind.DSA)) diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java index 4fede496..4c7da405 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java @@ -49,19 +49,13 @@ private BcEncapsulatedSecretExtractor() { static { infoMap.putKey("BIKEKEMExtractor").putType("org.bouncycastle.pqc.crypto.bike."); infoMap.putKey("CMCEKEMExtractor").putType("org.bouncycastle.pqc.crypto.cmce."); - infoMap.putKey("FrodoKEMExtractor") - .putName("FrodoKEM") - .putType("org.bouncycastle.pqc.crypto.frodo."); + infoMap.putKey("FrodoKEMExtractor").putType("org.bouncycastle.pqc.crypto.frodo."); infoMap.putKey("HQCKEMExtractor").putType("org.bouncycastle.pqc.crypto.hqc."); infoMap.putKey("KyberKEMExtractor").putType("org.bouncycastle.pqc.crypto.crystals.kyber."); infoMap.putKey("NTRUKEMExtractor").putType("org.bouncycastle.pqc.crypto.ntru."); - infoMap.putKey("NTRULPRimeKEMExtractor") - .putName("NTRU-LPRime") - .putType("org.bouncycastle.pqc.crypto.ntruprime."); + infoMap.putKey("NTRULPRimeKEMExtractor").putType("org.bouncycastle.pqc.crypto.ntruprime."); infoMap.putKey("SABERKEMExtractor").putType("org.bouncycastle.pqc.crypto.saber."); - infoMap.putKey("SNTRUPrimeKEMExtractor") - .putName("sNTRUprime") - .putType("org.bouncycastle.pqc.crypto.ntruprime."); + infoMap.putKey("SNTRUPrimeKEMExtractor").putType("org.bouncycastle.pqc.crypto.ntruprime."); } private static @NotNull List> simpleConstructors() { @@ -69,14 +63,13 @@ private BcEncapsulatedSecretExtractor() { for (Map.Entry entry : infoMap.entrySet()) { String extractor = entry.getKey(); - String extractorName = infoMap.getDisplayName(extractor, "KEMExtractor"); String type = entry.getValue().getType(); constructorsList.add( new DetectionRuleBuilder() .createDetectionRule() .forObjectTypes(type + extractor) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(extractorName)) + .shouldBeDetectedAs(new ValueActionFactory<>(extractor)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() .buildForContext(new KeyContext(KeyContext.Kind.KEM)) @@ -95,7 +88,7 @@ private BcEncapsulatedSecretExtractor() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.kems.RSAKEMExtractor") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("RSA")) + .shouldBeDetectedAs(new ValueActionFactory<>("RSAKEMExtractor")) .withMethodParameter("org.bouncycastle.crypto.params.RSAKeyParameters") .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) @@ -111,7 +104,7 @@ private BcEncapsulatedSecretExtractor() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.kems.ECIESKEMExtractor") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("ECIES")) + .shouldBeDetectedAs(new ValueActionFactory<>("ECIESKEMExtractor")) .withMethodParameter( "org.bouncycastle.crypto.params.ECPrivateKeyParameters") .withMethodParameter("int") @@ -128,7 +121,7 @@ private BcEncapsulatedSecretExtractor() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.kems.ECIESKEMExtractor") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("ECIES")) + .shouldBeDetectedAs(new ValueActionFactory<>("ECIESKEMExtractor")) .withMethodParameter( "org.bouncycastle.crypto.params.ECPrivateKeyParameters") .withMethodParameter("int") diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java index c4af0286..fced2fe5 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java @@ -49,19 +49,13 @@ private BcEncapsulatedSecretGenerator() { static { infoMap.putKey("BIKEKEMGenerator").putType("org.bouncycastle.pqc.crypto.bike."); infoMap.putKey("CMCEKEMGenerator").putType("org.bouncycastle.pqc.crypto.cmce."); - infoMap.putKey("FrodoKEMGenerator") - .putName("FrodoKEM") - .putType("org.bouncycastle.pqc.crypto.frodo."); + infoMap.putKey("FrodoKEMGenerator").putType("org.bouncycastle.pqc.crypto.frodo."); infoMap.putKey("HQCKEMGenerator").putType("org.bouncycastle.pqc.crypto.hqc."); infoMap.putKey("KyberKEMGenerator").putType("org.bouncycastle.pqc.crypto.crystals.kyber."); infoMap.putKey("NTRUKEMGenerator").putType("org.bouncycastle.pqc.crypto.ntru."); - infoMap.putKey("NTRULPRimeKEMGenerator") - .putName("NTRU-LPRime") - .putType("org.bouncycastle.pqc.crypto.ntruprime."); + infoMap.putKey("NTRULPRimeKEMGenerator").putType("org.bouncycastle.pqc.crypto.ntruprime."); infoMap.putKey("SABERKEMGenerator").putType("org.bouncycastle.pqc.crypto.saber."); - infoMap.putKey("SNTRUPrimeKEMGenerator") - .putName("sNTRUprime") - .putType("org.bouncycastle.pqc.crypto.ntruprime."); + infoMap.putKey("SNTRUPrimeKEMGenerator").putType("org.bouncycastle.pqc.crypto.ntruprime."); } private static @NotNull List> simpleConstructors() { @@ -69,14 +63,13 @@ private BcEncapsulatedSecretGenerator() { for (Map.Entry entry : infoMap.entrySet()) { String generator = entry.getKey(); - String generatorName = infoMap.getDisplayName(generator, "KEMGenerator"); String type = entry.getValue().getType(); constructorsList.add( new DetectionRuleBuilder() .createDetectionRule() .forObjectTypes(type + generator) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(generatorName)) + .shouldBeDetectedAs(new ValueActionFactory<>(generator)) .withMethodParameter("java.security.SecureRandom") .buildForContext(new KeyContext(KeyContext.Kind.KEM)) .inBundle(() -> "Bc") @@ -94,7 +87,7 @@ private BcEncapsulatedSecretGenerator() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.kems.RSAKEMGenerator") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("RSA")) + .shouldBeDetectedAs(new ValueActionFactory<>("RSAKEMGenerator")) .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) @@ -110,7 +103,7 @@ private BcEncapsulatedSecretGenerator() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.kems.ECIESKEMGenerator") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("ECIES")) + .shouldBeDetectedAs(new ValueActionFactory<>("ECIESKEMGenerator")) .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) @@ -126,7 +119,7 @@ private BcEncapsulatedSecretGenerator() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.kems.ECIESKEMGenerator") .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>("ECIES")) + .shouldBeDetectedAs(new ValueActionFactory<>("ECIESKEMGenerator")) .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/mac/BcMac.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/mac/BcMac.java index 130c6890..5ab46bb0 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/mac/BcMac.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/mac/BcMac.java @@ -203,9 +203,10 @@ private BcMac() { .createDetectionRule() .forObjectTypes("org.bouncycastle.crypto.macs." + macClass) .forConstructor() - .shouldBeDetectedAs(new ValueActionFactory<>(macClass)) + // .shouldBeDetectedAs(new ValueActionFactory<>(macClass)) .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules(BcDigests.rules()) + .addDependingDetectionRules( + BcDigests.rules(new MacContext(MacContext.Kind.HMAC))) .buildForContext(new MacContext()) .inBundle(() -> "Bc") .withDependingDetectionRules(BcMacInit.rules())); @@ -357,6 +358,9 @@ private BcMac() { // TODO: "bit length of the underlying SHAKE function" -> should I // capture? .withMethodParameter("int") + .shouldBeDetectedAs( + new MacSizeFactory<>(Size.UnitType.BIT) /* use something else */) + .asChildOfParameterWithId(-1) .withMethodParameter(BYTE_ARRAY_TYPE) .buildForContext(new MacContext()) .inBundle(() -> "Bc") diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java index 471d83d7..58c73dbb 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java @@ -102,7 +102,7 @@ public final class JavaCipherContextTranslator extends JavaAbstractLibraryTransl default -> Optional.empty(); }; } else if (value instanceof ValueAction valueAction) { - com.ibm.mapper.model.Algorithm algorithm; + // com.ibm.mapper.model.Algorithm algorithm; // BlockCipher blockCipher; // AuthenticatedEncryption ae; // PublicKeyEncryption pke; @@ -308,13 +308,8 @@ public final class JavaCipherContextTranslator extends JavaAbstractLibraryTransl .parse(algorithmParameter.asString(), detectionLocation) .map(f -> f); } else if (value instanceof BlockSize blockSize) { - return switch (kind) { - case BLOCK_CIPHER, WRAP_ENGINE -> - Optional.of( - new com.ibm.mapper.model.BlockSize( - Integer.parseInt(blockSize.asString()), detectionLocation)); - default -> Optional.empty(); - }; + return Optional.of( + new com.ibm.mapper.model.BlockSize(blockSize.getValue(), detectionLocation)); } return Optional.empty(); } diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java index 81161027..cf8cc87c 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java @@ -22,10 +22,13 @@ import com.ibm.engine.model.Algorithm; import com.ibm.engine.model.IValue; import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.model.context.IDetectionContext; +import com.ibm.mapper.mapper.bc.BcDigestMapper; import com.ibm.mapper.mapper.jca.JcaMessageDigestMapper; import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.functionality.Digest; import com.ibm.mapper.utils.DetectionLocation; import java.util.Optional; @@ -57,48 +60,14 @@ public final class JavaDigestContextTranslator extends JavaAbstractLibraryTransl @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - if (value instanceof Algorithm) { - return Optional.empty(); // TODO - } else if (value instanceof ValueAction) { - String digestName = value.asString(); - DigestSize digestSize = null; - - // Updating the digest name and size (when necessary) - switch (digestName) { - case "GOST3411_2012_256": - digestSize = new DigestSize(256, detectionLocation); - digestName = "GOST R 34.11-2012"; - break; - case "GOST3411_2012_512": - digestSize = new DigestSize(512, detectionLocation); - digestName = "GOST R 34.11-2012"; - break; - case "Haraka256": - digestSize = new DigestSize(256, detectionLocation); - digestName = "Haraka"; - break; - case "Haraka512": - digestSize = new DigestSize(512, detectionLocation); - digestName = "Haraka"; - break; - case "RIPEMD128": - digestSize = new DigestSize(128, detectionLocation); - digestName = "RIPEMD"; - break; - case "RIPEMD160": - digestSize = new DigestSize(160, detectionLocation); - digestName = "RIPEMD"; - break; - case "RIPEMD256": - digestSize = new DigestSize(256, detectionLocation); - digestName = "RIPEMD"; - break; - case "RIPEMD320": - digestSize = new DigestSize(320, detectionLocation); - digestName = "RIPEMD"; - break; - default: - break; + final DigestContext.Kind kind = ((DigestContext) detectionContext).kind(); + if (value instanceof ValueAction) { + switch (kind) { + case MGF1, MGF -> Optional.empty(); /* TODO: */ + default -> { + BcDigestMapper bcDigestsMapper = new BcDigestMapper(MessageDigest.class); + return bcDigestsMapper.parse(value.asString(), detectionLocation).map(f -> f); + } } /*final com.ibm.mapper.model.Algorithm algorithm = @@ -113,9 +82,8 @@ public final class JavaDigestContextTranslator extends JavaAbstractLibraryTransl .map(size -> new MessageDigest(algorithm, size)) .orElse(new MessageDigest(algorithm))); };*/ - } else if (value instanceof com.ibm.engine.model.DigestSize) { - return Optional.of( - new DigestSize(Integer.parseInt(value.asString()), detectionLocation)); + } else if (value instanceof com.ibm.engine.model.DigestSize digestSize) { + return Optional.of(new DigestSize(digestSize.getValue(), detectionLocation)); } return Optional.empty(); } diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java index 7fba807b..23ef2bea 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java @@ -23,6 +23,7 @@ import com.ibm.engine.model.Curve; import com.ibm.engine.model.IValue; import com.ibm.engine.model.KeySize; +import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.IDetectionContext; import com.ibm.engine.model.context.KeyContext; @@ -30,6 +31,9 @@ import com.ibm.engine.model.context.PublicKeyContext; import com.ibm.engine.model.context.SecretKeyContext; import com.ibm.mapper.mapper.bc.BcAgreementMapper; +import com.ibm.mapper.mapper.bc.BcDerivationFunctionMapper; +import com.ibm.mapper.mapper.bc.BcKemMapper; +import com.ibm.mapper.mapper.bc.BcOperationModeKDFMapper; import com.ibm.mapper.mapper.jca.JcaAlgorithmMapper; import com.ibm.mapper.mapper.jca.JcaCurveMapper; import com.ibm.mapper.model.IAlgorithm; @@ -95,29 +99,33 @@ public final class JavaKeyContextTranslator extends JavaAbstractLibraryTranslato @NotNull DetectionLocation detectionLocation) { if (value instanceof ValueAction valueAction) { final KeyContext.Kind kind = ((KeyContext) detectionContext).kind(); - com.ibm.mapper.model.Algorithm algorithm; + // com.ibm.mapper.model.Algorithm algorithm; switch (kind) { case DH: BcAgreementMapper bcAgreementMapper = new BcAgreementMapper(); return bcAgreementMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - /*case KDF: - algorithm = - new com.ibm.mapper.model.Algorithm( - valueAction.asString(), detectionLocation); - if (valueAction.asString().equals("MGF1")) { - return Optional.of(new MaskGenerationFunction(algorithm)); - } - return Optional.of(new KeyDerivationFunction(algorithm)); + case KDF: + BcDerivationFunctionMapper bcDerivationFunctionMapper = + new BcDerivationFunctionMapper(); + return bcDerivationFunctionMapper + .parse(valueAction.asString(), detectionLocation) + .map(f -> f); case KEM: - algorithm = - new com.ibm.mapper.model.Algorithm( - valueAction.asString(), detectionLocation); - return Optional.of(new KeyEncapsulationMechanism(algorithm));*/ + BcKemMapper bcKEMMapper = new BcKemMapper(); + return bcKEMMapper.parse(valueAction.asString(), detectionLocation).map(f -> f); default: break; } + } else if (value instanceof KeySize keySize) { + KeyLength keyLength = new KeyLength(keySize.getValue(), detectionLocation); + return Optional.of(keyLength); + } else if (value instanceof OperationMode operationMode) { + BcOperationModeKDFMapper bcOperationModeKDFMapper = new BcOperationModeKDFMapper(); + return bcOperationModeKDFMapper + .parse(operationMode.asString(), detectionLocation) + .map(f -> f); } return Optional.empty(); } diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaMacContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaMacContextTranslator.java index a0c5e7f0..00d4bf1f 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaMacContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaMacContextTranslator.java @@ -22,9 +22,14 @@ import com.ibm.engine.model.BlockSize; import com.ibm.engine.model.IValue; import com.ibm.engine.model.MacSize; +import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.IDetectionContext; +import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.mapper.bc.BcDigestMapper; +import com.ibm.mapper.mapper.bc.BcMacMapper; import com.ibm.mapper.mapper.jca.JcaMacMapper; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.TagLength; import com.ibm.mapper.utils.DetectionLocation; import java.util.Optional; @@ -61,151 +66,16 @@ public final class JavaMacContextTranslator extends JavaAbstractLibraryTranslato @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - /*if (value instanceof ValueAction valueAction) { - Algorithm baseAlgorithm; - Algorithm macAlgorithm; - BlockCipher blockCipher; - StreamCipher streamCipher; - MessageDigest messageDigest; - HMAC mac; - Mode mode; - switch (valueAction.asString()) { - case "Blake3Mac": - macAlgorithm = new Algorithm("BLAKE3-MAC", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("BLAKE", detectionLocation); - messageDigest = new MessageDigest(baseAlgorithm); - mac.put(messageDigest); - break; - case "BlockCipherMac", "CBCBlockCipherMac", "ISO9797Alg3Mac": - macAlgorithm = - new Algorithm("CBC-MAC-" + ITranslator.UNKNOWN, detectionLocation); - mac = new HMAC(macAlgorithm); - - mode = new Mode("CBC", detectionLocation); - mac.put(mode); - break; - case "CFBBlockCipherMac": - macAlgorithm = - new Algorithm("CFB-MAC-" + ITranslator.UNKNOWN, detectionLocation); - mac = new HMAC(macAlgorithm); - - mode = new Mode("CFB", detectionLocation); - mac.put(mode); - break; - case "CMac", "CMacWithIV": - macAlgorithm = new Algorithm("CMAC-" + ITranslator.UNKNOWN, detectionLocation); - mac = new HMAC(macAlgorithm); - break; - case "DSTU7564Mac": - macAlgorithm = new Algorithm("DSTU 7564-MAC", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("DSTU 7564", detectionLocation); - messageDigest = new MessageDigest(baseAlgorithm); - mac.put(messageDigest); - break; - case "DSTU7624Mac": - macAlgorithm = new Algorithm("DSTU 7624:2014-MAC", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("DSTU 7624:2014", detectionLocation); - blockCipher = new BlockCipher(baseAlgorithm, null, null); - mac.put(blockCipher); - break; - case "GMac", "KGMac": - macAlgorithm = new Algorithm("GMAC-" + ITranslator.UNKNOWN, detectionLocation); - mac = new HMAC(macAlgorithm); - - mode = new Mode("GCM", detectionLocation); - mac.put(mode); - break; - case "GOST28147Mac": - macAlgorithm = new Algorithm("GOST 28147-89-MAC", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("GOST 28147-89", detectionLocation); - blockCipher = new BlockCipher(baseAlgorithm, null, null); - mac.put(blockCipher); - break; - case "HMac", "OldHMac": - macAlgorithm = new Algorithm("HMAC-" + ITranslator.UNKNOWN, detectionLocation); - mac = new HMAC(macAlgorithm); - break; - case "KMAC": - macAlgorithm = new Algorithm("KMAC", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("Keccak", detectionLocation); - messageDigest = new MessageDigest(baseAlgorithm); - mac.put(messageDigest); - break; - case "Poly1305": - macAlgorithm = new Algorithm("Poly1305", detectionLocation); - mac = new HMAC(macAlgorithm); - break; - case "SipHash": - macAlgorithm = new Algorithm("SipHash", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("SipHash", detectionLocation); - messageDigest = new MessageDigest(baseAlgorithm); - mac.put(messageDigest); - break; - case "SipHash128": - macAlgorithm = new Algorithm("SipHash", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("SipHash", detectionLocation); - messageDigest = new MessageDigest(baseAlgorithm); - - DigestSize digestSize = new DigestSize(128, detectionLocation); - messageDigest.put(digestSize); - - mac.put(messageDigest); - break; - case "SkeinMac": - macAlgorithm = new Algorithm("Skein", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("Threefish", detectionLocation); - blockCipher = new BlockCipher(baseAlgorithm, null, null); - mac.put(blockCipher); - break; - case "VMPCMac": - macAlgorithm = new Algorithm("VMPC", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("VMPC", detectionLocation); - streamCipher = new StreamCipher(baseAlgorithm, null, null); - mac.put(streamCipher); - break; - case "Zuc128Mac": - macAlgorithm = new Algorithm("ZUC-128", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("ZUC-128", detectionLocation); - streamCipher = new StreamCipher(baseAlgorithm, null, null); - mac.put(streamCipher); - break; - case "Zuc256Mac": - macAlgorithm = new Algorithm("ZUC-256", detectionLocation); - mac = new HMAC(macAlgorithm); - - baseAlgorithm = new Algorithm("ZUC-256", detectionLocation); - streamCipher = new StreamCipher(baseAlgorithm, null, null); - mac.put(streamCipher); - break; + final MacContext.Kind kind = ((MacContext) detectionContext).kind(); + if (value instanceof ValueAction valueAction) { + switch (kind) { + case HMAC: + BcDigestMapper bcDigestsMapper = new BcDigestMapper(Mac.class); + return bcDigestsMapper.parse(value.asString(), detectionLocation).map(f -> f); default: - LOGGER.warn("An unknown Mac algorithm was used: its translation may be wrong"); - // Default translation: simply return a Mac node - macAlgorithm = new Algorithm(valueAction.asString(), detectionLocation); - mac = new HMAC(macAlgorithm); + BcMacMapper bcMacMapper = new BcMacMapper(); + return bcMacMapper.parse(value.asString(), detectionLocation).map(f -> f); } - mac.put(new Tag(detectionLocation)); - mac.put(new Digest(detectionLocation)); - return Optional.of(mac); } else if (value instanceof MacSize macSize) { TagLength tagLength = new TagLength(macSize.getValue(), detectionLocation); return Optional.of(tagLength); @@ -214,7 +84,7 @@ public final class JavaMacContextTranslator extends JavaAbstractLibraryTranslato new com.ibm.mapper.model.BlockSize( blockSizeDetection.getValue(), detectionLocation); return Optional.of(blockSize); - }*/ + } return Optional.empty(); } } diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java index e1a911f2..a62db13f 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java @@ -20,9 +20,14 @@ package com.ibm.plugin.translation.translator.contexts; import com.ibm.engine.model.IValue; +import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.SaltSize; import com.ibm.engine.model.SignatureAction; +import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.IDetectionContext; +import com.ibm.engine.model.context.SignatureContext; +import com.ibm.mapper.mapper.bc.BcDsaMapper; +import com.ibm.mapper.mapper.bc.BcOperationModeSigningMapper; import com.ibm.mapper.mapper.jca.JcaAlgorithmMapper; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.SaltLength; @@ -59,59 +64,68 @@ public final class JavaSignatureContextTranslator extends JavaAbstractLibraryTra @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - /*final SignatureContext.Kind kind = ((SignatureContext) detectionContext).kind(); + final SignatureContext.Kind kind = ((SignatureContext) detectionContext).kind(); if (value instanceof ValueAction valueAction) { - Algorithm algorithm; - Signature signature; - ECAlgorithm eca; - ProbabilisticSignatureScheme pss; switch (kind) { - case EdDSA: - String curveName = ITranslator.UNKNOWN; - switch (valueAction.asString()) { - case "Ed25519": - curveName = "Curve25519"; - break; - case "Ed448": - curveName = "Curve448"; - break; - default: - break; - } - algorithm = new Algorithm("EdDSA", detectionLocation); - signature = new Signature(algorithm); - - eca = new EllipticCurveAlgorithm(new Algorithm("EC", detectionLocation)); - eca.put(new EllipticCurve(curveName, detectionLocation)); - - signature.put(eca); - return Optional.of(signature); - case ALGORITHM_AND_HASH_WRAPPER, DIGEST_MESSAGE_WRAPPER: - // Maybe choose a better way to translate DIGEST_MESSAGE_WRAPPER - algorithm = new Algorithm(ITranslator.UNKNOWN, detectionLocation); - signature = new Signature(algorithm); - return Optional.of(signature); - case RSA: - algorithm = new Algorithm(ITranslator.UNKNOWN + "withRSA", detectionLocation); - signature = new Signature(algorithm); - PublicKeyEncryption pke = - new PublicKeyEncryption(new Algorithm("RSA", detectionLocation)); - signature.put(pke); - return Optional.of(signature); - case SIGNATURE_NAME, DSA: - algorithm = new Algorithm(valueAction.asString(), detectionLocation); - signature = new Signature(algorithm); - return Optional.of(signature); - case PSS: - pss = new ProbabilisticSignatureScheme(detectionLocation); - algorithm = new Algorithm(ITranslator.UNKNOWN + "-PSS", detectionLocation); - signature = new Signature(algorithm); - signature.put(pss); - return Optional.of(signature); + case DSA: + BcDsaMapper bcDSAMapper = new BcDsaMapper(); + return bcDSAMapper.parse(valueAction.asString(), detectionLocation).map(f -> f); default: - algorithm = new Algorithm(valueAction.asString(), detectionLocation); - return Optional.of(algorithm); + return Optional.empty(); // TODO } + /*final SignatureContext.Kind kind = ((SignatureContext) detectionContext).kind(); + if (value instanceof ValueAction valueAction) { + Algorithm algorithm; + Signature signature; + ECAlgorithm eca; + ProbabilisticSignatureScheme pss; + switch (kind) { + case EdDSA: + String curveName = ITranslator.UNKNOWN; + switch (valueAction.asString()) { + case "Ed25519": + curveName = "Curve25519"; + break; + case "Ed448": + curveName = "Curve448"; + break; + default: + break; + } + algorithm = new Algorithm("EdDSA", detectionLocation); + signature = new Signature(algorithm); + + eca = new EllipticCurveAlgorithm(new Algorithm("EC", detectionLocation)); + eca.put(new EllipticCurve(curveName, detectionLocation)); + + signature.put(eca); + return Optional.of(signature); + case ALGORITHM_AND_HASH_WRAPPER, DIGEST_MESSAGE_WRAPPER: + // Maybe choose a better way to translate DIGEST_MESSAGE_WRAPPER + algorithm = new Algorithm(ITranslator.UNKNOWN, detectionLocation); + signature = new Signature(algorithm); + return Optional.of(signature); + case RSA: + algorithm = new Algorithm(ITranslator.UNKNOWN + "withRSA", detectionLocation); + signature = new Signature(algorithm); + PublicKeyEncryption pke = + new PublicKeyEncryption(new Algorithm("RSA", detectionLocation)); + signature.put(pke); + return Optional.of(signature); + case SIGNATURE_NAME, DSA: + algorithm = new Algorithm(valueAction.asString(), detectionLocation); + signature = new Signature(algorithm); + return Optional.of(signature); + case PSS: + pss = new ProbabilisticSignatureScheme(detectionLocation); + algorithm = new Algorithm(ITranslator.UNKNOWN + "-PSS", detectionLocation); + signature = new Signature(algorithm); + signature.put(pss); + return Optional.of(signature); + default: + algorithm = new Algorithm(valueAction.asString(), detectionLocation); + return Optional.of(algorithm); + }*/ } else if (value instanceof OperationMode operationMode) { switch (kind) { case SIGNING_STATUS: @@ -123,7 +137,7 @@ public final class JavaSignatureContextTranslator extends JavaAbstractLibraryTra default: break; } - }*/ + } return Optional.empty(); } } diff --git a/java/src/test/files/rules/detection/bc/cipherparameters/BcGMSSParametersTestFile.java b/java/src/test/files/rules/detection/bc/cipherparameters/BcGMSSParametersTestFile.java index 544351c0..4afb2fd4 100644 --- a/java/src/test/files/rules/detection/bc/cipherparameters/BcGMSSParametersTestFile.java +++ b/java/src/test/files/rules/detection/bc/cipherparameters/BcGMSSParametersTestFile.java @@ -9,7 +9,7 @@ public class BcGMSSParametersTestFile { public static void testGMSSKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} GMSSParameters base = new GMSSParameters(256); @@ -20,7 +20,7 @@ public static void testGMSSKeyParameters() { public static void testGMSSPublicKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} GMSSParameters base = new GMSSParameters(256); @@ -31,7 +31,7 @@ public static void testGMSSPublicKeyParameters() { public static void testBCGMSSPublicKey1() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} GMSSParameters base = new GMSSParameters(256); @@ -42,7 +42,7 @@ public static void testBCGMSSPublicKey1() { public static void testBCGMSSPublicKey2() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} GMSSParameters base = new GMSSParameters(256); diff --git a/java/src/test/files/rules/detection/bc/cipherparameters/BcIESParametersTestFile.java b/java/src/test/files/rules/detection/bc/cipherparameters/BcIESParametersTestFile.java index 1a7ec62d..9345ca09 100644 --- a/java/src/test/files/rules/detection/bc/cipherparameters/BcIESParametersTestFile.java +++ b/java/src/test/files/rules/detection/bc/cipherparameters/BcIESParametersTestFile.java @@ -7,7 +7,7 @@ public class BcIESParametersTestFile { public static void testIESParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} IESParameters parameters = new IESParameters(new byte[12], new byte[12], 256); @@ -16,7 +16,7 @@ public static void testIESParameters() { public static void testIESWithCipherParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} IESWithCipherParameters parameters = new IESWithCipherParameters(new byte[12], new byte[12], 256, 128); diff --git a/java/src/test/files/rules/detection/bc/cipherparameters/BcKeyParametersTestFile.java b/java/src/test/files/rules/detection/bc/cipherparameters/BcKeyParametersTestFile.java index ca39bf21..182b7fd4 100644 --- a/java/src/test/files/rules/detection/bc/cipherparameters/BcKeyParametersTestFile.java +++ b/java/src/test/files/rules/detection/bc/cipherparameters/BcKeyParametersTestFile.java @@ -6,7 +6,7 @@ public class BcKeyParametersTestFile { public static void testKeyParameter() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} KeyParameter parameters = new KeyParameter(new byte[12], 0, 128); diff --git a/java/src/test/files/rules/detection/bc/cipherparameters/BcNTRUParametersTestFile.java b/java/src/test/files/rules/detection/bc/cipherparameters/BcNTRUParametersTestFile.java index 470b0915..c59036dc 100644 --- a/java/src/test/files/rules/detection/bc/cipherparameters/BcNTRUParametersTestFile.java +++ b/java/src/test/files/rules/detection/bc/cipherparameters/BcNTRUParametersTestFile.java @@ -17,7 +17,7 @@ public class BcNTRUParametersTestFile { public static void testNTRUEncryptionKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} Digest digest = new SHA256Digest(); NTRUEncryptionParameters base = @@ -31,7 +31,7 @@ public static void testNTRUEncryptionKeyParameters() { public static void testNTRUEncryptionPublicKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} Digest digest = new SHA256Digest(); NTRUEncryptionParameters base = @@ -46,7 +46,7 @@ public static void testNTRUEncryptionPublicKeyParameters() { public static void testNTRUEncryptionPrivateKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} Digest digest = new SHA256Digest(); NTRUEncryptionParameters base = @@ -65,7 +65,7 @@ public static void testNTRUEncryptionPrivateKeyParameters() { public static void testNTRUSigningPrivateKeyParameters1() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} Digest digest = new SHA256Digest(); NTRUSigningKeyGenerationParameters base = @@ -84,7 +84,7 @@ public static void testNTRUSigningPrivateKeyParameters1() { public static void testNTRUSigningPrivateKeyParameters2() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} Digest digest = new SHA256Digest(); NTRUSigningParameters base = new NTRUSigningParameters(0, 0, 0, 0, 1.0d, 1.0d, digest); @@ -102,7 +102,7 @@ public static void testNTRUSigningPrivateKeyParameters2() { public static void testNTRUSigningPublicKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} Digest digest = new SHA256Digest(); NTRUSigningParameters base = new NTRUSigningParameters(0, 0, 0, 0, 1.0d, 1.0d, digest); diff --git a/java/src/test/files/rules/detection/bc/cipherparameters/BcParametersWithTestFile.java b/java/src/test/files/rules/detection/bc/cipherparameters/BcParametersWithTestFile.java index 0f9e0417..7aadcf74 100644 --- a/java/src/test/files/rules/detection/bc/cipherparameters/BcParametersWithTestFile.java +++ b/java/src/test/files/rules/detection/bc/cipherparameters/BcParametersWithTestFile.java @@ -8,7 +8,7 @@ public class BcParametersWithTestFile { public static void testParametersWithID() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} GMSSParameters base = new GMSSParameters(256); diff --git a/java/src/test/files/rules/detection/bc/cipherparameters/BcSABERParametersTestFile.java b/java/src/test/files/rules/detection/bc/cipherparameters/BcSABERParametersTestFile.java index 2fab3fe0..7b71cdfd 100644 --- a/java/src/test/files/rules/detection/bc/cipherparameters/BcSABERParametersTestFile.java +++ b/java/src/test/files/rules/detection/bc/cipherparameters/BcSABERParametersTestFile.java @@ -9,7 +9,7 @@ public class BcSABERParametersTestFile { public static void testSABERParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} SABERParameters parameters = new SABERParameters("name", 0, 512, true, false); @@ -18,7 +18,7 @@ public static void testSABERParameters() { public static void testSABERKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} SABERParameters base = new SABERParameters("name", 0, 512, false, false); @@ -29,7 +29,7 @@ public static void testSABERKeyParameters() { public static void testSABERPublicKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} SABERParameters base = new SABERParameters("name", 0, 512, false, false); @@ -40,7 +40,7 @@ public static void testSABERPublicKeyParameters() { public static void testSABERPrivateKeyParameters() { // Create a block cipher engine - BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} SABERParameters base = new SABERParameters("name", 0, 512, false, false); diff --git a/java/src/test/files/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTestFile.java b/java/src/test/files/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTestFile.java index a2c22c65..065abcd4 100644 --- a/java/src/test/files/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTestFile.java +++ b/java/src/test/files/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTestFile.java @@ -25,7 +25,7 @@ public static void test1() { // Create the HKDFBytesGenerator HKDFBytesGenerator hkdfGenerator = - new HKDFBytesGenerator(hash); // Noncompliant {{HKDF}} + new HKDFBytesGenerator(hash); // Noncompliant {{HKDFBytesGenerator}} // Initialize the generator with parameters hkdfGenerator.init(new HKDFParameters(ikm, salt, info)); @@ -55,7 +55,7 @@ public static void test2() { // Create the HKDFBytesGenerator HKDFBytesGenerator hkdfGenerator = - new HKDFBytesGenerator(new SHA512Digest()); // Noncompliant {{HKDF}} + new HKDFBytesGenerator(new SHA512Digest()); // Noncompliant {{HKDFBytesGenerator}} // Initialize the generator with parameters hkdfGenerator.init(new HKDFParameters(ikm, salt, info)); diff --git a/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java b/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java index 4eeac15e..203c968d 100644 --- a/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java +++ b/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java @@ -43,7 +43,7 @@ public static void main(String[] args) { Digest digest = new SHA256Digest(); EthereumIESEngine.HandshakeKDFFunction kdfFunction = new EthereumIESEngine.HandshakeKDFFunction(counterStart, digest); - // Noncompliant@-1 {{HandshakeKDF}} + // Noncompliant@-1 {{1}} // ... } diff --git a/java/src/test/files/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTestFile.java b/java/src/test/files/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTestFile.java index 114c3ad7..e3b58ef6 100644 --- a/java/src/test/files/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTestFile.java +++ b/java/src/test/files/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTestFile.java @@ -10,8 +10,8 @@ public class BcKDFCounterBytesGeneratorTestFile { public static void main(String[] args) { // Define the MAC algorithm to be used (e.g., HMAC with SHA-256) - Digest hash = new SHA256Digest(); - Mac mac = new HMac(hash); // Noncompliant {{HMac}} + Digest hash = new SHA256Digest(); // Noncompliant {{SHA256Digest}} + Mac mac = new HMac(hash); // Input keying material (IKM) - your input key byte[] ikm = Hex.decode("0123456789ABCDEF0123456789ABCDEF"); @@ -24,7 +24,7 @@ public static void main(String[] args) { // Create the KDFCounterBytesGenerator KDFCounterBytesGenerator kdfGenerator = - new KDFCounterBytesGenerator(mac); // Noncompliant {{KDFCounter}} + new KDFCounterBytesGenerator(mac); // Noncompliant {{KDFCounterBytesGenerator}} // Initialize the generator with parameters kdfGenerator.init(new KDFCounterParameters(ikm, fixedInput, 128)); diff --git a/java/src/test/files/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTestFile.java b/java/src/test/files/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTestFile.java index ab4bb084..5bae0157 100644 --- a/java/src/test/files/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTestFile.java +++ b/java/src/test/files/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTestFile.java @@ -8,7 +8,7 @@ public static void main(String[] args) { Digest digest = new SHA256Digest(); MGF1BytesGenerator mgfFunction = new MGF1BytesGenerator(digest); - // Noncompliant@-1 {{MGF1}} + // Noncompliant@-1 {{MGF1BytesGenerator}} // ... } diff --git a/java/src/test/files/rules/detection/bc/dsa/BcDSATestFile.java b/java/src/test/files/rules/detection/bc/dsa/BcDSATestFile.java index 61b8aae0..0d61f911 100644 --- a/java/src/test/files/rules/detection/bc/dsa/BcDSATestFile.java +++ b/java/src/test/files/rules/detection/bc/dsa/BcDSATestFile.java @@ -25,7 +25,7 @@ public static void main(String[] args) throws CryptoException { // Sign a message byte[] message = "Hello, ECDSA!".getBytes(); - ECDSASigner signer = new ECDSASigner(); // Noncompliant {{ECDSA}} + ECDSASigner signer = new ECDSASigner(); // Noncompliant {{ECDSASigner}} signer.init(true, privateKey); // true for signing BigInteger[] signature = signer.generateSignature(message); } diff --git a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTestFile.java b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTestFile.java index 7c5d841c..9eaee94f 100644 --- a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTestFile.java +++ b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTestFile.java @@ -10,7 +10,7 @@ public static void test() { new BIKEPrivateKeyParameters(BIKEParameters.bike128, null, null, null); // Instantiate the BIKEKEMExtractor - BIKEKEMExtractor extractor = new BIKEKEMExtractor(privParams); // Noncompliant {{BIKE}} + BIKEKEMExtractor extractor = new BIKEKEMExtractor(privParams); // Noncompliant {{BIKEKEMExtractor}} // Extract the shared secret key using the private key parameters byte[] sharedSecret = extractor.extractSecret(null); diff --git a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTestFile.java b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTestFile.java index 61931cd5..e3bb4ad6 100644 --- a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTestFile.java +++ b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTestFile.java @@ -14,14 +14,14 @@ public static void test() { Digest digest = new SHA256Digest(); // Digest DerivationFunction kdf = new HKDFBytesGenerator(digest); // Your DerivationFunction implementation - // Noncompliant@-1 {{HKDF}} + // Noncompliant@-1 {{HKDFBytesGenerator}} // Create a RSAKeyParameters object named privParams ECPrivateKeyParameters privParams = new ECPrivateKeyParameters(new BigInteger("1"), null); // Instantiate the ECIESKEMExtractor ECIESKEMExtractor extractor = - new ECIESKEMExtractor(privParams, keyLen, kdf); // Noncompliant {{ECIES}} + new ECIESKEMExtractor(privParams, keyLen, kdf); // Noncompliant {{ECIESKEMExtractor}} // Extract the shared secret key using the private key parameters byte[] sharedSecret = extractor.extractSecret(null); diff --git a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTestFile.java b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTestFile.java index 21f66dfc..7fabf202 100644 --- a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTestFile.java +++ b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTestFile.java @@ -16,11 +16,11 @@ public static void main(String[] args) { Digest digest = new SHA256Digest(); // Digest DerivationFunction kdf = new HKDFBytesGenerator(digest); // Your DerivationFunction implementation - // Noncompliant@-1 {{HKDF}} + // Noncompliant@-1 {{HKDFBytesGenerator}} // Initialize the ECIESKEMGenerator ECIESKEMGenerator kemGenerator = - new ECIESKEMGenerator(keyLen, kdf, rnd, true, true, true); // Noncompliant {{ECIES}} + new ECIESKEMGenerator(keyLen, kdf, rnd, true, true, true); // Noncompliant {{ECIESKEMGenerator}} // Generate secret SecretWithEncapsulation secret = diff --git a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTestFile.java b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTestFile.java index 85f8a7bb..8400a9a6 100644 --- a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTestFile.java +++ b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTestFile.java @@ -16,7 +16,7 @@ public static void test() { new KyberKeyGenerationParameters(random, KyberParameters.kyber512); // Initialize the Kyber key generator - KyberKEMGenerator kemGenerator = new KyberKEMGenerator(random); // Noncompliant {{Kyber}} + KyberKEMGenerator kemGenerator = new KyberKEMGenerator(random); // Noncompliant {{KyberKEMGenerator}} // Generate secret SecretWithEncapsulation secret = diff --git a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTestFile.java b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTestFile.java index 391e5f3b..6844b21a 100644 --- a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTestFile.java +++ b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTestFile.java @@ -14,7 +14,7 @@ public static void test() { Digest digest = new SHA256Digest(); // Digest DerivationFunction kdf = new HKDFBytesGenerator(digest); // Your DerivationFunction implementation - // Noncompliant@-1 {{HKDF}} + // Noncompliant@-1 {{HKDFBytesGenerator}} // Create a RSAKeyParameters object named privParams RSAKeyParameters privParams = @@ -22,7 +22,7 @@ public static void test() { // Instantiate the RSAKEMExtractor RSAKEMExtractor extractor = - new RSAKEMExtractor(privParams, keyLen, kdf); // Noncompliant {{RSA}} + new RSAKEMExtractor(privParams, keyLen, kdf); // Noncompliant {{RSAKEMExtractor}} // Extract the shared secret key using the private key parameters byte[] sharedSecret = extractor.extractSecret(null); diff --git a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTestFile.java b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTestFile.java index b1fc0dfb..70a53099 100644 --- a/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTestFile.java +++ b/java/src/test/files/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTestFile.java @@ -16,11 +16,11 @@ public static void main(String[] args) { Digest digest = new SHA256Digest(); // Digest DerivationFunction kdf = new HKDFBytesGenerator(digest); // Your DerivationFunction implementation - // Noncompliant@-1 {{HKDF}} + // Noncompliant@-1 {{HKDFBytesGenerator}} // Initialize the RSAKEMGenerator RSAKEMGenerator kemGenerator = - new RSAKEMGenerator(keyLen, kdf, rnd); // Noncompliant {{RSA}} + new RSAKEMGenerator(keyLen, kdf, rnd); // Noncompliant {{RSAKEMGenerator}} // Generate secret SecretWithEncapsulation secret = diff --git a/java/src/test/files/rules/detection/bc/mac/BcBlockCipherMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcBlockCipherMacTestFile.java index d93090e0..a30a2166 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcBlockCipherMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcBlockCipherMacTestFile.java @@ -27,7 +27,7 @@ public class BcBlockCipherMacTestFile { public static byte[] generateBlockCipherMac(byte[] key, byte[] input) { - AESEngine cipher = new AESEngine(); // Noncompliant {{AES}} + AESEngine cipher = new AESEngine(); // Noncompliant {{AESEngine}} int macSizeInBits = 128; BlockCipherMac mac = diff --git a/java/src/test/files/rules/detection/bc/mac/BcCBCBlockCipherMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcCBCBlockCipherMacTestFile.java index 656d1ba5..a6fcfa52 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcCBCBlockCipherMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcCBCBlockCipherMacTestFile.java @@ -15,7 +15,7 @@ public static void test1() { byte[] iv = "0123456789abcdef".getBytes(StandardCharsets.UTF_8); // Initialize AES cipher with CBC mode - BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AESEngine}} ParametersWithIV params = new ParametersWithIV(new KeyParameter(key), iv); cipher.init(true, params); // true for encryption, false for decryption @@ -37,7 +37,7 @@ public static void test2() { byte[] iv = "0123456789abcdef".getBytes(StandardCharsets.UTF_8); // Initialize AES cipher with CBC mode - BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AESEngine}} ParametersWithIV params = new ParametersWithIV(new KeyParameter(key), iv); cipher.init(true, params); // true for encryption, false for decryption @@ -59,7 +59,7 @@ public static void test3() { byte[] iv = "0123456789abcdef".getBytes(StandardCharsets.UTF_8); // Initialize AES cipher with CBC mode - BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AESEngine}} ParametersWithIV params = new ParametersWithIV(new KeyParameter(key), iv); cipher.init(true, params); // true for encryption, false for decryption @@ -81,7 +81,7 @@ public static void test4() { byte[] iv = "0123456789abcdef".getBytes(StandardCharsets.UTF_8); // Initialize AES cipher with CBC mode - BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AES}} + BlockCipher cipher = AESEngine.newInstance(); // Noncompliant {{AESEngine}} ParametersWithIV params = new ParametersWithIV(new KeyParameter(key), iv); cipher.init(true, params); // true for encryption, false for decryption diff --git a/java/src/test/files/rules/detection/bc/mac/BcCFBBlockCipherMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcCFBBlockCipherMacTestFile.java index 68c5ccac..160ca62c 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcCFBBlockCipherMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcCFBBlockCipherMacTestFile.java @@ -30,7 +30,7 @@ public class BcCFBBlockCipherMacTestFile { public static byte[] generateCFBMac(byte[] key, byte[] iv, byte[] data) throws Exception { - BlockCipher cipher = new AESEngine(); // Noncompliant {{AES}} + BlockCipher cipher = new AESEngine(); // Noncompliant {{AESEngine}} int cfbBitSize = 64; int macSizeInBits = 128; BlockCipherPadding padding = new PKCS7Padding(); diff --git a/java/src/test/files/rules/detection/bc/mac/BcCMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcCMacTestFile.java index 451fe00d..490012bd 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcCMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcCMacTestFile.java @@ -29,7 +29,7 @@ public class BcCMacTestFile { public byte[] generateCMac(byte[] key, byte[] data) throws Exception { // Using AES engine with a 128-bit MAC size Mac mac = new CMac(new AESEngine(), 128); // Noncompliant {{CMac}} - // Noncompliant@-1 {{AES}} + // Noncompliant@-1 {{AESEngine}} CipherParameters params = new KeyParameter(key); mac.init(params); diff --git a/java/src/test/files/rules/detection/bc/mac/BcGMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcGMacTestFile.java index 00c56cd4..1051f7bf 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcGMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcGMacTestFile.java @@ -34,8 +34,8 @@ public static void exampleGMAC() { byte[] key = Hex.decode("00112233445566778899AABBCCDDEEFF"); byte[] input = Hex.decode("48656c6c6f20576f726c64"); // "Hello World" in hex - MultiBlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AES}} - GCMModeCipher blockCipher = GCMBlockCipher.newInstance(aesEngine); // Noncompliant {{GCM}} + MultiBlockCipher aesEngine = AESEngine.newInstance(); // Noncompliant {{AESEngine}} + GCMModeCipher blockCipher = GCMBlockCipher.newInstance(aesEngine); // Noncompliant {{GCMBlockCipher}} GMac gmac = new GMac(blockCipher, 128); // Noncompliant {{GMac}} CipherParameters params = new KeyParameter(key); diff --git a/java/src/test/files/rules/detection/bc/mac/BcHMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcHMacTestFile.java index c3c21ecd..3435a8f1 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcHMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcHMacTestFile.java @@ -10,10 +10,10 @@ private static void test1() { byte[] key = "0123456789abcdef".getBytes(StandardCharsets.UTF_8); // Initialize SHA-256 digest - Digest digest = new SHA256Digest(); + Digest digest = new SHA256Digest(); // Noncompliant {{SHA256Digest}} // Initialize HMac with the digest - HMac hmac = new HMac(digest); // Noncompliant {{HMac}} + HMac hmac = new HMac(digest); // Compute HMAC hmac.init(new KeyParameter(key)); // Initialize MAC with the same key as the cipher diff --git a/java/src/test/files/rules/detection/bc/mac/BcISO9797Alg3MacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcISO9797Alg3MacTestFile.java index 7209465c..c1dd24c4 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcISO9797Alg3MacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcISO9797Alg3MacTestFile.java @@ -29,7 +29,7 @@ public class BcISO9797Alg3MacTestFile { public static byte[] calculateMac(byte[] key, byte[] iv, byte[] data) { - BlockCipher cipher = new AESEngine(); // Noncompliant {{AES}} + BlockCipher cipher = new AESEngine(); // Noncompliant {{AESEngine}} ISO9797Alg3Mac mac = new ISO9797Alg3Mac(cipher, 64, new ISO7816d4Padding()); // Noncompliant@-1 {{ISO9797Alg3Mac}} diff --git a/java/src/test/files/rules/detection/bc/mac/BcKGMacTestFile.java b/java/src/test/files/rules/detection/bc/mac/BcKGMacTestFile.java index b481d530..c0ce3a7e 100644 --- a/java/src/test/files/rules/detection/bc/mac/BcKGMacTestFile.java +++ b/java/src/test/files/rules/detection/bc/mac/BcKGMacTestFile.java @@ -31,8 +31,8 @@ public static void exampleGMAC() { byte[] key = Hex.decode("00112233445566778899AABBCCDDEEFF"); byte[] input = Hex.decode("48656c6c6f20576f726c64"); // "Hello World" in hex - DSTU7624Engine engine = new DSTU7624Engine(64); // Noncompliant {{DSTU 7624:2014}} - KGCMBlockCipher blockCipher = new KGCMBlockCipher(engine); // Noncompliant {{KGCM}} + DSTU7624Engine engine = new DSTU7624Engine(64); // Noncompliant {{DSTU7624Engine}} + KGCMBlockCipher blockCipher = new KGCMBlockCipher(engine); // Noncompliant {{KGCMBlockCipher}} KGMac gmac = new KGMac(blockCipher, 128); // Noncompliant {{KGMac}} CipherParameters params = new KeyParameter(key); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParametersTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParametersTest.java index 03875bac..7d657850 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParametersTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParametersTest.java @@ -82,7 +82,7 @@ public void asserts( assertThat(store_1_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_1_1_1 = store_1_1.getDetectionValues().get(0); assertThat(value0_1_1_1).isInstanceOf(ValueAction.class); - assertThat(value0_1_1_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_1_1_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -93,7 +93,7 @@ public void asserts( // BlockCipher INode blockCipherNode2 = nodes.get(0); assertThat(blockCipherNode2.getKind()).isEqualTo(BlockCipher.class); - // assertThat(blockCipherNode2.getChildren()).hasSize(3); + assertThat(blockCipherNode2.getChildren()).hasSize(3); assertThat(blockCipherNode2.asString()).isEqualTo("AES"); // Encrypt under BlockCipher @@ -105,7 +105,7 @@ public void asserts( // MessageDigest under BlockCipher INode messageDigestNode2 = blockCipherNode2.getChildren().get(MessageDigest.class); assertThat(messageDigestNode2).isNotNull(); - assertThat(messageDigestNode2.getChildren()).isEmpty(); + assertThat(messageDigestNode2.getChildren()).hasSize(4); assertThat(messageDigestNode2.asString()).isEqualTo("SHA256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParametersTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParametersTest.java index b70faea5..1d2fdb29 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParametersTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParametersTest.java @@ -67,7 +67,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParametersTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParametersTest.java index c426b261..80710ce1 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParametersTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParametersTest.java @@ -69,7 +69,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParametersTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParametersTest.java index e5212682..6c5c2e8f 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParametersTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParametersTest.java @@ -67,7 +67,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUParametersTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUParametersTest.java index d76bbb0d..59737d14 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUParametersTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUParametersTest.java @@ -66,7 +66,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); @@ -82,7 +82,7 @@ public void asserts( assertThat(store_1_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_1_1_1 = store_1_1.getDetectionValues().get(0); assertThat(value0_1_1_1).isInstanceOf(ValueAction.class); - assertThat(value0_1_1_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_1_1_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -99,7 +99,7 @@ public void asserts( // MessageDigest under BlockCipher INode messageDigestNode5 = blockCipherNode5.getChildren().get(MessageDigest.class); assertThat(messageDigestNode5).isNotNull(); - assertThat(messageDigestNode5.getChildren()).isEmpty(); + assertThat(messageDigestNode5.getChildren()).hasSize(4); assertThat(messageDigestNode5.asString()).isEqualTo("SHA256"); // Encrypt under BlockCipher diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcParametersWithTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcParametersWithTest.java index 52f19d84..5d2e68f2 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcParametersWithTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcParametersWithTest.java @@ -67,7 +67,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParametersTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParametersTest.java index 28b8851b..1b11f542 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParametersTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParametersTest.java @@ -67,7 +67,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTest.java index 12ea7aeb..c750d33e 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHKDFBytesGeneratorTest.java @@ -64,7 +64,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("HKDF"); + assertThat(value0.asString()).isEqualTo("HKDFBytesGenerator"); DetectionStore store_1 = getStoreOfValueType(ValueAction.class, detectionStore.getChildren()); @@ -72,7 +72,7 @@ public void asserts( assertThat(store_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_1 = store_1.getDetectionValues().get(0); assertThat(value0_1).isInstanceOf(ValueAction.class); - assertThat(value0_1.asString()).isEqualTo(findingId == 0 ? "SHA-256" : "SHA-512"); + assertThat(value0_1.asString()).isEqualTo(findingId == 0 ? "SHA256Digest" : "SHA512Digest"); /* * Translation @@ -90,7 +90,7 @@ public void asserts( INode messageDigestNode1 = keyDerivationFunctionNode1.getChildren().get(MessageDigest.class); assertThat(messageDigestNode1).isNotNull(); - assertThat(messageDigestNode1.getChildren()).isEmpty(); + assertThat(messageDigestNode1.getChildren()).hasSize(4); assertThat(messageDigestNode1.asString()).isEqualTo(findingId == 0 ? "SHA256" : "SHA512"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTest.java index 85240093..71445b0d 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTest.java @@ -23,9 +23,11 @@ import com.ibm.engine.detection.DetectionStore; import com.ibm.engine.model.IValue; +import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.model.context.KeyContext; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.KeyDerivationFunction; import com.ibm.mapper.model.MessageDigest; @@ -63,8 +65,8 @@ public void asserts( assertThat(detectionStore.getDetectionValues()).hasSize(1); assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); - assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("HandshakeKDF"); + assertThat(value0).isInstanceOf(OperationMode.class); + assertThat(value0.asString()).isEqualTo("1"); DetectionStore store_1 = getStoreOfValueType(ValueAction.class, detectionStore.getChildren()); @@ -72,7 +74,7 @@ public void asserts( assertThat(store_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_1 = store_1.getDetectionValues().get(0); assertThat(value0_1).isInstanceOf(ValueAction.class); - assertThat(value0_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -84,12 +86,36 @@ public void asserts( INode keyDerivationFunctionNode = nodes.get(0); assertThat(keyDerivationFunctionNode.getKind()).isEqualTo(KeyDerivationFunction.class); assertThat(keyDerivationFunctionNode.getChildren()).hasSize(1); - assertThat(keyDerivationFunctionNode.asString()).isEqualTo("HandshakeKDF"); + assertThat(keyDerivationFunctionNode.asString()).isEqualTo("KDF2"); // MessageDigest under KeyDerivationFunction INode messageDigestNode = keyDerivationFunctionNode.getChildren().get(MessageDigest.class); assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).isEmpty(); + assertThat(messageDigestNode.getChildren()).hasSize(4); assertThat(messageDigestNode.asString()).isEqualTo("SHA256"); + + // DigestSize under MessageDigest under KeyDerivationFunction + INode digestSizeNode = messageDigestNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); + + // // Digest under MessageDigest under KeyDerivationFunction + // INode digestNode = messageDigestNode.getChildren().get(Digest.class); + // assertThat(digestNode).isNotNull(); + // assertThat(digestNode.getChildren()).isEmpty(); + // assertThat(digestNode.asString()).isEqualTo("DIGEST"); + + // // BlockSize under MessageDigest under KeyDerivationFunction + // INode blockSizeNode = messageDigestNode.getChildren().get(BlockSize.class); + // assertThat(blockSizeNode).isNotNull(); + // assertThat(blockSizeNode.getChildren()).isEmpty(); + // assertThat(blockSizeNode.asString()).isEqualTo("512"); + + // // Oid under MessageDigest under KeyDerivationFunction + // INode oidNode = messageDigestNode.getChildren().get(Oid.class); + // assertThat(oidNode).isNotNull(); + // assertThat(oidNode.getChildren()).isEmpty(); + // assertThat(oidNode.asString()).isEqualTo("2.16.840.1.101.3.4.2.1"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTest.java index e96e1a49..f5970ec5 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcKDFCounterBytesGeneratorTest.java @@ -24,15 +24,11 @@ import com.ibm.engine.detection.DetectionStore; import com.ibm.engine.model.IValue; import com.ibm.engine.model.ValueAction; -import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.model.context.KeyContext; -import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.KeyDerivationFunction; import com.ibm.mapper.model.Mac; -import com.ibm.mapper.model.MessageDigest; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -77,23 +73,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("KDFCounter"); - - DetectionStore store_1 = - getStoreOfValueType(ValueAction.class, detectionStore.getChildren()); - assertThat(store_1.getDetectionValues()).hasSize(1); - assertThat(store_1.getDetectionValueContext()).isInstanceOf(MacContext.class); - IValue value0_1 = store_1.getDetectionValues().get(0); - assertThat(value0_1).isInstanceOf(ValueAction.class); - assertThat(value0_1.asString()).isEqualTo("HMac"); - - DetectionStore store_1_1 = - getStoreOfValueType(ValueAction.class, store_1.getChildren()); - assertThat(store_1_1.getDetectionValues()).hasSize(1); - assertThat(store_1_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); - IValue value0_1_1 = store_1_1.getDetectionValues().get(0); - assertThat(value0_1_1).isInstanceOf(ValueAction.class); - assertThat(value0_1_1.asString()).isEqualTo("SHA-256"); + assertThat(value0.asString()).isEqualTo("KDFCounterBytesGenerator"); /* * Translation @@ -105,30 +85,18 @@ public void asserts( INode keyDerivationFunctionNode = nodes.get(0); assertThat(keyDerivationFunctionNode.getKind()).isEqualTo(KeyDerivationFunction.class); assertThat(keyDerivationFunctionNode.getChildren()).hasSize(1); - assertThat(keyDerivationFunctionNode.asString()).isEqualTo("KDFCounter"); + assertThat(keyDerivationFunctionNode.asString()).isEqualTo("KDF in Counter Mode"); // Mac under KeyDerivationFunction INode macNode = keyDerivationFunctionNode.getChildren().get(Mac.class); assertThat(macNode).isNotNull(); - assertThat(macNode.getChildren()).hasSize(3); - assertThat(macNode.asString()).isEqualTo("HMAC-SHA256"); - - // Digest under Mac under KeyDerivationFunction - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); - - // MessageDigest under Mac under KeyDerivationFunction - INode messageDigestNode = macNode.getChildren().get(MessageDigest.class); - assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).isEmpty(); - assertThat(messageDigestNode.asString()).isEqualTo("SHA256"); - - // Tag under Mac under KeyDerivationFunction - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); + assertThat(macNode.getChildren()).hasSize(1); + assertThat(macNode.asString()).isEqualTo("SHA256"); + + // DigestSize under Mac under KeyDerivationFunction + INode digestSizeNode = macNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTest.java index 3340fdee..5a858294 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcMGF1BytesGeneratorTest.java @@ -64,7 +64,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("MGF1"); + assertThat(value0.asString()).isEqualTo("MGF1BytesGenerator"); DetectionStore store_1 = getStoreOfValueType(ValueAction.class, detectionStore.getChildren()); @@ -72,7 +72,7 @@ public void asserts( assertThat(store_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_1 = store_1.getDetectionValues().get(0); assertThat(value0_1).isInstanceOf(ValueAction.class); - assertThat(value0_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -83,13 +83,13 @@ public void asserts( // MaskGenerationFunction INode maskGenerationFunctionNode = nodes.get(0); assertThat(maskGenerationFunctionNode.getKind()).isEqualTo(MaskGenerationFunction.class); - assertThat(maskGenerationFunctionNode.getChildren()).hasSize(1); + assertThat(maskGenerationFunctionNode.getChildren()).hasSize(2); assertThat(maskGenerationFunctionNode.asString()).isEqualTo("MGF1"); // MessageDigest under MaskGenerationFunction INode messageDigestNode = maskGenerationFunctionNode.getChildren().get(MessageDigest.class); assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).isEmpty(); + assertThat(messageDigestNode.getChildren()).hasSize(4); assertThat(messageDigestNode.asString()).isEqualTo("SHA256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSATest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSATest.java index 14679209..31599412 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSATest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSATest.java @@ -63,7 +63,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(SignatureContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("ECDSA"); + assertThat(value0.asString()).isEqualTo("ECDSASigner"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTest.java index 587f2608..6688627f 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcBIKEKEMExtractorTest.java @@ -63,7 +63,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("BIKE"); + assertThat(value0.asString()).isEqualTo("BIKEKEMExtractor"); /* * Translation diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTest.java index e53c8adb..63df8752 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMExtractorTest.java @@ -75,7 +75,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("ECIES"); + assertThat(value0.asString()).isEqualTo("ECIESKEMExtractor"); DetectionStore store_1 = getStoreOfValueType(KeySize.class, detectionStore.getChildren()); @@ -91,7 +91,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("HKDF"); + assertThat(value0_2.asString()).isEqualTo("HKDFBytesGenerator"); DetectionStore store_2_1 = getStoreOfValueType(ValueAction.class, store_2.getChildren()); @@ -99,7 +99,7 @@ public void asserts( assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_2_1 = store_2_1.getDetectionValues().get(0); assertThat(value0_2_1).isInstanceOf(ValueAction.class); - assertThat(value0_2_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_2_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -131,7 +131,7 @@ public void asserts( INode messageDigestNode1 = keyDerivationFunctionNode1.getChildren().get(MessageDigest.class); assertThat(messageDigestNode1).isNotNull(); - assertThat(messageDigestNode1.getChildren()).hasSize(1); - assertThat(messageDigestNode1.asString()).isEqualTo("SHA-256"); + assertThat(messageDigestNode1.getChildren()).hasSize(4); + assertThat(messageDigestNode1.asString()).isEqualTo("SHA256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTest.java index 2236a0d1..9457e516 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcECIESKEMGeneratorTest.java @@ -75,7 +75,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("ECIES"); + assertThat(value0.asString()).isEqualTo("ECIESKEMGenerator"); DetectionStore store_1 = getStoreOfValueType(KeySize.class, detectionStore.getChildren()); @@ -91,7 +91,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("HKDF"); + assertThat(value0_2.asString()).isEqualTo("HKDFBytesGenerator"); DetectionStore store_2_1 = getStoreOfValueType(ValueAction.class, store_2.getChildren()); @@ -99,7 +99,7 @@ public void asserts( assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_2_1 = store_2_1.getDetectionValues().get(0); assertThat(value0_2_1).isInstanceOf(ValueAction.class); - assertThat(value0_2_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_2_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -131,7 +131,7 @@ public void asserts( INode messageDigestNode1 = keyDerivationFunctionNode1.getChildren().get(MessageDigest.class); assertThat(messageDigestNode1).isNotNull(); - assertThat(messageDigestNode1.getChildren()).hasSize(1); - assertThat(messageDigestNode1.asString()).isEqualTo("SHA-256"); + assertThat(messageDigestNode1.getChildren()).hasSize(4); + assertThat(messageDigestNode1.asString()).isEqualTo("SHA256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTest.java index e0e9c4b3..b264b413 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcKyberKEMGeneratorTest.java @@ -63,7 +63,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("Kyber"); + assertThat(value0.asString()).isEqualTo("KyberKEMGenerator"); /* * Translation @@ -76,6 +76,6 @@ public void asserts( assertThat(keyEncapsulationMechanismNode.getKind()) .isEqualTo(KeyEncapsulationMechanism.class); assertThat(keyEncapsulationMechanismNode.getChildren()).isEmpty(); - assertThat(keyEncapsulationMechanismNode.asString()).isEqualTo("Kyber"); + assertThat(keyEncapsulationMechanismNode.asString()).isEqualTo("ML-KEM"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTest.java index 0435bfff..52791b12 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMExtractorTest.java @@ -75,7 +75,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("RSA"); + assertThat(value0.asString()).isEqualTo("RSAKEMExtractor"); DetectionStore store_1 = getStoreOfValueType(KeySize.class, detectionStore.getChildren()); @@ -91,7 +91,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("HKDF"); + assertThat(value0_2.asString()).isEqualTo("HKDFBytesGenerator"); DetectionStore store_2_1 = getStoreOfValueType(ValueAction.class, store_2.getChildren()); @@ -99,7 +99,7 @@ public void asserts( assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_2_1 = store_2_1.getDetectionValues().get(0); assertThat(value0_2_1).isInstanceOf(ValueAction.class); - assertThat(value0_2_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_2_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -111,8 +111,8 @@ public void asserts( INode keyEncapsulationMechanismNode = nodes.get(0); assertThat(keyEncapsulationMechanismNode.getKind()) .isEqualTo(KeyEncapsulationMechanism.class); - assertThat(keyEncapsulationMechanismNode.getChildren()).hasSize(3); - assertThat(keyEncapsulationMechanismNode.asString()).isEqualTo("RSA"); + assertThat(keyEncapsulationMechanismNode.getChildren()).hasSize(2); + assertThat(keyEncapsulationMechanismNode.asString()).isEqualTo("RSA-KEM"); // KeyLength under KeyEncapsulationMechanism INode keyLengthNode = keyEncapsulationMechanismNode.getChildren().get(KeyLength.class); @@ -131,7 +131,7 @@ public void asserts( INode messageDigestNode1 = keyDerivationFunctionNode1.getChildren().get(MessageDigest.class); assertThat(messageDigestNode1).isNotNull(); - assertThat(messageDigestNode1.getChildren()).hasSize(1); - assertThat(messageDigestNode1.asString()).isEqualTo("SHA-256"); + assertThat(messageDigestNode1.getChildren()).hasSize(4); + assertThat(messageDigestNode1.asString()).isEqualTo("SHA256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTest.java index 47acd58a..1024033c 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcRSAKEMGeneratorTest.java @@ -75,7 +75,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("RSA"); + assertThat(value0.asString()).isEqualTo("RSAKEMGenerator"); DetectionStore store_1 = getStoreOfValueType(KeySize.class, detectionStore.getChildren()); @@ -91,7 +91,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(KeyContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("HKDF"); + assertThat(value0_2.asString()).isEqualTo("HKDFBytesGenerator"); DetectionStore store_2_1 = getStoreOfValueType(ValueAction.class, store_2.getChildren()); @@ -99,7 +99,7 @@ public void asserts( assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_2_1 = store_2_1.getDetectionValues().get(0); assertThat(value0_2_1).isInstanceOf(ValueAction.class); - assertThat(value0_2_1.asString()).isEqualTo("SHA-256"); + assertThat(value0_2_1.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -111,8 +111,8 @@ public void asserts( INode keyEncapsulationMechanismNode = nodes.get(0); assertThat(keyEncapsulationMechanismNode.getKind()) .isEqualTo(KeyEncapsulationMechanism.class); - assertThat(keyEncapsulationMechanismNode.getChildren()).hasSize(3); - assertThat(keyEncapsulationMechanismNode.asString()).isEqualTo("RSA"); + assertThat(keyEncapsulationMechanismNode.getChildren()).hasSize(2); + assertThat(keyEncapsulationMechanismNode.asString()).isEqualTo("RSA-KEM"); // KeyLength under KeyEncapsulationMechanism INode keyLengthNode = keyEncapsulationMechanismNode.getChildren().get(KeyLength.class); @@ -131,7 +131,7 @@ public void asserts( INode messageDigestNode1 = keyDerivationFunctionNode1.getChildren().get(MessageDigest.class); assertThat(messageDigestNode1).isNotNull(); - assertThat(messageDigestNode1.getChildren()).hasSize(1); - assertThat(messageDigestNode1.asString()).isEqualTo("SHA-256"); + assertThat(messageDigestNode1.getChildren()).hasSize(4); + assertThat(messageDigestNode1.asString()).isEqualTo("SHA256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlake3MacTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlake3MacTest.java index 99354463..096b5379 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlake3MacTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlake3MacTest.java @@ -25,10 +25,10 @@ import com.ibm.engine.model.IValue; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; -import com.ibm.mapper.model.MessageDigest; -import com.ibm.mapper.model.functionality.Digest; import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; @@ -76,24 +76,25 @@ public void asserts( INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); assertThat(macNode.getChildren()).hasSize(3); - assertThat(macNode.asString()).isEqualTo("BLAKE3-MAC"); + assertThat(macNode.asString()).isEqualTo("BLAKE3"); - // MessageDigest under Mac - INode messageDigestNode = macNode.getChildren().get(MessageDigest.class); - assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).isEmpty(); - assertThat(messageDigestNode.asString()).isEqualTo("BLAKE"); - - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); + // DigestSize under Mac + INode digestSizeNode = macNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); // Tag under Mac INode tagNode = macNode.getChildren().get(Tag.class); assertThat(tagNode).isNotNull(); assertThat(tagNode.getChildren()).isEmpty(); assertThat(tagNode.asString()).isEqualTo("TAG"); + + // ClassicalBitSecurityLevel under Mac + INode classicalBitSecurityLevelNode = + macNode.getChildren().get(ClassicalBitSecurityLevel.class); + assertThat(classicalBitSecurityLevelNode).isNotNull(); + assertThat(classicalBitSecurityLevelNode.getChildren()).isEmpty(); + assertThat(classicalBitSecurityLevelNode.asString()).isEqualTo("128"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlockCipherMacTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlockCipherMacTest.java index 2f575dcd..fe3d5f71 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlockCipherMacTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcBlockCipherMacTest.java @@ -27,13 +27,10 @@ import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -92,7 +89,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("AES"); + assertThat(value0_2.asString()).isEqualTo("AESEngine"); /* * Translation @@ -103,14 +100,14 @@ public void asserts( // Mac INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); - assertThat(macNode.getChildren()).hasSize(4); - assertThat(macNode.asString()).isEqualTo("CBC-MAC-AES"); + assertThat(macNode.getChildren()).hasSize(3); + assertThat(macNode.asString()).isEqualTo("AES"); - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); + // // Tag under Mac + // INode tagNode = macNode.getChildren().get(Tag.class); + // assertThat(tagNode).isNotNull(); + // assertThat(tagNode.getChildren()).isEmpty(); + // assertThat(tagNode.asString()).isEqualTo("TAG"); // TagLength under Mac INode tagLengthNode = macNode.getChildren().get(TagLength.class); @@ -118,20 +115,8 @@ public void asserts( assertThat(tagLengthNode.getChildren()).isEmpty(); assertThat(tagLengthNode.asString()).isEqualTo("128"); - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); - - // BlockCipher under Mac - INode blockCipherNode = macNode.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode).isNotNull(); - assertThat(blockCipherNode.getChildren()).hasSize(2); - assertThat(blockCipherNode.asString()).isEqualTo("AES"); - - // Mode under BlockCipher under Mac - INode modeNode = blockCipherNode.getChildren().get(Mode.class); + // Mode under Mac + INode modeNode = macNode.getChildren().get(Mode.class); assertThat(modeNode).isNotNull(); assertThat(modeNode.getChildren()).isEmpty(); assertThat(modeNode.asString()).isEqualTo("CBC"); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCBCBlockCipherMacTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCBCBlockCipherMacTest.java index 5251968b..fdef2a6b 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCBCBlockCipherMacTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCBCBlockCipherMacTest.java @@ -29,15 +29,12 @@ import com.ibm.engine.model.context.AlgorithmParameterContext; import com.ibm.engine.model.context.CipherContext; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; import com.ibm.mapper.model.functionality.Encrypt; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -111,7 +108,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("AES"); + assertThat(value0_2.asString()).isEqualTo("AESEngine"); DetectionStore store_2_1 = getStoreOfValueType(OperationMode.class, store_2.getChildren()); @@ -128,7 +125,7 @@ public void asserts( assertThat(store_3.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_3 = store_3.getDetectionValues().get(0); assertThat(value0_3).isInstanceOf(ValueAction.class); - assertThat(value0_3.asString()).isEqualTo("PKCS7"); + assertThat(value0_3.asString()).isEqualTo("PKCS7Padding"); } /* @@ -140,14 +137,8 @@ public void asserts( // Mac INode macNode3 = nodes.get(0); assertThat(macNode3.getKind()).isEqualTo(Mac.class); - assertThat(macNode3.getChildren()).hasSize(findingId == 3 ? 3 : 4); - assertThat(macNode3.asString()).isEqualTo("CBC-MAC-AES"); - - // Digest under Mac - INode digestNode3 = macNode3.getChildren().get(Digest.class); - assertThat(digestNode3).isNotNull(); - assertThat(digestNode3.getChildren()).isEmpty(); - assertThat(digestNode3.asString()).isEqualTo("DIGEST"); + assertThat(macNode3.getChildren()).hasSize(findingId == 7 ? 5 : 4); + assertThat(macNode3.asString()).isEqualTo("AES"); if (findingId == 1 || findingId == 5 || findingId == 7) { // TagLength under Mac @@ -157,37 +148,30 @@ public void asserts( assertThat(tagLengthNode2.asString()).isEqualTo("128"); } - // BlockCipher under Mac - INode blockCipherNode3 = macNode3.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode3).isNotNull(); - assertThat(blockCipherNode3.getChildren()) - .hasSize(findingId == 3 || findingId == 7 ? 4 : 3); - assertThat(blockCipherNode3.asString()).isEqualTo("AES"); - - // Encrypt under BlockCipher under Mac - INode encryptNode3 = blockCipherNode3.getChildren().get(Encrypt.class); + // Encrypt under Mac + INode encryptNode3 = macNode3.getChildren().get(Encrypt.class); assertThat(encryptNode3).isNotNull(); assertThat(encryptNode3.getChildren()).isEmpty(); assertThat(encryptNode3.asString()).isEqualTo("ENCRYPT"); - // Mode under BlockCipher under Mac - INode modeNode3 = blockCipherNode3.getChildren().get(Mode.class); + // Mode under Mac + INode modeNode3 = macNode3.getChildren().get(Mode.class); assertThat(modeNode3).isNotNull(); assertThat(modeNode3.getChildren()).isEmpty(); assertThat(modeNode3.asString()).isEqualTo("CBC"); if (findingId == 3 || findingId == 7) { - // Padding under BlockCipher under Mac - INode paddingNode1 = blockCipherNode3.getChildren().get(Padding.class); + // Padding under Mac + INode paddingNode1 = macNode3.getChildren().get(Padding.class); assertThat(paddingNode1).isNotNull(); assertThat(paddingNode1.getChildren()).isEmpty(); assertThat(paddingNode1.asString()).isEqualTo("PKCS7"); } - // Tag under Mac - INode tagNode3 = macNode3.getChildren().get(Tag.class); - assertThat(tagNode3).isNotNull(); - assertThat(tagNode3.getChildren()).isEmpty(); - assertThat(tagNode3.asString()).isEqualTo("TAG"); + // // Tag under Mac + // INode tagNode3 = macNode3.getChildren().get(Tag.class); + // assertThat(tagNode3).isNotNull(); + // assertThat(tagNode3.getChildren()).isEmpty(); + // assertThat(tagNode3.asString()).isEqualTo("TAG"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCFBBlockCipherMacTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCFBBlockCipherMacTest.java index 7db5e1fd..a25fe84b 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCFBBlockCipherMacTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCFBBlockCipherMacTest.java @@ -27,15 +27,12 @@ import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -106,14 +103,14 @@ public void asserts( assertThat(store_3.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_3 = store_3.getDetectionValues().get(0); assertThat(value0_3).isInstanceOf(ValueAction.class); - assertThat(value0_3.asString()).isEqualTo("AES"); + assertThat(value0_3.asString()).isEqualTo("AESEngine"); DetectionStore store_4 = stores.get(1); assertThat(store_4.getDetectionValues()).hasSize(1); assertThat(store_4.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_4 = store_4.getDetectionValues().get(0); assertThat(value0_4).isInstanceOf(ValueAction.class); - assertThat(value0_4.asString()).isEqualTo("PKCS7"); + assertThat(value0_4.asString()).isEqualTo("PKCS7Padding"); /* * Translation @@ -125,34 +122,28 @@ public void asserts( INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); assertThat(macNode.getChildren()).hasSize(4); - assertThat(macNode.asString()).isEqualTo("CFB-MAC-AES"); - - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); - - // BlockCipher under Mac - INode blockCipherNode1 = macNode.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode1).isNotNull(); - assertThat(blockCipherNode1.getChildren()).hasSize(4); - assertThat(blockCipherNode1.asString()).isEqualTo("AES"); - - // Mode under BlockCipher under Mac - INode modeNode = blockCipherNode1.getChildren().get(Mode.class); + assertThat(macNode.asString()).isEqualTo("AES"); + + // // Tag under Mac + // INode tagNode = macNode.getChildren().get(Tag.class); + // assertThat(tagNode).isNotNull(); + // assertThat(tagNode.getChildren()).isEmpty(); + // assertThat(tagNode.asString()).isEqualTo("TAG"); + + // Mode under Mac + INode modeNode = macNode.getChildren().get(Mode.class); assertThat(modeNode).isNotNull(); assertThat(modeNode.getChildren()).isEmpty(); assertThat(modeNode.asString()).isEqualTo("CFB"); - // Padding under BlockCipher under Mac - INode paddingNode = blockCipherNode1.getChildren().get(Padding.class); + // Padding under Mac + INode paddingNode = macNode.getChildren().get(Padding.class); assertThat(paddingNode).isNotNull(); assertThat(paddingNode.getChildren()).isEmpty(); assertThat(paddingNode.asString()).isEqualTo("PKCS7"); - // BlockSize under BlockCipher under Mac - INode blockSize = blockCipherNode1.getChildren().get(BlockSize.class); + // BlockSize under Mac + INode blockSize = macNode.getChildren().get(BlockSize.class); assertThat(blockSize).isNotNull(); assertThat(blockSize.getChildren()).isEmpty(); assertThat(blockSize.asString()).isEqualTo("64"); @@ -162,11 +153,5 @@ public void asserts( assertThat(tagLengthNode).isNotNull(); assertThat(tagLengthNode.getChildren()).isEmpty(); assertThat(tagLengthNode.asString()).isEqualTo("128"); - - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCHMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCMACTest.java similarity index 85% rename from java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCHMACTest.java rename to java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCMACTest.java index 2afc040c..4770ebba 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCHMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcCMACTest.java @@ -31,8 +31,6 @@ import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -44,7 +42,7 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.Tree; -class BcCHMACTest extends TestBase { +class BcCMACTest extends TestBase { @Test void test() { CheckVerifier.newVerifier() @@ -91,7 +89,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("AES"); + assertThat(value0_2.asString()).isEqualTo("AESEngine"); /* * Translation @@ -102,20 +100,14 @@ public void asserts( // Mac INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); - assertThat(macNode.getChildren()).hasSize(4); - assertThat(macNode.asString()).isEqualTo("CMAC-AES"); + assertThat(macNode.getChildren()).hasSize(2); + assertThat(macNode.asString()).isEqualTo("CMAC"); - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); - - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); + // // Tag under Mac + // INode tagNode = macNode.getChildren().get(Tag.class); + // assertThat(tagNode).isNotNull(); + // assertThat(tagNode.getChildren()).isEmpty(); + // assertThat(tagNode.asString()).isEqualTo("TAG"); // TagLength under Mac INode tagLengthNode = macNode.getChildren().get(TagLength.