From cfc950f8039ca780b87a6889b2913e6702961b4e Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Thu, 7 Jan 2021 21:18:51 +0000
Subject: [PATCH 1/7] Query for weak encryption: Insufficient key size
---
.../CWE/CWE-326/InsufficientKeySize.java | 37 +++++
.../CWE/CWE-326/InsufficientKeySize.qhelp | 33 ++++
.../CWE/CWE-326/InsufficientKeySize.ql | 155 ++++++++++++++++++
.../semmle/code/java/security/Encryption.qll | 12 ++
.../CWE-326/InsufficientKeySize.expected | 4 +
.../security/CWE-326/InsufficientKeySize.java | 41 +++++
.../CWE-326/InsufficientKeySize.qlref | 1 +
7 files changed, 283 insertions(+)
create mode 100644 java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
create mode 100644 java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
create mode 100644 java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
create mode 100644 java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
create mode 100644 java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
create mode 100644 java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
new file mode 100644
index 000000000000..6ccf025c2448
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
@@ -0,0 +1,37 @@
+public class InsufficientKeySize {
+ public void CryptoMethod() {
+ KeyGenerator keyGen1 = KeyGenerator.getInstance("AES");
+ // BAD: Key size is less than 128
+ keyGen1.init(64);
+
+ KeyGenerator keyGen2 = KeyGenerator.getInstance("AES");
+ // GOOD: Key size is no less than 128
+ keyGen2.init(128);
+
+ KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
+ // BAD: Key size is less than 2048
+ keyPairGen1.initialize(1024);
+
+ KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("RSA");
+ // GOOD: Key size is no less than 2048
+ keyPairGen2.initialize(2048);
+
+ KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DSA");
+ // BAD: Key size is less than 2048
+ keyPairGen3.initialize(1024);
+
+ KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("DSA");
+ // GOOD: Key size is no less than 2048
+ keyPairGen4.initialize(2048);
+
+ KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 224
+ ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1");
+ keyPairGen5.initialize(ecSpec1);
+
+ KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC");
+ // GOOD: Key size is no less than 224
+ ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1");
+ keyPairGen6.initialize(ecSpec2);
+ }
+}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
new file mode 100644
index 000000000000..8de21f1c90ab
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
@@ -0,0 +1,33 @@
+
+
+
+ This rule finds uses of encryption algorithms with too small a key size. Encryption algorithms
+are vulnerable to brute force attack when too small a key size is used.
+
+
+
+ The key should be at least 2048-bit long when using RSA and DSA encryption, 224-bit long when using EC encryption, and 128-bit long when using
+symmetric encryption.
+
+
+
+
+
+ Wikipedia.
+ Key size
+
+
+ SonarSource.
+ Cryptographic keys should be robust
+
+
+ CWE.
+ CWE-326: Inadequate Encryption Strength
+
+
+ C# implementation of CodeQL
+ codeql/csharp/ql/src/Security Features/InsufficientKeySize.ql
+
+
+
+
\ No newline at end of file
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
new file mode 100644
index 000000000000..882d997f1b82
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -0,0 +1,155 @@
+/**
+ * @name Weak encryption: Insufficient key size
+ * @description Finds uses of encryption algorithms with too small a key size
+ * @kind problem
+ * @id java/insufficient-key-size
+ * @tags security
+ * external/cwe/cwe-326
+ */
+
+import java
+import semmle.code.java.security.Encryption
+import semmle.code.java.dataflow.TaintTracking
+
+/** The Java class `javax.crypto.KeyGenerator`. */
+class KeyGenerator extends RefType {
+ KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") }
+}
+
+/** The Java class `javax.crypto.KeyGenerator`. */
+class KeyPairGenerator extends RefType {
+ KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") }
+}
+
+/** The Java class `java.security.spec.ECGenParameterSpec`. */
+class ECGenParameterSpec extends RefType {
+ ECGenParameterSpec() { this.hasQualifiedName("java.security.spec", "ECGenParameterSpec") }
+}
+
+/** The `init` method declared in `javax.crypto.KeyGenerator`. */
