Skip to content

Commit 9b65a33

Browse files
Copilotgeoffw0
Copilot
and
geoffw0
committed
Add ECB and CBC block mode test cases
Co-authored-by: geoffw0 <[email protected]>
1 parent 2c22f94 commit 9b65a33

File tree

3 files changed

+41
-0
lines changed

3 files changed

+41
-0
lines changed

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/Cargo.lock

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/options.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,4 @@ qltest_dependencies:
88
- rc2 = { version = "0.8.1" }
99
- rc5 = { version = "0.0.1" }
1010
- cbc = { version = "0.1.2" }
11+
- ecb = { version = "0.1.2" }

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm/test_cipher.rs

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,3 +145,33 @@ fn test_cbc(
145145
let des_cipher4 = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
146146
_ = des_cipher4.encrypt_padded_b2b_mut::<des::cipher::block_padding::Pkcs7>(input, data).unwrap();
147147
}
148+
149+
type MyDesEcbEncryptor = ecb::Encryptor<des::Des>;
150+
151+
fn test_ecb(
152+
key: &[u8], key128: &[u8;16],
153+
input: &[u8], data: &mut [u8]
154+
) {
155+
let data_len = data.len();
156+
157+
// aes with ECB (weak block mode)
158+
let aes_cipher1 = ecb::Encryptor::<aes::Aes128>::new(key128.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
159+
_ = aes_cipher1.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
160+
161+
// des with ECB (broken cipher + weak block mode)
162+
let des_cipher1 = ecb::Encryptor::<des::Des>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
163+
_ = des_cipher1.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
164+
165+
let des_cipher2 = MyDesEcbEncryptor::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
166+
_ = des_cipher2.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
167+
168+
let des_cipher3 = ecb::Encryptor::<des::Des>::new_from_slice(&key).unwrap(); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
169+
_ = des_cipher3.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
170+
171+
let des_cipher4 = ecb::Encryptor::<des::Des>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
172+
_ = des_cipher4.encrypt_padded_b2b_mut::<des::cipher::block_padding::Pkcs7>(input, data).unwrap();
173+
174+
// rc2 with ECB (broken cipher + weak block mode)
175+
let rc2_cipher1 = ecb::Encryptor::<rc2::Rc2>::new(key.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
176+
_ = rc2_cipher1.encrypt_padded_mut::<rc2::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
177+
}

0 commit comments

Comments
 (0)