Skip to content

Commit 3d6a889

Browse files
geoffw0geoffw0
committed
Swift: Make use of CBC blockmode in examples and tests mode accurate.
1 parent 41c3d1b commit 3d6a889

File tree

6 files changed

+128
-119
lines changed

6 files changed

+128
-119
lines changed

swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,9 @@ func encrypt(padding : Padding) {
66
let key: Array<UInt8> = [0x2a, 0x3a, 0x80, 0x05]
77
let keyString = "this is a constant string"
88
let ivString = getRandomIV()
9-
_ = try AES(key: key, blockMode: CBC(), padding: padding)
9+
_ = try AES(key: key, blockMode: CBC(AES.randomIV(AES.blockSize)), padding: padding)
1010
_ = try AES(key: keyString, iv: ivString)
11-
_ = try Blowfish(key: key, blockMode: CBC(), padding: padding)
11+
_ = try Blowfish(key: key, blockMode: CBC(Blowfish.randomIV(Blowfish.blockSize)), padding: padding)
1212
_ = try Blowfish(key: keyString, iv: ivString)
1313

1414

@@ -18,9 +18,9 @@ func encrypt(padding : Padding) {
1818
if status == errSecSuccess {
1919
let keyString = String(cString: key)
2020
let ivString = getRandomIV()
21-
_ = try AES(key: key, blockMode: CBC(), padding: padding)
21+
_ = try AES(key: key, blockMode: CBC(AES.randomIV(AES.blockSize)), padding: padding)
2222
_ = try AES(key: keyString, iv: ivString)
23-
_ = try Blowfish(key: key, blockMode: CBC(), padding: padding)
23+
_ = try Blowfish(key: key, blockMode: CBC(Blowfish.randomIV(Blowfish.blockSize)), padding: padding)
2424
_ = try Blowfish(key: keyString, iv: ivString)
2525
}
2626

swift/ql/src/queries/Security/CWE-327/ECBEncryption.swift

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,11 @@ func encrypt(key : Key, padding : Padding) {
99
_ = try Blowfish(key: key, blockMode: blockMode, padding: padding)
1010

1111
// GOOD: ECB is not used for block mode
12-
let blockMode = CBC()
13-
_ = try AES(key: key, blockMode: blockMode, padding: padding)
14-
_ = try AES(key: key, blockMode: blockMode)
15-
_ = try Blowfish(key: key, blockMode: blockMode, padding: padding)
12+
let aesBlockMode = CBC(iv: AES.randomIV(AES.blockSize))
13+
let blowfishBlockMode = CBC(iv: Blowfish.randomIV(Blowfish.blockSize))
14+
_ = try AES(key: key, blockMode: aesBlockMode, padding: padding)
15+
_ = try AES(key: key, blockMode: aesBlockMode)
16+
_ = try Blowfish(key: key, blockMode: blowfishBlockMode, padding: padding)
1617

1718
// ...
1819
}

0 commit comments

Comments
 (0)