Skip to content

Commit

Permalink
Remaining BouncyCastle translation (#20)
Browse files Browse the repository at this point in the history 
* nonnull annotation fix

Signed-off-by: Hugo Queinnec <[email protected]>

* ISO 9796-2 translation

Signed-off-by: Hugo Queinnec <[email protected]>

* PSS

Signed-off-by: Hugo Queinnec <[email protected]>

* BcISO9796d2PSSSigner

Signed-off-by: Hugo Queinnec <[email protected]>

* asserts

Signed-off-by: Hugo Queinnec <[email protected]>

* RSASigner + UsualPerformActions

Signed-off-by: Hugo Queinnec <[email protected]>

* RSA asserts

Signed-off-by: Hugo Queinnec <[email protected]>

* SM2 and X9.31

Signed-off-by: Hugo Queinnec <[email protected]>

* StreamCipher translation

Signed-off-by: Hugo Queinnec <[email protected]>

* key wrapping translation

Signed-off-by: Hugo Queinnec <[email protected]>

* RFC and DSTU wrappers

Signed-off-by: Hugo Queinnec <[email protected]>

* updated graph

Signed-off-by: Hugo Queinnec <[email protected]>

* revert python junit to 5.9.3

Signed-off-by: Hugo Queinnec <[email protected]>

* OAEP child hash

Signed-off-by: Hugo Queinnec <[email protected]>

* mapper renaming

Signed-off-by: Hugo Queinnec <[email protected]>

* fix Buffered and DefaultBuffered

Signed-off-by: Hugo Queinnec <[email protected]>

* block cipher padding names

Signed-off-by: Hugo Queinnec <[email protected]>

* more correctr names

Signed-off-by: Hugo Queinnec <[email protected]>

* git rename case sensitive

Signed-off-by: Hugo Queinnec <[email protected]>

---------

Signed-off-by: Hugo Queinnec <[email protected]>
  • Loading branch information
@hugoqnc
hugoqnc authored Jun 13, 2024
1 parent 908bedd commit d3e022d
Show file tree
Hide file tree
Showing 53 changed files with 5,686 additions and 665 deletions.
445 changes: 445 additions & 0 deletions docs/index.html
View file

Large diffs are not rendered by default.

27 changes: 27 additions & 0 deletions docs/lib/vis-9.1.2/vis-network.min.js
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions engine/src/main/java/com/ibm/engine/model/context/CipherContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public enum Kind {
ENCODING,
ENCODING_SIGNATURE,
WRAP_ENGINE,
WRAP_RFC,
BLOCK_CIPHER,
BLOCK_CIPHER_ENGINE,
STREAM_CIPHER_ENGINE,
Expand Down
1 change: 1 addition & 0 deletions engine/src/main/java/com/ibm/engine/model/context/DigestContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public class DigestContext implements IDetectionContext, ISupportKind<DigestCont
public enum Kind {
NONE,
MGF1,
MGF,
CRAMER_SHOUP,
NTRU,
SHA1,
Expand Down
3 changes: 2 additions & 1 deletion engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ public enum Kind {
MGF1,
PKCS1v15,
DSA,
RSA,
EdDSA,
MESSAGE_SIGNER,
SIGNATURE_NAME,
SIGNING_STATUS,
DIGEST_MESSAGE_WRAPPER,
ALGORITHM_AND_HASH_WRAPPER,
Expand Down
2 changes: 1 addition & 1 deletion engine/src/main/java/com/ibm/engine/utils/DetectionStoreLogger.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ private String getDetectionValueContextMessage(

@Nonnull
String getFormattedNumericString(
@Nonnull int hashInt, @Nonnull boolean canBeNegative, @Nullable Integer maxCharacters) {
int hashInt, boolean canBeNegative, @Nullable Integer maxCharacters) {
String res = "";
if (canBeNegative && hashInt >= 0) {
res += "";
Expand Down
93 changes: 25 additions & 68 deletions ...main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,10 @@
import com.ibm.engine.model.factory.ValueActionFactory;
import com.ibm.engine.rule.IDetectionRule;
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
import java.util.Arrays;
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.jetbrains.annotations.NotNull;
Expand All @@ -39,14 +40,16 @@ private BcAsymCipherEngine() {
// nothing
}

private static final List<String> cipherEnginesList =
Arrays.asList(
"ElGamalEngine",
"NaccacheSternEngine",
"NTRUEngine",
"RSABlindedEngine",
"RSABlindingEngine",
"RSAEngine");
private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();

static {
infoMap.putKey("ElGamalEngine");
infoMap.putKey("NaccacheSternEngine").putName("Naccache-Stern");
infoMap.putKey("NTRUEngine");
infoMap.putKey("RSABlindedEngine").putName("RSA");
infoMap.putKey("RSABlindingEngine").putName("RSA");
infoMap.putKey("RSAEngine").putName("RSA");
}

private static @NotNull List<IDetectionRule<Tree>> constructors(
@Nullable IDetectionContext detectionValueContext) {
Expand All @@ -56,65 +59,19 @@ private BcAsymCipherEngine() {
? detectionValueContext
: new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE);

