Skip to content

Commit d3e022d

Browse files
hugoqnchugoqnc
authored
Remaining BouncyCastle translation (#20)
* nonnull annotation fix Signed-off-by: Hugo Queinnec <[email protected]> * ISO 9796-2 translation Signed-off-by: Hugo Queinnec <[email protected]> * PSS Signed-off-by: Hugo Queinnec <[email protected]> * BcISO9796d2PSSSigner Signed-off-by: Hugo Queinnec <[email protected]> * asserts Signed-off-by: Hugo Queinnec <[email protected]> * RSASigner + UsualPerformActions Signed-off-by: Hugo Queinnec <[email protected]> * RSA asserts Signed-off-by: Hugo Queinnec <[email protected]> * SM2 and X9.31 Signed-off-by: Hugo Queinnec <[email protected]> * StreamCipher translation Signed-off-by: Hugo Queinnec <[email protected]> * key wrapping translation Signed-off-by: Hugo Queinnec <[email protected]> * RFC and DSTU wrappers Signed-off-by: Hugo Queinnec <[email protected]> * updated graph Signed-off-by: Hugo Queinnec <[email protected]> * revert python junit to 5.9.3 Signed-off-by: Hugo Queinnec <[email protected]> * OAEP child hash Signed-off-by: Hugo Queinnec <[email protected]> * mapper renaming Signed-off-by: Hugo Queinnec <[email protected]> * fix Buffered and DefaultBuffered Signed-off-by: Hugo Queinnec <[email protected]> * block cipher padding names Signed-off-by: Hugo Queinnec <[email protected]> * more correctr names Signed-off-by: Hugo Queinnec <[email protected]> * git rename case sensitive Signed-off-by: Hugo Queinnec <[email protected]> --------- Signed-off-by: Hugo Queinnec <[email protected]>
1 parent 908bedd commit d3e022d

File tree

53 files changed

+5686
-665
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+5686
-665
lines changed

docs/index.html

+445
Large diffs are not rendered by default.

docs/lib/vis-9.1.2/vis-network.min.js

+27
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

engine/src/main/java/com/ibm/engine/model/context/CipherContext.java

+1
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ public enum Kind {
4343
ENCODING,
4444
ENCODING_SIGNATURE,
4545
WRAP_ENGINE,
46+
WRAP_RFC,
4647
BLOCK_CIPHER,
4748
BLOCK_CIPHER_ENGINE,
4849
STREAM_CIPHER_ENGINE,

engine/src/main/java/com/ibm/engine/model/context/DigestContext.java

+1
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ public class DigestContext implements IDetectionContext, ISupportKind<DigestCont
3131
public enum Kind {
3232
NONE,
3333
MGF1,
34+
MGF,
3435
CRAMER_SHOUP,
3536
NTRU,
3637
SHA1,

engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java

+2-1
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,9 @@ public enum Kind {
2727
MGF1,
2828
PKCS1v15,
2929
DSA,
30+
RSA,
3031
EdDSA,
31-
MESSAGE_SIGNER,
32+
SIGNATURE_NAME,
3233
SIGNING_STATUS,
3334
DIGEST_MESSAGE_WRAPPER,
3435
ALGORITHM_AND_HASH_WRAPPER,

engine/src/main/java/com/ibm/engine/utils/DetectionStoreLogger.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ private String getDetectionValueContextMessage(
162162

163163
@Nonnull
164164
String getFormattedNumericString(
165-
@Nonnull int hashInt, @Nonnull boolean canBeNegative, @Nullable Integer maxCharacters) {
165+
int hashInt, boolean canBeNegative, @Nullable Integer maxCharacters) {
166166
String res = "";
167167
if (canBeNegative && hashInt >= 0) {
168168
res += "";

java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java

+25-68
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,10 @@
2424
import com.ibm.engine.model.factory.ValueActionFactory;
2525
import com.ibm.engine.rule.IDetectionRule;
2626
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
27-
import java.util.Arrays;
27+
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
2828
import java.util.LinkedList;
2929
import java.util.List;
30+
import java.util.Map;
3031
import javax.annotation.Nonnull;
3132
import javax.annotation.Nullable;
3233
import org.jetbrains.annotations.NotNull;
@@ -39,14 +40,16 @@ private BcAsymCipherEngine() {
3940
// nothing
4041
}
4142