+class KeyGeneratorInitMethod extends Method {
+ KeyGeneratorInitMethod() {
+ getDeclaringType() instanceof KeyGenerator and
+ hasName("init")
+ }
+}
+
+/** The `initialize` method declared in `java.security.KeyPairGenerator`. */
+class KeyPairGeneratorInitMethod extends Method {
+ KeyPairGeneratorInitMethod() {
+ getDeclaringType() instanceof KeyPairGenerator and
+ hasName("initialize")
+ }
+}
+
+/** Taint configuration tracking flow from a key generator to a `init` method call. */
+class CryptoKeyGeneratorConfiguration extends TaintTracking::Configuration {
+ CryptoKeyGeneratorConfiguration() { this = "CryptoKeyGeneratorConfiguration" }
+
+ override predicate isSource(DataFlow::Node source) {
+ exists(JavaxCryptoKeyGenerator jcg | jcg = source.asExpr())
+ }
+
+ override predicate isSink(DataFlow::Node sink) {
+ exists(MethodAccess ma |
+ ma.getMethod() instanceof KeyGeneratorInitMethod and
+ sink.asExpr() = ma.getQualifier()
+ )
+ }
+}
+
+/** Taint configuration tracking flow from a keypair generator to a `initialize` method call. */
+class KeyPairGeneratorConfiguration extends TaintTracking::Configuration {
+ KeyPairGeneratorConfiguration() { this = "KeyPairGeneratorConfiguration" }
+
+ override predicate isSource(DataFlow::Node source) {
+ exists(JavaSecurityKeyPairGenerator jkg | jkg = source.asExpr())
+ }
+
+ override predicate isSink(DataFlow::Node sink) {
+ exists(MethodAccess ma |
+ ma.getMethod() instanceof KeyPairGeneratorInitMethod and
+ sink.asExpr() = ma.getQualifier()
+ )
+ }
+}
+
+/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */
+predicate incorrectUseOfAES(MethodAccess ma, string msg) {
+ ma.getMethod() instanceof KeyGeneratorInitMethod and
+ exists(
+ JavaxCryptoKeyGenerator jcg, CryptoKeyGeneratorConfiguration cc, DataFlow::PathNode source,
+ DataFlow::PathNode dest
+ |
+ jcg.getAlgoSpec().(StringLiteral).getValue() = "AES" and
+ source.getNode().asExpr() = jcg and
+ dest.getNode().asExpr() = ma.getQualifier() and
+ cc.hasFlowPath(source, dest)
+ ) and
+ ma.getArgument(0).(IntegerLiteral).getIntValue() < 128 and
+ msg = "Key size should be at least 128 bits for AES encryption."
+}
+
+/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */
+predicate incorrectUseOfDSA(MethodAccess ma, string msg) {
+ ma.getMethod() instanceof KeyPairGeneratorInitMethod and
+ exists(
+ JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source,
+ DataFlow::PathNode dest
+ |
+ jpg.getAlgoSpec().(StringLiteral).getValue() = "DSA" and
+ source.getNode().asExpr() = jpg and
+ dest.getNode().asExpr() = ma.getQualifier() and
+ kc.hasFlowPath(source, dest)
+ ) and
+ ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and
+ msg = "Key size should be at least 2048 bits for DSA encryption."
+}
+
+/** Holds if a RSA `KeyPairGenerator` is initialized with an insufficient key size. */
+predicate incorrectUseOfRSA(MethodAccess ma, string msg) {
+ ma.getMethod() instanceof KeyPairGeneratorInitMethod and
+ exists(
+ JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source,
+ DataFlow::PathNode dest
+ |
+ jpg.getAlgoSpec().(StringLiteral).getValue() = "RSA" and
+ source.getNode().asExpr() = jpg and
+ dest.getNode().asExpr() = ma.getQualifier() and
+ kc.hasFlowPath(source, dest)
+ ) and
+ ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and
+ msg = "Key size should be at least 2048 bits for RSA encryption."
+}
+
+/** Holds if an EC `KeyPairGenerator` is initialized with an insufficient key size. */
+predicate incorrectUseOfEC(MethodAccess ma, string msg) {
+ ma.getMethod() instanceof KeyPairGeneratorInitMethod and
+ exists(
+ JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source,
+ DataFlow::PathNode dest, ClassInstanceExpr cie
+ |
+ jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and //ECC variants such as ECDH and ECDSA
+ source.getNode().asExpr() = jpg and
+ dest.getNode().asExpr() = ma.getQualifier() and
+ kc.hasFlowPath(source, dest) and
+ exists(VariableAssign va |
+ ma.getArgument(0).(VarAccess).getVariable() = va.getDestVar() and
+ va.getSource() = cie and
+ cie.getArgument(0)
+ .(StringLiteral)
+ .getRepresentedString()
+ .regexpCapture(".*[a-zA-Z]+([0-9]+)[a-zA-Z]+.*", 1)
+ .toInt() < 224
+ )
+ ) and
+ msg = "Key size should be at least 224 bits for EC encryption."