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcDSTUHMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcDSTUMACTest.java similarity index 75% rename from java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcDSTUHMACTest.java rename to java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcDSTUMACTest.java index 2bd3d163..94ac1228 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcDSTUHMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcDSTUMACTest.java @@ -26,12 +26,9 @@ import com.ibm.engine.model.MacSize; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; -import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; @@ -44,7 +41,7 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.Tree; -class BcDSTUHMACTest extends TestBase { +class BcDSTUMACTest extends TestBase { @Test void test() { CheckVerifier.newVerifier() @@ -86,9 +83,8 @@ public void asserts( // Mac INode macNode1 = nodes.get(0); assertThat(macNode1.getKind()).isEqualTo(Mac.class); - assertThat(macNode1.getChildren()).hasSize(4); - assertThat(macNode1.asString()) - .isEqualTo(findingId == 0 ? "DSTU 7564-MAC" : "DSTU 7624:2014-MAC"); + assertThat(macNode1.getChildren()).hasSize(2); + assertThat(macNode1.asString()).isEqualTo(findingId == 0 ? "Kupyna" : "Kalyna"); // TagLength under Mac INode tagLengthNode1 = macNode1.getChildren().get(TagLength.class); @@ -96,30 +92,10 @@ public void asserts( assertThat(tagLengthNode1.getChildren()).isEmpty(); assertThat(tagLengthNode1.asString()).isEqualTo("128"); - if (findingId == 0) { - // Digest under Mac - INode digestNode = macNode1.getChildren().get(MessageDigest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DSTU 7564"); - } else { - // BlockCipher under Mac - INode blockCipherNode = macNode1.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode).isNotNull(); - assertThat(blockCipherNode.getChildren()).isEmpty(); - assertThat(blockCipherNode.asString()).isEqualTo("DSTU 7624:2014"); - } - // Tag under Mac INode tagNode1 = macNode1.getChildren().get(Tag.class); assertThat(tagNode1).isNotNull(); assertThat(tagNode1.getChildren()).isEmpty(); assertThat(tagNode1.asString()).isEqualTo("TAG"); - - // Digest under Mac - INode digestNode1 = macNode1.getChildren().get(Digest.class); - assertThat(digestNode1).isNotNull(); - assertThat(digestNode1.getChildren()).isEmpty(); - assertThat(digestNode1.asString()).isEqualTo("DIGEST"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGHMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGMACTest.java similarity index 77% rename from java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGHMACTest.java rename to java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGMACTest.java index 3e3f13d2..e7ab061f 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGHMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGMACTest.java @@ -27,13 +27,10 @@ import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -45,7 +42,7 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.Tree; -class BcGHMACTest extends TestBase { +class BcGMACTest extends TestBase { @Test void test() { CheckVerifier.newVerifier() @@ -92,7 +89,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("AES"); + assertThat(value0_2.asString()).isEqualTo("AESEngine"); /* * Translation @@ -103,14 +100,8 @@ public void asserts( // Mac INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); - assertThat(macNode.getChildren()).hasSize(4); - assertThat(macNode.asString()).isEqualTo("GMAC-AES"); - - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); + assertThat(macNode.getChildren()).hasSize(3); + assertThat(macNode.asString()).isEqualTo("AES"); // TagLength under Mac INode tagLengthNode = macNode.getChildren().get(TagLength.class); @@ -118,22 +109,16 @@ public void asserts( assertThat(tagLengthNode.getChildren()).isEmpty(); assertThat(tagLengthNode.asString()).isEqualTo("128"); - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); - - // BlockCipher under Mac - INode blockCipherNode1 = macNode.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode1).isNotNull(); - assertThat(blockCipherNode1.getChildren()).hasSize(2); - assertThat(blockCipherNode1.asString()).isEqualTo("AES"); + // // Tag under Mac + // INode tagNode = macNode.getChildren().get(Tag.class); + // assertThat(tagNode).isNotNull(); + // assertThat(tagNode.getChildren()).isEmpty(); + // assertThat(tagNode.asString()).isEqualTo("TAG"); - // Mode under BlockCipher under Mac - INode modeNode1 = blockCipherNode1.getChildren().get(Mode.class); + // Mode under Mac + INode modeNode1 = macNode.getChildren().get(Mode.class); assertThat(modeNode1).isNotNull(); assertThat(modeNode1.getChildren()).isEmpty(); - assertThat(modeNode1.asString()).isEqualTo("GCM"); + assertThat(modeNode1.asString()).isEqualTo("GMAC"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGOST28147MacTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGOST28147MacTest.java index 742fa566..56773a65 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGOST28147MacTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcGOST28147MacTest.java @@ -25,11 +25,8 @@ import com.ibm.engine.model.IValue; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -75,25 +72,14 @@ public void asserts( // Mac INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); - assertThat(macNode.getChildren()).hasSize(3); - assertThat(macNode.asString()).isEqualTo("GOST 28147-89-MAC"); + assertThat(macNode.getChildren()).hasSize(2); + assertThat(macNode.asString()).isEqualTo("GOST28147"); - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); + // // Tag under Mac + // INode tagNode = macNode.getChildren().get(Tag.class); + // assertThat(tagNode).isNotNull(); + // assertThat(tagNode.getChildren()).isEmpty(); + // assertThat(tagNode.asString()).isEqualTo("TAG"); - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); - - // BlockCipher under Mac - INode blockCipherNode = macNode.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode).isNotNull(); - assertThat(blockCipherNode.getChildren()).isEmpty(); - assertThat(blockCipherNode.asString()).isEqualTo("GOST 28147-89"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcHHMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcHMACTest.java similarity index 61% rename from java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcHHMACTest.java rename to java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcHMACTest.java index 4332dbdd..f181dcbf 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcHHMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcHMACTest.java @@ -24,13 +24,10 @@ import com.ibm.engine.detection.DetectionStore; import com.ibm.engine.model.IValue; import com.ibm.engine.model.ValueAction; -import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; -import com.ibm.mapper.model.MessageDigest; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -42,7 +39,7 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.Tree; -class BcHHMACTest extends TestBase { +class BcHMACTest extends TestBase { @Test void test() { CheckVerifier.newVerifier() @@ -57,22 +54,16 @@ public void asserts( int findingId, @NotNull DetectionStore detectionStore, @NotNull List nodes) { + /* * Detection Store */ + assertThat(detectionStore.getDetectionValues()).hasSize(1); assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(MacContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("HMac"); - - DetectionStore store_1 = - getStoreOfValueType(ValueAction.class, detectionStore.getChildren()); - assertThat(store_1.getDetectionValues()).hasSize(1); - assertThat(store_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); - IValue value0_1 = store_1.getDetectionValues().get(0); - assertThat(value0_1).isInstanceOf(ValueAction.class); - assertThat(value0_1.asString()).isEqualTo("SHA-256"); + assertThat(value0.asString()).isEqualTo("SHA256Digest"); /* * Translation @@ -83,25 +74,13 @@ public void asserts( // Mac INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); - assertThat(macNode.getChildren()).hasSize(3); - assertThat(macNode.asString()).isEqualTo("HMAC-SHA-256"); - - // MessageDigest under Mac - INode messageDigestNode = macNode.getChildren().get(MessageDigest.class); - assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).hasSize(1); - assertThat(messageDigestNode.asString()).isEqualTo("SHA-256"); - - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); + assertThat(macNode.getChildren()).hasSize(1); + assertThat(macNode.asString()).isEqualTo("SHA256"); - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); + // DigestSize under Mac + INode digestSizeNode = macNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcISO9797Alg3MacTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcISO9797Alg3MacTest.java index f5b18467..a08e5918 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcISO9797Alg3MacTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcISO9797Alg3MacTest.java @@ -27,14 +27,11 @@ import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; import com.ibm.engine.model.context.MacContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.model.TagLength; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -96,14 +93,14 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("AES"); + assertThat(value0_2.asString()).isEqualTo("AESEngine"); DetectionStore store_3 = stores.get(1); assertThat(store_3.getDetectionValues()).hasSize(1); assertThat(store_3.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_3 = store_3.getDetectionValues().get(0); assertThat(value0_3).isInstanceOf(ValueAction.class); - assertThat(value0_3.asString()).isEqualTo("ISO 7816-4:2020"); + assertThat(value0_3.asString()).isEqualTo("ISO7816d4Padding"); /* * Translation @@ -115,37 +112,25 @@ public void asserts( INode macNode = nodes.get(0); assertThat(macNode.getKind()).isEqualTo(Mac.class); assertThat(macNode.getChildren()).hasSize(4); - assertThat(macNode.asString()).isEqualTo("CBC-MAC-AES"); - - // Digest under Mac - INode digestNode = macNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); - - // BlockCipher under Mac - INode blockCipherNode = macNode.getChildren().get(BlockCipher.class); - assertThat(blockCipherNode).isNotNull(); - assertThat(blockCipherNode.getChildren()).hasSize(3); - assertThat(blockCipherNode.asString()).isEqualTo("AES"); - - // Mode under BlockCipher under Mac - INode modeNode = blockCipherNode.getChildren().get(Mode.class); + assertThat(macNode.asString()).isEqualTo("AES"); + + // Mode under Mac + INode modeNode = macNode.getChildren().get(Mode.class); assertThat(modeNode).isNotNull(); assertThat(modeNode.getChildren()).isEmpty(); assertThat(modeNode.asString()).isEqualTo("CBC"); - // Padding under BlockCipher under Mac - INode paddingNode = blockCipherNode.getChildren().get(Padding.class); + // Padding under Mac + INode paddingNode = macNode.getChildren().get(Padding.class); assertThat(paddingNode).isNotNull(); assertThat(paddingNode.getChildren()).isEmpty(); - assertThat(paddingNode.asString()).isEqualTo("ISO 7816-4:2020"); + assertThat(paddingNode.asString()).isEqualTo("ISO 7816"); - // Tag under Mac - INode tagNode = macNode.getChildren().get(Tag.class); - assertThat(tagNode).isNotNull(); - assertThat(tagNode.getChildren()).isEmpty(); - assertThat(tagNode.asString()).isEqualTo("TAG"); + // // Tag under Mac + // INode tagNode = macNode.getChildren().get(Tag.class); + // assertThat(tagNode).isNotNull(); + // assertThat(tagNode.getChildren()).isEmpty(); + // assertThat(tagNode.asString()).isEqualTo("TAG"); // TagLength under Mac INode tagLengthNode = macNode.getChildren().get(TagLength.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGHMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java similarity index 61% rename from java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGHMACTest.java rename to java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java index 5c1c061e..a89f4d3a 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGHMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java @@ -27,7 +27,12 @@ import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.model.AuthenticatedEncryption; +import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.model.Mode; +import com.ibm.mapper.model.TagLength; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -39,7 +44,7 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.Tree; -class BcKGHMACTest extends TestBase { +class BcKGMACTest extends TestBase { @Test void test() { CheckVerifier.newVerifier() @@ -86,7 +91,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("KGCM"); + assertThat(value0_2.asString()).isEqualTo("KGCMBlockCipher"); DetectionStore store_2_1 = getStoreOfValueType(ValueAction.class, store_2.getChildren()); @@ -94,13 +99,57 @@ public void asserts( assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2_1 = store_2_1.getDetectionValues().get(0); assertThat(value0_2_1).isInstanceOf(ValueAction.class); - assertThat(value0_2_1.asString()).isEqualTo("DSTU 7624:2014"); + assertThat(value0_2_1.asString()).isEqualTo("DSTU7624Engine"); + + DetectionStore store_2_1_1 = + getStoreOfValueType(com.ibm.engine.model.BlockSize.class, store_2_1.getChildren()); + assertThat(store_2_1_1.getDetectionValues()).hasSize(1); + assertThat(store_2_1_1.getDetectionValueContext()).isInstanceOf(CipherContext.class); + IValue value0_2_1_1 = store_2_1_1.getDetectionValues().get(0); + assertThat(value0_2_1_1).isInstanceOf(com.ibm.engine.model.BlockSize.class); + assertThat(value0_2_1_1.asString()).isEqualTo("64"); /* * Translation */ - // TODO: + assertThat(nodes).hasSize(1); + + // Mac + INode macNode = nodes.get(0); + assertThat(macNode.getKind()).isEqualTo(Mac.class); + assertThat(macNode.getChildren()).hasSize(3); + assertThat(macNode.asString()).isEqualTo("Kalyna"); + + // TagLength under Mac + INode tagLengthNode = macNode.getChildren().get(TagLength.class); + assertThat(tagLengthNode).isNotNull(); + assertThat(tagLengthNode.getChildren()).isEmpty(); + assertThat(tagLengthNode.asString()).isEqualTo("128"); + + // Mode under Mac + INode modeNode = macNode.getChildren().get(Mode.class); + assertThat(modeNode).isNotNull(); + assertThat(modeNode.getChildren()).isEmpty(); + assertThat(modeNode.asString()).isEqualTo("GMAC"); + + // AuthenticatedEncryption under Mac + INode authenticatedEncryptionNode = + macNode.getChildren().get(AuthenticatedEncryption.class); + assertThat(authenticatedEncryptionNode).isNotNull(); + assertThat(authenticatedEncryptionNode.getChildren()).hasSize(2); + assertThat(authenticatedEncryptionNode.asString()).isEqualTo("Kalyna"); + + // BlockSize under AuthenticatedEncryption under Mac + INode blockSizeNode = authenticatedEncryptionNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode).isNotNull(); + assertThat(blockSizeNode.getChildren()).isEmpty(); + assertThat(blockSizeNode.asString()).isEqualTo("64"); + // Mode under AuthenticatedEncryption under Mac + INode modeNode1 = authenticatedEncryptionNode.getChildren().get(Mode.class); + assertThat(modeNode1).isNotNull(); + assertThat(modeNode1.getChildren()).isEmpty(); + assertThat(modeNode1.asString()).isEqualTo("GCM"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcVMPCHMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcVMPCMacTest.java similarity index 98% rename from java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcVMPCHMACTest.java rename to java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcVMPCMacTest.java index c38fa632..98f33b52 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcVMPCHMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcVMPCMacTest.java @@ -41,7 +41,7 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.Tree; -class BcVMPCHMACTest extends TestBase { +class BcVMPCMacTest extends TestBase { @Test void test() { CheckVerifier.newVerifier() diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcAsymCipherEngineMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcAsymCipherEngineMapper.java index 0d4393fb..8a1b53dc 100644 --- a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcAsymCipherEngineMapper.java +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcAsymCipherEngineMapper.java @@ -52,6 +52,7 @@ public Optional parse( } Optional node = map(str, detectionLocation); if (node.isPresent()) { + // TODO: Change this to not use the `new Algorithm` hack to change the kind return Optional.of(new Algorithm((IAlgorithm) node.get(), asKind)); } return Optional.empty(); diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcBlockCipherEngineMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcBlockCipherEngineMapper.java index 294427a6..ca2105f2 100644 --- a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcBlockCipherEngineMapper.java +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcBlockCipherEngineMapper.java @@ -74,6 +74,7 @@ public Optional parse( } Optional node = map(str, detectionLocation); if (node.isPresent()) { + // TODO: Change this to not use the `new Algorithm` hack to change the kind return Optional.of(new Algorithm((IAlgorithm) node.get(), asKind)); } return Optional.empty(); diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDerivationFunctionMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDerivationFunctionMapper.java new file mode 100644 index 00000000..83b19862 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDerivationFunctionMapper.java @@ -0,0 +1,97 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.mapper.bc; + +import com.ibm.mapper.mapper.IMapper; +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Unknown; +import com.ibm.mapper.model.algorithms.ANSIX942; +import com.ibm.mapper.model.algorithms.ANSIX963; +import com.ibm.mapper.model.algorithms.ConcatenationKDF; +import com.ibm.mapper.model.algorithms.DH; +import com.ibm.mapper.model.algorithms.ECDH; +import com.ibm.mapper.model.algorithms.HKDF; +import com.ibm.mapper.model.algorithms.KDF1; +import com.ibm.mapper.model.algorithms.KDF2; +import com.ibm.mapper.model.algorithms.KDFCounter; +import com.ibm.mapper.model.algorithms.KDFDoublePipeline; +import com.ibm.mapper.model.algorithms.KDFFeedback; +import com.ibm.mapper.model.algorithms.KDFSession; +import com.ibm.mapper.model.algorithms.MGF1; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +public class BcDerivationFunctionMapper implements IMapper { + + @Override + @Nonnull + public Optional parse( + @Nullable String str, @Nonnull DetectionLocation detectionLocation) { + if (str == null) { + return Optional.empty(); + } + return map(str, detectionLocation); + } + + @Nonnull + private Optional map( + @Nonnull String digestString, @Nonnull DetectionLocation detectionLocation) { + return switch (digestString) { + case "BrokenKDF2BytesGenerator" -> Optional.of(new KDF2(detectionLocation)); + case "ConcatenationKDFGenerator" -> + Optional.of(new