From cfc950f8039ca780b87a6889b2913e6702961b4e Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Thu, 7 Jan 2021 21:18:51 +0000 Subject: [PATCH 1/7] Query for weak encryption: Insufficient key size --- .../CWE/CWE-326/InsufficientKeySize.java | 37 +++++ .../CWE/CWE-326/InsufficientKeySize.qhelp | 33 ++++ .../CWE/CWE-326/InsufficientKeySize.ql | 155 ++++++++++++++++++ .../semmle/code/java/security/Encryption.qll | 12 ++ .../CWE-326/InsufficientKeySize.expected | 4 + .../security/CWE-326/InsufficientKeySize.java | 41 +++++ .../CWE-326/InsufficientKeySize.qlref | 1 + 7 files changed, 283 insertions(+) create mode 100644 java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java create mode 100644 java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp create mode 100644 java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql create mode 100644 java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected create mode 100644 java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java create mode 100644 java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java new file mode 100644 index 000000000000..6ccf025c2448 --- /dev/null +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java @@ -0,0 +1,37 @@ +public class InsufficientKeySize { + public void CryptoMethod() { + KeyGenerator keyGen1 = KeyGenerator.getInstance("AES"); + // BAD: Key size is less than 128 + keyGen1.init(64); + + KeyGenerator keyGen2 = KeyGenerator.getInstance("AES"); + // GOOD: Key size is no less than 128 + keyGen2.init(128); + + KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA"); + // BAD: Key size is less than 2048 + keyPairGen1.initialize(1024); + + KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("RSA"); + // GOOD: Key size is no less than 2048 + keyPairGen2.initialize(2048); + + KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DSA"); + // BAD: Key size is less than 2048 + keyPairGen3.initialize(1024); + + KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("DSA"); + // GOOD: Key size is no less than 2048 + keyPairGen4.initialize(2048); + + KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 224 + ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1"); + keyPairGen5.initialize(ecSpec1); + + KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC"); + // GOOD: Key size is no less than 224 + ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1"); + keyPairGen6.initialize(ecSpec2); + } +} diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp new file mode 100644 index 000000000000..8de21f1c90ab --- /dev/null +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp @@ -0,0 +1,33 @@ + + + +

This rule finds uses of encryption algorithms with too small a key size. Encryption algorithms +are vulnerable to brute force attack when too small a key size is used.

+
+ + +

The key should be at least 2048-bit long when using RSA and DSA encryption, 224-bit long when using EC encryption, and 128-bit long when using +symmetric encryption.

+
+ + + +
  • + Wikipedia. + Key size +
  • +
  • + SonarSource. + Cryptographic keys should be robust +
  • +
  • + CWE. + CWE-326: Inadequate Encryption Strength +
  • +
  • + C# implementation of CodeQL + codeql/csharp/ql/src/Security Features/InsufficientKeySize.ql +
  • + +
    +
    \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql new file mode 100644 index 000000000000..882d997f1b82 --- /dev/null +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -0,0 +1,155 @@ +/** + * @name Weak encryption: Insufficient key size + * @description Finds uses of encryption algorithms with too small a key size + * @kind problem + * @id java/insufficient-key-size + * @tags security + * external/cwe/cwe-326 + */ + +import java +import semmle.code.java.security.Encryption +import semmle.code.java.dataflow.TaintTracking + +/** The Java class `javax.crypto.KeyGenerator`. */ +class KeyGenerator extends RefType { + KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") } +} + +/** The Java class `javax.crypto.KeyGenerator`. */ +class KeyPairGenerator extends RefType { + KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") } +} + +/** The Java class `java.security.spec.ECGenParameterSpec`. */ +class ECGenParameterSpec extends RefType { + ECGenParameterSpec() { this.hasQualifiedName("java.security.spec", "ECGenParameterSpec") } +} + +/** The `init` method declared in `javax.crypto.KeyGenerator`. */ +class KeyGeneratorInitMethod extends Method { + KeyGeneratorInitMethod() { + getDeclaringType() instanceof KeyGenerator and + hasName("init") + } +} + +/** The `initialize` method declared in `java.security.KeyPairGenerator`. */ +class KeyPairGeneratorInitMethod extends Method { + KeyPairGeneratorInitMethod() { + getDeclaringType() instanceof KeyPairGenerator and + hasName("initialize") + } +} + +/** Taint configuration