+}
+
+from Expr e, string msg
+where
+ incorrectUseOfAES(e, msg) or
+ incorrectUseOfDSA(e, msg) or
+ incorrectUseOfRSA(e, msg) or
+ incorrectUseOfEC(e, msg)
+select e, msg
diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll
index d48a5c6c715f..b133fd3c5235 100644
--- a/java/ql/src/semmle/code/java/security/Encryption.qll
+++ b/java/ql/src/semmle/code/java/security/Encryption.qll
@@ -304,3 +304,15 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec {
override Expr getAlgoSpec() { result = this.(ConstructorCall).getArgument(0) }
}
+
+/** Method call to the Java class `java.security.KeyPairGenerator`. */
+class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec {
+ JavaSecurityKeyPairGenerator() {
+ exists(Method m | m.getAReference() = this |
+ m.getDeclaringType().getQualifiedName() = "java.security.KeyPairGenerator" and
+ m.getName() = "getInstance"
+ )
+ }
+
+ override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) }
+}
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
new file mode 100644
index 000000000000..b47469aed5db
--- /dev/null
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
@@ -0,0 +1,4 @@
+| InsufficientKeySize.java:9:9:9:24 | init(...) | Key size should be at least 128 bits for AES encryption. |
+| InsufficientKeySize.java:17:9:17:36 | initialize(...) | Key size should be at least 2048 bits for RSA encryption. |
+| InsufficientKeySize.java:25:9:25:36 | initialize(...) | Key size should be at least 2048 bits for DSA encryption. |
+| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
new file mode 100644
index 000000000000..13f74b6fac30
--- /dev/null
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
@@ -0,0 +1,41 @@
+import java.security.KeyPairGenerator;
+import java.security.spec.ECGenParameterSpec;
+import javax.crypto.KeyGenerator;
+
+public class InsufficientKeySize {
+ public void CryptoMethod() {
+ KeyGenerator keyGen1 = KeyGenerator.getInstance("AES");
+ // BAD: Key size is less than 128
+ keyGen1.init(64);
+
+ KeyGenerator keyGen2 = KeyGenerator.getInstance("AES");
+ // GOOD: Key size is no less than 128
+ keyGen2.init(128);
+
+ KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
+ // BAD: Key size is less than 2048
+ keyPairGen1.initialize(1024);
+
+ KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("RSA");
+ // GOOD: Key size is no less than 2048
+ keyPairGen2.initialize(2048);
+
+ KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DSA");
+ // BAD: Key size is less than 2048
+ keyPairGen3.initialize(1024);
+
+ KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("DSA");
+ // GOOD: Key size is no less than 2048
+ keyPairGen4.initialize(2048);
+
+ KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 224
+ ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1");
+ keyPairGen5.initialize(ecSpec1);
+
+ KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC");
+ // GOOD: Key size is no less than 224
+ ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1");
+ keyPairGen6.initialize(ecSpec2);
+ }
+}
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref
new file mode 100644
index 000000000000..2b35cd6921e2
--- /dev/null
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
\ No newline at end of file
From cbaee937d0ab8962278be494e36eaad5ab24693f Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Fri, 8 Jan 2021 21:56:34 +0000
Subject: [PATCH 2/7] Optimize the query
---
.../CWE/CWE-326/InsufficientKeySize.qhelp | 6 +-
.../CWE/CWE-326/InsufficientKeySize.ql | 91 ++++++++-----------
.../semmle/code/java/security/Encryption.qll | 14 ++-
.../CWE-326/InsufficientKeySize.expected | 4 +
.../security/CWE-326/InsufficientKeySize.java | 21 ++++-
5 files changed, 77 insertions(+), 59 deletions(-)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
index 8de21f1c90ab..10ec6adc9df1 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
@@ -6,7 +6,7 @@ are vulnerable to brute force attack when too small a key size is used.
- The key should be at least 2048-bit long when using RSA and DSA encryption, 224-bit long when using EC encryption, and 128-bit long when using
+
The key should be at least 2048 bits long when using RSA and DSA encryption, 224 bits long when using EC encryption, and 128 bits long when using
symmetric encryption.
@@ -24,10 +24,6 @@ symmetric encryption.
CWE.
