Skip to content

Commit 5893dc6

Browse files
geoffw0geoffw0
committed
Rust: Change the majority of variant tests to be on AES not DES, since the focus of these new tests should be the block mode not the encryption algorithm.
1 parent 9b65a33 commit 5893dc6

File tree

1 file changed

+10
-10
lines changed
  • rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm

1 file changed

+10
-10
lines changed

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/test_cipher.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ fn test_cbc(
146146
_ = des_cipher4.encrypt_padded_b2b_mut::<des::cipher::block_padding::Pkcs7>(input, data).unwrap();
147147
}
148148

149-
type MyDesEcbEncryptor = ecb::Encryptor<des::Des>;
149+
type MyAesEcbEncryptor = ecb::Encryptor<aes::Aes128>;
150150

151151
fn test_ecb(
152152
key: &[u8], key128: &[u8;16],
@@ -158,18 +158,18 @@ fn test_ecb(
158158
let aes_cipher1 = ecb::Encryptor::<aes::Aes128>::new(key128.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
159159
_ = aes_cipher1.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
160160

161-
// des with ECB (broken cipher + weak block mode)
162-
let des_cipher1 = ecb::Encryptor::<des::Des>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
163-
_ = des_cipher1.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
161+
let aes_cipher2 = MyAesEcbEncryptor::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
162+
_ = aes_cipher2.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
164163

165-
let des_cipher2 = MyDesEcbEncryptor::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
166-
_ = des_cipher2.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
164+
let aes_cipher3 = ecb::Encryptor::<aes::Aes128>::new_from_slice(&key).unwrap(); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
165+
_ = aes_cipher3.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
167166

168-
let des_cipher3 = ecb::Encryptor::<des::Des>::new_from_slice(&key).unwrap(); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
169-
_ = des_cipher3.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
167+
let aes_cipher4 = ecb::Encryptor::<aes::Aes128>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
168+
_ = aes_cipher4.encrypt_padded_b2b_mut::<aes::cipher::block_padding::Pkcs7>(input, data).unwrap();
170169

171-
let des_cipher4 = ecb::Encryptor::<des::Des>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
172-
_ = des_cipher4.encrypt_padded_b2b_mut::<des::cipher::block_padding::Pkcs7>(input, data).unwrap();
170+
// des with ECB (broken cipher + weak block mode)
171+
let des_cipher1 = ecb::Encryptor::<des::Des>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
172+
_ = des_cipher1.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
173173

174174
// rc2 with ECB (broken cipher + weak block mode)
175175
let rc2_cipher1 = ecb::Encryptor::<rc2::Rc2>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]

0 commit comments

Comments
 (0)