ConcatenationKDF(detectionLocation)); + case "DHKEKGenerator" -> { + // "RFC 2631 Diffie-hellman KEK derivation function" + // https://datatracker.ietf.org/doc/html/rfc2631#section-2.1.2 + KeyDerivationFunction kdf = new ANSIX942(detectionLocation); + kdf.put(new DH(detectionLocation)); + yield Optional.of(kdf); + } + case "ECDHKEKGenerator" -> { + // "X9.63 based key derivation function for ECDH CMS" + // https://csrc.nist.gov/CSRC/media/Events/Key-Management-Workshop-2000/documents/x963_overview.pdf + KeyDerivationFunction kdf = new ANSIX963(detectionLocation); + kdf.put(new ECDH(detectionLocation)); + yield Optional.of(kdf); + } + // TODO: case "HandshakeKDFFunction" -> Optional.of(); + case "GSKKFDGenerator" -> Optional.of(new KDFSession(detectionLocation)); + case "HKDFBytesGenerator" -> Optional.of(new HKDF(detectionLocation)); + case "KDF1BytesGenerator" -> Optional.of(new KDF1(detectionLocation)); + case "KDF2BytesGenerator" -> Optional.of(new KDF2(detectionLocation)); + case "KDFCounterBytesGenerator" -> Optional.of(new KDFCounter(detectionLocation)); + case "KDFDoublePipelineIterationBytesGenerator" -> + Optional.of(new KDFDoublePipeline(detectionLocation)); + case "KDFFeedbackBytesGenerator" -> Optional.of(new KDFFeedback(detectionLocation)); + case "MGF1BytesGenerator" -> Optional.of(new MGF1(detectionLocation)); + default -> { + final Algorithm algorithm = + new Algorithm(digestString, MessageDigest.class, detectionLocation); + algorithm.put(new Unknown(detectionLocation)); + yield Optional.of(algorithm); + } + }; + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDigestMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDigestMapper.java index bca2f8e8..1562b847 100644 --- a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDigestMapper.java +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDigestMapper.java @@ -21,18 +21,44 @@ import com.ibm.mapper.mapper.IMapper; import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.IAlgorithm; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.Unknown; +import com.ibm.mapper.model.algorithms.HarakaV2; +import com.ibm.mapper.model.algorithms.KMAC; +import com.ibm.mapper.model.algorithms.KangarooTwelve; +import com.ibm.mapper.model.algorithms.Keccak; import com.ibm.mapper.model.algorithms.Kupyna; +import com.ibm.mapper.model.algorithms.LMS; +import com.ibm.mapper.model.algorithms.MD2; +import com.ibm.mapper.model.algorithms.MD4; +import com.ibm.mapper.model.algorithms.MD5; +import com.ibm.mapper.model.algorithms.MarsupilamiFourteen; +import com.ibm.mapper.model.algorithms.ParallelHash; +import com.ibm.mapper.model.algorithms.RIPEMD; +import com.ibm.mapper.model.algorithms.SHA; +import com.ibm.mapper.model.algorithms.SHA2; +import com.ibm.mapper.model.algorithms.SHA3; import com.ibm.mapper.model.algorithms.SHAKE; +import com.ibm.mapper.model.algorithms.SM3; +import com.ibm.mapper.model.algorithms.Skein; +import com.ibm.mapper.model.algorithms.Tiger; +import com.ibm.mapper.model.algorithms.TupleHash; +import com.ibm.mapper.model.algorithms.Whirlpool; +import com.ibm.mapper.model.algorithms.Xoodyak; import com.ibm.mapper.model.algorithms.ascon.AsconHash; import com.ibm.mapper.model.algorithms.ascon.AsconXof; import com.ibm.mapper.model.algorithms.blake.BLAKE2X; import com.ibm.mapper.model.algorithms.blake.BLAKE2b; import com.ibm.mapper.model.algorithms.blake.BLAKE2s; import com.ibm.mapper.model.algorithms.blake.BLAKE3; +import com.ibm.mapper.model.algorithms.gost.GOST341194; import com.ibm.mapper.model.algorithms.gost.GOSTR341112; +import com.ibm.mapper.model.algorithms.isap.Isap; +import com.ibm.mapper.model.algorithms.photonbeetle.PhotonBeetleHash; +import com.ibm.mapper.model.algorithms.sparkle.Esch; import com.ibm.mapper.utils.DetectionLocation; import java.util.Optional; import javax.annotation.Nonnull; @@ -40,6 +66,12 @@ public class BcDigestMapper implements IMapper { + private final Class asKind; + + public BcDigestMapper(Class asKind) { + this.asKind = asKind; + } + @Override @Nonnull public Optional parse( @@ -47,7 +79,15 @@ public Optional parse( if (str == null) { return Optional.empty(); } - return map(str, detectionLocation); + Optional node = map(str, detectionLocation); + // TODO: Change this to not use the `new Algorithm` hack to change the kind + if (node.isPresent()) { + if (asKind == MessageDigest.class) { + return node; + } + return Optional.of(new Algorithm((IAlgorithm) node.get(), asKind)); + } + return Optional.empty(); } @Nonnull @@ -68,41 +108,42 @@ private Optional map( case "DSTU7564Digest" -> Optional.of(new Kupyna(detectionLocation)); case "GOST3411_2012_256Digest" -> Optional.of(new GOSTR341112(256, detectionLocation)); case "GOST3411_2012_512Digest" -> Optional.of(new GOSTR341112(512, detectionLocation)); - // case "GOST3411Digest" -> Optional.of(); - // case "Haraka256Digest" -> Optional.of(); - // case "Haraka512Digest" -> Optional.of(); - // case "HarakaBase" -> Optional.of(); - // case "ISAPDigest" -> Optional.of(); - // case "KangarooTwelve" -> Optional.of(); - // case "KeccakDigest" -> Optional.of(); - // case "KMAC" -> Optional.of(); - // case "LMSContext" -> Optional.of(); - // case "MarsupilamiFourteen" -> Optional.of(); - // case "MD2Digest" -> Optional.of(); - // case "MD4Digest" -> Optional.of(); - // case "MD5Digest" -> Optional.of(); - // case "NullDigest" -> Optional.of(); - // case "ParallelHash" -> Optional.of(); - // case "PhotonBeetleDigest" -> Optional.of(); - // case "RIPEMD128Digest" -> Optional.of(); - // case "RIPEMD160Digest" -> Optional.of(); - // case "RIPEMD256Digest" -> Optional.of(); - // case "RIPEMD320Digest" -> Optional.of(); - // case "SHA1Digest" -> Optional.of(); - // case "SHA224Digest" -> Optional.of(); - // case "SHA256Digest" -> Optional.of(); - // case "SHA384Digest" -> Optional.of(); - // case "SHA3Digest" -> Optional.of(); - // case "SHA512Digest" -> Optional.of(); - // case "SHA512tDigest" -> Optional.of(); - // case "SHAKEDigest" -> Optional.of(); - // case "SkeinDigest" -> Optional.of(); - // case "SM3Digest" -> Optional.of(); - // case "SparkleDigest" -> Optional.of(); - // case "TigerDigest" -> Optional.of(); - // case "TupleHash" -> Optional.of(); - // case "WhirlpoolDigest" -> Optional.of(); - // case "XoodyakDigest" -> Optional.of(); + case "GOST3411Digest" -> Optional.of(new GOST341194(detectionLocation)); + case "Haraka256Digest" -> Optional.of(new HarakaV2(256, detectionLocation)); + case "Haraka512Digest" -> Optional.of(new HarakaV2(512, detectionLocation)); + case "HarakaBase" -> Optional.of(new HarakaV2(detectionLocation)); + case "ISAPDigest" -> + Optional.of(new Isap(MessageDigest.class, new Isap(detectionLocation))); + case "KangarooTwelve" -> Optional.of(new KangarooTwelve(detectionLocation)); + case "KeccakDigest" -> Optional.of(new Keccak(detectionLocation)); + case "KMAC" -> Optional.of(new KMAC(MessageDigest.class, new KMAC(detectionLocation))); + case "LMSContext" -> Optional.of(new LMS(MessageDigest.class, detectionLocation)); + case "MarsupilamiFourteen" -> Optional.of(new MarsupilamiFourteen(detectionLocation)); + case "MD2Digest" -> Optional.of(new MD2(detectionLocation)); + case "MD4Digest" -> Optional.of(new MD4(detectionLocation)); + case "MD5Digest" -> Optional.of(new MD5(detectionLocation)); + case "NullDigest" -> Optional.empty(); + case "ParallelHash" -> Optional.of(new ParallelHash(detectionLocation)); + case "PhotonBeetleDigest" -> Optional.of(new PhotonBeetleHash(detectionLocation)); + case "RIPEMD128Digest" -> Optional.of(new RIPEMD(128, detectionLocation)); + case "RIPEMD160Digest" -> Optional.of(new RIPEMD(160, detectionLocation)); + case "RIPEMD256Digest" -> Optional.of(new RIPEMD(256, detectionLocation)); + case "RIPEMD320Digest" -> Optional.of(new RIPEMD(320, detectionLocation)); + case "SHA1Digest" -> Optional.of(new SHA(detectionLocation)); + case "SHA224Digest" -> Optional.of(new SHA2(224, detectionLocation)); + case "SHA256Digest" -> Optional.of(new SHA2(256, detectionLocation)); + case "SHA384Digest" -> Optional.of(new SHA3(384, detectionLocation)); + case "SHA3Digest" -> Optional.of(new SHA3(detectionLocation)); + case "SHA512Digest" -> Optional.of(new SHA2(512, detectionLocation)); + case "SHA512tDigest" -> Optional.of(new SHA2(512, detectionLocation)); + case "SHAKEDigest" -> Optional.of(new SHAKE(detectionLocation)); + case "SkeinDigest" -> Optional.of(new Skein(detectionLocation)); + case "SM3Digest" -> Optional.of(new SM3(detectionLocation)); + case "SparkleDigest" -> Optional.of(new Esch(detectionLocation)); + case "TigerDigest" -> Optional.of(new Tiger(192, detectionLocation)); + case "TupleHash" -> Optional.of(new TupleHash(detectionLocation)); + case "WhirlpoolDigest" -> Optional.of(new Whirlpool(detectionLocation)); + case "XoodyakDigest" -> Optional.of(new Xoodyak(detectionLocation)); default -> { final Algorithm algorithm = new Algorithm(digestString, MessageDigest.class, detectionLocation); diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDsaMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDsaMapper.java new file mode 100644 index 00000000..b1668c8d --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcDsaMapper.java @@ -0,0 +1,68 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.mapper.bc; + +import com.ibm.mapper.mapper.IMapper; +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.model.Unknown; +import com.ibm.mapper.model.algorithms.DSA; +import com.ibm.mapper.model.algorithms.DSTU4145; +import com.ibm.mapper.model.algorithms.ECDSA; +import com.ibm.mapper.model.algorithms.gost.GOSTR341012; +import com.ibm.mapper.model.algorithms.gost.GOSTR341094; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +public class BcDsaMapper implements IMapper { + + @Override + @Nonnull + public Optional parse( + @Nullable String str, @Nonnull DetectionLocation detectionLocation) { + if (str == null) { + return Optional.empty(); + } + return map(str, detectionLocation); + } + + @Nonnull + private Optional map( + @Nonnull String dsaString, @Nonnull DetectionLocation detectionLocation) { + return switch (dsaString) { + case "DSASigner" -> Optional.of(new DSA(detectionLocation)); + case "DSTU4145Signer" -> Optional.of(new DSTU4145(detectionLocation)); + case "ECDSASigner" -> Optional.of(new ECDSA(detectionLocation)); + case "ECGOST3410_2012Signer" -> Optional.of(new GOSTR341012(detectionLocation)); + case "ECGOST3410Signer" -> Optional.of(new GOSTR341012(detectionLocation)); + // TOOD: case "ECNRSigner" -> Optional.of(); + case "GOST3410Signer" -> Optional.of(new GOSTR341094(detectionLocation)); + default -> { + final Algorithm algorithm = + new Algorithm(dsaString, Signature.class, detectionLocation); + algorithm.put(new Unknown(detectionLocation)); + yield Optional.of(algorithm); + } + }; + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcKemMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcKemMapper.java new file mode 100644 index 00000000..f435949c --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcKemMapper.java @@ -0,0 +1,87 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.mapper.bc; + +import com.ibm.mapper.mapper.IMapper; +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.model.Unknown; +import com.ibm.mapper.model.algorithms.BIKE; +import com.ibm.mapper.model.algorithms.ClassicMcEliece; +import com.ibm.mapper.model.algorithms.ECIES; +import com.ibm.mapper.model.algorithms.FrodoKEM; +import com.ibm.mapper.model.algorithms.HQC; +import com.ibm.mapper.model.algorithms.MLKEM; +import com.ibm.mapper.model.algorithms.RSAKEM; +import com.ibm.mapper.model.algorithms.SABER; +import com.ibm.mapper.model.algorithms.ntru.NTRU; +import com.ibm.mapper.model.algorithms.ntru.NTRULPrime; +import com.ibm.mapper.model.algorithms.ntru.StreamlinedNTRUPrime; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +public class BcKemMapper implements IMapper { + + @Override + @Nonnull + public Optional parse( + @Nullable String str, @Nonnull DetectionLocation detectionLocation) { + if (str == null) { + return Optional.empty(); + } + return map(str, detectionLocation); + } + + @Nonnull + private Optional map( + @Nonnull String kemString, @Nonnull DetectionLocation detectionLocation) { + return switch (kemString) { + case "BIKEKEMExtractor", "BIKEKEMGenerator" -> Optional.of(new BIKE(detectionLocation)); + case "CMCEKEMExtractor", "CMCEKEMGenerator" -> + Optional.of(new ClassicMcEliece(detectionLocation)); + case "ECIESKEMExtractor", "ECIESKEMGenerator" -> + Optional.of(new ECIES(detectionLocation)); + case "FrodoKEMExtractor", "FrodoKEMGenerator" -> + Optional.of(new FrodoKEM(detectionLocation)); + case "HQCKEMExtractor", "HQCKEMGenerator" -> + Optional.of(new HQC(KeyEncapsulationMechanism.class, detectionLocation)); + case "KyberKEMExtractor", "KyberKEMGenerator" -> + Optional.of(new MLKEM(detectionLocation)); + case "NTRUKEMExtractor", "NTRUKEMGenerator" -> Optional.of(new NTRU(detectionLocation)); + case "NTRULPRimeKEMExtractor", "NTRULPRimeKEMGenerator" -> + Optional.of(new NTRULPrime(detectionLocation)); + case "RSAKEMExtractor", "RSAKEMGenerator" -> Optional.of(new RSAKEM(detectionLocation)); + case "SABERKEMExtractor", "SABERKEMGenerator" -> + Optional.of(new SABER(detectionLocation)); + case "SNTRUPrimeKEMExtractor", "SNTRUPrimeKEMGenerator" -> + Optional.of(new StreamlinedNTRUPrime(detectionLocation)); + default -> { + final Algorithm algorithm = + new Algorithm( + kemString, KeyEncapsulationMechanism.class, detectionLocation); + algorithm.put(new Unknown(detectionLocation)); + yield Optional.of(algorithm); + } + }; + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcMacMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcMacMapper.java new file mode 100644 index 00000000..663af1bc --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcMacMapper.java @@ -0,0 +1,100 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.mapper.bc; + +import com.ibm.mapper.mapper.IMapper; +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.model.Unknown; +import com.ibm.mapper.model.algorithms.CMAC; +import com.ibm.mapper.model.algorithms.KMAC; +import com.ibm.mapper.model.algorithms.Kalyna; +import com.ibm.mapper.model.algorithms.Kupyna; +import com.ibm.mapper.model.algorithms.Poly1305; +import com.ibm.mapper.model.algorithms.SipHash; +import com.ibm.mapper.model.algorithms.Skein; +import com.ibm.mapper.model.algorithms.VMPCMAC; +import com.ibm.mapper.model.algorithms.ZUC; +import com.ibm.mapper.model.algorithms.blake.BLAKE3; +import com.ibm.mapper.model.algorithms.gost.GOST28147; +import com.ibm.mapper.model.mode.CBC; +import com.ibm.mapper.model.mode.CFB; +import com.ibm.mapper.model.mode.GMAC; +import com.ibm.mapper.utils.DetectionLocation; +import com.ibm.mapper.utils.Utils; +import java.util.Optional; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +public class BcMacMapper implements IMapper { + + @Override + @Nonnull + public Optional parse( + @Nullable String str, @Nonnull DetectionLocation detectionLocation) { + if (str == null) { + return Optional.empty(); + } + return map(str, detectionLocation); + } + + @Nonnull + private Optional map( + @Nonnull String macString, @Nonnull DetectionLocation detectionLocation) { + return switch (macString) { + case "Blake3Mac" -> Optional.of(new BLAKE3(Mac.class, new BLAKE3(detectionLocation))); + case "BlockCipherMac", "CBCBlockCipherMac", "ISO9797Alg3Mac" -> + Optional.of(Utils.unknownWithMode(new CBC(detectionLocation), Mac.class)); + case "CFBBlockCipherMac" -> + Optional.of(Utils.unknownWithMode(new CFB(detectionLocation), Mac.class)); + /* TODO: Shouldn't CMAC be a mode of the BlockCipher it takes as parameter? */ + case "CMac", "CMacWithIV" -> Optional.of(new CMAC(detectionLocation)); + case "DSTU7564Mac" -> Optional.of(new Kupyna(Mac.class, new Kupyna(detectionLocation))); + case "DSTU7624Mac" -> { + /* what is the "Mac mode" of DSTU7624? It should be appended */ + yield Optional.of(new Kalyna(Mac.class, new Kalyna(detectionLocation))); + } + case "GMac" -> + Optional.of(Utils.unknownWithMode(new GMAC(detectionLocation), Mac.class)); + case "KGMac" -> + Optional.of( + Utils.cipherWithMode( + new Kalyna(Mac.class, new Kalyna(detectionLocation)), + new GMAC(detectionLocation))); + case "GOST28147Mac" -> + Optional.of(new GOST28147(Mac.class, new GOST28147(detectionLocation))); + case "KMAC" -> Optional.of(new KMAC(detectionLocation)); + case "Poly1305" -> + Optional.of(new Poly1305(Mac.class, new Poly1305(detectionLocation))); + case "SipHash" -> Optional.of(new SipHash(detectionLocation)); + case "SipHash128" -> Optional.of(new SipHash(128, detectionLocation)); + case "SkeinMac" -> Optional.of(new Skein(Mac.class, new Skein(detectionLocation))); + case "VMPCMac" -> Optional.of(new VMPCMAC(detectionLocation)); + case "Zuc128Mac" -> Optional.of(new ZUC(Mac.class, new ZUC(128, detectionLocation))); + case "Zuc256Mac" -> Optional.of(new ZUC(Mac.class, new ZUC(256, detectionLocation))); + default -> { + final Algorithm algorithm = new Algorithm(macString, Mac.class, detectionLocation); + algorithm.put(new Unknown(detectionLocation)); + yield Optional.of(algorithm); + } + }; + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcOperationModeKDFMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcOperationModeKDFMapper.java new file mode 100644 index 00000000..cef5f0e8 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcOperationModeKDFMapper.java @@ -0,0 +1,58 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.mapper.bc; + +import com.ibm.mapper.mapper.IMapper; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.algorithms.KDF1; +import com.ibm.mapper.model.algorithms.KDF2; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +/** Mapper for the {@code counterStart} argument of {@code HandshakeKDFFunction} */ +public class BcOperationModeKDFMapper implements IMapper { + + @Nonnull + @Override + public Optional parse( + @Nullable String str, @Nonnull DetectionLocation detectionLocation) { + if (str == null) { + return Optional.empty(); + } + try { + /* Constant used in `counterStart` + * + * KDF1 = 0; + * KDF2 = 1; + */ + int counterStart = Integer.parseInt(str); + return switch (counterStart) { + case 0 -> Optional.of(new KDF1(detectionLocation)); + case 1 -> Optional.of(new KDF2(detectionLocation)); + default -> Optional.empty(); + }; + + } catch (NumberFormatException e) { + return Optional.empty(); + } + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/Algorithm.java b/mapper/src/main/java/com/ibm/mapper/model/Algorithm.java index 7a6618bf..0ea1a214 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/Algorithm.java +++ b/mapper/src/main/java/com/ibm/mapper/model/Algorithm.java @@ -85,7 +85,7 @@ public Class getKind() { @Nonnull @Override public String asString() { - return name; + return getName(); } @Nonnull diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX942.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX942.java new file mode 100644 index 00000000..2830ec22 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX942.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.utils.DetectionLocation; +import org.jetbrains.annotations.NotNull; + +public class ANSIX942 extends Algorithm implements KeyDerivationFunction { + // https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__4__14__X9__42__DIFFIE__HELLMAN__KEY__DERIVATION.html + + private static final String NAME = "ANSI X9.42"; + + public ANSIX942(@NotNull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX963.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX963.java index 5df66c86..7c7f35a7 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX963.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX963.java @@ -25,6 +25,8 @@ import org.jetbrains.annotations.NotNull; public class ANSIX963 extends Algorithm implements KeyDerivationFunction { + // https://csrc.nist.gov/CSRC/media/Events/Key-Management-Workshop-2000/documents/x963_overview.pdf + private static final String NAME = "ANSI X9.63"; public ANSIX963(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/BIKE.