tracking flow from a key generator to a `init` method call. */ +class CryptoKeyGeneratorConfiguration extends TaintTracking::Configuration { + CryptoKeyGeneratorConfiguration() { this = "CryptoKeyGeneratorConfiguration" } + + override predicate isSource(DataFlow::Node source) { + exists(JavaxCryptoKeyGenerator jcg | jcg = source.asExpr()) + } + + override predicate isSink(DataFlow::Node sink) { + exists(MethodAccess ma | + ma.getMethod() instanceof KeyGeneratorInitMethod and + sink.asExpr() = ma.getQualifier() + ) + } +} + +/** Taint configuration tracking flow from a keypair generator to a `initialize` method call. */ +class KeyPairGeneratorConfiguration extends TaintTracking::Configuration { + KeyPairGeneratorConfiguration() { this = "KeyPairGeneratorConfiguration" } + + override predicate isSource(DataFlow::Node source) { + exists(JavaSecurityKeyPairGenerator jkg | jkg = source.asExpr()) + } + + override predicate isSink(DataFlow::Node sink) { + exists(MethodAccess ma | + ma.getMethod() instanceof KeyPairGeneratorInitMethod and + sink.asExpr() = ma.getQualifier() + ) + } +} + +/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */ +predicate incorrectUseOfAES(MethodAccess ma, string msg) { + ma.getMethod() instanceof KeyGeneratorInitMethod and + exists( + JavaxCryptoKeyGenerator jcg, CryptoKeyGeneratorConfiguration cc, DataFlow::PathNode source, + DataFlow::PathNode dest + | + jcg.getAlgoSpec().(StringLiteral).getValue() = "AES" and + source.getNode().asExpr() = jcg and + dest.getNode().asExpr() = ma.getQualifier() and + cc.hasFlowPath(source, dest) + ) and + ma.getArgument(0).(IntegerLiteral).getIntValue() < 128 and + msg = "Key size should be at least 128 bits for AES encryption." +} + +/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */ +predicate incorrectUseOfDSA(MethodAccess ma, string msg) { + ma.getMethod() instanceof KeyPairGeneratorInitMethod and + exists( + JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source, + DataFlow::PathNode dest + | + jpg.getAlgoSpec().(StringLiteral).getValue() = "DSA" and + source.getNode().asExpr() = jpg and + dest.getNode().asExpr() = ma.getQualifier() and + kc.hasFlowPath(source, dest) + ) and + ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and + msg = "Key size should be at least 2048 bits for DSA encryption." +} + +/** Holds if a RSA `KeyPairGenerator` is initialized with an insufficient key size. */ +predicate incorrectUseOfRSA(MethodAccess ma, string msg) { + ma.getMethod() instanceof KeyPairGeneratorInitMethod and + exists( + JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source, + DataFlow::PathNode dest + | + jpg.getAlgoSpec().(StringLiteral).getValue() = "RSA" and + source.getNode().asExpr() = jpg and + dest.getNode().asExpr() = ma.getQualifier() and + kc.hasFlowPath(source, dest) + ) and + ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and + msg = "Key size should be at least 2048 bits for RSA encryption." +} + +/** Holds if an EC `KeyPairGenerator` is initialized with an insufficient key size. */ +predicate incorrectUseOfEC(MethodAccess ma, string msg) { + ma.getMethod() instanceof KeyPairGeneratorInitMethod and + exists( + JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source, + DataFlow::PathNode dest, ClassInstanceExpr cie + | + jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and //ECC variants such as ECDH and ECDSA + source.getNode().asExpr() = jpg and + dest.getNode().asExpr() = ma.getQualifier() and + kc.hasFlowPath(source, dest) and + exists(VariableAssign va | + ma.getArgument(0).(VarAccess).getVariable() = va.getDestVar() and + va.getSource() = cie and + cie.getArgument(0) + .(StringLiteral) + .getRepresentedString() + .regexpCapture(".*[a-zA-Z]+([0-9]+)[a-zA-Z]+.*", 1) + .toInt() < 224 + ) + ) and + msg = "Key size should be at least 224 bits for EC encryption." +} + +from Expr e, string msg +where + incorrectUseOfAES(e, msg) or + incorrectUseOfDSA(e, msg) or + incorrectUseOfRSA(e, msg) or + incorrectUseOfEC(e, msg) +select e, msg diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll index d48a5c6c715f..b133fd3c5235 100644 --- a/java/ql/src/semmle/code/java/security/Encryption.qll +++ b/java/ql/src/semmle/code/java/security/Encryption.qll @@ -304,3 +304,15 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec { override Expr getAlgoSpec() { result = this.