Skip to content

Commit

Permalink
BouncyCastle ongoing translation (#139)
Browse files Browse the repository at this point in the history 
* fix asserts changed by updated string name

Signed-off-by: Hugo Queinnec <[email protected]>

* fix or disable some tests

Signed-off-by: Hugo Queinnec <[email protected]>

* PBE translation and tests

Signed-off-by: Hugo Queinnec <[email protected]>

* starts signer translation

Signed-off-by: Hugo Queinnec <[email protected]>

* fix BcGenericSignerTest

Signed-off-by: Hugo Queinnec <[email protected]>

* change some tests to reflect model changes

Signed-off-by: Hugo Queinnec <[email protected]>

* fix BcDSADigestSignerTest

Signed-off-by: Hugo Queinnec <[email protected]>

* update ISO9796d2 tests

Signed-off-by: Hugo Queinnec <[email protected]>

* PSSSigner test

Signed-off-by: Hugo Queinnec <[email protected]>

* fix Edwards25519 name

Signed-off-by: Hugo Queinnec <[email protected]>

* elliptic curve signatures

Signed-off-by: Hugo Queinnec <[email protected]>

* fix Python Edwards test

Signed-off-by: Hugo Queinnec <[email protected]>

* BcRSADigestSignerTest

Signed-off-by: Hugo Queinnec <[email protected]>

* signer tests

Signed-off-by: Hugo Queinnec <[email protected]>

* MessageSigner translation

Signed-off-by: Hugo Queinnec <[email protected]>

* fix

Signed-off-by: Hugo Queinnec <[email protected]>

* StreamCipher translation

Signed-off-by: Hugo Queinnec <[email protected]>

* start Wrapper translation

Signed-off-by: Hugo Queinnec <[email protected]>

---------

Signed-off-by: Hugo Queinnec <[email protected]>
  • Loading branch information
@hugoqnc
hugoqnc authored Sep 7, 2024
1 parent 8b7b37a commit af7d128
Show file tree
Hide file tree
Showing 103 changed files with 2,103 additions and 516 deletions.
3 changes: 1 addition & 2 deletions engine/src/main/java/com/ibm/engine/model/context/CipherContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,7 @@ public enum Kind {
WRAPPING_STATUS,
ENCODING,
ENCODING_SIGNATURE,
WRAP_ENGINE,
WRAP_RFC,
WRAP,
BLOCK_CIPHER,
BLOCK_CIPHER_ENGINE,
BLOCK_CIPHER_ENGINE_FOR_AEAD,
Expand Down
1 change: 0 additions & 1 deletion engine/src/main/java/com/ibm/engine/model/context/DigestContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ public class DigestContext extends DetectionContext
public enum Kind {
NONE,
MGF1,
MGF,
CRAMER_SHOUP,
NTRU,
}
Expand Down
6 changes: 1 addition & 5 deletions engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,10 @@ public class SignatureContext extends DetectionContext
public enum Kind {
PSS,
MGF1,
PKCS1v15,
DSA,
RSA,
EdDSA,
SIGNATURE_NAME,
MESSAGE_SIGNER,
SIGNING_STATUS,
DIGEST_MESSAGE_WRAPPER,
ALGORITHM_AND_HASH_WRAPPER,
NONE
}

Expand Down
17 changes: 8 additions & 9 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,17 @@ private BcMessageSigner() {
.putType("org.bouncycastle.pqc.crypto.crystals.dilithium.");
infoMap.putKey("FalconSigner").putType("org.bouncycastle.pqc.crypto.falcon.");
infoMap.putKey("GeMSSSigner").putType("org.bouncycastle.pqc.crypto.gemss.");
// Below: only constructor with parameter
infoMap.putKey("GMSSSigner").putType("org.bouncycastle.pqc.legacy.crypto.gmss.");
infoMap.putKey("GMSSSigner" /* only constructor with parameter */)
.putType("org.bouncycastle.pqc.legacy.crypto.gmss.");
infoMap.putKey("HSSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
infoMap.putKey("LMSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
infoMap.putKey("PicnicSigner").putType("org.bouncycastle.pqc.crypto.picnic.");
infoMap.putKey("QTESLASigner")
.putName("qTESLA")
// .putName("qTESLA")
.putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
infoMap.putKey("RainbowSigner").putType("org.bouncycastle.pqc.crypto.rainbow.");
infoMap.putKey("SPHINCSPlusSigner")
.putName("SPHINCS+")
// .putName("SPHINCS+")
.putType("org.bouncycastle.pqc.crypto.sphincsplus.");
}

Expand All @@ -69,18 +69,17 @@ private BcMessageSigner() {

for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String signer = entry.getKey();
String signerName = infoMap.getDisplayName(signer, "Signer");
String type = entry.getValue().getType();
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(type + signer)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(signerName))
.shouldBeDetectedAs(new ValueActionFactory<>(signer))
// We want to capture all possible constructors (some have arguments)
.withAnyParameters()
.buildForContext(
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcMessageSignerInit.rules()));
}
Expand All @@ -95,12 +94,12 @@ private BcMessageSigner() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.pqc.crypto.sphincs.SPHINCS256Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS-256"))
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS256Signer"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcMessageSignerInit.rules()));