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/BIKE.java new file mode 100644 index 00000000..aa34bd27 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/BIKE.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class BIKE extends Algorithm implements KeyEncapsulationMechanism { + // https://hal.science/hal-01671903/document + + private static final String NAME = "BIKE"; + + public BIKE(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/CMAC.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/CMAC.java index ac7af4a3..29d960d9 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/CMAC.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/CMAC.java @@ -26,6 +26,8 @@ import org.jetbrains.annotations.NotNull; public class CMAC extends Algorithm implements BlockCipher, Mac { + // https://en.wikipedia.org/wiki/One-key_MAC + private static final String NAME = "CMAC"; // OMAC, OMAC1, AES-CMAC public CMAC(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ClassicMcEliece.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ClassicMcEliece.java new file mode 100644 index 00000000..2a6b9bee --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ClassicMcEliece.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class ClassicMcEliece extends Algorithm implements KeyEncapsulationMechanism { + // https://classic.mceliece.org/index.html + + private static final String NAME = "Classic McEliece"; // CMCE + + public ClassicMcEliece(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ConcatenationKDF.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ConcatenationKDF.java new file mode 100644 index 00000000..445e9b43 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ConcatenationKDF.java @@ -0,0 +1,42 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class ConcatenationKDF extends Algorithm implements KeyDerivationFunction { + // See 5.8.1.2.1 of + // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf + + private static final String NAME = "ConcatenationKDF"; + + public ConcatenationKDF(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public ConcatenationKDF(@Nonnull MessageDigest messageDigest) { + this(messageDigest.getDetectionContext()); + this.put(messageDigest); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DSTU4145.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DSTU4145.java new file mode 100644 index 00000000..41c28376 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DSTU4145.java @@ -0,0 +1,33 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class DSTU4145 extends Algorithm implements Signature { + private static final String NAME = "DSTU 4145-2002"; + + public DSTU4145(@Nonnull DetectionLocation detectionLocation) { + super(NAME, Signature.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ECIES.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ECIES.java new file mode 100644 index 00000000..4d316983 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ECIES.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class ECIES extends Algorithm implements KeyEncapsulationMechanism { + // See 10.2 of https://www.shoup.net/iso/std6.pdf (ISO 18033) + + private static final String NAME = "ECIES"; // Elliptic Curve Integrated Encryption Scheme + + public ECIES(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/FrodoKEM.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/FrodoKEM.java new file mode 100644 index 00000000..702d8023 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/FrodoKEM.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class FrodoKEM extends Algorithm implements KeyEncapsulationMechanism { + // https://frodokem.org/files/FrodoKEM-specification-20210604.pdf + + private static final String NAME = "FrodoKEM"; + + public FrodoKEM(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/HKDF.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HKDF.java new file mode 100644 index 00000000..d196f14b --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HKDF.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class HKDF extends Algorithm implements KeyDerivationFunction { + // https://en.wikipedia.org/wiki/HKDF + + private static final String NAME = "HKDF"; // RFC 5869 + + public HKDF(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public HKDF(@Nonnull MessageDigest messageDigest) { + this(messageDigest.getDetectionContext()); + this.put(messageDigest); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/HQC.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HQC.java new file mode 100644 index 00000000..07365b18 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HQC.java @@ -0,0 +1,58 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.model.PublicKeyEncryption; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class HQC extends Algorithm implements KeyEncapsulationMechanism, PublicKeyEncryption { + // https://pqc-hqc.org/doc/hqc-specification_2023-04-30.pdf + + private static final String NAME = "HQC"; // Hamming Quasi-Cyclic + + /** Returns a more specific name "HQC.KEM" or "HQC.PKE" length */ + @Override + @Nonnull + public String getName() { + StringBuilder builtName = new StringBuilder(this.name); + + if (this.getKind() == KeyEncapsulationMechanism.class) { + builtName.append(".KEM"); + } else if (this.getKind() == PublicKeyEncryption.class) { + builtName.append(".PKE"); + } + + return builtName.toString(); + } + + // public HQC(@Nonnull DetectionLocation detectionLocation) { + // this(KeyEncapsulationMechanism.class, detectionLocation); + // } + + public HQC( + @Nonnull final Class asKind, + @Nonnull DetectionLocation detectionLocation) { + super(NAME, asKind, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java new file mode 100644 index 00000000..6ea31689 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java @@ -0,0 +1,68 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; + +public final class HarakaV2 extends Algorithm implements MessageDigest { + // https://eprint.iacr.org/2016/098.pdf + + private static final String NAME = "Haraka v2"; + + /** Returns a name of the form "Haraka-XXX v2" where XXX is the block size */ + @Override + @Nonnull + public String getName() { + StringBuilder builtName = new StringBuilder(this.name); + + Optional blockSize = this.hasChildOfType(BlockSize.class); + + if (blockSize.isPresent()) { + builtName = new StringBuilder("Haraka-"); + builtName.append(blockSize.get().asString()).append(" v2"); + } + + return builtName.toString(); + } + + public HarakaV2(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new DigestSize(256, detectionLocation)); + this.put(new ClassicalBitSecurityLevel(256, detectionLocation)); + } + + public HarakaV2(int blockSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new BlockSize(blockSize, detectionLocation)); + } + + public HarakaV2(@Nonnull final Class asKind, @Nonnull HarakaV2 haraka) { + super(haraka, asKind); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDF1.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDF1.java new file mode 100644 index 00000000..53efa125 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDF1.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KDF1 extends Algorithm implements KeyDerivationFunction { + // See 6.2.2 of https://www.shoup.net/iso/std6.pdf (ISO 18033) + + private static final String NAME = "KDF1"; + + public KDF1(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public KDF1(@Nonnull MessageDigest messageDigest) { + this(messageDigest.getDetectionContext()); + this.put(messageDigest); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDF2.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDF2.java new file mode 100644 index 00000000..f116f5d2 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDF2.java @@ -0,0 +1,42 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KDF2 extends Algorithm implements KeyDerivationFunction { + // See 13.2 of https://ieeexplore.ieee.org/document/1335427 (IEEE P1363a) + // See 6.2.3 of https://www.shoup.net/iso/std6.pdf (ISO 18033) + + private static final String NAME = "KDF2"; + + public KDF2(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public KDF2(@Nonnull MessageDigest messageDigest) { + this(messageDigest.getDetectionContext()); + this.put(messageDigest); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFCounter.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFCounter.java new file mode 100644 index 00000000..f7719027 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFCounter.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KDFCounter extends Algorithm implements KeyDerivationFunction { + // See 4.1 in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf + + private static final String NAME = "KDF in Counter Mode"; + + public KDFCounter(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public KDFCounter(@Nonnull Mac mac) { + this(mac.getDetectionContext()); + this.put(mac); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFDoublePipeline.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFDoublePipeline.java new file mode 100644 index 00000000..b7fcd70b --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFDoublePipeline.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KDFDoublePipeline extends Algorithm implements KeyDerivationFunction { + // See 4.3 in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf + + private static final String NAME = "KDF in Double-Pipeline Mode"; + + public KDFDoublePipeline(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public KDFDoublePipeline(@Nonnull Mac mac) { + this(mac.getDetectionContext()); + this.put(mac); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFFeedback.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFFeedback.java new file mode 100644 index 00000000..03d3266d --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFFeedback.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KDFFeedback extends Algorithm implements KeyDerivationFunction { + // See 4.2 in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf + + private static final String NAME = "KDF in Feedback Mode"; + + public KDFFeedback(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public KDFFeedback(@Nonnull Mac mac) { + this(mac.getDetectionContext()); + this.put(mac); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFSession.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFSession.java new file mode 100644 index 00000000..d86908b7 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KDFSession.java @@ -0,0 +1,42 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KDFSession extends Algorithm implements KeyDerivationFunction { + // See 4.3.3 of + // https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03111/BSI-TR-03111_V-2-1_pdf.pdf?__blob=publicationFile&v=1 + + private static final String NAME = "KDF Session"; // Key Derivation Function for Session Keys + + public KDFSession(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyDerivationFunction.class, detectionLocation); + } + + public KDFSession(@Nonnull MessageDigest messageDigest) { + this(messageDigest.getDetectionContext()); + this.put(messageDigest); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KMAC.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KMAC.java new file mode 100644 index 00000000..e8b24547 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KMAC.java @@ -0,0 +1,66 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; + +public final class KMAC extends Algorithm implements MessageDigest { + // https://www.cryptosys.net/manapi/api_kmac.html + + private static final String NAME = "KMAC"; + + /** Returns a name of the form "KMACXXX" where XXX is the security level in bits */ + @Override + @Nonnull + public String getName() { + StringBuilder builtName = new StringBuilder(this.name); + + Optional bitSecurityLevel = this.hasChildOfType(ClassicalBitSecurityLevel.class); + + if (bitSecurityLevel.isPresent()) { + builtName.append(bitSecurityLevel.get().asString()); + } + + return builtName.toString(); + } + + public KMAC(@Nonnull DetectionLocation detectionLocation) { + super(NAME, Mac.class, detectionLocation); + } + + public KMAC(int bitSecurityLevel, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new ClassicalBitSecurityLevel(bitSecurityLevel, detectionLocation)); + this.put(new DigestSize(2 * bitSecurityLevel, detectionLocation)); + } + + public KMAC(@Nonnull final Class asKind, @Nonnull KMAC kmac) { + super(kmac, asKind); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java index a528c4f8..67102896 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java @@ -23,6 +23,7 @@ import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.utils.DetectionLocation; import java.util.Optional; @@ -71,4 +72,8 @@ public Kalyna(int blockSize, int keyLength, @Nonnull DetectionLocation detection this.put(new BlockSize(blockSize, detectionLocation)); this.put(new KeyLength(keyLength, detectionLocation)); } + + public Kalyna(@Nonnull final Class asKind, @Nonnull Kalyna kalyna) { + super(kalyna, asKind); + } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java new file mode 100644 index 00000000..51706e3e --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java @@ -0,0 +1,45 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.NumberOfIterations; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class KangarooTwelve extends Algorithm implements MessageDigest { + // https://eprint.iacr.org/2016/770.pdf + + private static final String NAME = "KangarooTwelve"; + + public KangarooTwelve(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); + this.put(new NumberOfIterations(12, detectionLocation)); + } + + public KangarooTwelve(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java index 681c0dd4..86070fa1 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java @@ -20,14 +20,28 @@ package com.ibm.mapper.model.algorithms; import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.AuthenticatedEncryption; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.utils.DetectionLocation; -import org.jetbrains.annotations.NotNull; +import javax.annotation.Nonnull; + +public class Keccak extends Algorithm implements MessageDigest, AuthenticatedEncryption { + // https://keccak.team/keccak.html -public class Keccak extends Algorithm implements MessageDigest { private static final String NAME = "Keccak"; - public Keccak(@NotNull DetectionLocation detectionLocation) { + public Keccak(@Nonnull DetectionLocation detectionLocation) { super(NAME, MessageDigest.class, detectionLocation); } + + public Keccak(int capacity, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new ClassicalBitSecurityLevel(capacity / 2, detectionLocation)); + } + + public Keccak(@Nonnull final Class asKind, @Nonnull Keccak keccak) { + super(keccak, asKind); + } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/LMS.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/LMS.java new file mode 100644 index 00000000..4d2a8c3c --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/LMS.java @@ -0,0 +1,44 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +// Hash Based Signature (HBS) +public class LMS extends Algorithm implements Signature, MessageDigest { + // https://eprint.iacr.org/2017/349.pdf + + private static final String NAME = "LMS"; + + public LMS(@Nonnull DetectionLocation detectionLocation) { + this(Signature.class, detectionLocation); + } + + public LMS( + @Nonnull final Class asKind, + @Nonnull DetectionLocation detectionLocation) { + super(NAME, asKind, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/MD4.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MD4.java new file mode 100644 index 00000000..ff136793 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MD4.java @@ -0,0 +1,44 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class MD4 extends Algorithm implements MessageDigest { + private static final String NAME = "MD4"; + + public MD4(@Nonnull DetectionLocation detectionLocation) { + this(MessageDigest.class, detectionLocation); + } + + public MD4( + @Nonnull final Class asKind, + @Nonnull DetectionLocation detectionLocation) { + super(NAME, asKind, detectionLocation); + this.put(new BlockSize(512, detectionLocation)); + this.put(new DigestSize(128, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/MLKEM.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MLKEM.java new file mode 100644 index 00000000..c861b133 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MLKEM.java @@ -0,0 +1,37 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class MLKEM extends Algorithm implements KeyEncapsulationMechanism { + // https://en.wikipedia.org/wiki/Kyber + // https://pq-crystals.org/kyber/ + + private static final String NAME = + "ML-KEM"; // Kyber, Module-Lattice-Based Key-Encapsulation Mechanism + + public MLKEM(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java new file mode 100644 index 00000000..d9e42148 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java @@ -0,0 +1,45 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.NumberOfIterations; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class MarsupilamiFourteen extends Algorithm implements MessageDigest { + // https://eprint.iacr.org/2016/770.pdf + + private static final String NAME = "MarsupilamiFourteen"; + + public MarsupilamiFourteen(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new ClassicalBitSecurityLevel(256, detectionLocation)); + this.put(new NumberOfIterations(14, detectionLocation)); + } + + public MarsupilamiFourteen(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java new file mode 100644 index 00000000..792f1208 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class ParallelHash extends Algorithm implements MessageDigest { + // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf + + private static final String NAME = "ParallelHash"; + + public ParallelHash(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + } + + public ParallelHash(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RIPEMD.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RIPEMD.java new file mode 100644 index 00000000..0e2fda61 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RIPEMD.java @@ -0,0 +1,58 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; + +public final class RIPEMD extends Algorithm implements MessageDigest { + // https://en.wikipedia.org/wiki/RIPEMD + + private static final String NAME = "RIPEMD"; + + /** Returns a name of the form "RIPEMD-XXX" where XXX is the digest size */ + @Override + @Nonnull + public String getName() { + StringBuilder builtName = new StringBuilder(this.name); + + Optional digestSize = this.hasChildOfType(DigestSize.class); + + if (digestSize.isPresent()) { + builtName.append("-" + digestSize.get().asString()); + } + + return builtName.toString(); + } + + public RIPEMD(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + } + + public RIPEMD(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RSAKEM.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RSAKEM.java new file mode 100644 index 00000000..70f2053c --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RSAKEM.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class RSAKEM extends Algorithm implements KeyEncapsulationMechanism { + // See 11.5 of https://www.shoup.net/iso/std6.pdf (ISO 18033) + + private static final String NAME = "RSA-KEM"; + + public RSAKEM(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SABER.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SABER.java new file mode 100644 index 00000000..f8d0999c --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SABER.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class SABER extends Algorithm implements KeyEncapsulationMechanism { + // https://www.esat.kuleuven.be/cosic/pqcrypto/saber/ + + private static final String NAME = "SABER"; + + public SABER(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SHA3.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SHA3.java index 2ec69eb2..f111a3f8 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SHA3.