Merge pull request #214 from CROSSINGTUD/bc-usagepattern-or-tests

Added some BCUsagePatternTests & edited existing BCHeadlessTests to verify OR-ing predicates
CROSSINGTUD · Feb 18, 2020 · 98eccd4 · 98eccd4
2 parents 9d97281 + 50e0684
commit 98eccd4
Show file tree

Hide file tree

Showing 3 changed files with 183 additions and 29 deletions.
diff --git a/CryptoAnalysis/src/test/java/tests/headless/BouncyCastleHeadlessTest.java b/CryptoAnalysis/src/test/java/tests/headless/BouncyCastleHeadlessTest.java
@@ -42,8 +42,7 @@ public void testBCSymmetricCipherExamples() {
 		MavenProject mavenProject = createAndCompile(mavenProjectPath);
 		HeadlessCryptoScanner scanner = createScanner(mavenProject, Ruleset.BouncyCastle);
 
-
-		setErrorsCount("<gcm_aes_example.GCMAESBouncyCastle: byte[] processing(byte[],boolean)>", RequiredPredicateError.class, 3);
+		setErrorsCount(RequiredPredicateError.class, new TruePositives(2), new FalseNegatives(1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216"), "<gcm_aes_example.GCMAESBouncyCastle: byte[] processing(byte[],boolean)>");
 		setErrorsCount("<cbc_aes_example.CBCAESBouncyCastle: void setKey(byte[])>", RequiredPredicateError.class, 1);
 		setErrorsCount("<cbc_aes_example.CBCAESBouncyCastle: byte[] processing(byte[],boolean)>", RequiredPredicateError.class, 1);
 
@@ -58,17 +57,13 @@ public void testBCAsymmetricCipherExamples() {
 		MavenProject mavenProject = createAndCompile(mavenProjectPath);
 		HeadlessCryptoScanner scanner = createScanner(mavenProject, Ruleset.BouncyCastle);
 
-		setErrorsCount(RequiredPredicateError.class, new FalsePositives(1, "AsymmetricCipherKeyPair.getPrivate() not specified."), "<rsa_nomisuse.RSATest: java.lang.String Decrypt(java.lang.String,org.bouncycastle.crypto.params.AsymmetricKeyParameter)>");
-		setErrorsCount(RequiredPredicateError.class, new FalsePositives(1, "AsymmetricCipherKeyPair.getPrivate() not specified."),"<rsa_misuse.RSATest: java.lang.String Decrypt(java.lang.String,org.bouncycastle.crypto.params.AsymmetricKeyParameter)>");
-		setErrorsCount(RequiredPredicateError.class, new FalsePositives(1, "AsymmetricCipherKeyPair.getPublic() not specified"), "<rsa_nomisuse.RSATest: java.lang.String Encrypt(byte[],org.bouncycastle.crypto.params.AsymmetricKeyParameter)>");
-
 		setErrorsCount(RequiredPredicateError.class, new TruePositives(1), "<crypto.RSAEngineTest: void testDecryptTwo(byte[])>");
 
 		setErrorsCount(TypestateError.class, new TruePositives(1), "<rsa_misuse.RSATest: java.lang.String Encrypt(byte[],org.bouncycastle.crypto.params.AsymmetricKeyParameter)>");
 		setErrorsCount(TypestateError.class, new TruePositives(1),"<crypto.RSAEngineTest: void testEncryptTwo()>");
 		setErrorsCount(TypestateError.class, new TruePositives(1),"<crypto.RSAEngineTest: void testDecryptTwo(byte[])>");
 
-		setErrorsCount(RequiredPredicateError.class, new TruePositives(2), new FalseNegatives(1, "Fifth parameter not randomized! //Related to https://github.com/CROSSINGTUD/CryptoAnalysis/issues/140"),  "<crypto.RSAEngineTest: void testDecryptOne(byte[])>");
+		setErrorsCount(RequiredPredicateError.class, new TruePositives(1), new FalseNegatives(1, "Fifth parameter not randomized! //Related to https://github.com/CROSSINGTUD/CryptoAnalysis/issues/140"),  "<crypto.RSAEngineTest: void testDecryptOne(byte[])>");
 		setErrorsCount(TypestateError.class,  new TruePositives(1), "<generators.RSAKeyPairGeneratorTest: void testThree()>");
 		setErrorsCount(IncompleteOperationError.class, new TruePositives(1),  "<generators.RSAKeyPairGeneratorTest: void testFour()>");
 		setErrorsCount(RequiredPredicateError.class, new TruePositives(1),"<generators.RSAKeyPairGeneratorTest: void testTwo()>");
@@ -115,15 +110,8 @@ public void testBCEllipticCurveExamples() {
 		MavenProject mavenProject = createAndCompile(mavenProjectPath);
 		HeadlessCryptoScanner scanner = createScanner(mavenProject, Ruleset.BouncyCastle);
 
