Skip to content

Commit 44e5251

Browse files
artem-smotrakovartem-smotrakov
committed
Removed unsafeMacCheckWithArraysDeepEquals() test
1 parent 0fc487f commit 44e5251

File tree

2 files changed

+37
-63
lines changed

2 files changed

+37
-63
lines changed

java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.expected

Lines changed: 37 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,50 +1,44 @@
11
edges
22
| Test.java:21:32:21:48 | doFinal(...) : byte[] | Test.java:23:47:23:55 | actualMac |
3-
| Test.java:33:32:33:44 | doFinal(...) : byte[] | Test.java:35:88:35:96 | actualMac : byte[] |
4-
| Test.java:35:88:35:96 | actualMac : byte[] | Test.java:35:70:35:97 | castToObjectArray(...) |
5-
| Test.java:46:25:46:33 | actualMac : byte[] | Test.java:48:47:48:55 | actualMac |
6-
| Test.java:71:32:71:44 | sign(...) : byte[] | Test.java:73:44:73:52 | signature |
7-
| Test.java:85:25:85:33 | signature : byte[] | Test.java:87:44:87:52 | signature |
8-
| Test.java:111:26:111:45 | doFinal(...) : byte[] | Test.java:113:49:113:51 | tag |
9-
| Test.java:128:28:128:30 | tag : byte[] | Test.java:130:44:130:46 | tag |
10-
| Test.java:146:56:146:58 | tag : ByteBuffer | Test.java:148:44:148:46 | tag : ByteBuffer |
11-
| Test.java:148:44:148:46 | tag : ByteBuffer | Test.java:148:44:148:54 | array(...) |
12-
| Test.java:160:56:160:58 | tag : ByteBuffer | Test.java:162:53:162:55 | tag |
13-
| Test.java:186:26:186:50 | doFinal(...) : byte[] | Test.java:188:44:188:46 | tag |
14-
| Test.java:221:34:221:50 | doFinal(...) : byte[] | Test.java:224:26:224:36 | computedTag |
3+
| Test.java:34:25:34:33 | actualMac : byte[] | Test.java:36:47:36:55 | actualMac |
4+
| Test.java:59:32:59:44 | sign(...) : byte[] | Test.java:61:44:61:52 | signature |
5+
| Test.java:73:25:73:33 | signature : byte[] | Test.java:75:44:75:52 | signature |
6+
| Test.java:99:26:99:45 | doFinal(...) : byte[] | Test.java:101:49:101:51 | tag |
7+
| Test.java:116:28:116:30 | tag : byte[] | Test.java:118:44:118:46 | tag |
8+
| Test.java:134:56:134:58 | tag : ByteBuffer | Test.java:136:44:136:46 | tag : ByteBuffer |
9+
| Test.java:136:44:136:46 | tag : ByteBuffer | Test.java:136:44:136:54 | array(...) |
10+
| Test.java:148:56:148:58 | tag : ByteBuffer | Test.java:150:53:150:55 | tag |
11+
| Test.java:174:26:174:50 | doFinal(...) : byte[] | Test.java:176:44:176:46 | tag |
12+
| Test.java:201:34:201:50 | doFinal(...) : byte[] | Test.java:204:26:204:36 | computedTag |
1513
nodes
1614
| Test.java:21:32:21:48 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
1715
| Test.java:23:47:23:55 | actualMac | semmle.label | actualMac |
18-
| Test.java:33:32:33:44 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
19-
| Test.java:35:70:35:97 | castToObjectArray(...) | semmle.label | castToObjectArray(...) |
20-
| Test.java:35:88:35:96 | actualMac : byte[] | semmle.label | actualMac : byte[] |
21-
| Test.java:46:25:46:33 | actualMac : byte[] | semmle.label | actualMac : byte[] |
22-
| Test.java:48:47:48:55 | actualMac | semmle.label | actualMac |
23-
| Test.java:71:32:71:44 | sign(...) : byte[] | semmle.label | sign(...) : byte[] |
24-
| Test.java:73:44:73:52 | signature | semmle.label | signature |
25-
| Test.java:85:25:85:33 | signature : byte[] | semmle.label | signature : byte[] |
26-
| Test.java:87:44:87:52 | signature | semmle.label | signature |
27-
| Test.java:111:26:111:45 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
28-
| Test.java:113:49:113:51 | tag | semmle.label | tag |
29-
| Test.java:128:28:128:30 | tag : byte[] | semmle.label | tag : byte[] |
30-
| Test.java:130:44:130:46 | tag | semmle.label | tag |
31-
| Test.java:146:56:146:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
32-
| Test.java:148:44:148:46 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
33-
| Test.java:148:44:148:54 | array(...) | semmle.label | array(...) |
34-
| Test.java:160:56:160:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
35-
| Test.java:162:53:162:55 | tag | semmle.label | tag |
36-
| Test.java:186:26:186:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
37-
| Test.java:188:44:188:46 | tag | semmle.label | tag |
38-
| Test.java:221:34:221:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
39-
| Test.java:224:26:224:36 | computedTag | semmle.label | computedTag |
16+
| Test.java:34:25:34:33 | actualMac : byte[] | semmle.label | actualMac : byte[] |
17+
| Test.java:36:47:36:55 | actualMac | semmle.label | actualMac |
18+
| Test.java:59:32:59:44 | sign(...) : byte[] | semmle.label | sign(...) : byte[] |
19+
| Test.java:61:44:61:52 | signature | semmle.label | signature |
20+
| Test.java:73:25:73:33 | signature : byte[] | semmle.label | signature : byte[] |
21+
| Test.java:75:44:75:52 | signature | semmle.label | signature |
22+
| Test.java:99:26:99:45 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