(ConstructorCall).getArgument(0) } } + +/** Method call to the Java class `java.security.KeyPairGenerator`. */ +class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec { + JavaSecurityKeyPairGenerator() { + exists(Method m | m.getAReference() = this | + m.getDeclaringType().getQualifiedName() = "java.security.KeyPairGenerator" and + m.getName() = "getInstance" + ) + } + + override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected new file mode 100644 index 000000000000..b47469aed5db --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected @@ -0,0 +1,4 @@ +| InsufficientKeySize.java:9:9:9:24 | init(...) | Key size should be at least 128 bits for AES encryption. | +| InsufficientKeySize.java:17:9:17:36 | initialize(...) | Key size should be at least 2048 bits for RSA encryption. | +| InsufficientKeySize.java:25:9:25:36 | initialize(...) | Key size should be at least 2048 bits for DSA encryption. | +| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java new file mode 100644 index 000000000000..13f74b6fac30 --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java @@ -0,0 +1,41 @@ +import java.security.KeyPairGenerator; +import java.security.spec.ECGenParameterSpec; +import javax.crypto.KeyGenerator; + +public class InsufficientKeySize { + public void CryptoMethod() { + KeyGenerator keyGen1 = KeyGenerator.getInstance("AES"); + // BAD: Key size is less than 128 + keyGen1.init(64); + + KeyGenerator keyGen2 = KeyGenerator.getInstance("AES"); + // GOOD: Key size is no less than 128 + keyGen2.init(128); + + KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA"); + // BAD: Key size is less than 2048 + keyPairGen1.initialize(1024); + + KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("RSA"); + // GOOD: Key size is no less than 2048 + keyPairGen2.initialize(2048); + + KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DSA"); + // BAD: Key size is less than 2048 + keyPairGen3.initialize(1024); + + KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("DSA"); + // GOOD: Key size is no less than 2048 + keyPairGen4.initialize(2048); + + KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 224 + ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1"); + keyPairGen5.initialize(ecSpec1); + + KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC"); + // GOOD: Key size is no less than 224 + ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1"); + keyPairGen6.initialize(ecSpec2); + } +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref new file mode 100644 index 000000000000..2b35cd6921e2 --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-326/InsufficientKeySize.ql \ No newline at end of file From cbaee937d0ab8962278be494e36eaad5ab24693f Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Fri, 8 Jan 2021 21:56:34 +0000 Subject: [PATCH 2/7] Optimize the query --- .../CWE/CWE-326/InsufficientKeySize.qhelp | 6 +- .../CWE/CWE-326/InsufficientKeySize.ql | 91 ++++++++----------- .../semmle/code/java/security/Encryption.qll | 14 ++- .../CWE-326/InsufficientKeySize.expected | 4 + .../security/CWE-326/InsufficientKeySize.java | 21 ++++- 5 files changed, 77 insertions(+), 59 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp index 8de21f1c90ab..10ec6adc9df1 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp @@ -6,7 +6,7 @@ are vulnerable to brute force attack when too small a key size is used.

    -

    The key should be at least 2048-bit long when using RSA and DSA encryption, 224-bit long when using EC encryption, and 128-bit long when using +

    The key should be at least 2048 bits long when using RSA and DSA encryption, 224 bits long when using EC encryption, and 128 bits long when using symmetric encryption.

    @@ -24,10 +24,6 @@ symmetric encryption.

    CWE. CWE-326: Inadequate Encryption Strength -
  • - C# implementation of CodeQL - codeql/csharp/ql/src/Security Features/InsufficientKeySize.ql -
  • \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql index 882d997f1b82..df265f267f7b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -11,16 +11,6 @@ import java import semmle.code.java.security.Encryption import semmle.code.java.dataflow.TaintTracking -/** The Java class `javax.crypto.KeyGenerator`. */ -class KeyGenerator extends RefType { - KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") } -} - -/** The Java class `javax.crypto.KeyGenerator`. */ -class KeyPairGenerator extends RefType { - KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") } -} - /** The Java class `java.security.spec.ECGenParameterSpec`. */ class ECGenParameterSpec extends RefType { ECGenParameterSpec() { this.hasQualifiedName("java.security.spec", "ECGenParameterSpec") } @@ -42,9 +32,19 @@ class KeyPairGeneratorInitMethod extends Method { } } +/** Returns the key size in the EC algorithm string */ +bindingset[algorithm] +int getECKeySize(string algorithm) { + algorithm.matches("sec%") and // specification such as "secp256r1" + result = algorithm.regexpCapture("sec[p|t](\\d+)[a-zA-Z].*", 1).toInt() + or + algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2" + result = algorithm.regexpCapture("X9.