-		setErrorsCount(new ErrorSpecification.Builder("<crypto.ECElGamalEncryptorTest: void testThree(java.lang.String)>")
-				.withFPs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CrySL/issues/11")
-				.build());
-		setErrorsCount(new ErrorSpecification.Builder("<crypto.ECElGamalEncryptorTest: void testFour(java.lang.String)>")
-				.withFPs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CrySL/issues/11")
-				.build());
-
 		setErrorsCount(new ErrorSpecification.Builder("<crypto.ECElGamalEncryptorTest: void testOne()>")
-				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<crypto.ECElGamalEncryptorTest: void testTwo()>")
 				.withTPs(TypestateError.class, 1)
@@ -147,6 +135,7 @@ public void testBCEllipticCurveExamples() {
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<params.ECPrivateKeyParametersTest: void testOne(java.lang.String)>")
 				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<params.ECPrivateKeyParametersTest: void testOne(java.lang.String)>")
 				.withTPs(HardCodedError.class, 1)
@@ -155,10 +144,12 @@ public void testBCEllipticCurveExamples() {
 				.withTPs(HardCodedError.class, 1)
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<params.ParametersWithRandomTest: void testOne(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 3)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<params.ParametersWithRandomTest: void testThree(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 4)
+				.withTPs(RequiredPredicateError.class, 3)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<params.ECDomainParametersTest: void testThree(java.lang.String)>")
 				.withTPs(RequiredPredicateError.class, 1)
@@ -195,39 +186,47 @@ public void testBCEllipticCurveExamples() {
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewPublicKeyTransformTest: void testFour(java.lang.String)>")
 				.withTPs(IncompleteOperationError.class, 1)
-				.withTPs(RequiredPredicateError.class, 3)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewPublicKeyTransformTest: void testFive(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 4)
-				.build());
-		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewPublicKeyTransformTest: void testSix(java.lang.String)>")
 				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 2, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewPublicKeyTransformTest: void testTwo(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 4)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 2, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewPublicKeyTransformTest: void testOne(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 3)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
+				.build());
+		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewPublicKeyTransformTest: void testSix(java.lang.String)>")
+				.withFNs(RequiredPredicateError.class, 2, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewRandomessTransformTest: void testThree(java.lang.String)>")
 				.withTPs(TypestateError.class, 1)
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewRandomessTransformTest: void testFour(java.lang.String)>")
 				.withTPs(IncompleteOperationError.class, 1)
-				.withTPs(RequiredPredicateError.class, 3)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewRandomessTransformTest: void testFive(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 4)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewRandomessTransformTest: void testSix(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 2, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewRandomessTransformTest: void testTwo(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 4)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 2, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 		setErrorsCount(new ErrorSpecification.Builder("<transforms.ECNewRandomessTransformTest: void testOne(java.lang.String)>")
-				.withTPs(RequiredPredicateError.class, 3)
+				.withTPs(RequiredPredicateError.class, 2)
+				.withFNs(RequiredPredicateError.class, 1, "https://github.com/CROSSINGTUD/CryptoAnalysis/issues/216")
 				.build());
 
 		setErrorsCount(new ErrorSpecification.Builder("<generators.ECKeyPairGeneratorTest: void testTwo(java.lang.String)>")

diff --git a/CryptoAnalysis/src/test/java/tests/headless/ErrorSpecification.java b/CryptoAnalysis/src/test/java/tests/headless/ErrorSpecification.java
@@ -67,6 +67,7 @@ public int getTotalNumberOfFindings() {
 		int totalFindings = 0;
 		totalFindings += truePositives == null ? 0 : truePositives.size();
 		totalFindings += falsePositives == null ? 0 : falsePositives.size();
+		totalFindings += falseNegatives == null ? 0 : falseNegatives.size();
 		if (totalFindings == 0)
 			throw new IllegalArgumentException("Specify atleast one findings type.");
 		return totalFindings;

diff --git a/CryptoAnalysis/src/test/java/tests/pattern/BouncyCastlesUsagePatternTest.java b/CryptoAnalysis/src/test/java/tests/pattern/BouncyCastlesUsagePatternTest.java
@@ -2,12 +2,28 @@
 
 import java.io.File;
 import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.SecureRandom;
+import java.util.Random;
 
