diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll index ef7186d07a0e..76746eceba4e 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll @@ -40,7 +40,7 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith result = this.(Call).getTarget().getName() } - override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() { + override Crypto::EllipticCurveType getEllipticCurveType() { if Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _, _) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll index 55b2dcd7af4c..0facc99519d7 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll @@ -72,7 +72,7 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } - override Crypto::THashType getHashFamily() { + override Crypto::THashType getHashType() { knownOpenSslConstantToHashFamilyType(this, result) or not knownOpenSslConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType() diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 8b27409410a3..be91a0158721 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -52,11 +52,7 @@ module JCAModel { } bindingset[hash] - predicate hash_names(string hash) { - hash.toUpperCase() - .matches(["SHA-%", "SHA3-%", "BLAKE2b%", "BLAKE2s%", "MD5", "RIPEMD160", "Whirlpool"] - .toUpperCase()) - } + predicate hash_names(string hash) { exists(hash_name_to_type_known(hash, _)) } bindingset[kdf] predicate kdf_names(string kdf) { @@ -110,7 +106,8 @@ module JCAModel { predicate signature_names(string name) { name.toUpperCase().splitAt("WITH", 1).matches(["RSA%", "ECDSA%", "DSA%"]) or - name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"]) + name.toUpperCase() + .matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS", "DSA"]) } bindingset[name] @@ -131,41 +128,43 @@ module JCAModel { // TODO: add additional } - bindingset[name] - Crypto::HashType hash_name_to_type_known(string name, int digestLength) { - name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 - or - name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and - result instanceof Crypto::SHA2 and - digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() - or - name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and - result instanceof Crypto::SHA3 and - digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() - or - ( - name.matches("BLAKE2b%") and - result instanceof Crypto::BLAKE2B + bindingset[nameRaw] + Crypto::HashType hash_name_to_type_known(string nameRaw, int digestLength) { + exists(string name | name = nameRaw.toUpperCase() | + name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 + or + name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and + result instanceof Crypto::SHA2 and + digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() + or + name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and + result instanceof Crypto::SHA3 and + digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() + or + ( + name.toUpperCase().matches("BLAKE2B%") and + result instanceof Crypto::BLAKE2B + or + name.toUpperCase() = "BLAKE2S" and result instanceof Crypto::BLAKE2S + ) and + ( + if exists(name.indexOf("-")) + then name.splitAt("-", 1).toInt() = digestLength + else digestLength = 512 + ) or - name = "BLAKE2s" and result instanceof Crypto::BLAKE2S - ) and - ( - if exists(name.indexOf("-")) - then name.splitAt("-", 1).toInt() = digestLength - else digestLength = 512 + name = "MD5" and + result instanceof Crypto::MD5 and + digestLength = 128 + or + name = "RIPEMD160" and + result instanceof Crypto::RIPEMD160 and + digestLength = 160 + or + name = "WHIRLPOOL" and + result instanceof Crypto::WHIRLPOOL and + digestLength = 512 // TODO: verify ) - or - name = "MD5" and - result instanceof Crypto::MD5 and - digestLength = 128 - or - name = "RIPEMD160" and - result instanceof Crypto::RIPEMD160 and - digestLength = 160 - or - name = "Whirlpool" and - result instanceof Crypto::WHIRLPOOL and - digestLength = 512 // TODO: verify } bindingset[name] @@ -257,6 +256,8 @@ module JCAModel { name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) or name.toUpperCase() = "HSS/LMS" and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) + or + name.toUpperCase() = "DSA" and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) } bindingset[name] @@ -265,9 +266,9 @@ module JCAModel { } /** - * A `StringLiteral` in the `"ALG/MODE/PADDING"` or `"ALG"` format + * A `JavaConstant` in the `"ALG/MODE/PADDING"` or `"ALG"` format */ - class CipherStringLiteral extends StringLiteral { + class CipherStringLiteral extends JavaConstant { CipherStringLiteral() { cipher_names(this.getValue().splitAt("/")) } string getAlgorithmName() { result = this.getValue().splitAt("/", 0) } @@ -426,7 +427,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = super.getPadding() } - override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } @@ -836,7 +837,7 @@ module JCAModel { * Flow from a known hash algorithm name to a `MessageDigest.getInstance(sink)` call. */ module KnownHashAlgorithmLiteralToMessageDigestConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { hash_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { hash_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(HashAlgorithmValueConsumer consumer | sink = consumer.getInputNode()) @@ -846,7 +847,7 @@ module JCAModel { module KnownHashAlgorithmLiteralToMessageDigestFlow = DataFlow::Global; - class KnownHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof StringLiteral { + class KnownHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof JavaConstant { HashAlgorithmValueConsumer consumer; KnownHashAlgorithm() { @@ -859,7 +860,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = super.getValue() } - override Crypto::THashType getHashFamily() { + override Crypto::THashType getHashType() { result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _) } @@ -1019,7 +1020,8 @@ module JCAModel { } class KeyGenerationAlgorithmValueConsumer extends CipherAlgorithmValueConsumer, - KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer instanceof Expr + KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer, + SignatureAlgorithmValueConsumer instanceof Expr { KeyGeneratorGetInstanceCall instantiationCall; @@ -1095,21 +1097,6 @@ module JCAModel { } } - /** - * An instance of `java.security.SecureRandom.nextBytes(byte[])` call. - * This is already generally modeled for Java in CodeQL, but - * we model it again as part of the crypto API model to have a cohesive model. - */ - class JavaSecuritySecureRandom extends Crypto::RandomNumberGenerationInstance instanceof Call { - JavaSecuritySecureRandom() { - this.getCallee().hasQualifiedName("java.security", "SecureRandom", "nextBytes") - } - - override Crypto::DataFlowNode getOutputNode() { result.asExpr() = this.(Call).getArgument(0) } - - override string getGeneratorName() { result = this.(Call).getCallee().getName() } - } - class KeyGeneratorGenerateCall extends Crypto::KeyGenerationOperationInstance instanceof MethodCall { Crypto::KeyArtifactType type; @@ -1206,7 +1193,7 @@ module JCAModel { } module KDFAlgorithmStringToGetInstanceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { kdf_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { kdf_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(SecretKeyFactoryGetInstanceCall call | sink.asExpr() = call.getAlgorithmArg()) @@ -1247,7 +1234,7 @@ module JCAModel { predicate isIntermediate() { none() } } - class KdfAlgorithmStringLiteral extends Crypto::KeyDerivationAlgorithmInstance instanceof StringLiteral + class KdfAlgorithmStringLiteral extends Crypto::KeyDerivationAlgorithmInstance instanceof JavaConstant { SecretKeyFactoryKDFAlgorithmValueConsumer consumer; @@ -1268,7 +1255,7 @@ module JCAModel { class Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral() { - this.(StringLiteral).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) + this.(JavaConstant).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) } override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { @@ -1289,7 +1276,7 @@ module JCAModel { override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } - override string getRawAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawAlgorithmName() { result = this.(JavaConstant).getValue() } } class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral @@ -1297,12 +1284,12 @@ module JCAModel { string hashName; Pbkdf2WithHmac_HashAlgorithmStringLiteral() { - hashName = this.(StringLiteral).getValue().splitAt("WithHmac", 1) + hashName = this.(JavaConstant).getValue().splitAt("WithHmac", 1) } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = this.(JavaConstant).getValue() } - override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } @@ -1414,7 +1401,7 @@ module JCAModel { GetInstanceInitUseFlowAnalysis; - class KeyAgreementStringLiteral extends StringLiteral { + class KeyAgreementStringLiteral extends JavaConstant { KeyAgreementStringLiteral() { key_agreement_names(this.getValue()) } } @@ -1532,7 +1519,7 @@ module JCAModel { */ module MacKnownAlgorithmToConsumerConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { mac_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { mac_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(MacGetInstanceCall call | sink.asExpr() = call.getAlgorithmArg()) @@ -1566,7 +1553,7 @@ module JCAModel { module MacInitCallToMacOperationFlow = DataFlow::Global; - class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof StringLiteral { + class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof JavaConstant { MacGetInstanceAlgorithmValueConsumer consumer; KnownMacAlgorithm() { @@ -1722,7 +1709,7 @@ module JCAModel { } } - class SignatureStringLiteral extends StringLiteral { + class SignatureStringLiteral extends JavaConstant { SignatureStringLiteral() { signature_names(this.getValue()) } } @@ -1765,12 +1752,12 @@ module JCAModel { int digestLength; SignatureHashAlgorithmInstance() { - hashType = signature_name_to_hash_type_known(this.(StringLiteral).getValue(), digestLength) + hashType = signature_name_to_hash_type_known(this.(JavaConstant).getValue(), digestLength) } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = this.(JavaConstant).getValue() } - override Crypto::THashType getHashFamily() { result = hashType } + override Crypto::THashType getHashType() { result = hashType } override int getFixedDigestLength() { result = digestLength } } @@ -1891,7 +1878,7 @@ module JCAModel { module EllipticCurveStringToConsumerFlow = DataFlow::Global; - class EllipticCurveStringLiteral extends StringLiteral { + class EllipticCurveStringLiteral extends JavaConstant { EllipticCurveStringLiteral() { elliptic_curve_names(this.getValue()) } } @@ -1905,7 +1892,7 @@ module JCAModel { override string getRawEllipticCurveName() { result = super.getValue() } - override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() { + override Crypto::EllipticCurveType getEllipticCurveType() { if Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), _, _) then diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index e203d2a15873..d30b30f8ef1e 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -93,8 +93,54 @@ private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource { override string getAdditionalDescription() { result = this.toString() } } -private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal { - ConstantDataSource() { +import semmle.code.java.frameworks.Properties +private import semmle.code.configfiles.ConfigFiles + +/** + * A class to represent constants in Java code, either literals or + * values retrieved from properties files. + * Java CodeQL does not consider the values of known properties to be literals, + * hence we need to model both literals and property calls. + */ +class JavaConstant extends Expr { + string value; + + JavaConstant() { + // If arg 0 in a getProperty call, consider it a literal only if + // we haven't resolved it to a known property value, otherwise + // use the resolved config value. + // If getProperty is used, always assume the default value is potentially used. + // CAVEAT/ASSUMPTION: this assumes the literal is immediately known at arg0 + // of a getProperty call. + // also if the properties file is reloaded in a way where the reloaded file + // wouldn't have the property but the original does, we would erroneously + // consider the literal to be mapped to that property value. + exists(ConfigPair p, PropertiesGetPropertyMethodCall c | + c.getArgument(0).(Literal).getValue() = p.getNameElement().getName() and + value = p.getValueElement().getValue() and + this = c + ) + or + // in this case, the property value is not known, use the literal property name as the value + exists(PropertiesGetPropertyMethodCall c | + value = c.getArgument(0).(Literal).getValue() and + not exists(ConfigPair p | + c.getArgument(0).(Literal).getValue() = p.getNameElement().getName() + ) and + this = c + ) + or + // in this case, there is not propery getter, we just have a literal + not exists(PropertiesGetPropertyMethodCall c | c.getArgument(0) = this) and + value = this.(Literal).getValue() + } + + string getValue() { result = value } +} + +private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceInstance instanceof JavaConstant +{ + ConstantDataSourceLiteral() { // TODO: this is an API specific workaround for JCA, as 'EC' is a constant that may be used // where typical algorithms are specified, but EC specifically means set up a // default curve container, that will later be specified explicitly (or if not a default) @@ -112,6 +158,20 @@ private class ConstantDataSource extends Crypto::GenericConstantSourceInstance i override string getAdditionalDescription() { result = this.toString() } } +private class ConstantDataSourceArrayInitializer extends Crypto::GenericConstantSourceInstance instanceof ArrayInit +{ + ConstantDataSourceArrayInitializer() { this.getAnInit() instanceof Literal } + + override DataFlow::Node getOutputNode() { result.asExpr() = this } + + override predicate flowsTo(Crypto::FlowAwareElement other) { + // TODO: separate config to avoid blowing up data-flow analysis + GenericDataSourceFlow::flow(this.getOutputNode(), other.getInputNode()) + } + + override string getAdditionalDescription() { result = this.toString() } +} + /** * An instance of random number generation, modeled as the expression * tied to an output node (i.e., the result of the source of randomness) @@ -215,7 +275,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig { module GenericDataSourceFlow = TaintTracking::Global; -module ArtifactFlow = DataFlow::Global; +module ArtifactFlow = TaintTracking::Global; // Import library-specific modeling import JCA diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql deleted file mode 100644 index f00621d4d2b6..