CWE-326: Inadequate Encryption Strength
-
- C# implementation of CodeQL
- codeql/csharp/ql/src/Security Features/InsufficientKeySize.ql
-
\ No newline at end of file
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
index 882d997f1b82..df265f267f7b 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -11,16 +11,6 @@ import java
import semmle.code.java.security.Encryption
import semmle.code.java.dataflow.TaintTracking
-/** The Java class `javax.crypto.KeyGenerator`. */
-class KeyGenerator extends RefType {
- KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") }
-}
-
-/** The Java class `javax.crypto.KeyGenerator`. */
-class KeyPairGenerator extends RefType {
- KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") }
-}
-
/** The Java class `java.security.spec.ECGenParameterSpec`. */
class ECGenParameterSpec extends RefType {
ECGenParameterSpec() { this.hasQualifiedName("java.security.spec", "ECGenParameterSpec") }
@@ -42,9 +32,19 @@ class KeyPairGeneratorInitMethod extends Method {
}
}
+/** Returns the key size in the EC algorithm string */
+bindingset[algorithm]
+int getECKeySize(string algorithm) {
+ algorithm.matches("sec%") and // specification such as "secp256r1"
+ result = algorithm.regexpCapture("sec[p|t](\\d+)[a-zA-Z].*", 1).toInt()
+ or
+ algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2"
+ result = algorithm.regexpCapture("X9.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
+}
+
/** Taint configuration tracking flow from a key generator to a `init` method call. */
-class CryptoKeyGeneratorConfiguration extends TaintTracking::Configuration {
- CryptoKeyGeneratorConfiguration() { this = "CryptoKeyGeneratorConfiguration" }
+class KeyGeneratorInitConfiguration extends TaintTracking::Configuration {
+ KeyGeneratorInitConfiguration() { this = "KeyGeneratorInitConfiguration" }
override predicate isSource(DataFlow::Node source) {
exists(JavaxCryptoKeyGenerator jcg | jcg = source.asExpr())
@@ -59,8 +59,8 @@ class CryptoKeyGeneratorConfiguration extends TaintTracking::Configuration {
}
/** Taint configuration tracking flow from a keypair generator to a `initialize` method call. */
-class KeyPairGeneratorConfiguration extends TaintTracking::Configuration {
- KeyPairGeneratorConfiguration() { this = "KeyPairGeneratorConfiguration" }
+class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration {
+ KeyPairGeneratorInitConfiguration() { this = "KeyPairGeneratorInitConfiguration" }
override predicate isSource(DataFlow::Node source) {
exists(JavaSecurityKeyPairGenerator jkg | jkg = source.asExpr())
@@ -75,10 +75,10 @@ class KeyPairGeneratorConfiguration extends TaintTracking::Configuration {
}
/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */
-predicate incorrectUseOfAES(MethodAccess ma, string msg) {
+predicate hasShortAESKey(MethodAccess ma, string msg) {
ma.getMethod() instanceof KeyGeneratorInitMethod and
exists(
- JavaxCryptoKeyGenerator jcg, CryptoKeyGeneratorConfiguration cc, DataFlow::PathNode source,
+ JavaxCryptoKeyGenerator jcg, KeyGeneratorInitConfiguration cc, DataFlow::PathNode source,
DataFlow::PathNode dest
|
jcg.getAlgoSpec().(StringLiteral).getValue() = "AES" and
@@ -90,66 +90,55 @@ predicate incorrectUseOfAES(MethodAccess ma, string msg) {
msg = "Key size should be at least 128 bits for AES encryption."
}
-/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */
-predicate incorrectUseOfDSA(MethodAccess ma, string msg) {
+/** Holds if an asymmetric `KeyPairGenerator` is initialized with an insufficient key size. */
+bindingset[type]
+predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
ma.getMethod() instanceof KeyPairGeneratorInitMethod and
exists(
- JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source,
- DataFlow::PathNode dest
+ JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
+ DataFlow::PathNode source, DataFlow::PathNode dest
|
- jpg.getAlgoSpec().(StringLiteral).getValue() = "DSA" and
+ jpg.getAlgoSpec().(StringLiteral).getValue() = type and
source.getNode().asExpr() = jpg and
dest.getNode().asExpr() = ma.getQualifier() and
kc.hasFlowPath(source, dest)
) and
ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and
- msg = "Key size should be at least 2048 bits for DSA encryption."
+ msg = "Key size should be at least 2048 bits for " + type + " encryption."
+}
+
+/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */
+predicate hasShortDSAKeyPair(MethodAccess ma, string msg) {
+ hasShortAsymmetricKeyPair(ma, msg, "DSA")
}
/** Holds if a RSA `KeyPairGenerator` is initialized with an insufficient key size. */
-predicate incorrectUseOfRSA(MethodAccess ma, string msg) {
- ma.getMethod() instanceof KeyPairGeneratorInitMethod and
- exists(
- JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source,
- DataFlow::PathNode dest
- |
- jpg.getAlgoSpec().(StringLiteral).getValue() = "RSA" and
- source.getNode().asExpr() = jpg and
- dest.getNode().asExpr() = ma.getQualifier() and
- kc.hasFlowPath(source, dest)
- ) and
- ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and
- msg = "Key size should be at least 2048 bits for RSA encryption."