+import org.apache.velocity.tools.config.SkipSetters;
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.util.encoders.Hex;
+import org.junit.Ignore;
 import org.junit.Test;
 
 import crypto.analysis.CrySLRulesetSelector.Ruleset;
@@ -46,10 +62,148 @@ public void rsKeyParameters() {
 		Assertions.hasEnsuredPredicate(pubParameters);
 	}
 
+	@Test
+	public void testORingTwoPredicates1() throws GeneralSecurityException {
+		BigInteger mod = new BigInteger("a0b8e8321b041acd40b7", 16);
+		BigInteger pub = new BigInteger("9f0783a49...da", 16);	
+		RSAKeyParameters params = new RSAKeyParameters(false, mod, pub);
+		Assertions.mustBeInAcceptingState(params);
+		Assertions.hasEnsuredPredicate(params);
+
+		ParametersWithRandom randomParam1 = new ParametersWithRandom(params);
+		Assertions.mustBeInAcceptingState(randomParam1);
+		Assertions.hasEnsuredPredicate(randomParam1);
+
+		BigInteger priv = new BigInteger("92e08f83...19", 16);
+		Random randomGenerator = SecureRandom.getInstance("SHA1PRNG");
+		Assertions.mustBeInAcceptingState(randomGenerator);
+		Assertions.hasEnsuredPredicate(randomGenerator);
+		BigInteger p = new BigInteger(1024, randomGenerator);
+		BigInteger q = new BigInteger(1024, randomGenerator);
+		BigInteger pExp = new BigInteger("1d1a2d3ca8...b5", 16);
+		BigInteger qExp = new BigInteger("6c929e4e816...ed", 16);
+		BigInteger crtCoef = new BigInteger("dae7651ee...39", 16);
+		RSAPrivateCrtKeyParameters privParam = new RSAPrivateCrtKeyParameters(mod, pub, priv, p, q, pExp, qExp, crtCoef);
+		Assertions.mustBeInAcceptingState(privParam);
+		Assertions.notHasEnsuredPredicate(privParam); // because p & q are of type BigInteger which cannot ensure randomized predicate
+
+		ParametersWithRandom randomParam2 = new ParametersWithRandom(privParam);
+		Assertions.mustBeInAcceptingState(randomParam2);
+		Assertions.notHasEnsuredPredicate(randomParam2);
+	}
+
+	@Ignore
+	@Test
+	public void testORingTwoPredicates2() throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException {
+		SecureRandom random = new SecureRandom();
+		byte[] genSeed = random.generateSeed(128);
+		KeyParameter keyParam = new KeyParameter(genSeed);
+		byte[] nonce = random.generateSeed(128);
+		AEADParameters aeadParam = new AEADParameters(keyParam, 128, nonce);
+		Assertions.hasEnsuredPredicate(aeadParam);
+		Assertions.mustBeInAcceptingState(aeadParam);
+		AESEngine engine = new AESEngine();
+		Assertions.hasEnsuredPredicate(engine);
+		byte[] input = new byte[100];
+		byte[] output = new byte[100];
+
+		GCMBlockCipher cipher1 = new GCMBlockCipher(engine);
+		cipher1.init(false, aeadParam);
+		cipher1.processAADBytes(input, 0, input.length);
+		cipher1.doFinal(output, 0);
+		Assertions.hasEnsuredPredicate(cipher1);
+		Assertions.mustBeInAcceptingState(cipher1);
+
+		ParametersWithIV ivParam = new ParametersWithIV(keyParam, genSeed);
+		Assertions.hasEnsuredPredicate(ivParam);
+		Assertions.mustBeInAcceptingState(ivParam);
+
+		GCMBlockCipher cipher2 = new GCMBlockCipher(engine);
+		cipher2.init(false, ivParam);
+//		cipher2.processAADBytes(input, 0, input.length);
+//		cipher2.doFinal(output, 0);
+		Assertions.hasEnsuredPredicate(cipher2);
+		Assertions.mustNotBeInAcceptingState(cipher2);	
+	}
+
+	@Test
+	public void testORingThreePredicates1() throws GeneralSecurityException {
+		BigInteger mod = new BigInteger("a0b8e8321b041acd40b7", 16);
+		BigInteger pub = new BigInteger("9f0783a49...da", 16);	
+		RSAKeyParameters params = new RSAKeyParameters(false, mod, pub);
+
+		ParametersWithRandom randomParam1 = new ParametersWithRandom(params);
+		Assertions.mustBeInAcceptingState(randomParam1);
+		Assertions.hasEnsuredPredicate(randomParam1);