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql +++ /dev/null @@ -1,22 +0,0 @@ -/** - * @name Insecure nonce at a cipher operation - * @id java/quantum/insecure-nonce - * @description A nonce is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) { - src = n.getSourceNode() and - not src.asElement() instanceof SecureRandomnessInstance -} - -from Crypto::KeyOperationNode op, Crypto::NodeBase src -where isInsecureNonceSource(op.getANonce(), src) -select op, "Operation uses insecure nonce source $@", src, src.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql deleted file mode 100644 index 2dd5b0b006be..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @name Weak known key derivation function iteration count - * @description Detects key derivation operations with a known weak iteration count. - * @id java/quantum/weak-kdf-iteration-count - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import java -import experimental.quantum.Language - -from Crypto::KeyDerivationOperationNode op, Literal l -where - op.getIterationCount().asElement() = l and - l.getValue().toInt() < 100000 -select op, "Key derivation operation configures iteration count below 100k: $@", l, - l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql b/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql deleted file mode 100644 index ed2872bb67e1..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql +++ /dev/null @@ -1,17 +0,0 @@ -/** - * @name Reuse of cryptographic nonce - * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. - * @id java/quantum/reused-nonce - * @kind problem - * @problem.severity error - * @precision medium - * @tags quantum - * experimental - */ - -import java -import ArtifactReuse - -from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2 -where isArtifactReuse(nonce1, nonce2) -select nonce1, "Reuse with nonce $@", nonce2, nonce2.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll similarity index 50% rename from java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll rename to java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll index 0e28d9ffe5e3..776510b52ad1 100644 --- a/java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll +++ b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll @@ -8,7 +8,7 @@ import experimental.quantum.Language * NOTE: TODO: need to handle call by refernece for now. Need to re-evaluate (see notes below) * Such functions may be 'wrappers' for some derived value. */ -private module WrapperConfig implements DataFlow::ConfigSig { +private module ArtifactGeneratingWrapperConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof Call and // not handling references yet, I think we want to flat say references are only ok @@ -28,25 +28,41 @@ private module WrapperConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(Crypto::ArtifactNode i).asElement() } } -module WrapperFlow = DataFlow::Global; +module ArtifactGeneratingWrapperFlow = TaintTracking::Global; /** * Using a set approach to determine if reuse of an artifact exists. * This predicate produces a set of 'wrappers' that flow to the artifact node. * This set can be compared with the set to another artifact node to determine if they are the same. */ -private DataFlow::Node getWrapperSet(Crypto::NonceArtifactNode a) { - WrapperFlow::flow(result, DataFlow::exprNode(a.asElement())) +private DataFlow::Node getGeneratingWrapperSet(Crypto::NonceArtifactNode a) { + ArtifactGeneratingWrapperFlow::flow(result, DataFlow::exprNode(a.asElement())) or result.asExpr() = a.getSourceElement() } +private predicate ancestorOfArtifact( + Crypto::ArtifactNode a, Callable enclosingCallable, ControlFlow::Node midOrTarget +) { + a.asElement().(Expr).getEnclosingCallable() = enclosingCallable and + ( + midOrTarget.asExpr() = a.asElement() or + midOrTarget.asExpr().(Call).getCallee().calls*(a.asElement().(Expr).getEnclosingCallable()) + ) +} + /** * Two different artifact nodes are considered reuse if any of the following conditions are met: * 1. The source for artifact `a` and artifact `b` are the same and the source is a literal. * 2. The source for artifact `a` and artifact `b` are not the same and the source is a literal of the same value. - * 3. For all 'wrappers' that return the source of artifact `a`, and that wrapper also exists for artifact `b`. - * 4. For all 'wrappers' that return the source of artifact `b`, and that wrapper also exists for artifact `a`. + * 3. For all 'wrappers' that return the source of artifact `a`, and each wrapper also exists for artifact `b`. + * 4. For all 'wrappers' that return the source of artifact `b`, and each wrapper also exists for artifact `a`. + * + * The above conditions determine that the use of the IV is from the same source, but the use may + * be on separate code paths that do not occur sequentially. We must therefore also find a common callable ancestor + * for both uses, and in that ancestor, there must be control flow from the call or use of one to the call or use of the other. + * Note that if no shared ancestor callable exists, it means the flow is more nuanced and ignore the shared ancestor + * use flow. */ predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) { a != b and @@ -55,12 +71,32 @@ predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) { or a.getSourceElement().(Literal).getValue() = b.getSourceElement().(Literal).getValue() or - forex(DataFlow::Node e | e = getWrapperSet(a) | - exists(DataFlow::Node e2 | e2 = getWrapperSet(b) | e = e2) + forex(DataFlow::Node e | e = getGeneratingWrapperSet(a) | + exists(DataFlow::Node e2 | e2 = getGeneratingWrapperSet(b) | e = e2) ) or - forex(DataFlow::Node e | e = getWrapperSet(b) | - exists(DataFlow::Node e2 | e2 = getWrapperSet(a) | e = e2) + forex(DataFlow::Node e | e = getGeneratingWrapperSet(b) | + exists(DataFlow::Node e2 | e2 = getGeneratingWrapperSet(a) | e = e2) + ) + ) and + // If there is a common parent, there is control flow between the two uses in the parent + // TODO: this logic needs to be examined/revisited to ensure it is correct + ( + exists(Callable commonParent | + ancestorOfArtifact(a, commonParent, _) and + ancestorOfArtifact(b, commonParent, _) + ) + implies + exists(Callable commonParent, ControlFlow::Node aMid, ControlFlow::Node bMid | + ancestorOfArtifact(a, commonParent, aMid) and + ancestorOfArtifact(b, commonParent, bMid) and + a instanceof Crypto::NonceArtifactNode and + b instanceof Crypto::NonceArtifactNode and + ( + aMid.getASuccessor*() = bMid + or + bMid.getASuccessor*() = aMid + ) ) ) } diff --git a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql new file mode 100644 index 000000000000..773f5a3c448b --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql @@ -0,0 +1,89 @@ +/** + * @name Insecure nonce/iv (static value or weak random source) + * @id java/quantum/insecure-iv-or-nonce + * @description A nonce/iv is generated from a source that is not secure. This can lead to + * vulnerabilities such as replay attacks or key recovery. Insecure generation + * is any static nonce, or any known insecure source for a nonce/iv if + * the value is used for an encryption operation (decryption operations are ignored + * as the nonce/iv would be provided alongside the ciphertext). + * @kind path-problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +module NonceSrcFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::NonceArtifactNode nonce | sink.asExpr() = nonce.asElement()) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module NonceSrcFlow = TaintTracking::Global; + +import NonceSrcFlow::PathGraph + +from + Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg, + NonceSrcFlow::PathNode srcNode, NonceSrcFlow::PathNode sinkNode +where + nonce.getSourceNode() = src and + // NOTE: null nonces should be handled seaparately, often used for default values prior to initialization + // failure to initialize should, in practice, lead to a NullPointerException, which is a separate concern + // however there may be APIs where NULL uses a default nonce or action. + not src.asElement() instanceof NullLiteral and + ( + // Case 1: Any constant nonce/iv is bad, regardless of how it is used + src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op = nonce and // binding op but not using it + msg = "Nonce or IV uses constant source $@" + or + // Case 2: The nonce has a non-random source and there is no known operation for the nonce + // assume it is used for encryption + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and // binding op, but not using it + msg = + "Nonce or IV uses insecure source $@ with no observed nonce usage (assuming could be for encryption)." + or + // Case 3: The nonce has a non-random source and is used in an encryption operation + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Nonce or IV uses insecure source $@ at encryption operation $@" + ) and + srcNode.getNode().asExpr() = src.asElement() and + sinkNode.getNode().asExpr() = nonce.asElement() and + NonceSrcFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, msg, src, src.toString(), op, op.toString() diff --git a/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql new file mode 100644 index 000000000000..aa05f7695c6f --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql @@ -0,0 +1,25 @@ +/** + * @name Cipher not AES-GCM mode + * @id java/quantum/non-aes-gcm + * @description An AES cipher is in use without GCM + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +class NonAESGCMAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { + NonAESGCMAlgorithmNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + this.getModeOfOperation().getModeType() != Crypto::KeyOpAlg::GCM() + } +} + +from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode +where + op.getAKnownAlgorithm() instanceof NonAESGCMAlgorithmNode and + codeNode = op.getAnOutputArtifact() +select op, "Non-AES-GCM instance." diff --git a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql new file mode 100644 index 000000000000..736b28d22111 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql @@ -0,0 +1,89 @@ +/** + * @name Reuse of cryptographic nonce + * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. + * @id java/quantum/reused-nonce + * @kind path-problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import ArtifactReuse + +module NonceSrcFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::NonceArtifactNode nonce | sink.asExpr() = nonce.asElement()) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module NonceSrcFlow = TaintTracking::Global; + +import NonceSrcFlow::PathGraph + +from + Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2, Crypto::NodeBase src, + NonceSrcFlow::PathNode srcNode, NonceSrcFlow::PathNode sinkNode +where + isArtifactReuse(nonce1, nonce2) and + // NOTE: in general we may not know a source, but see possible reuse, + // we are not detecting these cases here (only where the source is the same). + src = nonce1.getSourceNode() and + src = nonce2.getSourceNode() and + // Null literals are typically used for initialization, and if two 'nulls' + // are reused, it is likely an uninitialization path that would result in a NullPointerException. + not src.asElement() instanceof NullLiteral and + // if the nonce is used in an encryption and decryption, ignore that reuse + not exists(Crypto::CipherOperationNode op1, Crypto::CipherOperationNode op2 | + op1 != op2 and + op1.getANonce() = nonce1 and + op2.getANonce() = nonce2 and + ( + ( + op1.getKeyOperationSubtype() instanceof Crypto::TEncryptMode or + op1.getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + ( + op2.getKeyOperationSubtype() instanceof Crypto::TDecryptMode or + op2.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode + ) + or + ( + op2.getKeyOperationSubtype() instanceof Crypto::TEncryptMode or + op2.getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + ( + op1.getKeyOperationSubtype() instanceof Crypto::TDecryptMode or + op1.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode + ) + ) + ) and + srcNode.getNode().asExpr() = src.asElement() and + sinkNode.getNode().asExpr() = nonce1.asElement() and + NonceSrcFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, "Nonce source is reused, see alternate sink $@", nonce2, + nonce2.toString() diff --git a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql new file mode 100644 index 000000000000..d9dce7a7aba5 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql @@ -0,0 +1,17 @@ +/** + * @name Unknown hashes + * @description Finds uses of cryptographic hashing algorithms of unknown type. + * @id java/quantum/unknown-hash + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::HashAlgorithmNode alg +where not exists(alg.getHashType()) +select alg, "Use of unknown hash algorithm or API." diff --git a/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql new file mode 100644 index 000000000000..fdd04f7f2176 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql @@ -0,0 +1,36 @@ +/** + * @name Unknown nonce/iv source + * @id java/quantum/unknown-iv-or-nonce-source + * @description A nonce/iv is generated from a source that is not secure. Failure to initialize + * an IV or nonce properly can lead to vulnerabilities such as replay attacks or key recovery. + * IV may be unknown at a decryption operation (IV would be provided alongside the ciphertext). + * These cases are ignored. + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +from Crypto::NonceArtifactNode nonce, Crypto::NodeBase op, string msg +where + not exists(nonce.getSourceNode()) and + ( + // Nonce not associated with any known cipher operation, assume unknown as insecure + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and + msg = + "Unknown IV/Nonce initialization source with no observed nonce usage (assuming could be for encryption)." + or + // Nonce associated cipher operation where the mode is not explicitly encryption + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Unknown IV/Nonce initialization source at encryption operation $@" + ) +select nonce, msg, op, op.