Expand Down
9 changes: 4 additions & 5 deletions .../main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,16 @@ private BcStateAwareMessageSigner() {

for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String signer = entry.getKey();
String signerName = infoMap.getDisplayName(signer, "Signer");
String type = entry.getValue().getType();
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(type + signer)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(signerName))
.shouldBeDetectedAs(new ValueActionFactory<>(signer))
.withoutParameters()
.buildForContext(
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcMessageSignerInit.rules()));
}
Expand All @@ -80,10 +79,10 @@ private BcStateAwareMessageSigner() {
.forObjectTypes(
"org.bouncycastle.pqc.legacy.crypto.gmss.GMSSStateAwareSigner")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("GMSS"))
.shouldBeDetectedAs(new ValueActionFactory<>("GMSSStateAwareSigner"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcMessageSignerInit.rules()));

Expand Down
58 changes: 34 additions & 24 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/pbe/BcPBEParametersGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,6 @@ private BcPBEParametersGenerator() {
// private
}

private static final List<String> constructorEmpty =
/*
* List of children classes of PBEParametersGenerator having a
* constructor taking no argument
*/
Arrays.asList("OpenSSLPBEParametersGenerator", "PKCS5S2ParametersGenerator");

private static final List<String> constructorDigest =
/*
* List of children classes of PBEParametersGenerator having a
Expand All @@ -59,30 +52,47 @@ private BcPBEParametersGenerator() {
private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
List<IDetectionRule<Tree>> constructorsList = new LinkedList<>();

for (String pbeClass : constructorEmpty) {
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.generators." + pbeClass)
.forConstructor()
.shouldBeDetectedAs(
new ValueActionFactory<>(
pbeClass.replace("ParametersGenerator", "")))
.withoutParameters()
.buildForContext(new CipherContext(CipherContext.Kind.PBE))
.inBundle(() -> "Bc")
.withoutDependingDetectionRules());
}
/* Constructor without argument */
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.generators."
+ "PKCS5S2ParametersGenerator")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("PKCS5S2ParametersGenerator"))
.withoutParameters()
.buildForContext(new CipherContext(CipherContext.Kind.PBE))
.inBundle(() -> "Bc")
.withoutDependingDetectionRules());

/*
* With this constructor of `OpenSSLPBEParametersGenerator`, no `Digest` argument is provided:
* it uses the default MD5 which we represent (for the translation) by capturing
* the value `ChaCha20Poly1305[MD5]`
*/
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.generators."
+ "OpenSSLPBEParametersGenerator")
.forConstructor()
.shouldBeDetectedAs(
new ValueActionFactory<>("OpenSSLPBEParametersGenerator[MD5]"))
.withoutParameters()
.buildForContext(new CipherContext(CipherContext.Kind.PBE))
.inBundle(() -> "Bc")
.withoutDependingDetectionRules());

/* All constructors with a Digest argument */
for (String pbeClass : constructorDigest) {
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.generators." + pbeClass)
.forConstructor()
.shouldBeDetectedAs(
new ValueActionFactory<>(
pbeClass.replace("ParametersGenerator", "")))
.shouldBeDetectedAs(new ValueActionFactory<>(pbeClass))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new CipherContext(CipherContext.Kind.PBE))
Expand Down
16 changes: 8 additions & 8 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcDSADigestSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,34 +36,34 @@ private BcDSADigestSigner() {
// nothing
}

private static final String CLASS_NAME = "DSADigestSigner";

private static final IDetectionRule<Tree> CONSTRUCTOR_1 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.DSADigestSigner")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("DSADigest"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.DSA")
.addDependingDetectionRules(BcDSA.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(
new SignatureContext(SignatureContext.Kind.ALGORITHM_AND_HASH_WRAPPER))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

private static final IDetectionRule<Tree> CONSTRUCTOR_2 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.DSADigestSigner")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("DSADigest"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.DSAExt")
.addDependingDetectionRules(BcDSA.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("org.bouncycastle.crypto.signers.DSAEncoding")
.buildForContext(
new SignatureContext(SignatureContext.Kind.ALGORITHM_AND_HASH_WRAPPER))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
9 changes: 5 additions & 4 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcGenericSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,14 @@ private BcGenericSigner() {
// nothing
}

private static final String CLASS_NAME = "GenericSigner";

private static final IDetectionRule<Tree> CONSTRUCTOR_1 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.GenericSigner")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("GenericSigner"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(
BcAsymmetricBlockCipher.rules(
Expand All @@ -51,8 +53,7 @@ private BcGenericSigner() {
CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE_SIGNATURE)))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(
new SignatureContext(SignatureContext.Kind.ALGORITHM_AND_HASH_WRAPPER))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
14 changes: 8 additions & 6 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,29 +38,31 @@ private BcISO9796d2PSSSigner() {
// nothing
}

private static final String CLASS_NAME = "ISO9796d2PSSSigner";

private static final IDetectionRule<Tree> CONSTRUCTOR_1 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2PSSSigner")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2PSS"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("int")
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
.asChildOfParameterWithId(-1)
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

private static final IDetectionRule<Tree> CONSTRUCTOR_2 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2PSSSigner")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2PSS"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
Expand All @@ -69,7 +71,7 @@ private BcISO9796d2PSSSigner() {
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
.asChildOfParameterWithId(-1)
.withMethodParameter("boolean")
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
14 changes: 8 additions & 6 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2Signer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,32 +36,34 @@ private BcISO9796d2Signer() {
// nothing
}

private static final String CLASS_NAME = "ISO9796d2Signer";

private static final IDetectionRule<Tree> CONSTRUCTOR_1 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

private static final IDetectionRule<Tree> CONSTRUCTOR_2 =
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
.forObjectTypes("org.bouncycastle.crypto.signers." + CLASS_NAME)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
.shouldBeDetectedAs(new ValueActionFactory<>(CLASS_NAME))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("boolean")
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.buildForContext(new SignatureContext())
.inBundle(() -> "Bc")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
Loading

0 comments on commit af7d128

Please sign in to comment.