+
+		BigInteger priv = new BigInteger("92e08f83...19", 16);
+		Random randomGenerator = SecureRandom.getInstance("SHA1PRNG");
+		Assertions.mustBeInAcceptingState(randomGenerator);
+		Assertions.hasEnsuredPredicate(randomGenerator);
+		BigInteger p = new BigInteger(1024, randomGenerator);
+		BigInteger q = new BigInteger(1024, randomGenerator);
+		BigInteger pExp = new BigInteger("1d1a2d3ca8...b5", 16);
+		BigInteger qExp = new BigInteger("6c929e4e816...ed", 16);
+		BigInteger crtCoef = new BigInteger("dae7651ee...39", 16);
+		RSAPrivateCrtKeyParameters privParam = new RSAPrivateCrtKeyParameters(mod, pub, priv, p, q, pExp, qExp, crtCoef);
+		Assertions.mustBeInAcceptingState(privParam);
+		Assertions.notHasEnsuredPredicate(privParam); // because p & q are of type BigInteger which cannot ensure randomized predicate
+
+		ParametersWithRandom randomParam2 = new ParametersWithRandom(privParam);
+		Assertions.mustBeInAcceptingState(randomParam2);
+		Assertions.notHasEnsuredPredicate(randomParam2);
+
+		BigInteger n = new BigInteger("62771017353866");
+		ECCurve.Fp curve = new ECCurve.Fp(new BigInteger("2343"), new BigInteger("2343"), new BigInteger("2343"), n, ECConstants.ONE);
+		ECDomainParameters ecParams = new ECDomainParameters(curve, curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), n);
+		Assertions.mustBeInAcceptingState(ecParams);
+		Assertions.hasEnsuredPredicate(ecParams);
+		ECPublicKeyParameters pubKeyValid = new ECPublicKeyParameters( curve.decodePoint(Hex.decode("0262b12d")), ecParams);
+		Assertions.mustBeInAcceptingState(pubKeyValid);
+		Assertions.hasEnsuredPredicate(pubKeyValid);
+
+		ParametersWithRandom randomParam3 = new ParametersWithRandom(pubKeyValid);
+		Assertions.mustBeInAcceptingState(randomParam3);
+		Assertions.hasEnsuredPredicate(randomParam3);
+	}
+
+	@Test
+	public void testORingThreePredicates2() throws GeneralSecurityException {
+		BigInteger mod = new BigInteger("a0b8e8321b041acd40b7", 16);
+		BigInteger pub = new BigInteger("9f0783a49...da", 16);	
+		RSAKeyParameters params = new RSAKeyParameters(false, mod, pub);
+		Assertions.mustBeInAcceptingState(params);
+		Assertions.hasEnsuredPredicate(params);
+		byte[] message = new byte[100];
+
+		RSAEngine engine1 = new RSAEngine();
+		Assertions.hasEnsuredPredicate(engine1);
+		engine1.init(false, params);
+		byte[] cipherText1 = engine1.processBlock(message, 0, message.length);
+		Assertions.mustBeInAcceptingState(engine1);
+		Assertions.hasEnsuredPredicate(cipherText1);
+
+		BigInteger n = new BigInteger("62771017353866");
+		ECCurve.Fp curve = new ECCurve.Fp(new BigInteger("2343"), new BigInteger("2343"), new BigInteger("2343"), n, ECConstants.ONE);
+		ECDomainParameters ecParams = new ECDomainParameters(curve, curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), n);
+		Assertions.mustBeInAcceptingState(ecParams);
+		Assertions.hasEnsuredPredicate(ecParams);
+		ECPublicKeyParameters pubKeyValid = new ECPublicKeyParameters( curve.decodePoint(Hex.decode("0262b12d")), ecParams);
+		Assertions.mustBeInAcceptingState(pubKeyValid);
+		Assertions.hasEnsuredPredicate(pubKeyValid);
+
+		RSAEngine engine2 = new RSAEngine();
+		Assertions.hasEnsuredPredicate(engine2);
+		engine2.init(false, pubKeyValid);
+		byte[] cipherText2 = engine2.processBlock(message, 0, message.length);
+		Assertions.mustBeInAcceptingState(engine2);
+		Assertions.hasEnsuredPredicate(cipherText2);
+
+	}
+
 	@Override
 	protected String getSootClassPath() {
 		String bouncyCastleJarPath = new File("src/test/resources/bcprov-jdk15on-1.60.jar").getAbsolutePath();
 		return super.getSootClassPath() +File.pathSeparator +bouncyCastleJarPath;
 	}
-
 }