minor updates

Author: Jami Cogswell

java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll

@@ -61,7 +61,7 @@ private int getNodeIntValue(DataFlow::Node node) {
   result = node.asExpr().(IntegerLiteral).getIntValue()
 }
 
-/** Returns the key size from an EC algorithm curve name string */
+/** Returns the key size from an EC algorithm's curve name string */
 bindingset[algorithm]
 private int getEcKeySize(string algorithm) {
   algorithm.matches("sec%") and // specification such as "secp256r1"
@@ -145,16 +145,17 @@ private class SymmetricInitMethodAccess extends KeyGenInitMethodAccess {
   SymmetricInitMethodAccess() { this.getMethod() instanceof KeyGeneratorInitMethod }
 }
 
-/** An instance of a key generator. */
-abstract private class KeyGeneratorObject extends CryptoAlgoSpec {
+/** An instance of a generator that specifies an encryption algorithm. */
+abstract private class AlgoGeneratorObject extends CryptoAlgoSpec {
+  /** Returns an uppercase string representing the algorithm name specified by this generator object. */
   string getAlgoName() { result = this.getAlgoSpec().(StringLiteral).getValue().toUpperCase() }
 }
 
 /**
  * An instance of a `java.security.KeyPairGenerator`
  * or of a `java.security.AlgorithmParameterGenerator`.
  */
-private class AsymmetricKeyGenerator extends KeyGeneratorObject {
+private class AsymmetricKeyGenerator extends AlgoGeneratorObject {
   AsymmetricKeyGenerator() {
     this instanceof JavaSecurityKeyPairGenerator or
     this instanceof JavaSecurityAlgoParamGenerator
@@ -164,7 +165,7 @@ private class AsymmetricKeyGenerator extends KeyGeneratorObject {
 }
 
 /** An instance of a `javax.crypto.KeyGenerator`. */
-private class SymmetricKeyGenerator extends KeyGeneratorObject {
+private class SymmetricKeyGenerator extends AlgoGeneratorObject {
   SymmetricKeyGenerator() { this instanceof JavaxCryptoKeyGenerator }
 
   override Expr getAlgoSpec() { result = this.getAlgoSpec() }

java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.qhelp

@@ -6,20 +6,19 @@
     <overview>
         <p>Modern encryption relies on the computational infeasibility of breaking a cipher and decoding its
         message without the key. As computational power increases, the ability to break ciphers grows, and key
-        sizes need to become larger as a result. Encryption algorithms that use too small of a key size are
+        sizes need to become larger as a result. Cryptographic algorithms that use too small of a key size are
         vulnerable to brute force attacks, which can reveal sensitive data.</p>
     </overview>
 
     <recommendation>
-        <p>Use a key of the recommended size or larger. The key size should be at least 2048 bits for RSA or
-        DSA encryption, 256 bits for elliptic curve (EC) encryption, and 128 bits for symmetric encryption,
-        such as AES.</p>
+        <p>Use a key of the recommended size or larger. The key size should be at least 128 bits for AES encryption,
+        256 bits for elliptic-curve cryptography (ECC), and 2048 bits for RSA, DSA, or DH encryption.</p>
     </recommendation>
 
     <example>
 
           <p>
-               The following code uses encryption with insufficient key sizes.
+               The following code uses cryptographic algorithms with insufficient key sizes.
           </p>
 
           <sample src="InsufficientKeySizeBad.java" />
@@ -29,12 +28,6 @@
                larger for each algorithm.
           </p>
 
-          <!-- <p>
-               In the example below, the key sizes are set correctly.
-          </p>
-
-          <sample src="InsufficientKeySizeGood.java" /> -->
-
      </example>
 
     <references>
@@ -45,22 +38,6 @@
         <li>
             Wikipedia: <a href="https://en.wikipedia.org/wiki/Strong_cryptography">Strong cryptography</a>.
         </li>
-        <!-- <li>
-            Wikipedia:
-            <a href="https://en.wikipedia.org/wiki/RSA_(cryptosystem)">RSA (cryptosystem)</a>.
-        </li>
-        <li>
-            Wikipedia:
-            <a href="https://en.wikipedia.org/wiki/Digital_Signature_Algorithm">Digital Signature Algorithm</a>.
-        </li>
-        <li>
-            Wikipedia:
-            <a href="https://en.wikipedia.org/wiki/Elliptic-curve_cryptography">Elliptic-curve cryptography</a>.
-        </li>
-        <li>
-            Wikipedia:
-            <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard">Advanced Encryption Standard</a>.
-        </li> -->
         <li>
             OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms">
             Cryptographic Storage Cheat Sheet</a>.

java/ql/src/Security/CWE/CWE-326/InsufficientKeySizeBad.java

@@ -1,16 +1,15 @@
     KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
-    // BAD: Key size is less than 2048
-    keyPairGen1.initialize(1024);
+    keyPairGen1.initialize(1024); // BAD: Key size is less than 2048
 
     KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA");
-    // BAD: Key size is less than 2048
-    keyPairGen2.initialize(1024);
+    keyPairGen2.initialize(1024); // BAD: Key size is less than 2048
 
-    KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("EC");
-    // BAD: Key size is less than 256
-    ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1");
-    keyPairGen3.initialize(ecSpec1);
+    KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH");
+    keyPairGen3.initialize(1024); // BAD: Key size is less than 2048
+
+    KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("EC");
+    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp112r1"); // BAD: Key size is less than 256
+    keyPairGen4.initialize(ecSpec);
 
     KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-    // BAD: Key size is less than 128
-    keyGen.init(64);
+    keyGen.init(64); // BAD: Key size is less than 128

java/ql/src/Security/CWE/CWE-326/InsufficientKeySizeGood.java

@@ -44,6 +44,7 @@ public void keySizeTesting() throws java.security.NoSuchAlgorithmException, java
             KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("RSA");
             keyPairGen2.initialize(2048); // Safe: Key size is no less than 2048
 
+            /* Test spec */
             KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("RSA");
             RSAKeyGenParameterSpec rsaSpec = new RSAKeyGenParameterSpec(1024, null); // $ hasInsufficientKeySize
             keyPairGen3.initialize(rsaSpec);
@@ -80,6 +81,7 @@ public void keySizeTesting() throws java.security.NoSuchAlgorithmException, java
             KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA");
             keyPairGen2.initialize(2048); // Safe: Key size is no less than 2048
 
+            /* Test spec */
             KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DSA");
             DSAGenParameterSpec dsaSpec = new DSAGenParameterSpec(1024, 0); // $ hasInsufficientKeySize
             keyPairGen3.initialize(dsaSpec);
@@ -101,6 +103,7 @@ public void keySizeTesting() throws java.security.NoSuchAlgorithmException, java
             KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DH");
             keyPairGen2.initialize(2048); // Safe: Key size is no less than 2048
 
+            /* Test spec */
             KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH");
             DHGenParameterSpec dhSpec = new DHGenParameterSpec(1024, 0); // $ hasInsufficientKeySize
             keyPairGen3.initialize(dhSpec);

java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java

@@ -1,196 +1,31 @@
-//package org.bouncycastle.jce.provider.test;
+/* Adds tests to check for FPs related to RSA/DSA versus EC */
 
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.Signature;
 
-// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// import org.bouncycastle.jce.provider.BouncyCastleProvider;
-// import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
-// import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-// import org.bouncycastle.util.encoders.Hex;
-// import org.bouncycastle.util.test.SimpleTest;
-
 public class SignatureTest
-    //extends SimpleTest
 {
-    // private static final byte[] DATA = Hex.decode("00000000deadbeefbeefdeadffffffff00000000");
-
-    private void checkSig(KeyPair kp, String name)
-        throws Exception
-    {
-        // Signature sig = Signature.getInstance(name, "BC");
-
-        // sig.initSign(kp.getPrivate());
-        // sig.update(DATA);
-
-        // byte[] signature1 = sig.sign();
-
-        // sig.update(DATA);
-
-        // byte[] signature2 = sig.sign();
-
-        // sig.initVerify(kp.getPublic());
-
-        // sig.update(DATA);
-        // if (!sig.verify(signature1))
-        // {
-        //     fail("did not verify: " + name);
-        // }
-
-        // // After verify, should be reusable as if we are after initVerify
-        // sig.update(DATA);
-        // if (!sig.verify(signature1))
-        // {
-        //     fail("second verify failed: " + name);
-        // }
-
-        // sig.update(DATA);
-        // if (!sig.verify(signature2))
-        // {
-        //     fail("second verify failed (2): " + name);
-        // }
-    }
 
     public void performTest()
         throws Exception
     {
         KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-
         kpGen.initialize(2048); // Safe
-
         KeyPair kp = kpGen.generateKeyPair();
 
