Added tests for NotConstantTimeCryptoComparison.ql

Author: artem-smotrakov

java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCryptoComparison.expected

@@ -0,0 +1,19 @@
+edges
+| NotConstantTimeCryptoComparison.java:14:28:14:44 | doFinal(...) : byte[] | NotConstantTimeCryptoComparison.java:15:43:15:51 | actualMac |
+| NotConstantTimeCryptoComparison.java:28:36:28:50 | digest(...) : byte[] | NotConstantTimeCryptoComparison.java:29:16:29:21 | actual |
+| NotConstantTimeCryptoComparison.java:44:28:44:40 | sign(...) : byte[] | NotConstantTimeCryptoComparison.java:45:40:45:48 | signature |
+| NotConstantTimeCryptoComparison.java:61:22:61:46 | doFinal(...) : byte[] | NotConstantTimeCryptoComparison.java:62:40:62:42 | tag |
+nodes
+| NotConstantTimeCryptoComparison.java:14:28:14:44 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
+| NotConstantTimeCryptoComparison.java:15:43:15:51 | actualMac | semmle.label | actualMac |
+| NotConstantTimeCryptoComparison.java:28:36:28:50 | digest(...) : byte[] | semmle.label | digest(...) : byte[] |
+| NotConstantTimeCryptoComparison.java:29:16:29:21 | actual | semmle.label | actual |
+| NotConstantTimeCryptoComparison.java:44:28:44:40 | sign(...) : byte[] | semmle.label | sign(...) : byte[] |
+| NotConstantTimeCryptoComparison.java:45:40:45:48 | signature | semmle.label | signature |
+| NotConstantTimeCryptoComparison.java:61:22:61:46 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
+| NotConstantTimeCryptoComparison.java:62:40:62:42 | tag | semmle.label | tag |
+#select
+| NotConstantTimeCryptoComparison.java:15:43:15:51 | actualMac | NotConstantTimeCryptoComparison.java:14:28:14:44 | doFinal(...) : byte[] | NotConstantTimeCryptoComparison.java:15:43:15:51 | actualMac | Using a not-constant time algorithm for comparison results of a cryptographic operation. |
+| NotConstantTimeCryptoComparison.java:29:16:29:21 | actual | NotConstantTimeCryptoComparison.java:28:36:28:50 | digest(...) : byte[] | NotConstantTimeCryptoComparison.java:29:16:29:21 | actual | Using a not-constant time algorithm for comparison results of a cryptographic operation. |
+| NotConstantTimeCryptoComparison.java:45:40:45:48 | signature | NotConstantTimeCryptoComparison.java:44:28:44:40 | sign(...) : byte[] | NotConstantTimeCryptoComparison.java:45:40:45:48 | signature | Using a not-constant time algorithm for comparison results of a cryptographic operation. |
+| NotConstantTimeCryptoComparison.java:62:40:62:42 | tag | NotConstantTimeCryptoComparison.java:61:22:61:46 | doFinal(...) : byte[] | NotConstantTimeCryptoComparison.java:62:40:62:42 | tag | Using a not-constant time algorithm for comparison results of a cryptographic operation. |

java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCryptoComparison.java

@@ -0,0 +1,73 @@
+import java.security.Key;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.util.Arrays;
+import javax.crypto.Cipher;
+import javax.crypto.Mac;
+
+public class NotConstantTimeCryptoComparison {
+
+    // BAD: compare MACs using a not-constant time method
+    public boolean unsafeMacCheck(byte[] expectedMac, byte[] data) throws Exception {
+        Mac mac = Mac.getInstance("HmacSHA256");
+        byte[] actualMac = mac.doFinal(data);
+        return Arrays.equals(expectedMac, actualMac);
+    }
+
+    // GOOD: compare MACs using a constant time method
+    public boolean saferMacCheck(byte[] expectedMac, byte[] data) throws Exception {
+        Mac mac = Mac.getInstance("HmacSHA256");
+        byte[] actualMac = mac.doFinal(data);
+        return MessageDigest.isEqual(expectedMac, actualMac);
+    }
+
+    // BAD: compare hashes using a not-constant time method
+    public boolean unsafeCheckMessageDigest(String expectedHash, byte[] data) throws Exception {
+        MessageDigest md = MessageDigest.getInstance("SHA-256");
+        String actual = new String(md.digest(data));
+        return actual.equals(expectedHash);
+    }
+
+    // GOOD: compare hashes using a constant time method
+    public boolean saferCheckMessageDigest(byte[] expected, byte[] data) throws Exception {
+        MessageDigest md = MessageDigest.getInstance("SHA-256");
+        byte[] actual = md.digest(data);
+        return MessageDigest.isEqual(expected, actual);
+    }
+
+    // BAD: compare signatures using a not-constant time method
+    public boolean unsafeCheckSignatures(byte[] expected, byte[] data, PrivateKey key) throws Exception {
+        Signature engine = Signature.getInstance("SHA256withRSA");
+        engine.initSign(key);
+        engine.update(data);
+        byte[] signature = engine.sign();
+        return Arrays.equals(expected, signature);
+    }
+
+    // GOOD: compare signatures using a constant time method
+    public boolean saferCheckSignatures(byte[] expected, byte[] data, PrivateKey key) throws Exception {
+        Signature engine = Signature.getInstance("SHA256withRSA");
+        engine.initSign(key);
+        engine.update(data);
+        byte[] signature = engine.sign();
+        return MessageDigest.isEqual(expected, signature);
+    }
+
+    // BAD: compare ciphertexts using a not-constant time method
+    public boolean unsafeCheckCustomMac(byte[] expected, byte[] plaintext, Key key) throws Exception {
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, key);
+        byte[] tag = cipher.doFinal(plaintext);
+        return Arrays.equals(expected, tag);
+    }
+
+    // GOOD: compare ciphertexts using a constant time method
+    public boolean saferCheckCustomMac(byte[] expected, byte[] plaintext, Key key) throws Exception {
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, key);
+        byte[] tag = cipher.doFinal(plaintext);
+        return MessageDigest.isEqual(expected, tag);
+    }
+ 
+}

java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCryptoComparison.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-208/NotConstantTimeCryptoComparison.ql