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt() +} + /** Taint configuration tracking flow from a key generator to a `init` method call. */ -class CryptoKeyGeneratorConfiguration extends TaintTracking::Configuration { - CryptoKeyGeneratorConfiguration() { this = "CryptoKeyGeneratorConfiguration" } +class KeyGeneratorInitConfiguration extends TaintTracking::Configuration { + KeyGeneratorInitConfiguration() { this = "KeyGeneratorInitConfiguration" } override predicate isSource(DataFlow::Node source) { exists(JavaxCryptoKeyGenerator jcg | jcg = source.asExpr()) @@ -59,8 +59,8 @@ class CryptoKeyGeneratorConfiguration extends TaintTracking::Configuration { } /** Taint configuration tracking flow from a keypair generator to a `initialize` method call. */ -class KeyPairGeneratorConfiguration extends TaintTracking::Configuration { - KeyPairGeneratorConfiguration() { this = "KeyPairGeneratorConfiguration" } +class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration { + KeyPairGeneratorInitConfiguration() { this = "KeyPairGeneratorInitConfiguration" } override predicate isSource(DataFlow::Node source) { exists(JavaSecurityKeyPairGenerator jkg | jkg = source.asExpr()) @@ -75,10 +75,10 @@ class KeyPairGeneratorConfiguration extends TaintTracking::Configuration { } /** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */ -predicate incorrectUseOfAES(MethodAccess ma, string msg) { +predicate hasShortAESKey(MethodAccess ma, string msg) { ma.getMethod() instanceof KeyGeneratorInitMethod and exists( - JavaxCryptoKeyGenerator jcg, CryptoKeyGeneratorConfiguration cc, DataFlow::PathNode source, + JavaxCryptoKeyGenerator jcg, KeyGeneratorInitConfiguration cc, DataFlow::PathNode source, DataFlow::PathNode dest | jcg.getAlgoSpec().(StringLiteral).getValue() = "AES" and @@ -90,66 +90,55 @@ predicate incorrectUseOfAES(MethodAccess ma, string msg) { msg = "Key size should be at least 128 bits for AES encryption." } -/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */ -predicate incorrectUseOfDSA(MethodAccess ma, string msg) { +/** Holds if an asymmetric `KeyPairGenerator` is initialized with an insufficient key size. */ +bindingset[type] +predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) { ma.getMethod() instanceof KeyPairGeneratorInitMethod and exists( - JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source, - DataFlow::PathNode dest + JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc, + DataFlow::PathNode source, DataFlow::PathNode dest | - jpg.getAlgoSpec().(StringLiteral).getValue() = "DSA" and + jpg.getAlgoSpec().(StringLiteral).getValue() = type and source.getNode().asExpr() = jpg and dest.getNode().asExpr() = ma.getQualifier() and kc.hasFlowPath(source, dest) ) and ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and - msg = "Key size should be at least 2048 bits for DSA encryption." + msg = "Key size should be at least 2048 bits for " + type + " encryption." +} + +/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */ +predicate hasShortDSAKeyPair(MethodAccess ma, string msg) { + hasShortAsymmetricKeyPair(ma, msg, "DSA") } /** Holds if a RSA `KeyPairGenerator` is initialized with an insufficient key size. */ -predicate incorrectUseOfRSA(MethodAccess ma, string msg) { - ma.getMethod() instanceof KeyPairGeneratorInitMethod and - exists( - JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source, - DataFlow::PathNode dest - | - jpg.getAlgoSpec().(StringLiteral).getValue() = "RSA" and - source.getNode().asExpr() = jpg and - dest.getNode().asExpr() = ma.getQualifier() and - kc.hasFlowPath(source, dest) - ) and - ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and - msg = "Key size should be at least 2048 bits for RSA encryption." +predicate hasShortRSAKeyPair(MethodAccess ma, string msg) { + hasShortAsymmetricKeyPair(ma, msg, "RSA") } /** Holds if an EC `KeyPairGenerator` is initialized with an insufficient key size. */ -predicate incorrectUseOfEC(MethodAccess ma, string msg) { +predicate hasShortECKeyPair(MethodAccess ma, string msg) { ma.getMethod() instanceof KeyPairGeneratorInitMethod and exists( - JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorConfiguration kc, DataFlow::PathNode source, - DataFlow::PathNode dest, ClassInstanceExpr cie + JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc, + DataFlow::PathNode source, DataFlow::PathNode dest, ClassInstanceExpr cie | jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and //ECC variants such as ECDH and ECDSA source.getNode().asExpr() = jpg and dest.getNode().asExpr() = ma.getQualifier() and kc.hasFlowPath(source, dest) and - exists(VariableAssign va | - ma.getArgument(0).(VarAccess).getVariable() = va.getDestVar() and - va.getSource() = cie and - cie.getArgument(0) - .(StringLiteral) - .getRepresentedString() - .regexpCapture(".*[a-zA-Z]+([0-9]+)[a-zA-Z]+.