Skip to content

Crypto: Add Java Cryptographic Analysis Queries #20605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 31 commits into
base: main
Choose a base branch
from
Draft

Crypto: Add Java Cryptographic Analysis Queries #20605

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
c5cf0ff
added java cryptographic check queries
unprovable Oct 1, 2025
f38ab45
removed all @security.severity ratings to keep the main impartial
unprovable Oct 1, 2025
bba541c
Merge remote-tracking branch 'upstream/java-crypto-check' into santan…
bdrodes Oct 8, 2025
cf88e3f
Crypto: Standardize naming where use of "family" and "type" have been…
bdrodes Oct 8, 2025
1b1b333
Crypto: Modify suggested queries per misc. side conversations on stan…
bdrodes Oct 8, 2025
143be8c
Crypto: Remove redundant queries.
bdrodes Oct 8, 2025
bd34b6c
Crypto: Removing JCA model of random, need to reassess this as this i…
bdrodes Oct 8, 2025
83ff70b
Crypto: Adding tests for insecure iv or nonce. Updating generic liter…
bdrodes Oct 8, 2025
8e10e19
Crypto: Adding query for unknown IV initialization.
bdrodes Oct 8, 2025
75b5a9f
Crypto: Update general regression test results to account for removal…
bdrodes Oct 8, 2025
11e8139
Crypto: Updated default flows to use taint tracking (this is needed t…
bdrodes Oct 8, 2025
7a57496
Crypto: Missing test update.
bdrodes Oct 8, 2025
f524de4
Crypto: Updating insecure iv/nonce to consider if an operation is kno…
bdrodes Oct 8, 2025
fdba3ac
Crypto: Fix QL-for-QL alert and auto-format
nicolaswill Oct 9, 2025
c6cc4ff
Crypto: Minor fixes to WeakBlockModes, WeakHash to consider SHA3 ok, …
bdrodes Oct 9, 2025
3dedda4
Merge branch 'santander-java-crypto-check' of https://github.com/bdro…
bdrodes Oct 9, 2025
deb4373
Crypto: Minor fixes to WeakSymmetricCipher, change to a singular name…
bdrodes Oct 9, 2025
fba8087
Crypto: Example query reorg - moving queries of this PR into 'example…
bdrodes Oct 9, 2025
758759a
Crypto: Reused nonce query updates and test updates to address false …
bdrodes Oct 10, 2025
3667365
Crypto: Weak asymmetric key gen size fixes and test.
bdrodes Oct 10, 2025
ffd191d
Crypto: missing new endpoint to get the creating operation for a key …
bdrodes Oct 10, 2025
d68f3cf
Crypto: InsecureIVorNonceSource now ignored null to avoid being too n…
bdrodes Oct 10, 2025
e76ced1
Crypto: Updating weak asymmetric key gen to include key exchange.
bdrodes Oct 10, 2025
08abdb8
Crypto: Adding a "javaConstant" concept to handle config files.
bdrodes Oct 13, 2025
4b241d7
Crypto: adding initial weak hash query overhaul and tests, but no exp…
bdrodes Oct 13, 2025
bd068c2
Crypto: Updating expected file for weak asymmetric key gen size.
bdrodes Oct 13, 2025
76128ed
Crypto: Update InsecureIVorNonce to be a path problem.
bdrodes Oct 13, 2025
7847e92
Crypto: Update KDF iteration and count to be path problems
bdrodes Oct 13, 2025
8b5a423
Crypto: Convert ReusedNonce.ql into a path problem.
bdrodes Oct 13, 2025
7e8acd7
Crypto: Update WeakAsymmetricKeyGenSize to a path problem.
bdrodes Oct 13, 2025
55bbcee
Crypto: Make WeakAsymmetricKeyGenSize a path problem.
bdrodes Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions java/ql/lib/experimental/quantum/JCA.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,8 @@ module JCAModel {
predicate signature_names(string name) {
name.toUpperCase().splitAt("WITH", 1).matches(["RSA%", "ECDSA%", "DSA%"])
or
name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"])
name.toUpperCase()
.matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS", "DSA"])
}

bindingset[name]
Expand Down Expand Up @@ -257,6 +258,8 @@ module JCAModel {
name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
or
name.toUpperCase() = "HSS/LMS" and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS())
or
name.toUpperCase() = "DSA" and type = KeyOpAlg::TSignature(KeyOpAlg::DSA())
}

bindingset[name]
Expand Down Expand Up @@ -1019,7 +1022,8 @@ module JCAModel {
}

class KeyGenerationAlgorithmValueConsumer extends CipherAlgorithmValueConsumer,
KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer instanceof Expr
KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer,
SignatureAlgorithmValueConsumer instanceof Expr
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is instanceof Expr necessary here?

{
KeyGeneratorGetInstanceCall instantiationCall;

Expand Down
4 changes: 4 additions & 0 deletions java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ import experimental.quantum.Language
from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg
where
nonce.getSourceNode() = src and
// NOTE: null nonces should be handled seaparately, often used for default values prior to initialization
// failure to initialize should, in practice, lead to a NullPointerException, which is a separate concern
// however there may be APIs where NULL uses a default nonce or action.
not src.asElement() instanceof NullLiteral and
(
// Case 1: Any constant nonce/iv is bad, regardless of how it is used
src.asElement() instanceof Crypto::GenericConstantSourceInstance and
Expand Down
22 changes: 0 additions & 22 deletions java/ql/src/experimental/quantum/Examples/WeakAsymmetric.ql
View file
Open in desktop

This file was deleted.

22 changes: 22 additions & 0 deletions java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
/**
* @name Weak Asymmetric Key Size
* @id java/quantum/weak-asymmetric-key-gen-size
* @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation.
* @kind problem
* @problem.severity error
* @precision high
* @tags quantum
* experimental
*/

import java
import experimental.quantum.Language

from Crypto::KeyArtifactNode key, int keySize, Crypto::AlgorithmNode alg
where
key.getCreatingOperation().getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and
alg = key.getAKnownAlgorithm() and // NOTE: if algorithm is not known (doesn't bind) we need a separate query
not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm
keySize < 2048
select key, "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@",
alg, alg.getAlgorithmName()
28 changes: 28 additions & 0 deletions ...-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
import java.security.*;
public class InsufficientAsymmetricKeySize{
public static void test() throws Exception{
KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
keyPairGen1.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size]
keyPairGen1.generateKeyPair();

KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA");
keyPairGen2.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size]
keyPairGen2.generateKeyPair();

KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH");
keyPairGen3.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size]
keyPairGen3.generateKeyPair();

KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("RSA");
keyPairGen4.initialize(2048); // GOOD
keyPairGen4.generateKeyPair();

KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("DSA");
keyPairGen5.initialize(2048); // GOOD
keyPairGen5.generateKeyPair();

KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("DH");
keyPairGen6.initialize(2048); // GOOD
keyPairGen6.generateKeyPair();
}
}
1 change: 1 addition & 0 deletions ...uantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
a
1 change: 1 addition & 0 deletions ...s/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.qlref
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning test

Query test does not use inline test expectations.
4 changes: 4 additions & 0 deletions shared/quantum/codeql/quantum/experimental/Model.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1497,6 +1497,10 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
.getAGenericSourceNode()
}

KeyCreationOperationNode getCreatingOperation() {
instance.(KeyArtifactOutputInstance).getCreator() = result.asElement()
}

KeyCreationCandidateAlgorithmNode getAKnownAlgorithm() {
result =
instance
Expand Down
Loading