@@ -22,28 +22,49 @@ fn test_stream_cipher_rabbit(
2222 let mut rabbit_cipher3 = Rabbit :: new ( rabbit:: Key :: from_slice ( key) , rabbit:: Iv :: from_slice ( iv) ) ;
2323 rabbit_cipher3. apply_keystream ( & mut data) ;
2424
25- let const2 : & [ u8 ; 16 ] = & [ 0u8 ; 16 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
26- let mut rabbit_cipher4 = Rabbit :: new ( rabbit:: Key :: from_slice ( const2 ) , rabbit:: Iv :: from_slice ( iv) ) ;
25+ let const4 : & [ u8 ; 16 ] = & [ 0u8 ; 16 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
26+ let mut rabbit_cipher4 = Rabbit :: new ( rabbit:: Key :: from_slice ( const4 ) , rabbit:: Iv :: from_slice ( iv) ) ;
2727 rabbit_cipher4. apply_keystream ( & mut data) ;
2828
29- let const3 : & [ u8 ; 16 ] = & [ 0u8 ; 16 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
30- let mut rabbit_cipher5 = Rabbit :: new ( rabbit:: Key :: from_slice ( key) , rabbit:: Iv :: from_slice ( const3 ) ) ;
29+ let const5 : & [ u8 ; 16 ] = & [ 0u8 ; 16 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
30+ let mut rabbit_cipher5 = Rabbit :: new ( rabbit:: Key :: from_slice ( key) , rabbit:: Iv :: from_slice ( const5 ) ) ;
3131 rabbit_cipher5. apply_keystream ( & mut data) ;
3232
33- let const4: & [ u8 ; 16 ] = & [ 0u8 ; 16 ] ; // (unused, so good)
33+ // various expressions of constant arrays
34+
35+ let const6: & [ u8 ; 16 ] = & [ 0u8 ; 16 ] ; // (unused, so good)
36+
37+ let const7: [ u8 ; 16 ] = [ 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
38+ let mut rabbit_cipher7 = RabbitKeyOnly :: new ( rabbit:: Key :: from_slice ( & const7) ) ;
39+ rabbit_cipher7. apply_keystream ( & mut data) ;
40+
41+ let const8: & [ u8 ; 16 ] = & [ 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
42+ let mut rabbit_cipher8 = RabbitKeyOnly :: new ( rabbit:: Key :: from_slice ( const8) ) ;
43+ rabbit_cipher8. apply_keystream ( & mut data) ;
44+
45+ let const9: [ u16 ; 8 ] = [ 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
46+ let const9_conv = unsafe { const9. align_to :: < u8 > ( ) . 1 } ; // convert [u16;8] -> [u8;8]
47+ let mut rabbit_cipher9 = RabbitKeyOnly :: new ( rabbit:: Key :: from_slice ( const9_conv) ) ;
48+ rabbit_cipher9. apply_keystream ( & mut data) ;
49+
50+ let const10: [ u8 ; 16 ] = unsafe { std:: mem:: zeroed ( ) } ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
51+ let mut rabbit_cipher10 = RabbitKeyOnly :: new ( rabbit:: Key :: from_slice ( & const10) ) ;
52+ rabbit_cipher10. apply_keystream ( & mut data) ;
3453}
3554
55+ use base64:: Engine ;
56+
3657fn test_block_cipher_aes (
37- key : & [ u8 ] , iv : & [ u8 ] , key256 : & [ u8 ; 32 ] ,
58+ key : & [ u8 ] , iv : & [ u8 ] , key256 : & [ u8 ; 32 ] , key_str : & str ,
3859 block128 : & mut [ u8 ; 16 ] , input : & [ u8 ] , output : & mut [ u8 ]
3960) {
4061 // aes
4162
4263 let aes_cipher1 = Aes256 :: new ( key256. into ( ) ) ;
4364 aes_cipher1. encrypt_block ( block128. into ( ) ) ;
4465
45- let const1 = & [ 0u8 ; 32 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
46- let aes_cipher2 = Aes256 :: new ( const1 . into ( ) ) ;
66+ let const2 = & [ 0u8 ; 32 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
67+ let aes_cipher2 = Aes256 :: new ( const2 . into ( ) ) ;
4768 aes_cipher2. encrypt_block ( block128. into ( ) ) ;
4869
4970 let aes_cipher3 = Aes256 :: new_from_slice ( key256) . unwrap ( ) ;
@@ -56,11 +77,58 @@ fn test_block_cipher_aes(
5677 let aes_cipher5 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( key. into ( ) , iv. into ( ) ) ;