42-
private static final List<String> cipherEnginesList =
43-
Arrays.asList(
44-
"ElGamalEngine",
45-
"NaccacheSternEngine",
46-
"NTRUEngine",
47-
"RSABlindedEngine",
48-
"RSABlindingEngine",
49-
"RSAEngine");
43+
private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();
44+
45+
static {
46+
infoMap.putKey("ElGamalEngine");
47+
infoMap.putKey("NaccacheSternEngine").putName("Naccache-Stern");
48+
infoMap.putKey("NTRUEngine");
49+
infoMap.putKey("RSABlindedEngine").putName("RSA");
50+
infoMap.putKey("RSABlindingEngine").putName("RSA");
51+
infoMap.putKey("RSAEngine").putName("RSA");
52+
}
5053

5154
private static @NotNull List<IDetectionRule<Tree>> constructors(
5255
@Nullable IDetectionContext detectionValueContext) {
@@ -56,65 +59,19 @@ private BcAsymCipherEngine() {
5659
? detectionValueContext
5760
: new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE);
5861

59-
for (String cipherEngine : cipherEnginesList) {
60-
switch (cipherEngine) {
61-
case "ElGamalEngine":
62-
constructorsList.add(
63-
new DetectionRuleBuilder<Tree>()
64-
.createDetectionRule()
65-
.forObjectTypes(
66-
"org.bouncycastle.crypto.engines." + cipherEngine)
67-
.forConstructor()
68-
.shouldBeDetectedAs(new ValueActionFactory<>("ElGamal"))
69-
.withoutParameters()
70-
.buildForContext(context)
71-
.inBundle(() -> "BcAsymCipherEngine")
72-
.withDependingDetectionRules(BcAsymCipherInit.rules()));
73-
break;
74-
case "NaccacheSternEngine":
75-
constructorsList.add(
76-
new DetectionRuleBuilder<Tree>()
77-
.createDetectionRule()
78-
.forObjectTypes(
79-
"org.bouncycastle.crypto.engines." + cipherEngine)
80-
.forConstructor()
81-
.shouldBeDetectedAs(new ValueActionFactory<>("NaccacheStern"))
82-
.withoutParameters()
83-
.buildForContext(context)
84-
.inBundle(() -> "BcAsymCipherEngine")
85-
.withDependingDetectionRules(BcAsymCipherInit.rules()));
86-
break;
87-
case "NTRUEngine":
88-
constructorsList.add(
89-
new DetectionRuleBuilder<Tree>()
90-
.createDetectionRule()
91-
.forObjectTypes(
92-
"org.bouncycastle.crypto.engines." + cipherEngine)
93-
.forConstructor()
94-
.shouldBeDetectedAs(new ValueActionFactory<>("NTRU"))
95-
.withoutParameters()
96-
.buildForContext(context)
97-
.inBundle(() -> "BcAsymCipherEngine")
98-
.withDependingDetectionRules(BcAsymCipherInit.rules()));
99-
break;
100-
case "RSAEngine",
101-
"RSABlindedEngine",
102-
"RSABlindingEngine": // TODO: Should I distinguish these RSA cases?
103-
constructorsList.add(
104-
new DetectionRuleBuilder<Tree>()
105-
.createDetectionRule()
106-
.forObjectTypes(
107-
"org.bouncycastle.crypto.engines." + cipherEngine)
108-
.forConstructor()
109-
.shouldBeDetectedAs(new ValueActionFactory<>("RSA"))
110-
.withoutParameters()
111-
.buildForContext(context)
112-
.inBundle(() -> "BcAsymCipherEngine")
113-
.withDependingDetectionRules(BcAsymCipherInit.rules()));
114-
break;
115-
default:
116-
break;
117-
}
62+
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
63+
String engine = entry.getKey();
64+
String engineName = infoMap.getDisplayName(engine, "Engine");
65+
constructorsList.add(
66+
new DetectionRuleBuilder<Tree>()
67+
.createDetectionRule()
68+
.forObjectTypes("org.bouncycastle.crypto.engines." + engine)
69+
.forConstructor()
70+
.shouldBeDetectedAs(new ValueActionFactory<>(engineName))
71+
.withoutParameters()
72+
.buildForContext(context)
73+
.inBundle(() -> "BcAsymCipherEngine")
74+
.withDependingDetectionRules(BcAsymCipherInit.rules()));
11875
}
11976
return constructorsList;
12077
}