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SHA3.java @@ -29,6 +29,10 @@ public final class SHA3 extends Algorithm implements MessageDigest { private static final String NAME = "SHA3"; + public SHA3(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + } + public SHA3(int digestSize, @Nonnull DetectionLocation detectionLocation) { super(NAME + "-" + digestSize, MessageDigest.class, detectionLocation); this.put(new DigestSize(digestSize, detectionLocation)); diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SipHash.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SipHash.java new file mode 100644 index 00000000..9b1b3763 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SipHash.java @@ -0,0 +1,43 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class SipHash extends Algorithm implements Mac { + // https://en.wikipedia.org/wiki/SipHash + + private static final String NAME = "SipHash"; + + public SipHash(int outputSize, @Nonnull DetectionLocation detectionLocation) { + super(NAME, Mac.class, detectionLocation); + this.put(new DigestSize(outputSize, detectionLocation)); + this.put(new KeyLength(128, detectionLocation)); + } + + public SipHash(@Nonnull DetectionLocation detectionLocation) { + this(64, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Skein.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Skein.java new file mode 100644 index 00000000..8de24016 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Skein.java @@ -0,0 +1,59 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.NumberOfIterations; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class Skein extends Algorithm implements MessageDigest { + // https://en.wikipedia.org/wiki/Skein_(hash_function) + + private static final String NAME = "Skein"; + + public Skein(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new Threefish(detectionLocation)); + } + + public Skein(int blockSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new BlockSize(blockSize, detectionLocation)); + if (blockSize == 256 || blockSize == 512) { + this.put(new NumberOfIterations(72, detectionLocation)); + } else if (blockSize == 1024) { + this.put(new NumberOfIterations(80, detectionLocation)); + } + } + + public Skein(int blockSize, int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(blockSize, detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } + + public Skein(@Nonnull final Class asKind, @Nonnull Skein skein) { + super(skein, asKind); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Tiger.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Tiger.java new file mode 100644 index 00000000..984a9158 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Tiger.java @@ -0,0 +1,46 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.NumberOfIterations; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class Tiger extends Algorithm implements MessageDigest { + // https://en.wikipedia.org/wiki/Tiger_(hash_function) + // https://iacr.org/archive/asiacrypt2007/48330539/48330539.pdf + + private static final String NAME = "Tiger"; + + public Tiger(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new BlockSize(512, detectionLocation)); + this.put(new NumberOfIterations(24, detectionLocation)); + } + + public Tiger(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java new file mode 100644 index 00000000..a6e2b6bd --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class TupleHash extends Algorithm implements MessageDigest { + // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf + + private static final String NAME = "TupleHash"; + + public TupleHash(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + } + + public TupleHash(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/VMPCMAC.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/VMPCMAC.java new file mode 100644 index 00000000..9a4ef963 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/VMPCMAC.java @@ -0,0 +1,33 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.utils.DetectionLocation; +import org.jetbrains.annotations.NotNull; + +public final class VMPCMAC extends Algorithm implements Mac { + // https://eprint.iacr.org/2004/301.pdf + + public VMPCMAC(@NotNull DetectionLocation detectionLocation) { + super("VMPC-MAC", Mac.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Whirlpool.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Whirlpool.java new file mode 100644 index 00000000..509c2971 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Whirlpool.java @@ -0,0 +1,41 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.NumberOfIterations; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class Whirlpool extends Algorithm implements MessageDigest { + // https://en.wikipedia.org/wiki/Whirlpool_(hash_function) + + private static final String NAME = "Whirlpool"; + + public Whirlpool(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new DigestSize(512, detectionLocation)); + this.put(new BlockSize(512, detectionLocation)); + this.put(new NumberOfIterations(10, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/XMSS.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/XMSS.java new file mode 100644 index 00000000..977e96e8 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/XMSS.java @@ -0,0 +1,44 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +// Hash Based Signature (HBS) +public class XMSS extends Algorithm implements Signature, MessageDigest { + // https://eprint.iacr.org/2017/349.pdf + + private static final String NAME = "XMSS"; + + public XMSS(@Nonnull DetectionLocation detectionLocation) { + this(Signature.class, detectionLocation); + } + + public XMSS( + @Nonnull final Class asKind, + @Nonnull DetectionLocation detectionLocation) { + super(NAME, asKind, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java index 8664b94b..053ff6c6 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java @@ -21,8 +21,10 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.NumberOfIterations; import com.ibm.mapper.model.StreamCipher; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; @@ -35,6 +37,8 @@ public class Xoodyak extends Algorithm public Xoodyak(@Nonnull DetectionLocation detectionLocation) { this(MessageDigest.class, detectionLocation); + this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); + this.put(new NumberOfIterations(12, detectionLocation)); } public Xoodyak( diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ZUC.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ZUC.java new file mode 100644 index 00000000..dce8d328 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ZUC.java @@ -0,0 +1,64 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.model.StreamCipher; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; + +public final class ZUC extends Algorithm implements StreamCipher, Mac { + // http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180416526664982687.pdf + + private static final String NAME = "ZUC"; + + public ZUC(@Nonnull DetectionLocation detectionLocation) { + super(NAME, StreamCipher.class, detectionLocation); + } + + /** Returns a name of the form "ZUC-XXX" where XXX is the bit security level */ + @Override + @Nonnull + public String getName() { + StringBuilder builtName = new StringBuilder(this.name); + + Optional securityLevel = this.hasChildOfType(ClassicalBitSecurityLevel.class); + + if (securityLevel.isPresent()) { + builtName.append("-").append(securityLevel.get().asString()); + } + + return builtName.toString(); + } + + public ZUC(int securityLevel, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new ClassicalBitSecurityLevel(securityLevel, detectionLocation)); + } + + public ZUC(@Nonnull final Class asKind, @Nonnull ZUC zuc) { + super(zuc, asKind); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java index 51e0902e..774bf862 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java @@ -25,12 +25,16 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class GOST28147 extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class GOST28147 extends Algorithm + implements BlockCipher, AuthenticatedEncryption, Mac { + // https://www.rfc-editor.org/rfc/rfc5830 + private static final String NAME = "GOST28147"; // Magma, GOST 28147-89 (RFC 5830) public GOST28147(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST341194.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST341194.java new file mode 100644 index 00000000..98255b23 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST341194.java @@ -0,0 +1,47 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.gost; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class GOST341194 extends Algorithm implements MessageDigest { + // https://en.wikipedia.org/wiki/GOST_(hash_function) + + private static final String NAME = + "GOST341194"; // GOST R 34.11-94, GOST 34.311-95, or just "GOST" + + public GOST341194(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new BlockSize(256, detectionLocation)); + this.put(new DigestSize(256, detectionLocation)); + // The hash function is derived from this block cipher: + this.put(new GOST28147(detectionLocation)); + } + + public GOST341194( + @Nonnull final Class asKind, @Nonnull GOST341194 gostr341194) { + super(gostr341194, asKind); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341012.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341012.java index 4d57625e..56541941 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341012.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341012.java @@ -25,7 +25,7 @@ import javax.annotation.Nonnull; public final class GOSTR341012 extends Algorithm implements Signature { - private static final String NAME = "GOSTR341012"; + private static final String NAME = "GOSTR341012"; // GOST R 34.10-2012 public GOSTR341012(@Nonnull DetectionLocation detectionLocation) { super(NAME, Signature.class, detectionLocation); diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341094.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341094.java new file mode 100644 index 00000000..46adf2b7 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOSTR341094.java @@ -0,0 +1,33 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.gost; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class GOSTR341094 extends Algorithm implements Signature { + private static final String NAME = "GOSTR341094"; // GOST R 34.10-94 + + public GOSTR341094(@Nonnull DetectionLocation detectionLocation) { + super(NAME, Signature.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java index a56ac00f..bd10c289 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java @@ -22,6 +22,7 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.NonceLength; import com.ibm.mapper.model.TagLength; @@ -30,7 +31,7 @@ import org.jetbrains.annotations.NotNull; public class Isap extends Algorithm implements AuthenticatedEncryption { - // https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/ISAP-spec.pdf + // https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/isap-spec-final.pdf private static final String NAME = "Isap"; @@ -38,6 +39,10 @@ public Isap(@NotNull DetectionLocation detectionLocation) { this(NAME, detectionLocation); } + public Isap(@Nonnull final Class asKind, @Nonnull Isap isap) { + super(isap, asKind); + } + protected Isap(@Nonnull String name, @NotNull DetectionLocation detectionLocation) { super(name, AuthenticatedEncryption.class, detectionLocation); this.put(new KeyLength(128, detectionLocation)); diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/NTRU.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/NTRU.java new file mode 100644 index 00000000..a3ba9722 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/NTRU.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.ntru; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class NTRU extends Algorithm implements KeyEncapsulationMechanism { + // https://ntru.org/ + + private static final String NAME = "NTRU"; + + public NTRU(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/NTRULPrime.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/NTRULPrime.java new file mode 100644 index 00000000..b1f10dc6 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/NTRULPrime.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.ntru; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class NTRULPrime extends Algorithm implements KeyEncapsulationMechanism { + // https://ntruprime.cr.yp.to/ + + private static final String NAME = "NTRU LPrime"; + + public NTRULPrime(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/StreamlinedNTRUPrime.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/StreamlinedNTRUPrime.java new file mode 100644 index 00000000..6703a4b7 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ntru/StreamlinedNTRUPrime.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.ntru; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyEncapsulationMechanism; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class StreamlinedNTRUPrime extends Algorithm implements KeyEncapsulationMechanism { + // https://ntruprime.cr.yp.to/ + + private static final String NAME = "Streamlined NTRU Prime"; // SNTRUPrime + + public StreamlinedNTRUPrime(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyEncapsulationMechanism.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Esch.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Esch.java new file mode 100644 index 00000000..d303cc2f --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Esch.java @@ -0,0 +1,66 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.sparkle; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.ClassicalBitSecurityLevel; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; + +public final class Esch extends Algorithm implements MessageDigest { + // https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/sparkle-spec-final.pdf + + private static final String NAME = "Esch"; // from the Sparkle family + + /** Returns a name of the form "EschXXX" where XXX is the digest size (and capacity) */ + @Override + @Nonnull + public String getName() { + StringBuilder builtName = new StringBuilder(this.name); + + Optional digestSize = this.hasChildOfType(DigestSize.class); + + if (digestSize.isPresent()) { + builtName.append(digestSize.get().asString()); + } + + return builtName.toString(); + } + + public Esch(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new BlockSize(128, detectionLocation)); + } + + public Esch(int digestSize, @Nonnull DetectionLocation detectionLocation) { + this(detectionLocation); + this.put(new DigestSize(digestSize, detectionLocation)); + if (digestSize == 256) { + this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); + } else if (digestSize == 384) { + this.put(new ClassicalBitSecurityLevel(192, detectionLocation)); + } + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java index 90090c7d..d7252f23 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java @@ -34,7 +34,7 @@ public class Schwaemm extends Algorithm implements AuthenticatedEncryption, BlockCipher { // https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/sparkle-spec-final.pdf - private static final String NAME = "Schwaemm"; + private static final String NAME = "Schwaemm"; // from the Sparkle family /** * Returns a name of the form "SchwaemmXXX-YYY" where XXX is the rate and YYY is the capacity diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/XOEsch.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/XOEsch.java new file mode 100644 index 00000000..7ddda79d --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/XOEsch.java @@ -0,0 +1,37 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.sparkle; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public final class XOEsch extends Algorithm implements MessageDigest { + // https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/sparkle-spec-final.pdf + + private static final String NAME = "XOEsch"; // from the Sparkle family + + public XOEsch(@Nonnull DetectionLocation detectionLocation) { + super(NAME, MessageDigest.class, detectionLocation); + this.put(new BlockSize(128, detectionLocation)); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/mode/GMAC.java b/mapper/src/main/java/com/ibm/mapper/model/mode/GMAC.java new file mode 100644 index 00000000..19af816b --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/mode/GMAC.java @@ -0,0 +1,32 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.mode; + +import com.ibm.mapper.model.Mode; +import com.ibm.mapper.utils.DetectionLocation; +import org.jetbrains.annotations.NotNull; + +public final class GMAC extends Mode { + // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf + + public GMAC(@NotNull DetectionLocation detectionLocation) { + super("GMAC", detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/Reorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/Reorganizer.java index 34763cce..b04dca51 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/Reorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/Reorganizer.java @@ -31,6 +31,9 @@ public final class Reorganizer implements IReorganizer { private static final Logger LOGGER = LoggerFactory.getLogger(Reorganizer.class); + // Maximum number of reorganization steps (to prevent infinite loops) + private static final int MAX_ITERATIONS = 10; + private final List rules; public Reorganizer(List rules) { @@ -52,9 +55,8 @@ public List reorganize(@Nonnull final List rootNodes) { */ List lastRootNodes = rootNodes; Optional> newRootNodes = Optional.of(rootNodes); - int maxIterations = 10; int counter = 0; - while (newRootNodes.isPresent() && counter < maxIterations) { + while (newRootNodes.isPresent() && counter < MAX_ITERATIONS) { lastRootNodes = newRootNodes.get(); newRootNodes = reorganizeRecursive( @@ -64,12 +66,12 @@ public List reorganize(@Nonnull final List rootNodes) { lastRootNodes); counter += 1; } - if (counter == maxIterations) { + if (counter == MAX_ITERATIONS) { String message = String.format( "The reorganizer stopped because it exceeded the maximum number of iterations (%d). " + "Check for a possible infinite loop in your reorganization rules.", - maxIterations); + MAX_ITERATIONS); LOGGER.warn(message); } return lastRootNodes; diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java index 9589c07c..710eab4d 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java @@ -19,6 +19,8 @@ */ package com.ibm.mapper.reorganizer.rules; +import com.ibm.mapper.ITranslator; +import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; @@ -28,6 +30,7 @@ import com.ibm.mapper.model.StreamCipher; import com.ibm.mapper.reorganizer.IReorganizerRule; import com.ibm.mapper.reorganizer.builder.ReorganizerRuleBuilder; +import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Map; @@ -43,6 +46,52 @@ private MacReorganizer() { // private } + @Nonnull + private static final IReorganizerRule MERGE_UNKNOWN_MAC_AND_CIPHER = + new ReorganizerRuleBuilder() + .createReorganizerRule() + .forNodeKind(Mac.class) + .forNodeValue(ITranslator.UNKNOWN) + .includingChildren( + List.of( + new ReorganizerRuleBuilder() + .createReorganizerRule() + .forNodeKind(BlockCipher.class) + .noAction())) + .perform( + (node, parent, roots) -> { + Algorithm blockCipher = + (Algorithm) + node.getChildren() + .get(BlockCipher.class) + .deepCopy(); + INode newMac = new Algorithm(blockCipher, Mac.class); + + for (Map.Entry, INode> childKeyValue : + node.getChildren().entrySet()) { + if (!childKeyValue.getKey().equals(BlockCipher.class)) { + newMac.put(childKeyValue.getValue()); + } + } + + if (parent == null) { + // `node` is a root node + // Create a copy of the roots list + List rootsCopy = new ArrayList<>(roots); + for (int i = 0; i < rootsCopy.size(); i++) { + if (rootsCopy.get(i).equals(node)) { + rootsCopy.set(i, newMac); + break; + } + } + return rootsCopy; + } else { + // Replace the previous PublicKeyEncryption node + parent.put(newMac); + return roots; + } + }); + @Nonnull private static final IReorganizerRule MOVE_NODES_UNDER_CIPHER = new ReorganizerRuleBuilder() @@ -182,6 +231,6 @@ private MacReorganizer() { @Unmodifiable @Nonnull public static List rules() { - return List.of(MOVE_NODES_UNDER_CIPHER); // RENAME_MAC + return List.of(MERGE_UNKNOWN_MAC_AND_CIPHER, MOVE_NODES_UNDER_CIPHER); // RENAME_MAC } }