for (String cipherEngine : cipherEnginesList) {
switch (cipherEngine) {
case "ElGamalEngine":
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ElGamal"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
case "NaccacheSternEngine":
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("NaccacheStern"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
case "NTRUEngine":
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("NTRU"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
case "RSAEngine",
"RSABlindedEngine",
"RSABlindingEngine": // TODO: Should I distinguish these RSA cases?
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("RSA"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
default:
break;
}
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String engine = entry.getKey();
String engineName = infoMap.getDisplayName(engine, "Engine");
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.engines." + engine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(engineName))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
}
return constructorsList;
}
Expand Down
32 changes: 16 additions & 16 deletions .../main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@
import com.ibm.engine.model.factory.ValueActionFactory;
import com.ibm.engine.rule.IDetectionRule;
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
import java.util.Arrays;
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Unmodifiable;
Expand All @@ -36,30 +37,29 @@ private BcBlockCipherPadding() {
// nothing
}

private static final List<String> paddingsList =
/*
* The List of classes implementing BlockCipher having a simple
* constructor taking a BlockCipher as only argument
*/
Arrays.asList(
"ISO10126d2Padding",
"ISO7816d4Padding",
"PKCS7Padding",
"TBCPadding",
"X923Padding",
"ZeroBytePadding");
private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();

static {
infoMap.putKey("ISO10126d2Padding").putName("ISO 10126-2:1991");
infoMap.putKey("ISO7816d4Padding").putName("ISO 7816-4:2020");
infoMap.putKey("PKCS7Padding");
infoMap.putKey("TBCPadding");
infoMap.putKey("X923Padding").putName("X.923");
infoMap.putKey("ZeroBytePadding").putName("Zero byte");
}

private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
List<IDetectionRule<Tree>> constructorsList = new LinkedList<>();

for (String padding : paddingsList) {
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String padding = entry.getKey();
String paddingName = infoMap.getDisplayName(padding, "Padding");
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.paddings." + padding)
.forConstructor()
.shouldBeDetectedAs(
new ValueActionFactory<>(padding.replace("Padding", "")))
.shouldBeDetectedAs(new ValueActionFactory<>(paddingName))
.withoutParameters()
.buildForContext(new CipherContext(CipherContext.Kind.PADDING))
.inBundle(() -> "BcBlockCipherPadding")
Expand Down
14 changes: 9 additions & 5 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,13 @@ private BcMessageSigner() {
infoMap.putKey("HSSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
infoMap.putKey("LMSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
infoMap.putKey("PicnicSigner").putType("org.bouncycastle.pqc.crypto.picnic.");
infoMap.putKey("QTESLASigner").putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
infoMap.putKey("QTESLASigner")
.putName("qTESLA")
.putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
infoMap.putKey("RainbowSigner").putType("org.bouncycastle.pqc.crypto.rainbow.");
infoMap.putKey("SPHINCSPlusSigner").putType("org.bouncycastle.pqc.crypto.sphincsplus.");
infoMap.putKey("SPHINCSPlusSigner")
.putName("SPHINCS+")
.putType("org.bouncycastle.pqc.crypto.sphincsplus.");
}

private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
Expand All @@ -76,7 +80,7 @@ private BcMessageSigner() {
// We want to capture all possible constructors (some have arguments)
.withAnyParameters()
.buildForContext(
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));
}
Expand All @@ -91,12 +95,12 @@ private BcMessageSigner() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.pqc.crypto.sphincs.SPHINCS256Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS256"))
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS-256"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));

Expand Down
4 changes: 2 additions & 2 deletions .../main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ private BcStateAwareMessageSigner() {
.shouldBeDetectedAs(new ValueActionFactory<>(signerName))
.withoutParameters()
.buildForContext(
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcStateAwareMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));
}
Expand All @@ -83,7 +83,7 @@ private BcStateAwareMessageSigner() {
.shouldBeDetectedAs(new ValueActionFactory<>("GMSS"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcStateAwareMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));

Expand Down
4 changes: 2 additions & 2 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ private BcISO9796d2PSSSigner() {
.withMethodParameter("int")
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
.asChildOfParameterWithId(-1)
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
.inBundle(() -> "bcISO9796d2PSSSigner")
.withDependingDetectionRules(BcSignerInit.rules());

Expand All @@ -69,7 +69,7 @@ private BcISO9796d2PSSSigner() {
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
.asChildOfParameterWithId(-1)
.withMethodParameter("boolean")
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
.inBundle(() -> "bcISO9796d2PSSSigner")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
8 changes: 4 additions & 4 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2Signer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ private BcISO9796d2Signer() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2"))
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcISO9796d2Signer")
.withDependingDetectionRules(BcSignerInit.rules());

Expand All @@ -55,13 +55,13 @@ private BcISO9796d2Signer() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2"))
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("boolean")
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcISO9796d2Signer")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
Loading

0 comments on commit d3e022d

Please sign in to comment.