java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java

+16-16
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,10 @@
2323
import com.ibm.engine.model.factory.ValueActionFactory;
2424
import com.ibm.engine.rule.IDetectionRule;
2525
import com.ibm.engine.rule.builder.DetectionRuleBuilder;
26-
import java.util.Arrays;
26+
import com.ibm.plugin.rules.detection.bc.BouncyCastleInfoMap;
2727
import java.util.LinkedList;
2828
import java.util.List;
29+
import java.util.Map;
2930
import javax.annotation.Nonnull;
3031
import org.jetbrains.annotations.NotNull;
3132
import org.jetbrains.annotations.Unmodifiable;
@@ -36,30 +37,29 @@ private BcBlockCipherPadding() {
3637
// nothing
3738
}
3839

39-
private static final List<String> paddingsList =
40-
/*
41-
* The List of classes implementing BlockCipher having a simple
42-
* constructor taking a BlockCipher as only argument
43-
*/
44-
Arrays.asList(
45-
"ISO10126d2Padding",
46-
"ISO7816d4Padding",
47-
"PKCS7Padding",
48-
"TBCPadding",
49-
"X923Padding",
50-
"ZeroBytePadding");
40+
private static BouncyCastleInfoMap infoMap = new BouncyCastleInfoMap();
41+
42+
static {
43+
infoMap.putKey("ISO10126d2Padding").putName("ISO 10126-2:1991");
44+
infoMap.putKey("ISO7816d4Padding").putName("ISO 7816-4:2020");
45+
infoMap.putKey("PKCS7Padding");
46+
infoMap.putKey("TBCPadding");
47+
infoMap.putKey("X923Padding").putName("X.923");
48+
infoMap.putKey("ZeroBytePadding").putName("Zero byte");
49+
}
5150

5251
private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
5352
List<IDetectionRule<Tree>> constructorsList = new LinkedList<>();
5453

55-
for (String padding : paddingsList) {
54+
for (Map.Entry<String, BouncyCastleInfoMap.Info> entry : infoMap.entrySet()) {
55+
String padding = entry.getKey();
56+
String paddingName = infoMap.getDisplayName(padding, "Padding");
5657
constructorsList.add(
5758
new DetectionRuleBuilder<Tree>()
5859
.createDetectionRule()
5960
.forObjectTypes("org.bouncycastle.crypto.paddings." + padding)
6061
.forConstructor()
61-
.shouldBeDetectedAs(
62-
new ValueActionFactory<>(padding.replace("Padding", "")))
62+
.shouldBeDetectedAs(new ValueActionFactory<>(paddingName))
6363
.withoutParameters()
6464
.buildForContext(new CipherContext(CipherContext.Kind.PADDING))
6565
.inBundle(() -> "BcBlockCipherPadding")

java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java

+9-5
Original file line numberDiff line numberDiff line change
@@ -55,9 +55,13 @@ private BcMessageSigner() {
5555
infoMap.putKey("HSSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
5656
infoMap.putKey("LMSSigner").putType("org.bouncycastle.pqc.crypto.lms.");
5757
infoMap.putKey("PicnicSigner").putType("org.bouncycastle.pqc.crypto.picnic.");
58-
infoMap.putKey("QTESLASigner").putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
58+
infoMap.putKey("QTESLASigner")
59+
.putName("qTESLA")
60+
.putType("org.bouncycastle.pqc.legacy.crypto.qtesla.");
5961
infoMap.putKey("RainbowSigner").putType("org.bouncycastle.pqc.crypto.rainbow.");
60-
infoMap.putKey("SPHINCSPlusSigner").putType("org.bouncycastle.pqc.crypto.sphincsplus.");
62+
infoMap.putKey("SPHINCSPlusSigner")
63+
.putName("SPHINCS+")
64+
.putType("org.bouncycastle.pqc.crypto.sphincsplus.");
6165
}
6266