*", 1) - .toInt() < 224 - ) + DataFlow::localExprFlow(cie, ma.getArgument(0)) and + ma.getArgument(0).getType() instanceof ECGenParameterSpec and + getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 224 ) and msg = "Key size should be at least 224 bits for EC encryption." } from Expr e, string msg where - incorrectUseOfAES(e, msg) or - incorrectUseOfDSA(e, msg) or - incorrectUseOfRSA(e, msg) or - incorrectUseOfEC(e, msg) + hasShortAESKey(e, msg) or + hasShortDSAKeyPair(e, msg) or + hasShortRSAKeyPair(e, msg) or + hasShortECKeyPair(e, msg) select e, msg diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll index b133fd3c5235..9c10569d8c10 100644 --- a/java/ql/src/semmle/code/java/security/Encryption.qll +++ b/java/ql/src/semmle/code/java/security/Encryption.qll @@ -38,6 +38,16 @@ class HostnameVerifier extends RefType { HostnameVerifier() { hasQualifiedName("javax.net.ssl", "HostnameVerifier") } } +/** The Java class `javax.crypto.KeyGenerator`. */ +class KeyGenerator extends RefType { + KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") } +} + +/** The Java class `java.security.KeyPairGenerator`. */ +class KeyPairGenerator extends RefType { + KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") } +} + /** The `verify` method of the class `javax.net.ssl.HostnameVerifier`. */ class HostnameVerifierVerify extends Method { HostnameVerifierVerify() { @@ -248,7 +258,7 @@ class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec { class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec { JavaxCryptoKeyGenerator() { exists(Method m | m.getAReference() = this | - m.getDeclaringType().getQualifiedName() = "javax.crypto.KeyGenerator" and + m.getDeclaringType() instanceof KeyGenerator and m.getName() = "getInstance" ) } @@ -309,7 +319,7 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec { class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec { JavaSecurityKeyPairGenerator() { exists(Method m | m.getAReference() = this | - m.getDeclaringType().getQualifiedName() = "java.security.KeyPairGenerator" and + m.getDeclaringType() instanceof KeyPairGenerator and m.getName() = "getInstance" ) } diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected index b47469aed5db..f350495d28f8 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected @@ -2,3 +2,7 @@ | InsufficientKeySize.java:17:9:17:36 | initialize(...) | Key size should be at least 2048 bits for RSA encryption. | | InsufficientKeySize.java:25:9:25:36 | initialize(...) | Key size should be at least 2048 bits for DSA encryption. | | InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | +| InsufficientKeySize.java:38:9:38:67 | initialize(...) | Key size should be at least 224 bits for EC encryption. | +| InsufficientKeySize.java:48:9:48:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | +| InsufficientKeySize.java:53:9:53:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | +| InsufficientKeySize.java:58:9:58:40 | initialize(...) | Key size should be at least 224 bits for EC encryption. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java index 13f74b6fac30..80d49cdf5f18 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java @@ -34,8 +34,27 @@ public void CryptoMethod() { keyPairGen5.initialize(ecSpec1); KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 224 + keyPairGen6.initialize(new ECGenParameterSpec("secp112r1")); + + KeyPairGenerator keyPairGen7 = KeyPairGenerator.getInstance("EC"); // GOOD: Key size is no less than 224 ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1"); - keyPairGen6.initialize(ecSpec2); + keyPairGen7.initialize(ecSpec2); + + KeyPairGenerator keyPairGen8 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 224 + ECGenParameterSpec ecSpec3 = new ECGenParameterSpec("X9.62 prime192v2"); + keyPairGen8.initialize(ecSpec3); + + KeyPairGenerator keyPairGen9 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 224 + ECGenParameterSpec ecSpec4 = new ECGenParameterSpec("X9.62 c2tnb191v3"); + keyPairGen9.initialize(ecSpec4); + + KeyPairGenerator keyPairGen10 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 224 + ECGenParameterSpec ecSpec5 = new ECGenParameterSpec("sect163k1"); + keyPairGen10.initialize(ecSpec5); } } From 058f3af4b21bfe3dec4bdcbb84f3bd26c5830dca Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Sat, 9 Jan 2021 13:48:29 +0000 Subject: [PATCH 3/7] Refactor the hasShortSymmetricKey method --- .../Security/CWE/CWE-326/InsufficientKeySize.ql | 14 +++++++++----- .../security/CWE-326/InsufficientKeySize.java | 5 +++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql index df265f267f7b..169e1e58a699 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -39,7 +39,7 @@ int getECKeySize(string algorithm) { result = algorithm.regexpCapture("sec[p|t](\\d+)[a-zA-Z].*", 1).toInt() or algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2" - result = algorithm.regexpCapture("X9.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt() + result = algorithm.regexpCapture("X9\\.