+predicate hasShortRSAKeyPair(MethodAccess ma, string msg) {
+ hasShortAsymmetricKeyPair(ma, msg, "RSA")
}
/** Holds if an EC `KeyPairGenerator` is initialized with an insufficient key size. */
-predicate incorrectUseOfEC(MethodAccess ma, string msg) {
+predicate hasShortECKeyPair(MethodAccess ma, string msg) {
ma.getMethod() instanceof KeyPairGeneratorInitMethod and
exists(
- JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source,
- DataFlow::PathNode dest, ClassInstanceExpr cie
+ JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
+ DataFlow::PathNode source, DataFlow::PathNode dest, ClassInstanceExpr cie
|
jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and //ECC variants such as ECDH and ECDSA
source.getNode().asExpr() = jpg and
dest.getNode().asExpr() = ma.getQualifier() and
kc.hasFlowPath(source, dest) and
- exists(VariableAssign va |
- ma.getArgument(0).(VarAccess).getVariable() = va.getDestVar() and
- va.getSource() = cie and
- cie.getArgument(0)
- .(StringLiteral)
- .getRepresentedString()
- .regexpCapture(".*[a-zA-Z]+([0-9]+)[a-zA-Z]+.*", 1)
- .toInt() < 224
- )
+ DataFlow::localExprFlow(cie, ma.getArgument(0)) and
+ ma.getArgument(0).getType() instanceof ECGenParameterSpec and
+ getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 224
) and
msg = "Key size should be at least 224 bits for EC encryption."
}
from Expr e, string msg
where
- incorrectUseOfAES(e, msg) or
- incorrectUseOfDSA(e, msg) or
- incorrectUseOfRSA(e, msg) or
- incorrectUseOfEC(e, msg)
+ hasShortAESKey(e, msg) or
+ hasShortDSAKeyPair(e, msg) or
+ hasShortRSAKeyPair(e, msg) or
+ hasShortECKeyPair(e, msg)
select e, msg
diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll
index b133fd3c5235..9c10569d8c10 100644
--- a/java/ql/src/semmle/code/java/security/Encryption.qll
+++ b/java/ql/src/semmle/code/java/security/Encryption.qll
@@ -38,6 +38,16 @@ class HostnameVerifier extends RefType {
HostnameVerifier() { hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
}
+/** The Java class `javax.crypto.KeyGenerator`. */
+class KeyGenerator extends RefType {
+ KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") }
+}
+
+/** The Java class `java.security.KeyPairGenerator`. */
+class KeyPairGenerator extends RefType {
+ KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") }
+}
+
/** The `verify` method of the class `javax.net.ssl.HostnameVerifier`. */
class HostnameVerifierVerify extends Method {
HostnameVerifierVerify() {
@@ -248,7 +258,7 @@ class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec {
class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec {
JavaxCryptoKeyGenerator() {
exists(Method m | m.getAReference() = this |
- m.getDeclaringType().getQualifiedName() = "javax.crypto.KeyGenerator" and
+ m.getDeclaringType() instanceof KeyGenerator and
m.getName() = "getInstance"
)
}
@@ -309,7 +319,7 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec {
class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec {
JavaSecurityKeyPairGenerator() {
exists(Method m | m.getAReference() = this |
- m.getDeclaringType().getQualifiedName() = "java.security.KeyPairGenerator" and
+ m.getDeclaringType() instanceof KeyPairGenerator and
m.getName() = "getInstance"
)
}
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
index b47469aed5db..f350495d28f8 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
@@ -2,3 +2,7 @@
| InsufficientKeySize.java:17:9:17:36 | initialize(...) | Key size should be at least 2048 bits for RSA encryption. |
| InsufficientKeySize.java:25:9:25:36 | initialize(...) | Key size should be at least 2048 bits for DSA encryption. |
| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
+| InsufficientKeySize.java:38:9:38:67 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
+| InsufficientKeySize.java:48:9:48:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
+| InsufficientKeySize.java:53:9:53:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
+| InsufficientKeySize.java:58:9:58:40 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
index 13f74b6fac30..80d49cdf5f18 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
@@ -34,8 +34,27 @@ public void CryptoMethod() {
keyPairGen5.initialize(ecSpec1);
KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 224
+ keyPairGen6.initialize(new ECGenParameterSpec("secp112r1"));
+
+ KeyPairGenerator keyPairGen7 = KeyPairGenerator.getInstance("EC");
// GOOD: Key size is no less than 224
ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1");
- keyPairGen6.initialize(ecSpec2);
+ keyPairGen7.initialize(ecSpec2);
+
+ KeyPairGenerator keyPairGen8 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 224
+ ECGenParameterSpec ecSpec3 = new ECGenParameterSpec("X9.62 prime192v2");
+ keyPairGen8.initialize(ecSpec3);
+
+ KeyPairGenerator keyPairGen9 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 224