-        checkSig(kp, "SHA1withRSA");
-        checkSig(kp, "SHA224withRSA");
-        checkSig(kp, "SHA256withRSA");
-        checkSig(kp, "SHA384withRSA");
-        checkSig(kp, "SHA512withRSA");
-
-        checkSig(kp, "SHA3-224withRSA");
-        checkSig(kp, "SHA3-256withRSA");
-        checkSig(kp, "SHA3-384withRSA");
-        checkSig(kp, "SHA3-512withRSA");
-
-        checkSig(kp, "MD2withRSA");
-        checkSig(kp, "MD4withRSA");
-        checkSig(kp, "MD5withRSA");
-        checkSig(kp, "RIPEMD160withRSA");
-        checkSig(kp, "RIPEMD128withRSA");
-        checkSig(kp, "RIPEMD256withRSA");
-
-        checkSig(kp, "SHA1withRSAandMGF1");
-        checkSig(kp, "SHA1withRSAandMGF1");
-        checkSig(kp, "SHA224withRSAandMGF1");
-        checkSig(kp, "SHA256withRSAandMGF1");
-        checkSig(kp, "SHA384withRSAandMGF1");
-        checkSig(kp, "SHA512withRSAandMGF1");
-
-        checkSig(kp, "SHA1withRSAandSHAKE128");
-        checkSig(kp, "SHA1withRSAandSHAKE128");
-        checkSig(kp, "SHA224withRSAandSHAKE128");
-        checkSig(kp, "SHA256withRSAandSHAKE128");
-        checkSig(kp, "SHA384withRSAandSHAKE128");
-        checkSig(kp, "SHA512withRSAandSHAKE128");
-
-        checkSig(kp, "SHA1withRSAandSHAKE256");
-        checkSig(kp, "SHA1withRSAandSHAKE256");
-        checkSig(kp, "SHA224withRSAandSHAKE256");
-        checkSig(kp, "SHA256withRSAandSHAKE256");
-        checkSig(kp, "SHA384withRSAandSHAKE256");
-        checkSig(kp, "SHA512withRSAandSHAKE256");
-
-        checkSig(kp, "SHAKE128withRSAPSS");
-        checkSig(kp, "SHAKE256withRSAPSS");
-
-        checkSig(kp, "SHA1withRSA/ISO9796-2");
-        checkSig(kp, "MD5withRSA/ISO9796-2");
-        checkSig(kp, "RIPEMD160withRSA/ISO9796-2");
-
-//        checkSig(kp, "SHA1withRSA/ISO9796-2PSS");
-//        checkSig(kp, "MD5withRSA/ISO9796-2PSS");
-//        checkSig(kp, "RIPEMD160withRSA/ISO9796-2PSS");
-
-        checkSig(kp, "RIPEMD128withRSA/X9.31");
-        checkSig(kp, "RIPEMD160withRSA/X9.31");
-        checkSig(kp, "SHA1withRSA/X9.31");
-        checkSig(kp, "SHA224withRSA/X9.31");
-        checkSig(kp, "SHA256withRSA/X9.31");
-        checkSig(kp, "SHA384withRSA/X9.31");
-        checkSig(kp, "SHA512withRSA/X9.31");
-        checkSig(kp, "WhirlpoolwithRSA/X9.31");
-
         kpGen = KeyPairGenerator.getInstance("DSA", "BC");
-
         kpGen.initialize(2048); // Safe
-
         kp = kpGen.generateKeyPair();
 
-        checkSig(kp, "SHA1withDSA");
-        checkSig(kp, "SHA224withDSA");
-        checkSig(kp, "SHA256withDSA");
-        checkSig(kp, "SHA384withDSA");
-        checkSig(kp, "SHA512withDSA");
-        checkSig(kp, "NONEwithDSA");
-
         kpGen = KeyPairGenerator.getInstance("EC", "BC");
-
         kpGen.initialize(256); // Safe
-
         kp = kpGen.generateKeyPair();
 
-        checkSig(kp, "SHA1withECDSA");
-        checkSig(kp, "SHA224withECDSA");
-        checkSig(kp, "SHA256withECDSA");
-        checkSig(kp, "SHA384withECDSA");
-        checkSig(kp, "SHA512withECDSA");
-        checkSig(kp, "RIPEMD160withECDSA");
-        checkSig(kp, "SHAKE128withECDSA");
-        checkSig(kp, "SHAKE256withECDSA");
-
         kpGen = KeyPairGenerator.getInstance("EC", "BC");
-
         kpGen.initialize(521); // Safe
-
         kp = kpGen.generateKeyPair();
-
-        checkSig(kp, "SHA1withECNR");
-        checkSig(kp, "SHA224withECNR");
-        checkSig(kp, "SHA256withECNR");
-        checkSig(kp, "SHA384withECNR");
-        checkSig(kp, "SHA512withECNR");
-
-        // kpGen = KeyPairGenerator.getInstance("ECGOST3410", "BC");
-
-        // kpGen.initialize(new ECNamedCurveGenParameterSpec("GostR3410-2001-CryptoPro-A"), new SecureRandom());
-
-        // kp = kpGen.generateKeyPair();
-
-        // checkSig(kp, "GOST3411withECGOST3410");
-
-        // kpGen = KeyPairGenerator.getInstance("GOST3410", "BC");
-
-        // GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId());
-
-        // kpGen.initialize(gost3410P);
-
-        // kp = kpGen.generateKeyPair();
-
-        // checkSig(kp, "GOST3411withGOST3410");
-    }
-
-    public String getName()
-    {
-        return "SigNameTest";
     }
-
-    // public static void main(
-    //     String[] args)
-    // {
-    //     //Security.addProvider(new BouncyCastleProvider());
-
-    //     //runTest(new SignatureTest());
-    // }
 }