6367
private static @NotNull List<IDetectionRule<Tree>> simpleConstructors() {
@@ -76,7 +80,7 @@ private BcMessageSigner() {
7680
// We want to capture all possible constructors (some have arguments)
7781
.withAnyParameters()
7882
.buildForContext(
79-
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
83+
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
8084
.inBundle(() -> "bcMessageSigner")
8185
.withDependingDetectionRules(BcMessageSignerInit.rules()));
8286
}
@@ -91,12 +95,12 @@ private BcMessageSigner() {
9195
.createDetectionRule()
9296
.forObjectTypes("org.bouncycastle.pqc.crypto.sphincs.SPHINCS256Signer")
9397
.forConstructor()
94-
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS256"))
98+
.shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS-256"))
9599
.withMethodParameter("org.bouncycastle.crypto.Digest")
96100
.addDependingDetectionRules(BcDigests.rules())
97101
.withMethodParameter("org.bouncycastle.crypto.Digest")
98102
.addDependingDetectionRules(BcDigests.rules())
99-
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
103+
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
100104
.inBundle(() -> "bcMessageSigner")
101105
.withDependingDetectionRules(BcMessageSignerInit.rules()));
102106

java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ private BcStateAwareMessageSigner() {
6464
.shouldBeDetectedAs(new ValueActionFactory<>(signerName))
6565
.withoutParameters()
6666
.buildForContext(
67-
new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
67+
new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
6868
.inBundle(() -> "bcStateAwareMessageSigner")
6969
.withDependingDetectionRules(BcMessageSignerInit.rules()));
7070
}
@@ -83,7 +83,7 @@ private BcStateAwareMessageSigner() {
8383
.shouldBeDetectedAs(new ValueActionFactory<>("GMSS"))
8484
.withMethodParameter("org.bouncycastle.crypto.Digest")
8585
.addDependingDetectionRules(BcDigests.rules())
86-
.buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER))
86+
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
8787
.inBundle(() -> "bcStateAwareMessageSigner")
8888
.withDependingDetectionRules(BcMessageSignerInit.rules()));
8989

java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSigner.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ private BcISO9796d2PSSSigner() {
5151
.withMethodParameter("int")
5252
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
5353
.asChildOfParameterWithId(-1)
54-
.buildForContext(new SignatureContext())
54+
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
5555
.inBundle(() -> "bcISO9796d2PSSSigner")
5656
.withDependingDetectionRules(BcSignerInit.rules());
5757

@@ -69,7 +69,7 @@ private BcISO9796d2PSSSigner() {
6969
.shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT))
7070
.asChildOfParameterWithId(-1)
7171
.withMethodParameter("boolean")
72-
.buildForContext(new SignatureContext())
72+
.buildForContext(new SignatureContext(SignatureContext.Kind.PSS))
7373
.inBundle(() -> "bcISO9796d2PSSSigner")
7474
.withDependingDetectionRules(BcSignerInit.rules());
7575

java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2Signer.java

+4-4
Original file line numberDiff line numberDiff line change
@@ -41,12 +41,12 @@ private BcISO9796d2Signer() {
4141
.createDetectionRule()
4242
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
4343
.forConstructor()
44-
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2"))
44+
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
4545
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
4646
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
4747
.withMethodParameter("org.bouncycastle.crypto.Digest")
4848
.addDependingDetectionRules(BcDigests.rules())
49-
.buildForContext(new SignatureContext())
49+
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
5050
.inBundle(() -> "bcISO9796d2Signer")
5151
.withDependingDetectionRules(BcSignerInit.rules());
5252

@@ -55,13 +55,13 @@ private BcISO9796d2Signer() {
5555
.createDetectionRule()
5656
.forObjectTypes("org.bouncycastle.crypto.signers.ISO9796d2Signer")
5757
.forConstructor()
58-
.shouldBeDetectedAs(new ValueActionFactory<>("ISO9796d2"))
58+
.shouldBeDetectedAs(new ValueActionFactory<>("ISO 9796-2"))
5959
.withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher")
6060
.addDependingDetectionRules(BcAsymmetricBlockCipher.rules())
6161
.withMethodParameter("org.bouncycastle.crypto.Digest")
6262
.addDependingDetectionRules(BcDigests.rules())
6363
.withMethodParameter("boolean")
64-
.buildForContext(new SignatureContext())
64+
.buildForContext(new SignatureContext(SignatureContext.Kind.SIGNATURE_NAME))
6565
.inBundle(() -> "bcISO9796d2Signer")
6666
.withDependingDetectionRules(BcSignerInit.rules());
6767

0 commit comments

Comments
 (0)