Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remaining BouncyCastle translation #20

Merged
merged 19 commits into from
Jun 13, 2024
Merged

Remaining BouncyCastle translation #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
f6ffc02
nonnull annotation fix
hugoqnc Jun 10, 2024
7b57ff8
ISO 9796-2 translation
hugoqnc Jun 10, 2024
e8656a9
PSS
hugoqnc Jun 10, 2024
8b1e88a
BcISO9796d2PSSSigner
hugoqnc Jun 10, 2024
15894e2
asserts
hugoqnc Jun 10, 2024
7f7a7d5
RSASigner + UsualPerformActions
hugoqnc Jun 10, 2024
78c99e4
RSA asserts
hugoqnc Jun 10, 2024
0784247
SM2 and X9.31
hugoqnc Jun 11, 2024
51fe63c
StreamCipher translation
hugoqnc Jun 11, 2024
f9b6f91
key wrapping translation
hugoqnc Jun 11, 2024
7a9f650
RFC and DSTU wrappers
hugoqnc Jun 11, 2024
a565579
updated graph
hugoqnc Jun 11, 2024
a87cd5e
revert python junit to 5.9.3
hugoqnc Jun 11, 2024
23e02fd
OAEP child hash
hugoqnc Jun 12, 2024
ad26f78
mapper renaming
hugoqnc Jun 12, 2024
7d05ad0
fix Buffered and DefaultBuffered
hugoqnc Jun 12, 2024
aaab0a8
block cipher padding names
hugoqnc Jun 13, 2024
bffa846
more correctr names
hugoqnc Jun 13, 2024
613c7ac
git rename case sensitive
hugoqnc Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
445 changes: 445 additions & 0 deletions docs/index.html
View file
Open in desktop

Large diffs are not rendered by default.

27 changes: 27 additions & 0 deletions docs/lib/vis-9.1.2/vis-network.min.js
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions engine/src/main/java/com/ibm/engine/model/context/CipherContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public enum Kind {
ENCODING,
ENCODING_SIGNATURE,
WRAP_ENGINE,
WRAP_RFC,
BLOCK_CIPHER,
BLOCK_CIPHER_ENGINE,
STREAM_CIPHER_ENGINE,
Expand Down
1 change: 1 addition & 0 deletions engine/src/main/java/com/ibm/engine/model/context/DigestContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public class DigestContext implements IDetectionContext, ISupportKind<DigestCont
public enum Kind {
NONE,
MGF1,
MGF,
CRAMER_SHOUP,
NTRU,
SHA1,
Expand Down
3 changes: 2 additions & 1 deletion engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ public enum Kind {
MGF1,
PKCS1v15,
DSA,
RSA,
EdDSA,
MESSAGE_SIGNER,
SIGNATURE_NAME,
SIGNING_STATUS,
DIGEST_MESSAGE_WRAPPER,
ALGORITHM_AND_HASH_WRAPPER,
Expand Down
2 changes: 1 addition & 1 deletion engine/src/main/java/com/ibm/engine/utils/DetectionStoreLogger.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ private String getDetectionValueContextMessage(

@Nonnull
String getFormattedNumericString(
@Nonnull int hashInt, @Nonnull boolean canBeNegative, @Nullable Integer maxCharacters) {
int hashInt, boolean canBeNegative, @Nullable Integer maxCharacters) {
hugoqnc marked this conversation as resolved.
Show resolved Hide resolved
String res = "";
if (canBeNegative && hashInt >= 0) {
res += "";
Expand Down
93 changes: 25 additions & 68 deletions ...main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,10 @@
import com.ibm.engine.model.factory.ValueActionFactory;
import com.ibm.engine.rule.IDetectionRule;
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
import java.util.Arrays;
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.jetbrains.annotations.NotNull;
Expand All @@ -39,14 +40,16 @@ private BcAsymCipherEngine() {
// nothing
}

private static final List<String> cipherEnginesList =
Arrays.asList(
"ElGamalEngine",
"NaccacheSternEngine",
"NTRUEngine",
"RSABlindedEngine",
"RSABlindingEngine",
"RSAEngine");
private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();

static {
infoMap.putKey("ElGamalEngine");
infoMap.putKey("NaccacheSternEngine").putName("Naccache-Stern");
infoMap.putKey("NTRUEngine");
infoMap.putKey("RSABlindedEngine").putName("RSA");
infoMap.putKey("RSABlindingEngine").putName("RSA");
infoMap.putKey("RSAEngine").putName("RSA");
}

private static @NotNull List<IDetectionRule<Tree>> constructors(
@Nullable IDetectionContext detectionValueContext) {
Expand All @@ -56,65 +59,19 @@ private BcAsymCipherEngine() {
? detectionValueContext
: new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE);