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql similarity index 96% rename from java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql rename to java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql index 21bca11cc1af..b0c41298eb27 100644 --- a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql @@ -4,7 +4,7 @@ * @id java/quantum/unknown-kdf-iteration-count * @kind problem * @precision medium - * @severity warning + * @problem.severity error * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql new file mode 100644 index 000000000000..c72e73b84ad4 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -0,0 +1,70 @@ +/** + * @name Weak Asymmetric Key Size + * @id java/quantum/weak-asymmetric-key-gen-size + * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation. + * @kind path-problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +module KeySizeFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyCreationOperationNode kgen | + sink = kgen.getKeySizeConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module KeySizeFlow = TaintTracking::Global; + +import KeySizeFlow::PathGraph + +from + Crypto::KeyCreationOperationNode keygen, int keySize, Crypto::AlgorithmNode alg, + KeySizeFlow::PathNode srcNode, KeySizeFlow::PathNode sinkNode +where + // ASSUMPTION/NOTE: if the key size is set on a key creation, but the key creation itself is not observed + // (i.e., the size is initialized but the operation not observed) currently we will not + // detect the size. A key creation operation currently must be observed. + keygen.getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and + // NOTE: if algorithm is not known (doesn't bind) we need a separate query + // Also note the algorithm may also be re-specified at a use of the key + alg = keygen.getAKnownAlgorithm() and + not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm + not alg.(Crypto::KeyAgreementAlgorithmNode).getKeyAgreementType() = Crypto::ECDH() and // ECDH key sizes should be handled with elliptic curves + alg instanceof Crypto::AsymmetricAlgorithmNode and + keySize < 2048 and + srcNode.getNode().asExpr() = keygen.getAKeySizeSource().asElement() and + sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode() and + KeySizeFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg, + alg.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql new file mode 100644 index 000000000000..189f58eebad3 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql @@ -0,0 +1,33 @@ +/** + * @name Weak AES Block mode + * @id java/quantum/weak-block-modes + * @description An AES cipher is in use with an insecure block mode + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +class WeakAESBlockModeAlgNode extends Crypto::KeyOperationAlgorithmNode { + Crypto::ModeOfOperationAlgorithmNode mode; + + WeakAESBlockModeAlgNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + mode = super.getModeOfOperation() and + ( + mode.getModeType() = Crypto::KeyOpAlg::ECB() or + mode.getModeType() = Crypto::KeyOpAlg::CFB() or + mode.getModeType() = Crypto::KeyOpAlg::OFB() or + mode.getModeType() = Crypto::KeyOpAlg::CTR() + ) + } + + Crypto::ModeOfOperationAlgorithmNode getMode() { result = mode } +} + +from WeakAESBlockModeAlgNode alg +select alg, "Weak AES block mode instance $@.", alg.getMode(), alg.getMode().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql new file mode 100644 index 000000000000..ecbe9318c3d9 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql @@ -0,0 +1,37 @@ +/** + * @name Weak hashes + * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak. + * @id java/quantum/weak-hash + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + * quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg +where + htype = alg.getHashType() and + ( + (htype != Crypto::SHA2() and htype != Crypto::SHA3()) and + msg = "Use of unapproved hash algorithm or API: " + htype.toString() + "." + or + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + not exists(alg.getDigestLength()) and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." + or + exists(int digestLength | + digestLength = alg.getDigestLength() and + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + digestLength < 256 and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + + digestLength + ")." + ) + ) +select alg, msg diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql new file mode 100644 index 000000000000..fc07c30e6772 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql @@ -0,0 +1,60 @@ +/** + * @name Weak known key derivation function iteration count + * @description Detects key derivation operations with a known weak iteration count. + * @id java/quantum/weak-kdf-iteration-count + * @kind path-problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +module IterationCountConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyDerivationOperationInstance kdev | + sink = kdev.getIterationCountConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module IterationCountFlow = TaintTracking::Global; + +import IterationCountFlow::PathGraph + +from + Crypto::KeyDerivationOperationNode op, Literal l, IterationCountFlow::PathNode srcNode, + IterationCountFlow::PathNode sinkNode +where + op.getIterationCount().asElement() = l and + l.getValue().toInt() < 100000 and + srcNode.getNode().asExpr() = l and + sinkNode.getNode() = op.getIterationCountConsumer().getConsumer().getInputNode() and + IterationCountFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Key derivation operation configures iteration count below 100k: $@", l, l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql new file mode 100644 index 000000000000..3bd93cf8e0dc --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql @@ -0,0 +1,60 @@ +/** + * @name Weak known key derivation function output length + * @description Detects key derivation operations with a known weak output length + * @id java/quantum/weak-kdf-key-size + * @kind path-problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +module KeySizeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyDerivationOperationInstance kdev | + sink = kdev.getKeySizeConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module KeySizeFlow = TaintTracking::Global; + +import KeySizeFlow::PathGraph + +from + Crypto::KeyDerivationOperationNode op, Literal l, KeySizeFlow::PathNode srcNode, + KeySizeFlow::PathNode sinkNode +where + op.getOutputKeySize().asElement() = l and + l.getValue().toInt() < 256 and + srcNode.getNode().asExpr() = l and + sinkNode.getNode() = op.getKeySizeConsumer().getConsumer().getInputNode() and + KeySizeFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Key derivation operation configures output key length below 256: $@", l, l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakRSA.ql b/java/ql/src/experimental/quantum/Examples/WeakRSA.ql new file mode 100644 index 000000000000..f365b4d7e75a --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakRSA.ql @@ -0,0 +1,25 @@ +/** + * @name Cipher is Weak RSA Implementation + * @id java/quantum/weak-rsa + * @description RSA with a key length <2048 found + * @kind problem + * @problem.severity error + * @precision high + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +class WeakRsaAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { + WeakRsaAlgorithmNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TAsymmetricCipher(Crypto::KeyOpAlg::RSA()) and + this.getKeySizeFixed() < 2048 + } +} + +from Crypto::KeyOperationNode op, string message +where + op.getAKnownAlgorithm() instanceof WeakRsaAlgorithmNode and + message = "Weak RSA instance found with key length <2048" +select op, message diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql new file mode 100644 index 000000000000..a7e03c62a53c --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql @@ -0,0 +1,29 @@ +/** + * @name Weak symmetric ciphers + * @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak. + * @id java/quantum/weak-ciphers + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + * quantum + * experimental + */ + +import java +import experimental.quantum.Language +import Crypto::KeyOpAlg as KeyOpAlg + +from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType +where + algType = alg.getAlgorithmType() and + ( + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DOUBLE_DES()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or + algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) + ) +select alg, "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 94e4d2bf0561..0be5a459da17 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -29,7 +29,6 @@ | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | @@ -38,7 +37,6 @@ | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | @@ -46,8 +44,7 @@ | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | -| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | @@ -56,7 +53,6 @@ | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | @@ -64,8 +60,7 @@ | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | -| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | @@ -112,7 +107,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | @@ -142,7 +136,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | @@ -162,7 +155,7 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | @@ -170,10 +163,13 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | @@ -181,13 +177,13 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | -| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:24:44:24:52 | Message | @@ -198,34 +194,36 @@ | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | -| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | -| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | -| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | | jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | @@ -233,7 +231,6 @@ | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | Source | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | -| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | @@ -244,7 +241,6 @@ | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | Source | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | -| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:100:55:100:69 | Message | @@ -255,7 +251,6 @@ | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | Source | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | -| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:105:61:105:75 | Message | @@ -266,7 +261,6 @@ | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | Source | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | -| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:52:110:75 | Message | @@ -293,7 +287,6 @@ | jca/Digest.java:75:23:75:62 | HashOperation | Digest | jca/Digest.java:75:23:75:62 | Digest | | jca/Digest.java:75:23:75:62 | HashOperation | Message | jca/Digest.java:75:43:75:61 | Message | | jca/Digest.java:75:43:75:61 | Message | Source | jca/Digest.java:73:49:73:63 | Parameter | -| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:87:23:87:56 | Digest | Source | jca/Digest.java:87:23:87:56 | Digest | | jca/Digest.java:87:23:87:56 | HashOperation | Algorithm | jca/Digest.java:85:58:85:66 | HashAlgorithm | @@ -302,7 +295,6 @@ | jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:87:37:87:55 | Message | | jca/Digest.java:87:37:87:55 | Message | Source | jca/Digest.java:83:37:83:51 | Parameter | | jca/Digest.java:97:42:97:63 | Message | Source | jca/Digest.java:95:37:95:51 | Parameter | -| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:98:65:98:86 | HMACAlgorithm | H | jca/Digest.java:98:65:98:86 | HashAlgorithm | | jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:98:65:98:86 | HMACAlgorithm | @@ -328,7 +320,13 @@ | jca/Digest.java:121:36:121:51 | Message | Source | jca/Digest.java:117:35:117:46 | Parameter | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:140:44:140:62 | ModeOfOperation | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:140:44:140:62 | PaddingAlgorithm | -| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:121:23:121:52 | KeyOperationOutput | | jca/Digest.java:142:32:142:74 | EncryptOperation | Algorithm | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | | jca/Digest.java:142:32:142:74 | EncryptOperation | Input | jca/Digest.java:142:47:142:73 | Message | | jca/Digest.java:142:32:142:74 | EncryptOperation | Key | jca/Digest.java:141:42:141:44 | Key | @@ -336,7 +334,6 @@ | jca/Digest.java:142:32:142:74 | EncryptOperation | Output | jca/Digest.java:142:32:142:74 | KeyOperationOutput | | jca/Digest.java:142:47:142:73 | Message | Source | jca/Digest.java:142:47:142:62 | Constant | | jca/Digest.java:176:42:176:71 | Message | Source | jca/Digest.java:171:50:171:62 | Parameter | -| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:177:65:177:86 | HMACAlgorithm | H | jca/Digest.java:177:65:177:86 | HashAlgorithm | | jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:177:65:177:86 | HMACAlgorithm | @@ -481,7 +478,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | | jca/EllipticCurve2.java:223:42:223:47 | Key | Source | jca/EllipticCurve2.java:223:42:223:47 | Key | -| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | | jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Input | jca/EllipticCurve2.java:224:44:224:52 | Message | @@ -494,7 +490,6 @@ | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | | jca/Encryption1.java:67:42:67:44 | Key | Source | jca/Encryption1.java:62:25:62:44 | Key | -| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | | jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | Algorithm | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | Input | jca/Encryption1.java:68:47:68:73 | Message | @@ -564,7 +559,6 @@ | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | | jca/Encryption1.java:175:45:175:50 | Key | Source | jca/Encryption1.java:163:28:163:47 | Key | -| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | | jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Algorithm | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Input | jca/Encryption1.java:176:50:176:64 | Message | @@ -590,8 +584,7 @@ | jca/Encryption2.java:100:44:100:55 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | -| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:109:45:109:50 | Key | -| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | +| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:100:30:100:56 | Digest | | jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Algorithm | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Input | jca/Encryption2.java:110:50:110:64 | Message | @@ -602,7 +595,6 @@ | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | | jca/Encryption2.java:149:45:149:50 | Key | Source | jca/Encryption2.java:149:45:149:50 | Key | -| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | | jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Algorithm | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Input | jca/Encryption2.java:150:50:150:97 | Message | @@ -656,6 +648,7 @@ | jca/Hash.java:174:23:174:52 | HashOperation | Message | jca/Hash.java:174:37:174:51 | Message | | jca/Hash.java:174:37:174:51 | Message | Source | jca/Hash.java:172:43:172:53 | Parameter | | jca/Hash.java:195:27:195:57 | Digest | Source | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:31:192:48 | Constant | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:32:191:38 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:41:191:49 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:52:191:60 | HashAlgorithm | @@ -682,6 +675,7 @@ | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | | jca/Hash.java:216:22:216:30 | Key | Source | jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:31:212:116 | Constant | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | | jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | @@ -696,7 +690,6 @@ | jca/Hash.java:217:27:217:55 | MACOperation | Output | jca/Hash.java:217:27:217:55 | KeyOperationOutput | | jca/Hash.java:217:39:217:54 | Message | Source | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:235:42:235:63 | Message | Source | jca/Hash.java:232:40:232:54 | Parameter | -| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:9:310:42 | RandomNumberGeneration | | jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/Hash.java:236:65:236:86 | HMACAlgorithm | H | jca/Hash.java:236:65:236:86 | HashAlgorithm | | jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:236:65:236:86 | HMACAlgorithm | @@ -712,6 +705,7 @@ | jca/Hash.java:252:37:252:69 | Message | Source | jca/Hash.java:252:37:252:58 | Constant | | jca/Hash.java:270:27:270:30 | Message | Source | jca/Hash.java:269:27:269:38 | Constant | | jca/Hash.java:271:40:271:54 | Digest | Source | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:31:266:76 | Constant | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:32:266:40 | HashAlgorithm | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:43:266:51 | HashAlgorithm | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:54:266:63 | HashAlgorithm | @@ -721,7 +715,6 @@ | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | | jca/IVArtifact.java:31:42:31:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Algorithm | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Input | jca/IVArtifact.java:32:44:32:72 | Message | @@ -730,7 +723,6 @@ | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Output | jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | | jca/IVArtifact.java:32:44:32:72 | Message | Source | jca/IVArtifact.java:32:44:32:61 | Constant | | jca/IVArtifact.java:38:42:38:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | LocalData | @@ -758,7 +750,6 @@ | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | | jca/IVArtifact.java:134:42:134:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | | jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:116:31:116:34 | Constant | -| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | | jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | | jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Input | jca/IVArtifact.java:135:31:135:39 | Message | @@ -774,7 +765,7 @@ | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | | jca/IVArtifact.java:158:42:158:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | -| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:154:31:154:78 | Digest | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Input | jca/IVArtifact.java:159:31:159:39 | Message | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Key | jca/IVArtifact.java:158:42:158:44 | Key | @@ -784,7 +775,6 @@ | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | | jca/IVArtifact.java:182:46:182:48 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | -| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | | jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | | jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | | jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Input | jca/IVArtifact.java:183:45:183:57 | Message | @@ -834,7 +824,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | @@ -859,8 +848,7 @@ | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | @@ -879,7 +867,6 @@ | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | | jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | @@ -890,7 +877,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | -| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | @@ -927,13 +913,12 @@ | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | LocalData | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Output | jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Output | jca/KeyArtifact.java:73:16:73:43 | Key | | jca/KeyDerivation1.java:80:42:80:63 | Message | Source | jca/KeyDerivation1.java:78:39:78:53 | Parameter | -| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | | jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | @@ -942,7 +927,6 @@ | jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Output | jca/KeyDerivation1.java:82:22:82:49 | Key | | jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:80:66:80:69 | Salt | | jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:36:92:50 | Parameter | -| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | @@ -951,7 +935,6 @@ | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Output | jca/KeyDerivation1.java:96:22:96:49 | Key | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:94:66:94:69 | Salt | | jca/KeyDerivation1.java:108:42:108:63 | Message | Source | jca/KeyDerivation1.java:106:37:106:51 | Parameter | -| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | | jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | @@ -960,7 +943,6 @@ | jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Output | jca/KeyDerivation1.java:110:22:110:49 | Key | | jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:108:66:108:69 | Salt | | jca/KeyDerivation1.java:122:42:122:63 | Message | Source | jca/KeyDerivation1.java:120:32:120:46 | Parameter | -| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | | jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | @@ -969,7 +951,6 @@ | jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Output | jca/KeyDerivation1.java:124:22:124:49 | Key | | jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:122:66:122:69 | Salt | | jca/KeyDerivation1.java:136:42:136:63 | Message | Source | jca/KeyDerivation1.java:134:34:134:48 | Parameter | -| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | | jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | @@ -978,14 +959,12 @@ | jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Output | jca/KeyDerivation1.java:138:22:138:49 | Key | | jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:136:66:136:69 | Salt | | jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:154:28:154:42 | Parameter | -| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:72 | Constant | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Input | jca/KeyDerivation1.java:157:42:157:63 | Message | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Output | jca/KeyDerivation1.java:159:22:159:49 | Key | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:157:66:157:69 | Salt | | jca/KeyDerivation1.java:172:42:172:63 | Message | Source | jca/KeyDerivation1.java:169:30:169:44 | Parameter | -| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:173:65:173:72 | Constant | | jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Input | jca/KeyDerivation1.java:172:42:172:63 | Message | @@ -998,7 +977,7 @@ | jca/KeyDerivation1.java:244:43:244:58 | Message | Source | jca/KeyDerivation1.java:242:45:242:56 | Parameter | | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | -| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:244:29:244:59 | Digest | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Input | jca/KeyDerivation1.java:251:44:251:73 | Message | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Key | jca/KeyDerivation1.java:250:55:250:57 | Key | @@ -1008,7 +987,6 @@ | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | | jca/KeyDerivation1.java:314:42:314:63 | Message | Source | jca/KeyDerivation1.java:302:37:302:51 | Parameter | -| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | LocalData | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | @@ -1016,7 +994,6 @@ | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Output | jca/KeyDerivation1.java:316:26:316:53 | Key | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:314:66:314:69 | Salt | | jca/KeyDerivation1.java:333:42:333:63 | Message | Source | jca/KeyDerivation1.java:283:43:283:57 | Parameter | -| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | @@ -1026,7 +1003,8 @@ | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:333:66:333:69 | Salt | | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Input | jca/KeyDerivation1.java:348:35:348:37 | Message | @@ -1036,7 +1014,7 @@ | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Output | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:269:32:269:41 | Parameter | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:283:60:283:78 | Parameter | -| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Input | jca/KeyDerivation1.java:353:35:353:61 | Message | @@ -1062,7 +1040,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | | jca/KeyEncapsulation.java:77:45:77:50 | Key | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | -| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:78:47:78:79 | Message | @@ -1093,8 +1070,7 @@ | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:136:45:136:50 | Key | -| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:137:47:137:72 | Message | @@ -1245,7 +1221,6 @@ | jca/MACOperation.java:138:32:138:74 | EncryptOperation | Output | jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | | jca/MACOperation.java:138:47:138:73 | Message | Source | jca/MACOperation.java:138:47:138:62 | Constant | | jca/MACOperation.java:170:42:170:68 | Message | Source | jca/MACOperation.java:166:47:166:62 | Parameter | -| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | | jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | H | jca/MACOperation.java:171:65:171:86 | HashAlgorithm | | jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | @@ -1319,7 +1294,6 @@ | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:61:44:61:62 | ModeOfOperation | | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | | jca/Nonce.java:62:42:62:44 | Key | Source | jca/Nonce.java:58:37:58:49 | Parameter | -| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | | jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Algorithm | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Input | jca/Nonce.java:63:44:63:52 | Message | @@ -1348,6 +1322,8 @@ | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:62:28:62:34 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | @@ -1357,19 +1333,24 @@ | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:69:30:69:35 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:69:30:69:35 | Key | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | | jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:84:16:84:31 | Key | | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:97:44:97:52 | Message | @@ -1377,17 +1358,24 @@ | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | | jca/SignEncryptCombinations.java:112:42:112:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:113:31:113:40 | Message | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:112:42:112:44 | Key | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | @@ -1398,6 +1386,10 @@ | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Message | jca/SignEncryptCombinations.java:123:28:123:31 | Message | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Output | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignatureOperation.java:54:16:54:36 | Key | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | @@ -1540,7 +1532,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:56:44:56:52 | Message | @@ -1561,7 +1552,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:99:44:99:52 | Message | @@ -1590,7 +1580,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | Source | jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | -| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:151:44:151:52 | Message | @@ -1601,7 +1590,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | Source | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | -| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | @@ -1612,7 +1600,6 @@ | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:195:44:195:52 | Message | @@ -1631,8 +1618,7 @@ | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | Source | jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | -| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | @@ -1641,7 +1627,6 @@ | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | Source | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | | jca/SymmetricAlgorithm.java:287:42:287:66 | Message | Source | jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | -| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | | jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | @@ -1652,7 +1637,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | Source | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | -| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | @@ -1689,7 +1673,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | | jca/SymmetricModesTest.java:83:42:83:44 | Key | Source | jca/SymmetricModesTest.java:78:43:78:55 | Parameter | -| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:84:44:84:52 | Message | @@ -1715,7 +1698,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | | jca/UniversalFlowTest.java:33:42:33:44 | Key | Source | jca/UniversalFlowTest.java:27:25:27:44 | Key | -| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Input | jca/UniversalFlowTest.java:34:47:34:73 | Message | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index ea071871fd94..506be879d630 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -31,7 +31,6 @@ | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:109:27:109:54 | jca/AesWrapAndPBEWith.java:109:27:109:54 | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | -| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:122:9:122:42 | jca/AesWrapAndPBEWith.java:122:9:122:42 | | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:122:38:122:41 | jca/AesWrapAndPBEWith.java:122:38:122:41 | | jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | | jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | @@ -45,7 +44,6 @@ | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:125:27:125:54 | jca/AesWrapAndPBEWith.java:125:27:125:54 | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | -| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:140:9:140:42 | jca/AesWrapAndPBEWith.java:140:9:140:42 | | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:140:38:140:41 | jca/AesWrapAndPBEWith.java:140:38:140:41 | | jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | | jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | @@ -61,11 +59,9 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | -| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:148:9:148:40 | jca/AesWrapAndPBEWith.java:148:9:148:40 | | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:148:38:148:39 | jca/AesWrapAndPBEWith.java:148:38:148:39 | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:150:42:150:47 | jca/AesWrapAndPBEWith.java:150:42:150:47 | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:151:29:151:64 | jca/AesWrapAndPBEWith.java:151:29:151:64 | -| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:167:9:167:42 | jca/AesWrapAndPBEWith.java:167:9:167:42 | | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:167:38:167:41 | jca/AesWrapAndPBEWith.java:167:38:167:41 | | jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | | jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | @@ -81,7 +77,6 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | -| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:175:9:175:40 | jca/AesWrapAndPBEWith.java:175:9:175:40 | | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:175:38:175:39 | jca/AesWrapAndPBEWith.java:175:38:175:39 | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:177:42:177:47 | jca/AesWrapAndPBEWith.java:177:42:177:47 | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:178:29:178:64 | jca/AesWrapAndPBEWith.java:178:29:178:64 | @@ -122,7 +117,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | @@ -152,7 +146,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | @@ -196,7 +189,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | -| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:21:9:21:40 | jca/ChainedEncryptionTest.java:21:9:21:40 | | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:21:38:21:39 | jca/ChainedEncryptionTest.java:21:38:21:39 | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:23:42:23:44 | jca/ChainedEncryptionTest.java:23:42:23:44 | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:24:29:24:53 | jca/ChainedEncryptionTest.java:24:29:24:53 | @@ -211,7 +203,6 @@ | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:35:16:35:41 | jca/ChainedEncryptionTest.java:35:16:35:41 | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | -| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:42:9:42:43 | jca/ChainedEncryptionTest.java:42:9:42:43 | | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:42:38:42:42 | jca/ChainedEncryptionTest.java:42:38:42:42 | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:43:42:43:44 | jca/ChainedEncryptionTest.java:43:42:43:44 | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:44:29:44:53 | jca/ChainedEncryptionTest.java:44:29:44:53 | @@ -233,7 +224,6 @@ | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | | jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:85:30:85:52 | jca/ChainedEncryptionTest.java:85:30:85:52 | -| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:89:9:89:43 | jca/ChainedEncryptionTest.java:89:9:89:43 | | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:89:38:89:42 | jca/ChainedEncryptionTest.java:89:38:89:42 | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | @@ -244,7 +234,6 @@ | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:92:45:92:52 | jca/ChainedEncryptionTest.java:92:45:92:52 | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:93:34:93:62 | jca/ChainedEncryptionTest.java:93:34:93:62 | -| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:97:9:97:49 | jca/ChainedEncryptionTest.java:97:9:97:49 | | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:97:38:97:48 | jca/ChainedEncryptionTest.java:97:38:97:48 | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | @@ -369,7 +358,6 @@ | jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | | jca/Digest.java:240:21:240:23 | Constant | Description | 256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | | jca/Digest.java:241:16:241:35 | Key | KeyType | Symmetric | jca/Digest.java:241:16:241:35 | jca/Digest.java:241:16:241:35 | -| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:253:9:253:42 | jca/Digest.java:253:9:253:42 | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:253:38:253:41 | jca/Digest.java:253:38:253:41 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | @@ -465,7 +453,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | -| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:221:9:221:40 | jca/EllipticCurve2.java:221:9:221:40 | | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:221:38:221:39 | jca/EllipticCurve2.java:221:38:221:39 | | jca/EllipticCurve2.java:223:42:223:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:42:223:47 | jca/EllipticCurve2.java:223:42:223:47 | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:224:29:224:53 | jca/EllipticCurve2.java:224:29:224:53 | @@ -484,7 +471,6 @@ | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | -| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:65:9:65:40 | jca/Encryption1.java:65:9:65:40 | | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:65:38:65:39 | jca/Encryption1.java:65:38:65:39 | | jca/Encryption1.java:67:42:67:44 | Key | KeyType | Unknown | jca/Encryption1.java:67:42:67:44 | jca/Encryption1.java:67:42:67:44 | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:68:32:68:74 | jca/Encryption1.java:68:32:68:74 | @@ -575,7 +561,6 @@ | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | -| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:173:9:173:40 | jca/Encryption1.java:173:9:173:40 | | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | | jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | @@ -600,7 +585,6 @@ | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | -| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:107:9:107:40 | jca/Encryption2.java:107:9:107:40 | | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:107:38:107:39 | jca/Encryption2.java:107:38:107:39 | | jca/Encryption2.java:109:45:109:50 | Key | KeyType | Unknown | jca/Encryption2.java:109:45:109:50 | jca/Encryption2.java:109:45:109:50 | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:110:32:110:65 | jca/Encryption2.java:110:32:110:65 | @@ -613,7 +597,6 @@ | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | -| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:147:9:147:40 | jca/Encryption2.java:147:9:147:40 | | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:147:38:147:39 | jca/Encryption2.java:147:38:147:39 | | jca/Encryption2.java:149:45:149:50 | Key | KeyType | Unknown | jca/Encryption2.java:149:45:149:50 | jca/Encryption2.java:149:45:149:50 | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:150:32:150:98 | jca/Encryption2.java:150:32:150:98 | @@ -654,6 +637,7 @@ | jca/Hash.java:173:58:173:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | | jca/Hash.java:173:58:173:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | | jca/Hash.java:190:43:190:54 | Parameter | Description | input | jca/Hash.java:190:43:190:54 | jca/Hash.java:190:43:190:54 | +| jca/Hash.java:191:31:192:48 | Constant | Description | {...} | jca/Hash.java:191:31:192:48 | jca/Hash.java:191:31:192:48 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | Name | SHA1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | @@ -683,6 +667,7 @@ | jca/Hash.java:192:43:192:47 | HashAlgorithm | RawName | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:211:43:211:54 | Parameter | Description | input | jca/Hash.java:211:43:211:54 | jca/Hash.java:211:43:211:54 | | jca/Hash.java:211:57:211:66 | Parameter | Description | key | jca/Hash.java:211:57:211:66 | jca/Hash.java:211:57:211:66 | +| jca/Hash.java:212:31:212:116 | Constant | Description | {...} | jca/Hash.java:212:31:212:116 | jca/Hash.java:212:31:212:116 | | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | @@ -711,6 +696,7 @@ | jca/Hash.java:237:23:237:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | | jca/Hash.java:237:23:237:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | | jca/Hash.java:252:37:252:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:252:37:252:58 | jca/Hash.java:252:37:252:58 | +| jca/Hash.java:266:31:266:76 | Constant | Description | {...} | jca/Hash.java:266:31:266:76 | jca/Hash.java:266:31:266:76 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | @@ -728,7 +714,6 @@ | jca/Hash.java:294:57:294:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | -| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:310:9:310:42 | jca/Hash.java:310:9:310:42 | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:310:38:310:41 | jca/Hash.java:310:38:310:41 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | @@ -757,7 +742,6 @@ | jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | | jca/IVArtifact.java:75:21:75:23 | Constant | Description | 256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | | jca/IVArtifact.java:76:16:76:35 | Key | KeyType | Symmetric | jca/IVArtifact.java:76:16:76:35 | jca/IVArtifact.java:76:16:76:35 | -| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:81:9:81:40 | jca/IVArtifact.java:81:9:81:40 | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:81:38:81:39 | jca/IVArtifact.java:81:38:81:39 | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | Description | java.util.Random | jca/IVArtifact.java:87:32:87:33 | jca/IVArtifact.java:87:32:87:33 | | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | @@ -770,7 +754,6 @@ | jca/IVArtifact.java:108:42:108:44 | Key | KeyType | Unknown | jca/IVArtifact.java:108:42:108:44 | jca/IVArtifact.java:108:42:108:44 | | jca/IVArtifact.java:109:16:109:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:109:16:109:40 | jca/IVArtifact.java:109:16:109:40 | | jca/IVArtifact.java:116:31:116:34 | Constant | Description | null | jca/IVArtifact.java:116:31:116:34 | jca/IVArtifact.java:116:31:116:34 | -| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:130:13:130:50 | jca/IVArtifact.java:130:13:130:50 | | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:130:42:130:49 | jca/IVArtifact.java:130:42:130:49 | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | @@ -794,7 +777,6 @@ | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | | jca/IVArtifact.java:158:42:158:44 | Key | KeyType | Unknown | jca/IVArtifact.java:158:42:158:44 | jca/IVArtifact.java:158:42:158:44 | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:159:16:159:40 | jca/IVArtifact.java:159:16:159:40 | -| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:177:9:177:40 | jca/IVArtifact.java:177:9:177:40 | | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:177:38:177:39 | jca/IVArtifact.java:177:38:177:39 | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | @@ -851,7 +833,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | -| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | @@ -873,7 +854,6 @@ | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | -| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | @@ -905,7 +885,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | -| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | @@ -919,7 +898,6 @@ | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | -| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | @@ -954,10 +932,10 @@ | jca/KeyArtifact.java:66:32:66:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:66:32:66:51 | jca/KeyArtifact.java:66:32:66:51 | | jca/KeyArtifact.java:72:31:72:34 | Constant | Description | 2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:73:16:73:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:73:16:73:43 | jca/KeyArtifact.java:73:16:73:43 | +| jca/KeyArtifact.java:78:31:78:54 | Constant | Description | {...