+ ECGenParameterSpec ecSpec4 = new ECGenParameterSpec("X9.62 c2tnb191v3");
+ keyPairGen9.initialize(ecSpec4);
+
+ KeyPairGenerator keyPairGen10 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 224
+ ECGenParameterSpec ecSpec5 = new ECGenParameterSpec("sect163k1");
+ keyPairGen10.initialize(ecSpec5);
}
}
From 058f3af4b21bfe3dec4bdcbb84f3bd26c5830dca Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Sat, 9 Jan 2021 13:48:29 +0000
Subject: [PATCH 3/7] Refactor the hasShortSymmetricKey method
---
.../Security/CWE/CWE-326/InsufficientKeySize.ql | 14 +++++++++-----
.../security/CWE-326/InsufficientKeySize.java | 5 +++++
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
index df265f267f7b..169e1e58a699 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -39,7 +39,7 @@ int getECKeySize(string algorithm) {
result = algorithm.regexpCapture("sec[p|t](\\d+)[a-zA-Z].*", 1).toInt()
or
algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2"
- result = algorithm.regexpCapture("X9.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
+ result = algorithm.regexpCapture("X9\\.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
}
/** Taint configuration tracking flow from a key generator to a `init` method call. */
@@ -74,22 +74,26 @@ class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration {
}
}
-/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */
-predicate hasShortAESKey(MethodAccess ma, string msg) {
+/** Holds if a symmetric `KeyGenerator` is initialized with an insufficient key size. */
+bindingset[type]
+predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) {
ma.getMethod() instanceof KeyGeneratorInitMethod and
exists(
JavaxCryptoKeyGenerator jcg, KeyGeneratorInitConfiguration cc, DataFlow::PathNode source,
DataFlow::PathNode dest
|
- jcg.getAlgoSpec().(StringLiteral).getValue() = "AES" and
+ jcg.getAlgoSpec().(StringLiteral).getValue() = type and
source.getNode().asExpr() = jcg and
dest.getNode().asExpr() = ma.getQualifier() and
cc.hasFlowPath(source, dest)
) and
ma.getArgument(0).(IntegerLiteral).getIntValue() < 128 and
- msg = "Key size should be at least 128 bits for AES encryption."
+ msg = "Key size should be at least 128 bits for " + type + " encryption."
}
+/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */
+predicate hasShortAESKey(MethodAccess ma, string msg) { hasShortSymmetricKey(ma, msg, "AES") }
+
/** Holds if an asymmetric `KeyPairGenerator` is initialized with an insufficient key size. */
bindingset[type]
predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
index 80d49cdf5f18..45b7c610df11 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
@@ -56,5 +56,10 @@ public void CryptoMethod() {
// BAD: Key size is less than 224
ECGenParameterSpec ecSpec5 = new ECGenParameterSpec("sect163k1");
keyPairGen10.initialize(ecSpec5);
+
+ KeyPairGenerator keyPairGen11 = KeyPairGenerator.getInstance("EC");
+ // GOOD: Key size is no less than 224
+ ECGenParameterSpec ecSpec6 = new ECGenParameterSpec("X9.62 c2tnb359v1");
+ keyPairGen11.initialize(ecSpec6);
}
}
From 2ac7b4bab42c4146fb9f629291d049efa43d52e8 Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Mon, 11 Jan 2021 12:59:00 +0000
Subject: [PATCH 4/7] Update qldoc
---
.../Security/CWE/CWE-326/InsufficientKeySize.ql | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
index 169e1e58a699..c925ef0a9661 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -74,7 +74,7 @@ class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration {
}
}
-/** Holds if a symmetric `KeyGenerator` is initialized with an insufficient key size. */
+/** Holds if a symmetric `KeyGenerator` implementing encryption algorithm `type` and initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
bindingset[type]
predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) {
ma.getMethod() instanceof KeyGeneratorInitMethod and
@@ -91,10 +91,10 @@ predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) {
msg = "Key size should be at least 128 bits for " + type + " encryption."
}
-/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */
+/** Holds if an AES `KeyGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
predicate hasShortAESKey(MethodAccess ma, string msg) { hasShortSymmetricKey(ma, msg, "AES") }
-/** Holds if an asymmetric `KeyPairGenerator` is initialized with an insufficient key size. */
+/** Holds if an asymmetric `KeyPairGenerator` implementing encryption algorithm `type` and initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
bindingset[type]
predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
ma.getMethod() instanceof KeyPairGeneratorInitMethod and
@@ -111,24 +111,24 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
msg = "Key size should be at least 2048 bits for " + type + " encryption."