23+
| Test.java:101:49:101:51 | tag | semmle.label | tag |
24+
| Test.java:116:28:116:30 | tag : byte[] | semmle.label | tag : byte[] |
25+
| Test.java:118:44:118:46 | tag | semmle.label | tag |
26+
| Test.java:134:56:134:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
27+
| Test.java:136:44:136:46 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
28+
| Test.java:136:44:136:54 | array(...) | semmle.label | array(...) |
29+
| Test.java:148:56:148:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
30+
| Test.java:150:53:150:55 | tag | semmle.label | tag |
31+
| Test.java:174:26:174:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
32+
| Test.java:176:44:176:46 | tag | semmle.label | tag |
33+
| Test.java:201:34:201:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
34+
| Test.java:204:26:204:36 | computedTag | semmle.label | computedTag |
4035
#select
4136
| Test.java:23:47:23:55 | actualMac | Test.java:21:32:21:48 | doFinal(...) : byte[] | Test.java:23:47:23:55 | actualMac | Timing attack against $@ validation. | Test.java:21:32:21:48 | doFinal(...) : byte[] | MAC |
42-
| Test.java:35:70:35:97 | castToObjectArray(...) | Test.java:33:32:33:44 | doFinal(...) : byte[] | Test.java:35:70:35:97 | castToObjectArray(...) | Timing attack against $@ validation. | Test.java:33:32:33:44 | doFinal(...) : byte[] | MAC |
43-
| Test.java:48:47:48:55 | actualMac | Test.java:46:25:46:33 | actualMac : byte[] | Test.java:48:47:48:55 | actualMac | Timing attack against $@ validation. | Test.java:46:25:46:33 | actualMac : byte[] | MAC |
44-
| Test.java:73:44:73:52 | signature | Test.java:71:32:71:44 | sign(...) : byte[] | Test.java:73:44:73:52 | signature | Timing attack against $@ validation. | Test.java:71:32:71:44 | sign(...) : byte[] | signature |
45-
| Test.java:87:44:87:52 | signature | Test.java:85:25:85:33 | signature : byte[] | Test.java:87:44:87:52 | signature | Timing attack against $@ validation. | Test.java:85:25:85:33 | signature : byte[] | signature |
46-
| Test.java:113:49:113:51 | tag | Test.java:111:26:111:45 | doFinal(...) : byte[] | Test.java:113:49:113:51 | tag | Timing attack against $@ validation. | Test.java:111:26:111:45 | doFinal(...) : byte[] | ciphertext |
47-
| Test.java:130:44:130:46 | tag | Test.java:128:28:128:30 | tag : byte[] | Test.java:130:44:130:46 | tag | Timing attack against $@ validation. | Test.java:128:28:128:30 | tag : byte[] | ciphertext |
48-
| Test.java:148:44:148:54 | array(...) | Test.java:146:56:146:58 | tag : ByteBuffer | Test.java:148:44:148:54 | array(...) | Timing attack against $@ validation. | Test.java:146:56:146:58 | tag : ByteBuffer | ciphertext |
49-
| Test.java:162:53:162:55 | tag | Test.java:160:56:160:58 | tag : ByteBuffer | Test.java:162:53:162:55 | tag | Timing attack against $@ validation. | Test.java:160:56:160:58 | tag : ByteBuffer | ciphertext |
50-
| Test.java:188:44:188:46 | tag | Test.java:186:26:186:50 | doFinal(...) : byte[] | Test.java:188:44:188:46 | tag | Timing attack against $@ validation. | Test.java:186:26:186:50 | doFinal(...) : byte[] | ciphertext |
37+
| Test.java:36:47:36:55 | actualMac | Test.java:34:25:34:33 | actualMac : byte[] | Test.java:36:47:36:55 | actualMac | Timing attack against $@ validation. | Test.java:34:25:34:33 | actualMac : byte[] | MAC |
38+
| Test.java:61:44:61:52 | signature | Test.java:59:32:59:44 | sign(...) : byte[] | Test.java:61:44:61:52 | signature | Timing attack against $@ validation. | Test.java:59:32:59:44 | sign(...) : byte[] | signature |
39+
| Test.java:75:44:75:52 | signature | Test.java:73:25:73:33 | signature : byte[] | Test.java:75:44:75:52 | signature | Timing attack against $@ validation. | Test.java:73:25:73:33 | signature : byte[] | signature |
40+
| Test.java:101:49:101:51 | tag | Test.java:99:26:99:45 | doFinal(...) : byte[] | Test.java:101:49:101:51 | tag | Timing attack against $@ validation. | Test.java:99:26:99:45 | doFinal(...) : byte[] | ciphertext |
41+
| Test.java:118:44:118:46 | tag | Test.java:116:28:116:30 | tag : byte[] | Test.java:118:44:118:46 | tag | Timing attack against $@ validation. | Test.java:116:28:116:30 | tag : byte[] | ciphertext |
42+
| Test.java:136:44:136:54 | array(...) | Test.java:134:56:134:58 | tag : ByteBuffer | Test.java:136:44:136:54 | array(...) | Timing attack against $@ validation. | Test.java:134:56:134:58 | tag : ByteBuffer | ciphertext |
43+
| Test.java:150:53:150:55 | tag | Test.java:148:56:148:58 | tag : ByteBuffer | Test.java:150:53:150:55 | tag | Timing attack against $@ validation. | Test.java:148:56:148:58 | tag : ByteBuffer | ciphertext |
44+
| Test.java:176:44:176:46 | tag | Test.java:174:26:174:50 | doFinal(...) : byte[] | Test.java:176:44:176:46 | tag | Timing attack against $@ validation. | Test.java:174:26:174:50 | doFinal(...) : byte[] | ciphertext |