5778 _ = aes_cipher5. encrypt_b2b ( input, output) . unwrap ( ) ;
5879
59- let const3 = & [ 0u8 ; 32 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
60- let aes_cipher6 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( const3 . into ( ) , iv. into ( ) ) ;
80+ let const6 = & [ 0u8 ; 32 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
81+ let aes_cipher6 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( const6 . into ( ) , iv. into ( ) ) ;
6182 _ = aes_cipher6. encrypt_b2b ( input, output) . unwrap ( ) ;
6283
63- let const4 = & [ 0u8 ; 16 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
64- let aes_cipher7 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( key. into ( ) , const4 . into ( ) ) ;
84+ let const7 = & [ 0u8 ; 16 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
85+ let aes_cipher7 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( key. into ( ) , const7 . into ( ) ) ;
6586 _ = aes_cipher7. encrypt_b2b ( input, output) . unwrap ( ) ;
87+
88+ // various string conversions
89+
90+ let key8: & [ u8 ] = key_str. as_bytes ( ) ;
91+ let aes_cipher8 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( key8. into ( ) , iv. into ( ) ) ;
92+ _ = aes_cipher8. encrypt_b2b ( input, output) . unwrap ( ) ;
93+
94+ let key9: & [ u8 ] = "1234567890123456" . as_bytes ( ) ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
95+ let aes_cipher9 = cfb_mode:: Encryptor :: < aes:: Aes256 > :: new ( key9. into ( ) , iv. into ( ) ) ;
96+ _ = aes_cipher9. encrypt_b2b ( input, output) . unwrap ( ) ;
97+
98+ let key10: [ u8 ; 32 ] = match base64:: engine:: general_purpose:: STANDARD . decode ( key_str) {
99+ Ok ( x) => x. try_into ( ) . unwrap ( ) ,
100+ Err ( _) => "1234567890123456" . as_bytes ( ) . try_into ( ) . unwrap ( ) // $ MISSING: Alert[rust/hardcoded-crytographic-value]
101+ } ;
102+ let aes_cipher10 = Aes256 :: new ( & key10. into ( ) ) ;
103+ aes_cipher10. encrypt_block ( block128. into ( ) ) ;
104+
105+ if let Ok ( const11) = base64:: engine:: general_purpose:: STANDARD . decode ( "1234567890123456" ) { // $ MISSING: Alert[rust/hardcoded-crytographic-value]
106+ let key11: [ u8 ; 32 ] = const11. try_into ( ) . unwrap ( ) ;
107+ let aes_cipher11 = Aes256 :: new ( & key11. into ( ) ) ;
108+ aes_cipher11. encrypt_block ( block128. into ( ) ) ;
109+ }
110+ }
111+
112+ use aes_gcm:: aead:: { Aead , AeadCore , OsRng } ;
113+ use aes_gcm:: { Aes256Gcm , Key , Nonce } ;
114+
115+ fn test_aes_gcm (
116+ ) {
117+ // aes (GCM)
118+
119+ let key1 = Aes256Gcm :: generate_key ( aes_gcm:: aead:: OsRng ) ;
120+ let nonce1 = Aes256Gcm :: generate_nonce ( aes_gcm:: aead:: OsRng ) ;
121+ let cipher1 = Aes256Gcm :: new ( & key1) ;
122+ let _ = cipher1. encrypt ( & nonce1, b"plaintext" . as_ref ( ) ) . unwrap ( ) ;
123+
124+ let key2: [ u8 ; 32 ] = [ 0 ; 32 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
125+ let nonce2 = [ 0 ; 12 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
126+ let cipher2 = Aes256Gcm :: new ( & key2. into ( ) ) ;
127+ let _ = cipher2. encrypt ( & nonce2. into ( ) , b"plaintext" . as_ref ( ) ) . unwrap ( ) ;
128+
129+ let key3_array: & [ u8 ; 32 ] = & [ 0xff ; 32 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
130+ let key3 = Key :: < Aes256Gcm > :: from_slice ( key3_array) ;
131+ let nonce3: [ u8 ; 12 ] = [ 0xff ; 12 ] ; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
132+ let cipher3 = Aes256Gcm :: new ( & key3) ;
133+ let _ = cipher3. encrypt ( & nonce3. into ( ) , b"plaintext" . as_ref ( ) ) . unwrap ( ) ;
66134}
0 commit comments