}
-/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */
+/** Holds if a DSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
predicate hasShortDSAKeyPair(MethodAccess ma, string msg) {
hasShortAsymmetricKeyPair(ma, msg, "DSA")
}
-/** Holds if a RSA `KeyPairGenerator` is initialized with an insufficient key size. */
+/** Holds if a RSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
predicate hasShortRSAKeyPair(MethodAccess ma, string msg) {
hasShortAsymmetricKeyPair(ma, msg, "RSA")
}
-/** Holds if an EC `KeyPairGenerator` is initialized with an insufficient key size. */
+/** Holds if an EC `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
predicate hasShortECKeyPair(MethodAccess ma, string msg) {
ma.getMethod() instanceof KeyPairGeneratorInitMethod and
exists(
JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
DataFlow::PathNode source, DataFlow::PathNode dest, ClassInstanceExpr cie
|
- jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and //ECC variants such as ECDH and ECDSA
+ jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and // ECC variants such as ECDH and ECDSA
source.getNode().asExpr() = jpg and
dest.getNode().asExpr() = ma.getQualifier() and
kc.hasFlowPath(source, dest) and
From ab7d257569907903cf6731fa10f64c348ad25b46 Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Fri, 15 Jan 2021 13:11:32 +0000
Subject: [PATCH 5/7] Add more cases and change EC to 256 bits
---
.../CWE/CWE-326/InsufficientKeySize.ql | 11 +++--
.../CWE-326/InsufficientKeySize.expected | 13 +++---
.../security/CWE-326/InsufficientKeySize.java | 42 +++++++++++++++----
3 files changed, 50 insertions(+), 16 deletions(-)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
index c925ef0a9661..41242a448055 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -40,6 +40,9 @@ int getECKeySize(string algorithm) {
or
algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2"
result = algorithm.regexpCapture("X9\\.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
+ or
+ (algorithm.matches("prime%") or algorithm.matches("c2tnb%")) and //specification such as "prime192v2"
+ result = algorithm.regexpCapture(".*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
}
/** Taint configuration tracking flow from a key generator to a `init` method call. */
@@ -102,7 +105,7 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
DataFlow::PathNode source, DataFlow::PathNode dest
|
- jpg.getAlgoSpec().(StringLiteral).getValue() = type and
+ jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = type and
source.getNode().asExpr() = jpg and
dest.getNode().asExpr() = ma.getQualifier() and
kc.hasFlowPath(source, dest)
@@ -113,7 +116,7 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
/** Holds if a DSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
predicate hasShortDSAKeyPair(MethodAccess ma, string msg) {
- hasShortAsymmetricKeyPair(ma, msg, "DSA")
+ hasShortAsymmetricKeyPair(ma, msg, "DSA") or hasShortAsymmetricKeyPair(ma, msg, "DH")
}
/** Holds if a RSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
@@ -134,9 +137,9 @@ predicate hasShortECKeyPair(MethodAccess ma, string msg) {
kc.hasFlowPath(source, dest) and
DataFlow::localExprFlow(cie, ma.getArgument(0)) and
ma.getArgument(0).getType() instanceof ECGenParameterSpec and
- getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 224
+ getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 256
) and
- msg = "Key size should be at least 224 bits for EC encryption."
+ msg = "Key size should be at least 256 bits for EC encryption."
}
from Expr e, string msg
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
index f350495d28f8..421335b84ff9 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected
@@ -1,8 +1,11 @@
| InsufficientKeySize.java:9:9:9:24 | init(...) | Key size should be at least 128 bits for AES encryption. |
| InsufficientKeySize.java:17:9:17:36 | initialize(...) | Key size should be at least 2048 bits for RSA encryption. |
| InsufficientKeySize.java:25:9:25:36 | initialize(...) | Key size should be at least 2048 bits for DSA encryption. |
-| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
-| InsufficientKeySize.java:38:9:38:67 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
-| InsufficientKeySize.java:48:9:48:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
-| InsufficientKeySize.java:53:9:53:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
-| InsufficientKeySize.java:58:9:58:40 | initialize(...) | Key size should be at least 224 bits for EC encryption. |
+| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:38:9:38:67 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:48:9:48:39 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:53:9:53:39 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:58:9:58:40 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:68:9:68:40 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:78:9:78:40 | initialize(...) | Key size should be at least 256 bits for EC encryption. |
+| InsufficientKeySize.java:87:9:87:37 | initialize(...) | Key size should be at least 2048 bits for DH encryption. |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