java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.java

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -24,18 +24,6 @@ public boolean unsafeMacCheckWithArrayEquals(Socket socket) throws Exception {
2424
}
2525
}
2626

27-
// BAD: compare MACs using a non-constant-time method
28-
public boolean unsafeMacCheckWithArraysDeepEquals(Socket socket) throws Exception {
29-
try (InputStream is = socket.getInputStream()) {
30-
Mac mac = Mac.getInstance("HmacSHA256");
31-
byte[] data = socket.getInputStream().readAllBytes();
32-
mac.update(data);
33-
byte[] actualMac = mac.doFinal();
34-
byte[] expectedMac = is.readNBytes(32);
35-
return Arrays.deepEquals(castToObjectArray(expectedMac), castToObjectArray(actualMac));
36-
}
37-
}
38-
3927
// BAD: compare MACs using a non-constant-time method
4028
public boolean unsafeMacCheckWithDoFinalWithOutputArray(Socket socket) throws Exception {
4129
try (InputStream is = socket.getInputStream()) {
@@ -200,14 +188,6 @@ public boolean compareMacWithConstant(Socket socket) throws Exception {
200188
}
201189
}
202190

203-
private static Object[] castToObjectArray(byte[] array) {
204-
Object[] result = new Object[array.length];
205-
for (int i = 0; i < array.length; i++) {
206-
result[i] = array[i];
207-
}
208-
return result;
209-
}
210-
211191
// BAD: compare MAC using a non-constant-time loop
212192
public boolean unsafeMacCheckWithLoop(Socket socket) throws Exception {
213193
try (InputStream is = socket.getInputStream()) {

0 commit comments

Comments
 (0)