for (String cipherEngine : cipherEnginesList) {
switch (cipherEngine) {
case "ElGamalEngine":
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ElGamal"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
case "NaccacheSternEngine":
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("NaccacheStern"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
case "NTRUEngine":
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("NTRU"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
case "RSAEngine",
"RSABlindedEngine",
"RSABlindingEngine": // TODO: Should I distinguish these RSA cases?
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes(
"org.bouncycastle.crypto.engines." + cipherEngine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("RSA"))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
break;
default:
break;
}
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String engine = entry.getKey();
String engineName = infoMap.getDisplayName(engine, "Engine");
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.engines." + engine)
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>(engineName))
.withoutParameters()
.buildForContext(context)
.inBundle(() -> "BcAsymCipherEngine")
.withDependingDetectionRules(BcAsymCipherInit.rules()));
}
return constructorsList;
}
Expand Down
32 changes: 16 additions & 16 deletions .../main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@
import com.ibm.engine.model.factory.ValueActionFactory;
import com.ibm.engine.rule.IDetectionRule;
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
import java.util.Arrays;
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Unmodifiable;
Expand All @@ -36,30 +37,29 @@ private BcBlockCipherPadding() {
// nothing
}

private static final List<String> paddingsList =
/*
* The List of classes implementing BlockCipher having a simple
* constructor taking a BlockCipher as only argument
*/
Arrays.asList(
"ISO10126d2Padding",
"ISO7816d4Padding",
"PKCS7Padding",
"TBCPadding",
"X923Padding",
"ZeroBytePadding");
private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();

static {
infoMap.putKey("ISO10126d2Padding").putName("ISO 10126-2:1991");
infoMap.putKey("ISO7816d4Padding").putName("ISO 7816-4:2020");
infoMap.putKey("PKCS7Padding");
infoMap.putKey("TBCPadding");
infoMap.putKey("X923Padding").putName("X.923");
infoMap.putKey("ZeroBytePadding").putName("Zero byte");
}

private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
List<IDetectionRule<Tree>> constructorsList = new LinkedList<>();

for (String padding : paddingsList) {
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
String padding = entry.getKey();
String paddingName = infoMap.getDisplayName(padding, "Padding");
constructorsList.add(
new DetectionRuleBuilder<Tree>()
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.paddings." + padding)
.forConstructor()
.shouldBeDetectedAs(
new ValueActionFactory<>(padding.replace("Padding", "")))
.shouldBeDetectedAs(new ValueActionFactory<>(paddingName))
.withoutParameters()
.buildForContext(new CipherContext(CipherContext.Kind.PADDING))
.inBundle(() -> "BcBlockCipherPadding")
Expand Down
14 changes: 9 additions & 5 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,13 @@ private BcMessageSigner() {
infoMap.putKey("HSSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
infoMap.putKey("LMSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
infoMap.putKey("PicnicSigner").putType("org.bouncycastle.pqc.crypto.picnic.");
infoMap.putKey("QTESLASigner").putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
infoMap.putKey("QTESLASigner")
.putName("qTESLA")
.putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
infoMap.putKey("RainbowSigner").putType("org.bouncycastle.pqc.crypto.rainbow.");
infoMap.putKey("SPHINCSPlusSigner").putType("org.bouncycastle.pqc.crypto.sphincsplus.");
infoMap.putKey("SPHINCSPlusSigner")
.putName("SPHINCS+")
.putType("org.bouncycastle.pqc.crypto.sphincsplus.");
}

private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
Expand All @@ -76,7 +80,7 @@ private BcMessageSigner() {
// We want to capture all possible constructors (some have arguments)
.withAnyParameters()
.buildForContext(
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));
}
Expand All @@ -91,12 +95,12 @@ private BcMessageSigner() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.pqc.crypto.sphincs.SPHINCS256Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS256"))
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS-256"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));

Expand Down
4 changes: 2 additions & 2 deletions .../main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ private BcStateAwareMessageSigner() {
.shouldBeDetectedAs(new ValueActionFactory<>(signerName))
.withoutParameters()
.buildForContext(
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcStateAwareMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));
}
Expand All @@ -83,7 +83,7 @@ private BcStateAwareMessageSigner() {
.shouldBeDetectedAs(new ValueActionFactory<>("GMSS"))
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcStateAwareMessageSigner")
.withDependingDetectionRules(BcMessageSignerInit.rules()));

Expand Down
4 changes: 2 additions & 2 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSigner.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ private BcISO9796d2PSSSigner() {
.withMethodParameter("int")
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
.asChildOfParameterWithId(-1)
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
.inBundle(() -> "bcISO9796d2PSSSigner")
.withDependingDetectionRules(BcSignerInit.rules());

Expand All @@ -69,7 +69,7 @@ private BcISO9796d2PSSSigner() {
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
.asChildOfParameterWithId(-1)
.withMethodParameter("boolean")
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
.inBundle(() -> "bcISO9796d2PSSSigner")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
8 changes: 4 additions & 4 deletions java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2Signer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ private BcISO9796d2Signer() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2"))
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcISO9796d2Signer")
.withDependingDetectionRules(BcSignerInit.rules());

Expand All @@ -55,13 +55,13 @@ private BcISO9796d2Signer() {
.createDetectionRule()
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
.forConstructor()
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2"))
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
.withMethodParameter("org.bouncycastle.crypto.Digest")
.addDependingDetectionRules(BcDigests.rules())
.withMethodParameter("boolean")
.buildForContext(new SignatureContext())
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
.inBundle(() -> "bcISO9796d2Signer")
.withDependingDetectionRules(BcSignerInit.rules());

Expand Down
Loading
Loading