} | jca/KeyArtifact.java:78:31:78:54 | jca/KeyArtifact.java:78:31:78:54 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | -| jca/KeyArtifact.java:78:45:78:53 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | Description | password | jca/KeyDerivation1.java:78:39:78:53 | jca/KeyDerivation1.java:78:39:78:53 | | jca/KeyDerivation1.java:80:72:80:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | | jca/KeyDerivation1.java:80:79:80:81 | Constant | Description | 256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | @@ -1087,7 +1065,6 @@ | jca/KeyDerivation1.java:352:19:352:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:352:19:352:54 | jca/KeyDerivation1.java:352:19:352:54 | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:353:22:353:62 | jca/KeyDerivation1.java:353:22:353:62 | | jca/KeyDerivation1.java:353:35:353:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:353:35:353:50 | jca/KeyDerivation1.java:353:35:353:50 | -| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:365:9:365:42 | jca/KeyDerivation1.java:365:9:365:42 | | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:365:38:365:41 | jca/KeyDerivation1.java:365:38:365:41 | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | @@ -1113,7 +1090,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | -| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:75:9:75:40 | jca/KeyEncapsulation.java:75:9:75:40 | | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:75:38:75:39 | jca/KeyEncapsulation.java:75:38:75:39 | | jca/KeyEncapsulation.java:77:45:77:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:77:45:77:50 | jca/KeyEncapsulation.java:77:45:77:50 | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:78:29:78:80 | jca/KeyEncapsulation.java:78:29:78:80 | @@ -1147,7 +1123,6 @@ | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | -| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:135:9:135:40 | jca/KeyEncapsulation.java:135:9:135:40 | | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:135:38:135:39 | jca/KeyEncapsulation.java:135:38:135:39 | | jca/KeyEncapsulation.java:136:45:136:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:136:45:136:50 | jca/KeyEncapsulation.java:136:45:136:50 | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:137:29:137:73 | jca/KeyEncapsulation.java:137:29:137:73 | @@ -1302,7 +1277,6 @@ | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | | jca/MACOperation.java:233:21:233:23 | Constant | Description | 256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | | jca/MACOperation.java:234:16:234:35 | Key | KeyType | Symmetric | jca/MACOperation.java:234:16:234:35 | jca/MACOperation.java:234:16:234:35 | -| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:246:9:246:42 | jca/MACOperation.java:246:9:246:42 | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:246:38:246:41 | jca/MACOperation.java:246:38:246:41 | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | @@ -1343,7 +1317,6 @@ | jca/Nonce.java:80:40:80:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:80:40:80:55 | jca/Nonce.java:80:40:80:55 | | jca/Nonce.java:92:56:92:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:92:56:92:67 | jca/Nonce.java:92:56:92:67 | | jca/Nonce.java:93:16:93:35 | Key | KeyType | Symmetric | jca/Nonce.java:93:16:93:35 | jca/Nonce.java:93:16:93:35 | -| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:98:9:98:43 | jca/Nonce.java:98:9:98:43 | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:98:38:98:42 | jca/Nonce.java:98:38:98:42 | | jca/Nonce.java:112:16:112:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:112:16:112:33 | jca/Nonce.java:112:16:112:33 | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | @@ -1384,7 +1357,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | -| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:94:9:94:28 | jca/SignEncryptCombinations.java:94:9:94:28 | | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:94:26:94:27 | jca/SignEncryptCombinations.java:94:26:94:27 | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:96:42:96:44 | jca/SignEncryptCombinations.java:96:42:96:44 | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:97:29:97:53 | jca/SignEncryptCombinations.java:97:29:97:53 | @@ -1506,7 +1478,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | -| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:53:9:53:40 | jca/SymmetricAlgorithm.java:53:9:53:40 | | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:53:38:53:39 | jca/SymmetricAlgorithm.java:53:38:53:39 | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:55:42:55:44 | jca/SymmetricAlgorithm.java:55:42:55:44 | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:56:29:56:53 | jca/SymmetricAlgorithm.java:56:29:56:53 | @@ -1528,7 +1499,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | -| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:96:9:96:40 | jca/SymmetricAlgorithm.java:96:9:96:40 | | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:96:38:96:39 | jca/SymmetricAlgorithm.java:96:38:96:39 | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:98:42:98:44 | jca/SymmetricAlgorithm.java:98:42:98:44 | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:99:29:99:53 | jca/SymmetricAlgorithm.java:99:29:99:53 | @@ -1556,7 +1526,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | -| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:148:9:148:40 | jca/SymmetricAlgorithm.java:148:9:148:40 | | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:148:38:148:39 | jca/SymmetricAlgorithm.java:148:38:148:39 | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:150:42:150:44 | jca/SymmetricAlgorithm.java:150:42:150:44 | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:151:29:151:53 | jca/SymmetricAlgorithm.java:151:29:151:53 | @@ -1568,7 +1537,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | -| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:170:9:170:40 | jca/SymmetricAlgorithm.java:170:9:170:40 | | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:170:38:170:39 | jca/SymmetricAlgorithm.java:170:38:170:39 | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:172:42:172:44 | jca/SymmetricAlgorithm.java:172:42:172:44 | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:173:29:173:53 | jca/SymmetricAlgorithm.java:173:29:173:53 | @@ -1576,7 +1544,6 @@ | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | -| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:192:9:192:43 | jca/SymmetricAlgorithm.java:192:9:192:43 | | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:192:38:192:42 | jca/SymmetricAlgorithm.java:192:38:192:42 | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:194:42:194:44 | jca/SymmetricAlgorithm.java:194:42:194:44 | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:195:29:195:53 | jca/SymmetricAlgorithm.java:195:29:195:53 | @@ -1592,7 +1559,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | -| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:220:9:220:40 | jca/SymmetricAlgorithm.java:220:9:220:40 | | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:220:38:220:39 | jca/SymmetricAlgorithm.java:220:38:220:39 | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:222:42:222:51 | jca/SymmetricAlgorithm.java:222:42:222:51 | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:223:29:223:53 | jca/SymmetricAlgorithm.java:223:29:223:53 | @@ -1619,7 +1585,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | -| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:297:9:297:40 | jca/SymmetricAlgorithm.java:297:9:297:40 | | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:297:38:297:39 | jca/SymmetricAlgorithm.java:297:38:297:39 | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:298:42:298:47 | jca/SymmetricAlgorithm.java:298:42:298:47 | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:299:29:299:53 | jca/SymmetricAlgorithm.java:299:29:299:53 | @@ -1633,7 +1598,6 @@ | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | | jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:333:16:333:31 | jca/SymmetricAlgorithm.java:333:16:333:31 | -| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:345:9:345:42 | jca/SymmetricAlgorithm.java:345:9:345:42 | | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:345:38:345:41 | jca/SymmetricAlgorithm.java:345:38:345:41 | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | @@ -1660,7 +1624,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | -| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:81:9:81:40 | jca/SymmetricModesTest.java:81:9:81:40 | | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:81:38:81:39 | jca/SymmetricModesTest.java:81:38:81:39 | | jca/SymmetricModesTest.java:83:42:83:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:83:42:83:44 | jca/SymmetricModesTest.java:83:42:83:44 | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:84:29:84:53 | jca/SymmetricModesTest.java:84:29:84:53 | @@ -1693,7 +1656,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | -| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:31:9:31:40 | jca/UniversalFlowTest.java:31:9:31:40 | | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:31:38:31:39 | jca/UniversalFlowTest.java:31:38:31:39 | | jca/UniversalFlowTest.java:33:42:33:44 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:33:42:33:44 | jca/UniversalFlowTest.java:33:42:33:44 | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:34:32:34:74 | jca/UniversalFlowTest.java:34:32:34:74 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 39816c682343..5e4c033707ad 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -27,7 +27,6 @@ | jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | @@ -38,7 +37,6 @@ | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | @@ -50,14 +48,12 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | -| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | @@ -69,7 +65,6 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | @@ -109,7 +104,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | @@ -135,7 +129,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | @@ -172,7 +165,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | @@ -188,7 +180,6 @@ | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | @@ -210,7 +201,6 @@ | jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | | jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | -| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | @@ -220,7 +210,6 @@ | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | -| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | @@ -337,7 +326,6 @@ | jca/Digest.java:240:21:240:23 | Constant | | jca/Digest.java:241:16:241:35 | Key | | jca/Digest.java:241:16:241:35 | KeyGeneration | -| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | | jca/EllipticCurve1.java:47:16:47:36 | Key | @@ -422,7 +410,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | -| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | | jca/EllipticCurve2.java:223:42:223:47 | Key | | jca/EllipticCurve2.java:223:50:223:53 | Nonce | @@ -438,7 +425,6 @@ | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | -| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | | jca/Encryption1.java:67:42:67:44 | Key | | jca/Encryption1.java:67:47:67:53 | Nonce | @@ -508,7 +494,6 @@ | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | -| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | | jca/Encryption1.java:175:45:175:50 | Key | | jca/Encryption1.java:175:53:175:59 | Nonce | @@ -532,7 +517,6 @@ | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | -| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:109:45:109:50 | Key | | jca/Encryption2.java:109:53:109:59 | Nonce | @@ -544,7 +528,6 @@ | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | -| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | | jca/Encryption2.java:149:45:149:50 | Key | | jca/Encryption2.java:149:53:149:59 | Nonce | @@ -590,6 +573,7 @@ | jca/Hash.java:174:23:174:52 | HashOperation | | jca/Hash.java:174:37:174:51 | Message | | jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:191:31:192:48 | Constant | | jca/Hash.java:191:32:191:38 | HashAlgorithm | | jca/Hash.java:191:41:191:49 | HashAlgorithm | | jca/Hash.java:191:52:191:60 | HashAlgorithm | @@ -605,6 +589,7 @@ | jca/Hash.java:195:41:195:56 | Message | | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:212:31:212:116 | Constant | | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | @@ -629,6 +614,7 @@ | jca/Hash.java:252:23:252:70 | HashOperation | | jca/Hash.java:252:37:252:58 | Constant | | jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:266:31:266:76 | Constant | | jca/Hash.java:266:32:266:40 | HashAlgorithm | | jca/Hash.java:266:43:266:51 | HashAlgorithm | | jca/Hash.java:266:54:266:63 | HashAlgorithm | @@ -639,7 +625,6 @@ | jca/Hash.java:271:40:271:54 | HashOperation | | jca/Hash.java:294:16:294:66 | LocalData | | jca/Hash.java:294:57:294:65 | HashAlgorithm | -| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | @@ -664,7 +649,6 @@ | jca/IVArtifact.java:75:21:75:23 | Constant | | jca/IVArtifact.java:76:16:76:35 | Key | | jca/IVArtifact.java:76:16:76:35 | KeyGeneration | -| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | @@ -676,7 +660,6 @@ | jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | | jca/IVArtifact.java:109:31:109:39 | Message | | jca/IVArtifact.java:116:31:116:34 | Constant | -| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | @@ -699,7 +682,6 @@ | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | | jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | | jca/IVArtifact.java:159:31:159:39 | Message | -| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | @@ -748,7 +730,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | @@ -770,7 +751,6 @@ | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | @@ -799,7 +779,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | @@ -815,7 +794,6 @@ | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | -| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | | jca/KeyArtifact.java:19:21:19:23 | Constant | @@ -844,8 +822,8 @@ | jca/KeyArtifact.java:72:31:72:34 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | +| jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:78:45:78:53 | Constant | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | | jca/KeyDerivation1.java:80:42:80:63 | Message | | jca/KeyDerivation1.java:80:66:80:69 | Salt | @@ -958,7 +936,6 @@ | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | | jca/KeyDerivation1.java:353:35:353:50 | Constant | | jca/KeyDerivation1.java:353:35:353:61 | Message | -| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:61:21:61:23 | Constant | @@ -975,7 +952,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:77:45:77:50 | Key | | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | @@ -1004,7 +980,6 @@ | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:136:45:136:50 | Key | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | @@ -1158,7 +1133,6 @@ | jca/MACOperation.java:233:21:233:23 | Constant | | jca/MACOperation.java:234:16:234:35 | Key | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | -| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | @@ -1201,7 +1175,6 @@ | jca/Nonce.java:92:56:92:67 | Constant | | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:93:16:93:35 | KeyGeneration | -| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:112:16:112:33 | Constant | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | @@ -1230,7 +1203,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | @@ -1335,7 +1307,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | @@ -1355,7 +1326,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | @@ -1379,7 +1349,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | @@ -1391,7 +1360,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | @@ -1399,7 +1367,6 @@ | jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | @@ -1416,7 +1383,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | @@ -1439,7 +1405,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | @@ -1455,7 +1420,6 @@ | jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | | jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | -| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:49:17:49:19 | Constant | @@ -1476,7 +1440,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | | jca/SymmetricModesTest.java:83:42:83:44 | Key | | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | @@ -1504,7 +1467,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | -| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | | jca/UniversalFlowTest.java:33:42:33:44 | Key | | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected deleted file mode 100644 index 38ba6187b595..000000000000 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected +++ /dev/null @@ -1,4 +0,0 @@ -| Test.java:40:47:40:52 | Nonce | Reuse with nonce $@ | Test.java:49:47:49:52 | Nonce | Nonce | -| Test.java:49:47:49:52 | Nonce | Reuse with nonce $@ | Test.java:40:47:40:52 | Nonce | Nonce | -| Test.java:76:48:76:54 | Nonce | Reuse with nonce $@ | Test.java:82:49:82:55 | Nonce | Nonce | -| Test.java:82:49:82:55 | Nonce | Reuse with nonce $@ | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref deleted file mode 100644 index bfe67a6c2e8e..000000000000 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/quantum/Analysis/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected new file mode 100644 index 000000000000..3ad1b08e4762 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected @@ -0,0 +1,130 @@ +#select +| InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | Nonce or IV uses insecure source $@ at encryption operation $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | InsecureIVorNonceSource.java:208:16:208:31 | EncryptOperation | EncryptOperation | +edges +| InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | provenance | | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | provenance | | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:107:26:107:27 | iv : byte[] | InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:113:51:113:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:123:28:123:43 | nextInt(...) : Number | InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | provenance | | +| InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:130:51:130:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:138:52:138:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | provenance | MaD:2 | +| InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:147:51:147:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:155:52:155:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | provenance | | +| InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | provenance | MaD:3 | +| InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:164:51:164:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:174:52:174:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | provenance | | +| InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:186:51:186:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:5 | +| InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | provenance | | +| InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:5 | +models +| 1 | Sink: javax.crypto; Cipher; true; init; (int,Key,AlgorithmParameterSpec); ; Argument[2]; encryption-iv; manual | +| 2 | Summary: java.lang; System; false; arraycopy; ; ; Argument[0]; Argument[2]; taint; manual | +| 3 | Summary: java.util; Arrays; false; copyOf; ; ; Argument[0].ArrayElement; ReturnValue.ArrayElement; value; manual | +| 4 | Summary: javax.crypto.spec; GCMParameterSpec; true; GCMParameterSpec; ; ; Argument[1]; Argument[this]; taint; manual | +| 5 | Summary: javax.crypto.spec; IvParameterSpec; true; IvParameterSpec; ; ; Argument[0]; Argument[this]; taint; manual | +nodes +| InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | semmle.label | iv [post update] : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | semmle.label | 1 : Number | +| InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | semmle.label | iv : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | semmle.label | {...} : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | semmle.label | staticIvs : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | semmle.label | ...[...] : byte[] | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | semmle.label | {...} : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | semmle.label | staticIvs : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | semmle.label | ...[...] : byte[] | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:107:26:107:27 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:113:51:113:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | semmle.label | iv [post update] : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | semmle.label | (...)... : Number | +| InsecureIVorNonceSource.java:123:28:123:43 | nextInt(...) : Number | semmle.label | nextInt(...) : Number | +| InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | semmle.label | iv : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:130:51:130:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:138:52:138:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | semmle.label | iv [post update] : byte[] | +| InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:147:51:147:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:155:52:155:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | semmle.label | copyOf(...) : byte[] [[]] : Object | +| InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | semmle.label | iv : byte[] [[]] : Object | +| InsecureIVorNonceSource.java:164:51:164:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:174:52:174:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | semmle.label | generate(...) : byte[] | +| InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:186:51:186:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | semmle.label | bytes : byte[] | +| InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | semmle.label | bytes : byte[] | +| InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | semmle.label | generateInsecureRandomBytes(...) : byte[] | +| InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec | +subpaths +testFailures +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | Unexpected result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java new file mode 100644 index 000000000000..f1b8878d63ad --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java @@ -0,0 +1,210 @@ +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.util.Random; + +import java.security.SecureRandom; +import java.util.Arrays; + +public class InsecureIVorNonceSource { + + // BAD: AES-GCM with static IV from a byte array + public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from zero-initialized byte array + public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-CBC with static IV from 1-initialized byte array + public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + for (byte i = 0; i < iv.length; i++) { + iv[i] = 1; + } + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a multidimensional byte array + public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws Exception { + byte[][] staticIvs = new byte[][] { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, // $Source + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } // $Source + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a multidimensional byte array + public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws Exception { + byte[][] staticIvs = new byte[][] { + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, // $Source + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } // $Source + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a zero-initialized multidimensional byte array + public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception { + byte[][] ivs = new byte[][] { + new byte[8], + new byte[16] + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIv(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + + SecureRandom random = SecureRandom.getInstanceStrong(); + random.nextBytes(iv); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvByteByByte(byte[] key, byte[] plaintext) throws Exception { + SecureRandom random = SecureRandom.getInstanceStrong(); + byte[] iv = new byte[16]; + for (int i = 0; i < iv.length; i++) { + iv[i] = (byte) random.nextInt(); + } + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvWithSystemArrayCopy(byte[] key, byte[] plaintext) throws Exception { + byte[] randomBytes = new byte[16]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + + byte[] iv = new byte[16]; + System.arraycopy(randomBytes, 0, iv, 0, 16); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvWithArraysCopy(byte[] key, byte[] plaintext) throws Exception { + byte[] randomBytes = new byte[16]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + + byte[] iv = new byte[16]; + iv = Arrays.copyOf(randomBytes, 16); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + public byte[] generate(int size) throws Exception { + if (size == 0) { + return new byte[0]; + } + byte[] randomBytes = new byte[size]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + return randomBytes; + } + + // GOOD: AES-CBC with a random IV + public byte[] encryptWithGeneratedIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = generate(16); + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + public byte[] generateInsecureRandomBytes(int numBytes) { + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); // $Source + return bytes; + } + + // BAD: AES-CBC with an insecure random IV + public byte[] encryptWithGeneratedIvByteArrayInsecure(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = generateInsecureRandomBytes(16); + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]] + cipher.update(plaintext); + return cipher.doFinal(); + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref new file mode 100644 index 000000000000..1b26475bb356 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/InsecureIVorNonceSource.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected new file mode 100644 index 000000000000..3759e19826b5 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected @@ -0,0 +1,2 @@ +| InsecureIVorNonceSource.java:33:51:33:56 | Nonce | Unknown IV/Nonce initialization source at encryption operation $@ | InsecureIVorNonceSource.java:35:16:35:31 | EncryptOperation | EncryptOperation | +| InsecureIVorNonceSource.java:97:51:97:56 | Nonce | Unknown IV/Nonce initialization source at encryption operation $@ | InsecureIVorNonceSource.java:99:16:99:31 | EncryptOperation | EncryptOperation | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref new file mode 100644 index 000000000000..8bdc38026ad0 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/UnknownIVorNonceSource.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected new file mode 100644 index 000000000000..cf03a9053eb5 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected @@ -0,0 +1,91 @@ +edges +| Test.java:19:38:19:40 | val : byte[] | Test.java:20:16:20:18 | val : byte[] | provenance | | +| Test.java:20:16:20:18 | val : byte[] | Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | provenance | | +| Test.java:20:16:20:18 | val : byte[] | Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | provenance | | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | Test.java:26:16:26:18 | val : byte[] | provenance | | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | Test.java:27:16:27:18 | val : byte[] | provenance | | +| Test.java:26:16:26:18 | val : byte[] | Test.java:36:32:36:40 | iv : byte[] | provenance | | +| Test.java:27:16:27:18 | val : byte[] | Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | provenance | | +| Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | Test.java:33:16:33:18 | val : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:36:32:36:40 | iv : byte[] | Test.java:37:54:37:55 | iv : byte[] | provenance | | +| Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:40:47:40:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:37:54:37:55 | iv : byte[] | Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:37:54:37:55 | iv : byte[] | Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | Test.java:46:54:46:55 | iv : byte[] | provenance | | +| Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:49:47:49:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:46:54:46:55 | iv : byte[] | Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:46:54:46:55 | iv : byte[] | Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | Test.java:55:54:55:55 | iv : byte[] | provenance | | +| Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:58:47:58:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:55:54:55:55 | iv : byte[] | Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:55:54:55:55 | iv : byte[] | Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | Test.java:64:54:64:55 | iv : byte[] | provenance | | +| Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:67:47:67:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:64:54:64:55 | iv : byte[] | Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:64:54:64:55 | iv : byte[] | Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | Test.java:73:55:73:56 | iv : byte[] | provenance | | +| Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | Test.java:76:48:76:54 | ivSpec1 | provenance | Sink:MaD:45890 | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:79:55:79:56 | iv : byte[] | provenance | | +| Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | Test.java:82:49:82:55 | ivSpec2 | provenance | Sink:MaD:45890 | +| Test.java:79:55:79:56 | iv : byte[] | Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:79:55:79:56 | iv : byte[] | Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:88:38:88:39 | iv : byte[] | Test.java:89:54:89:55 | iv : byte[] | provenance | | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:93:51:93:56 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:96:51:96:56 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:89:54:89:55 | iv : byte[] | Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:89:54:89:55 | iv : byte[] | Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:103:38:103:39 | iv : byte[] | Test.java:104:54:104:55 | iv : byte[] | provenance | | +| Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:107:47:107:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:104:54:104:55 | iv : byte[] | Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:104:54:104:55 | iv : byte[] | Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +nodes +| Test.java:19:38:19:40 | val : byte[] | semmle.label | val : byte[] | +| Test.java:20:16:20:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | semmle.label | getRandomWrapper1(...) : byte[] | +| Test.java:26:16:26:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:27:16:27:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | semmle.label | getRandomWrapper1(...) : byte[] | +| Test.java:33:16:33:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:36:32:36:40 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:37:54:37:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:40:47:40:52 | ivSpec | semmle.label | ivSpec | +| Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | semmle.label | getRandomWrapper2A(...) : byte[] | +| Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:46:54:46:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:49:47:49:52 | ivSpec | semmle.label | ivSpec | +| Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:55:54:55:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:58:47:58:52 | ivSpec | semmle.label | ivSpec | +| Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:64:54:64:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:67:47:67:52 | ivSpec | semmle.label | ivSpec | +| Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:73:55:73:56 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:76:48:76:54 | ivSpec1 | semmle.label | ivSpec1 | +| Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:79:55:79:56 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:82:49:82:55 | ivSpec2 | semmle.label | ivSpec2 | +| Test.java:88:38:88:39 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:89:54:89:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:93:51:93:56 | ivSpec | semmle.label | ivSpec | +| Test.java:96:51:96:56 | ivSpec | semmle.label | ivSpec | +| Test.java:103:38:103:39 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:104:54:104:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:107:47:107:52 | ivSpec | semmle.label | ivSpec | +subpaths +#select +| Test.java:40:47:40:52 | ivSpec | Test.java:19:38:19:40 | val : byte[] | Test.java:40:47:40:52 | ivSpec | Nonce source is reused, see alternate sink $@ | Test.java:49:47:49:52 | Nonce | Nonce | +| Test.java:49:47:49:52 | ivSpec | Test.java:19:38:19:40 | val : byte[] | Test.java:49:47:49:52 | ivSpec | Nonce source is reused, see alternate sink $@ | Test.java:40:47:40:52 | Nonce | Nonce | +| Test.java:76:48:76:54 | ivSpec1 | Test.java:19:38:19:40 | val : byte[] | Test.java:76:48:76:54 | ivSpec1 | Nonce source is reused, see alternate sink $@ | Test.java:82:49:82:55 | Nonce | Nonce | +| Test.java:82:49:82:55 | ivSpec2 | Test.java:19:38:19:40 | val : byte[] | Test.java:82:49:82:55 | ivSpec2 | Nonce source is reused, see alternate sink $@ | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref new file mode 100644 index 000000000000..6f8aa4b838b8 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref @@ -0,0 +1 @@ +experimental/quantum/Examples/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java similarity index 74% rename from java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java rename to java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java index 1b65e324275b..e384143db086 100644 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java @@ -83,6 +83,34 @@ private static void funcA3() throws Exception { byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); } + public void falsePositive1() throws Exception { + byte[] iv = null; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + if (iv != null) { + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } else if(iv.length > 0) { + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + } + + public void falsePositive2() throws Exception { + byte[] iv = null; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + + cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); // GOOD + byte[] decryptedData = cipher.doFinal(ciphertext); + } + public static void main(String[] args) { try { funcA2(); diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java new file mode 100644 index 000000000000..35b9dd407485 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java @@ -0,0 +1,28 @@ +import java.security.*; +public class InsufficientAsymmetricKeySize{ + public static void test() throws Exception{ + KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA"); + keyPairGen1.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen1.generateKeyPair(); + + KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA"); + keyPairGen2.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen2.generateKeyPair(); + + KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH"); + keyPairGen3.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size] + keyPairGen3.generateKeyPair(); + + KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("RSA"); + keyPairGen4.initialize(2048); // GOOD + keyPairGen4.generateKeyPair(); + + KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("DSA"); + keyPairGen5.initialize(2048); // GOOD + keyPairGen5.generateKeyPair(); + + KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("DH"); + keyPairGen6.initialize(2048); // GOOD + keyPairGen6.generateKeyPair(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected new file mode 100644 index 000000000000..26dc1bfad245 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected @@ -0,0 +1,13 @@ +edges +nodes +| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:17:32:17:35 | 2048 | semmle.label | 2048 | +| InsufficientAsymmetricKeySize.java:21:32:21:35 | 2048 | semmle.label | 2048 | +| InsufficientAsymmetricKeySize.java:25:32:25:35 | 2048 | semmle.label | 2048 | +subpaths +#select +| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA | +| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA | +| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref new file mode 100644 index 000000000000..1229e635fd88 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref @@ -0,0 +1 @@ +experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref new file mode 100644 index 000000000000..c5faee88aba7 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakHash.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java new file mode 100644 index 000000000000..9fbe12e8b87b --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java @@ -0,0 +1,44 @@ +package test.cwe327.semmle.tests; + +import java.util.Properties; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class WeakHashing { + void hashing() throws NoSuchAlgorithmException, IOException { + java.util.Properties props = new java.util.Properties(); + props.load(new FileInputStream("example.properties")); + + // BAD: Using a weak hashing algorithm even with a secure default + MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); + + // BAD: Using a weak hashing algorithm even with a secure default + MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); + + // BAD: Using a strong hashing algorithm but with a weak default + MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); + + // BAD: Property does not exist and default (used value) is unknown + MessageDigest bad4 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); + + // BAD?: Property does not exist (considered unknown) and but default is secure + MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok3 = MessageDigest.getInstance("SHA3-512"); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok4 = MessageDigest.getInstance("SHA384"); + + props.load(new FileInputStream("unobserved-file.properties")); + + // BAD: "hashalg1" is not visible since the file isn't known, this is an 'unknown' hash + // False positive/negative + MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties new file mode 100644 index 000000000000..512e8090bee6 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties @@ -0,0 +1,2 @@ +hashAlg1=MD5 +hashAlg2=SHA-256 \ No newline at end of file diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 5ee0d1eb2982..a2bbc0e59fb9 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -825,20 +825,20 @@ module CryptographyBase Input> { */ abstract string getRawEllipticCurveName(); - abstract TEllipticCurveFamilyType getEllipticCurveFamilyType(); + abstract TEllipticCurveType getEllipticCurveType(); abstract int getKeySize(); /** * The 'parsed' curve name, e.g., "P-256" or "secp256r1" - * The parsed name is full name of the curve, including the family, key size, and other + * The parsed name is full name of the curve, including the type, key size, and other * typical parameters found on the name. * * In many cases this will be equivalent to `getRawEllipticCurveAlgorithmName()`, * but not always (e.g., if the curve is specified through a raw NID). * * In cases like an NID, we want the standardized name so users can quickly - * understand what the curve is, while also parsing out the family and key size + * understand what the curve is, while also parsing out the type and key size * separately. */ string getParsedEllipticCurveName() { result = this.getRawEllipticCurveName() } @@ -854,7 +854,7 @@ module CryptographyBase Input> { /** * Gets the type of this digest algorithm, e.g., "SHA1", "SHA2", "MD5" etc. */ - abstract THashType getHashFamily(); + abstract THashType getHashType(); /** * Gets the isolated name as it appears in source, e.g., "SHA-256" in "SHA-256/PKCS7Padding". @@ -1467,7 +1467,8 @@ module CryptographyBase Input> { class AsymmetricAlgorithmNode extends TKeyCreationCandidateAlgorithm instanceof AlgorithmNode { AsymmetricAlgorithmNode() { this instanceof EllipticCurveNode or - this.(KeyOperationAlgorithmNode).isAsymmetric() + this.(KeyOperationAlgorithmNode).isAsymmetric() or + this instanceof KeyAgreementAlgorithmNode } string toString() { result = super.toString() } @@ -1497,6 +1498,10 @@ module CryptographyBase Input> { .getAGenericSourceNode() } + KeyCreationOperationNode getCreatingOperation() { + instance.(KeyArtifactOutputInstance).getCreator() = result.asElement() + } + KeyCreationCandidateAlgorithmNode getAKnownAlgorithm() { result = instance @@ -1575,6 +1580,8 @@ module CryptographyBase Input> { result = instance.getKeySizeConsumer().getConsumer().getAKnownSourceNode() } + ConsumerInputDataFlowNode getKeySizeConsumer() { result = instance.getKeySizeConsumer() } + /** * Gets the key artifact produced by this operation. */ @@ -1705,6 +1712,8 @@ module CryptographyBase Input> { } override string getAlgorithmName() { result = this.getRawAlgorithmName() } // TODO: standardize? + + KeyAgreementType getKeyAgreementType() { result = instance.asAlg().getKeyAgreementType() } } class KeyGenerationOperationNode extends KeyCreationOperationNode { @@ -1748,11 +1757,19 @@ module CryptographyBase Input> { } GenericSourceNode getIterationCount() { - result.asElement() = kdfInstance.getIterationCountConsumer().getConsumer().getAGenericSource() + result.asElement() = this.getIterationCountConsumer().getConsumer().getAGenericSource() } GenericSourceNode getOutputKeySize() { - result.asElement() = kdfInstance.getOutputKeySizeConsumer().getConsumer().getAGenericSource() + result.asElement() = this.getOutputKeySizeConsumer().getConsumer().getAGenericSource() + } + + ConsumerInputDataFlowNode getIterationCountConsumer() { + result = kdfInstance.getIterationCountConsumer() + } + + ConsumerInputDataFlowNode getOutputKeySizeConsumer() { + result = kdfInstance.getOutputKeySizeConsumer() } override predicate isCandidateAlgorithmNode(AlgorithmNode node) { @@ -2293,13 +2310,13 @@ module CryptographyBase Input> { * * When modeling a new hashing algorithm, use this predicate to specify the type of the algorithm. */ - HashType getHashFamily() { result = instance.asAlg().getHashFamily() } + HashType getHashType() { result = instance.asAlg().getHashType() } - override string getAlgorithmName() { result = this.getHashFamily().toString() } + override string getAlgorithmName() { result = this.getHashType().toString() } int getDigestLength() { result = instance.asAlg().getFixedDigestLength() or - fixedImplicitDigestLength(instance.asAlg().getHashFamily(), result) + fixedImplicitDigestLength(instance.asAlg().getHashType(), result) } final override predicate properties(string key, string value, Location location) { @@ -2340,9 +2357,7 @@ module CryptographyBase Input> { override string getAlgorithmName() { result = this.getRawAlgorithmName() } - EllipticCurveFamilyType getEllipticCurveFamilyType() { - result = instance.asAlg().getEllipticCurveFamilyType() - } + EllipticCurveType getEllipticCurveType() { result = instance.asAlg().getEllipticCurveType() } override predicate properties(string key, string value, Location location) { super.properties(key, value, location) diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index c713865f9aca..aac9e30c3b62 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -344,7 +344,7 @@ module Types { /** * Elliptic curve algorithms */ - newtype TEllipticCurveFamilyType = + newtype TEllipticCurveType = NIST() or SEC() or NUMS() or @@ -357,7 +357,7 @@ module Types { ES() or OtherEllipticCurveType() - class EllipticCurveFamilyType extends TEllipticCurveFamilyType { + class EllipticCurveType extends TEllipticCurveType { string toString() { this = NIST() and result = "NIST" or @@ -445,7 +445,7 @@ module Types { */ bindingset[rawName] predicate ellipticCurveNameToKnownKeySizeAndFamilyMapping( - string rawName, int keySize, TEllipticCurveFamilyType curveFamily + string rawName, int keySize, TEllipticCurveType curveFamily ) { exists(string curveName | curveName = rawName.toUpperCase() | isSecCurve(curveName, keySize) and curveFamily = SEC()