index 45b7c610df11..df46d6e69a9c 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java
@@ -29,37 +29,65 @@ public void CryptoMethod() {
keyPairGen4.initialize(2048);
KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
- // BAD: Key size is less than 224
+ // BAD: Key size is less than 256
ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1");
keyPairGen5.initialize(ecSpec1);
KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC");
- // BAD: Key size is less than 224
+ // BAD: Key size is less than 256
keyPairGen6.initialize(new ECGenParameterSpec("secp112r1"));
KeyPairGenerator keyPairGen7 = KeyPairGenerator.getInstance("EC");
- // GOOD: Key size is no less than 224
+ // GOOD: Key size is no less than 256
ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1");
keyPairGen7.initialize(ecSpec2);
KeyPairGenerator keyPairGen8 = KeyPairGenerator.getInstance("EC");
- // BAD: Key size is less than 224
+ // BAD: Key size is less than 256
ECGenParameterSpec ecSpec3 = new ECGenParameterSpec("X9.62 prime192v2");
keyPairGen8.initialize(ecSpec3);
KeyPairGenerator keyPairGen9 = KeyPairGenerator.getInstance("EC");
- // BAD: Key size is less than 224
+ // BAD: Key size is less than 256
ECGenParameterSpec ecSpec4 = new ECGenParameterSpec("X9.62 c2tnb191v3");
keyPairGen9.initialize(ecSpec4);
KeyPairGenerator keyPairGen10 = KeyPairGenerator.getInstance("EC");
- // BAD: Key size is less than 224
+ // BAD: Key size is less than 256
ECGenParameterSpec ecSpec5 = new ECGenParameterSpec("sect163k1");
keyPairGen10.initialize(ecSpec5);
KeyPairGenerator keyPairGen11 = KeyPairGenerator.getInstance("EC");
- // GOOD: Key size is no less than 224
+ // GOOD: Key size is no less than 256
ECGenParameterSpec ecSpec6 = new ECGenParameterSpec("X9.62 c2tnb359v1");
keyPairGen11.initialize(ecSpec6);
+
+ KeyPairGenerator keyPairGen12 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 256
+ ECGenParameterSpec ecSpec7 = new ECGenParameterSpec("prime192v2");
+ keyPairGen12.initialize(ecSpec7);
+
+ KeyPairGenerator keyPairGen13 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is no less than 256
+ ECGenParameterSpec ecSpec8 = new ECGenParameterSpec("prime256v1");
+ keyPairGen13.initialize(ecSpec8);
+
+ KeyPairGenerator keyPairGen14 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is less than 256
+ ECGenParameterSpec ecSpec9 = new ECGenParameterSpec("c2tnb191v1");
+ keyPairGen14.initialize(ecSpec9);
+
+ KeyPairGenerator keyPairGen15 = KeyPairGenerator.getInstance("EC");
+ // BAD: Key size is no less than 256
+ ECGenParameterSpec ecSpec10 = new ECGenParameterSpec("c2tnb431r1");
+ keyPairGen15.initialize(ecSpec10);
+
+ KeyPairGenerator keyPairGen16 = KeyPairGenerator.getInstance("dh");
+ // BAD: Key size is less than 2048
+ keyPairGen16.initialize(1024);
+
+ KeyPairGenerator keyPairGen17 = KeyPairGenerator.getInstance("DH");
+ // GOOD: Key size is no less than 2048
+ keyPairGen17.initialize(2048);
}
}
From 50be54385a6a0ab4d7219c350bd16d1f7e9f1f12 Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Tue, 2 Feb 2021 14:49:50 +0000
Subject: [PATCH 6/7] Update qldoc
---
.../Security/CWE/CWE-326/InsufficientKeySize.java | 4 ++--
java/ql/src/semmle/code/java/security/Encryption.qll | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
index 6ccf025c2448..ff30196abb5c 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
@@ -25,12 +25,12 @@ public void CryptoMethod() {
keyPairGen4.initialize(2048);
KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
- // BAD: Key size is less than 224
+ // BAD: Key size is less than 256
ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1");
keyPairGen5.initialize(ecSpec1);
KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC");
- // GOOD: Key size is no less than 224
+ // GOOD: Key size is no less than 256
ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1");
keyPairGen6.initialize(ecSpec2);
}
diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll
index 9c10569d8c10..ddbaf9cba735 100644
--- a/java/ql/src/semmle/code/java/security/Encryption.qll
+++ b/java/ql/src/semmle/code/java/security/Encryption.qll
@@ -315,7 +315,7 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec {
override Expr getAlgoSpec() { result = this.(ConstructorCall).getArgument(0) }
}
-/** Method call to the Java class `java.security.KeyPairGenerator`. */
+/** A method call to the Java class `java.security.KeyPairGenerator`. */
class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec {
JavaSecurityKeyPairGenerator() {
exists(Method m | m.getAReference() = this |
From 5e3b6fa3415d899c6bf2dea25de011244d563cee Mon Sep 17 00:00:00 2001
From: luchua-bc
Date: Tue, 2 Feb 2021 16:20:39 +0000
Subject: [PATCH 7/7] Update qldoc
---
.../experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
index 10ec6adc9df1..4d4ec76f060c 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
@@ -6,7 +6,7 @@ are vulnerable to brute force attack when too small a key size is used.
- The key should be at least 2048 bits long when using RSA and DSA encryption, 224 bits long when using EC encryption, and 128 bits long when using
+
The key should be at least 2048 bits long when using RSA and DSA encryption, 256 bits long when using EC encryption, and 128 bits long when using
symmetric encryption.