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt() } /** Taint configuration tracking flow from a key generator to a `init` method call. */ @@ -74,22 +74,26 @@ class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration { } } -/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */ -predicate hasShortAESKey(MethodAccess ma, string msg) { +/** Holds if a symmetric `KeyGenerator` is initialized with an insufficient key size. */ +bindingset[type] +predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) { ma.getMethod() instanceof KeyGeneratorInitMethod and exists( JavaxCryptoKeyGenerator jcg, KeyGeneratorInitConfiguration cc, DataFlow::PathNode source, DataFlow::PathNode dest | - jcg.getAlgoSpec().(StringLiteral).getValue() = "AES" and + jcg.getAlgoSpec().(StringLiteral).getValue() = type and source.getNode().asExpr() = jcg and dest.getNode().asExpr() = ma.getQualifier() and cc.hasFlowPath(source, dest) ) and ma.getArgument(0).(IntegerLiteral).getIntValue() < 128 and - msg = "Key size should be at least 128 bits for AES encryption." + msg = "Key size should be at least 128 bits for " + type + " encryption." } +/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */ +predicate hasShortAESKey(MethodAccess ma, string msg) { hasShortSymmetricKey(ma, msg, "AES") } + /** Holds if an asymmetric `KeyPairGenerator` is initialized with an insufficient key size. */ bindingset[type] predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) { diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java index 80d49cdf5f18..45b7c610df11 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java @@ -56,5 +56,10 @@ public void CryptoMethod() { // BAD: Key size is less than 224 ECGenParameterSpec ecSpec5 = new ECGenParameterSpec("sect163k1"); keyPairGen10.initialize(ecSpec5); + + KeyPairGenerator keyPairGen11 = KeyPairGenerator.getInstance("EC"); + // GOOD: Key size is no less than 224 + ECGenParameterSpec ecSpec6 = new ECGenParameterSpec("X9.62 c2tnb359v1"); + keyPairGen11.initialize(ecSpec6); } } From 2ac7b4bab42c4146fb9f629291d049efa43d52e8 Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Mon, 11 Jan 2021 12:59:00 +0000 Subject: [PATCH 4/7] Update qldoc --- .../Security/CWE/CWE-326/InsufficientKeySize.ql | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql index 169e1e58a699..c925ef0a9661 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -74,7 +74,7 @@ class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration { } } -/** Holds if a symmetric `KeyGenerator` is initialized with an insufficient key size. */ +/** Holds if a symmetric `KeyGenerator` implementing encryption algorithm `type` and initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ bindingset[type] predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) { ma.getMethod() instanceof KeyGeneratorInitMethod and @@ -91,10 +91,10 @@ predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) { msg = "Key size should be at least 128 bits for " + type + " encryption." } -/** Holds if an AES `KeyGenerator` is initialized with an insufficient key size. */ +/** Holds if an AES `KeyGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ predicate hasShortAESKey(MethodAccess ma, string msg) { hasShortSymmetricKey(ma, msg, "AES") } -/** Holds if an asymmetric `KeyPairGenerator` is initialized with an insufficient key size. */ +/** Holds if an asymmetric `KeyPairGenerator` implementing encryption algorithm `type` and initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ bindingset[type] predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) { ma.getMethod() instanceof KeyPairGeneratorInitMethod and @@ -111,24 +111,24 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) { msg = "Key size should be at least 2048 bits for " + type + " encryption." } -/** Holds if a DSA `KeyPairGenerator` is initialized with an insufficient key size. */ +/** Holds if a DSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ predicate hasShortDSAKeyPair(MethodAccess ma, string msg) { hasShortAsymmetricKeyPair(ma, msg, "DSA") } -/** Holds if a RSA `KeyPairGenerator` is initialized with an insufficient key size. */ +/** Holds if a RSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ predicate hasShortRSAKeyPair(MethodAccess ma, string msg) { hasShortAsymmetricKeyPair(ma, msg, "RSA") } -/** Holds if an EC `KeyPairGenerator` is initialized with an insufficient key size. */ +/** Holds if an EC `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ predicate hasShortECKeyPair(MethodAccess ma, string msg) { ma.getMethod() instanceof KeyPairGeneratorInitMethod and exists( JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc, DataFlow::PathNode source, DataFlow::PathNode dest, ClassInstanceExpr cie | - jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and //ECC variants such as ECDH and ECDSA + jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and // ECC variants such as ECDH and ECDSA source.getNode().asExpr() = jpg and dest.getNode().asExpr() = ma.getQualifier() and kc.hasFlowPath(source, dest) and From ab7d257569907903cf6731fa10f64c348ad25b46 Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Fri, 15 Jan 2021 13:11:32 +0000 Subject: [PATCH 5/7] Add more cases and change EC to 256 bits --- .../CWE/CWE-326/InsufficientKeySize.ql | 11 +++-- .../CWE-326/InsufficientKeySize.expected | 13 +++--- .../security/CWE-326/InsufficientKeySize.java | 42 +++++++++++++++---- 3 files changed, 50 insertions(+), 16 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql index c925ef0a9661..41242a448055 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -40,6 +40,9 @@ int getECKeySize(string algorithm) { or algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2" result = algorithm.regexpCapture("X9\\.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt() + or + (algorithm.matches("prime%") or algorithm.matches("c2tnb%")) and //specification such as "prime192v2" + result = algorithm.regexpCapture(".*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt() } /** Taint configuration tracking flow from a key generator to a `init` method call. */ @@ -102,7 +105,7 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) { JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc, DataFlow::PathNode source, DataFlow::PathNode dest | - jpg.getAlgoSpec().(StringLiteral).getValue() = type and + jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = type and source.getNode().asExpr() = jpg and dest.getNode().asExpr() = ma.getQualifier() and kc.hasFlowPath(source, dest) @@ -113,7 +116,7 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) { /** Holds if a DSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ predicate hasShortDSAKeyPair(MethodAccess ma, string msg) { - hasShortAsymmetricKeyPair(ma, msg, "DSA") + hasShortAsymmetricKeyPair(ma, msg, "DSA") or hasShortAsymmetricKeyPair(ma, msg, "DH") } /** Holds if a RSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */ @@ -134,9 +137,9 @@ predicate hasShortECKeyPair(MethodAccess ma, string msg) { kc.hasFlowPath(source, dest) and DataFlow::localExprFlow(cie, ma.getArgument(0)) and ma.getArgument(0).getType() instanceof ECGenParameterSpec and - getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 224 + getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 256 ) and - msg = "Key size should be at least 224 bits for EC encryption." + msg = "Key size should be at least 256 bits for EC encryption." } from Expr e, string msg diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected index f350495d28f8..421335b84ff9 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.expected @@ -1,8 +1,11 @@ | InsufficientKeySize.java:9:9:9:24 | init(...) | Key size should be at least 128 bits for AES encryption. | | InsufficientKeySize.java:17:9:17:36 | initialize(...) | Key size should be at least 2048 bits for RSA encryption. | | InsufficientKeySize.java:25:9:25:36 | initialize(...) | Key size should be at least 2048 bits for DSA encryption. | -| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | -| InsufficientKeySize.java:38:9:38:67 | initialize(...) | Key size should be at least 224 bits for EC encryption. | -| InsufficientKeySize.java:48:9:48:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | -| InsufficientKeySize.java:53:9:53:39 | initialize(...) | Key size should be at least 224 bits for EC encryption. | -| InsufficientKeySize.java:58:9:58:40 | initialize(...) | Key size should be at least 224 bits for EC encryption. | +| InsufficientKeySize.java:34:9:34:39 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:38:9:38:67 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:48:9:48:39 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:53:9:53:39 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:58:9:58:40 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:68:9:68:40 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:78:9:78:40 | initialize(...) | Key size should be at least 256 bits for EC encryption. | +| InsufficientKeySize.java:87:9:87:37 | initialize(...) | Key size should be at least 2048 bits for DH encryption. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java index 45b7c610df11..df46d6e69a9c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java +++ b/java/ql/test/experimental/query-tests/security/CWE-326/InsufficientKeySize.java @@ -29,37 +29,65 @@ public void CryptoMethod() { keyPairGen4.initialize(2048); KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC"); - // BAD: Key size is less than 224 + // BAD: Key size is less than 256 ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1"); keyPairGen5.initialize(ecSpec1); KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC"); - // BAD: Key size is less than 224 + // BAD: Key size is less than 256 keyPairGen6.initialize(new ECGenParameterSpec("secp112r1")); KeyPairGenerator keyPairGen7 = KeyPairGenerator.getInstance("EC"); - // GOOD: Key size is no less than 224 + // GOOD: Key size is no less than 256 ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1"); keyPairGen7.initialize(ecSpec2); KeyPairGenerator keyPairGen8 = KeyPairGenerator.getInstance("EC"); - // BAD: Key size is less than 224 + // BAD: Key size is less than 256 ECGenParameterSpec ecSpec3 = new ECGenParameterSpec("X9.62 prime192v2"); keyPairGen8.initialize(ecSpec3); KeyPairGenerator keyPairGen9 = KeyPairGenerator.getInstance("EC"); - // BAD: Key size is less than 224 + // BAD: Key size is less than 256 ECGenParameterSpec ecSpec4 = new ECGenParameterSpec("X9.62 c2tnb191v3"); keyPairGen9.initialize(ecSpec4); KeyPairGenerator keyPairGen10 = KeyPairGenerator.getInstance("EC"); - // BAD: Key size is less than 224 + // BAD: Key size is less than 256 ECGenParameterSpec ecSpec5 = new ECGenParameterSpec("sect163k1"); keyPairGen10.initialize(ecSpec5); KeyPairGenerator keyPairGen11 = KeyPairGenerator.getInstance("EC"); - // GOOD: Key size is no less than 224 + // GOOD: Key size is no less than 256 ECGenParameterSpec ecSpec6 = new ECGenParameterSpec("X9.62 c2tnb359v1"); keyPairGen11.initialize(ecSpec6); + + KeyPairGenerator keyPairGen12 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 256 + ECGenParameterSpec ecSpec7 = new ECGenParameterSpec("prime192v2"); + keyPairGen12.initialize(ecSpec7); + + KeyPairGenerator keyPairGen13 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is no less than 256 + ECGenParameterSpec ecSpec8 = new ECGenParameterSpec("prime256v1"); + keyPairGen13.initialize(ecSpec8); + + KeyPairGenerator keyPairGen14 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is less than 256 + ECGenParameterSpec ecSpec9 = new ECGenParameterSpec("c2tnb191v1"); + keyPairGen14.initialize(ecSpec9); + + KeyPairGenerator keyPairGen15 = KeyPairGenerator.getInstance("EC"); + // BAD: Key size is no less than 256 + ECGenParameterSpec ecSpec10 = new ECGenParameterSpec("c2tnb431r1"); + keyPairGen15.initialize(ecSpec10); + + KeyPairGenerator keyPairGen16 = KeyPairGenerator.getInstance("dh"); + // BAD: Key size is less than 2048 + keyPairGen16.initialize(1024); + + KeyPairGenerator keyPairGen17 = KeyPairGenerator.getInstance("DH"); + // GOOD: Key size is no less than 2048 + keyPairGen17.initialize(2048); } } From 50be54385a6a0ab4d7219c350bd16d1f7e9f1f12 Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Tue, 2 Feb 2021 14:49:50 +0000 Subject: [PATCH 6/7] Update qldoc --- .../Security/CWE/CWE-326/InsufficientKeySize.java | 4 ++-- java/ql/src/semmle/code/java/security/Encryption.qll | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java index 6ccf025c2448..ff30196abb5c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java @@ -25,12 +25,12 @@ public void CryptoMethod() { keyPairGen4.initialize(2048); KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC"); - // BAD: Key size is less than 224 + // BAD: Key size is less than 256 ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1"); keyPairGen5.initialize(ecSpec1); KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC"); - // GOOD: Key size is no less than 224 + // GOOD: Key size is no less than 256 ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1"); keyPairGen6.initialize(ecSpec2); } diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll index 9c10569d8c10..ddbaf9cba735 100644 --- a/java/ql/src/semmle/code/java/security/Encryption.qll +++ b/java/ql/src/semmle/code/java/security/Encryption.qll @@ -315,7 +315,7 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec { override Expr getAlgoSpec() { result = this.(ConstructorCall).getArgument(0) } } -/** Method call to the Java class `java.security.KeyPairGenerator`. */ +/** A method call to the Java class `java.security.KeyPairGenerator`. */ class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec { JavaSecurityKeyPairGenerator() { exists(Method m | m.getAReference() = this | From 5e3b6fa3415d899c6bf2dea25de011244d563cee Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Tue, 2 Feb 2021 16:20:39 +0000 Subject: [PATCH 7/7] Update qldoc --- .../experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp index 10ec6adc9df1..4d4ec76f060c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp @@ -6,7 +6,7 @@ are vulnerable to brute force attack when too small a key size is used.

    -

    The key should be at least 2048 bits long when using RSA and DSA encryption, 224 bits long when using EC encryption, and 128 bits long when using +

    The key should be at least 2048 bits long when using RSA and DSA encryption, 256 bits long when using EC encryption, and 128 bits long when using symmetric encryption.