Skip to content

Commit 5db6b92

Browse files
geoffw0geoffw0
authored
Merge pull request #20887 from github/copilot/add-ecb-cbc-test-cases
Add ECB and CBC block mode test cases for BrokenCryptoAlgorithm query
2 parents 1af1d2d + fa02842 commit 5db6b92

File tree

3 files changed

+41
-0
lines changed

3 files changed

+41
-0
lines changed

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/Cargo.lock

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/options.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,4 @@ qltest_dependencies:
88
- rc2 = { version = "0.8.1" }
99
- rc5 = { version = "0.0.1" }
1010
- cbc = { version = "0.1.2" }
11+
- ecb = { version = "0.1.2" }

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/test_cipher.rs

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,3 +145,33 @@ fn test_cbc(
145145
let des_cipher4 = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
146146
_ = des_cipher4.encrypt_padded_b2b_mut::<des::cipher::block_padding::Pkcs7>(input, data).unwrap();
147147
}
148+
149+
type MyAesEcbEncryptor = ecb::Encryptor<aes::Aes128>;
150+
151+
fn test_ecb(
152+
key: &[u8], key128: &[u8;16],
153+
input: &[u8], data: &mut [u8]
154+
) {
155+
let data_len = data.len();
156+
157+
// aes with ECB (weak block mode)
158+
let aes_cipher1 = ecb::Encryptor::<aes::Aes128>::new(key128.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
159+
_ = aes_cipher1.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
160+
161+
let aes_cipher2 = MyAesEcbEncryptor::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
162+
_ = aes_cipher2.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
163+
164+
let aes_cipher3 = ecb::Encryptor::<aes::Aes128>::new_from_slice(&key).unwrap(); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
165+
_ = aes_cipher3.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
166+
167+
let aes_cipher4 = ecb::Encryptor::<aes::Aes128>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
168+
_ = aes_cipher4.encrypt_padded_b2b_mut::<aes::cipher::block_padding::Pkcs7>(input, data).unwrap();
169+
170+
// des with ECB (broken cipher + weak block mode)
171+
let des_cipher1 = ecb::Encryptor::<des::Des>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
172+
_ = des_cipher1.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
173+
174+
// rc2 with ECB (broken cipher + weak block mode)
175+
let rc2_cipher1 = ecb::Encryptor::<rc2::Rc2>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
176+
_ = rc2_cipher1.encrypt_padded_mut::<rc2::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
177+
}

0 commit comments

Comments
 (0)