Skip to content

Commit

Permalink
Feature/enhance Cbom generation (#136)
Browse files Browse the repository at this point in the history 
* add test

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* add signature test case

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* add rsaOAEP test, add nonce and iv to cbom output

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* update tests for RSA PSS

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* add RSA PSS test

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* add curve to cbom, add tests

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* update signature naming, fix test in jca and python

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

* update naming of algorithms, update tests

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>

---------

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>
  • Loading branch information
@n1ckl0sk0rtge
n1ckl0sk0rtge committed Sep 5, 2024
1 parent e8bc9f9 commit baa7a69
Show file tree
Hide file tree
Showing 72 changed files with 632 additions and 425 deletions.
6 changes: 2 additions & 4 deletions enricher/src/main/java/com/ibm/enricher/algorithm/RSAoaepEnricher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.Oid;
import com.ibm.mapper.model.Padding;
import com.ibm.mapper.model.Signature;
import com.ibm.mapper.model.algorithms.RSA;
import com.ibm.mapper.model.padding.OAEP;
import java.util.Optional;
Expand All @@ -39,9 +38,8 @@ public class RSAoaepEnricher implements IEnricher {
return node;
}
if (padding.get() instanceof OAEP) {
final RSA newRSA = new RSA(Signature.class, rsa);
newRSA.put(new Oid("1.2.840.113549.1.1.7", rsa.getDetectionContext()));
return newRSA;
rsa.put(new Oid("1.2.840.113549.1.1.7", rsa.getDetectionContext()));
return rsa;
}
}
return node;
Expand Down
2 changes: 1 addition & 1 deletion ...ection/jca/algorithmparametergenerator/JcaAlgorithmParameterGeneratorGetInstanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,6 @@ public void asserts(
INode node = nodes.get(0);
assertThat(node).isInstanceOf(PublicKeyEncryption.class);
assertThat(node).isInstanceOf(DH.class);
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-3072");
}
}
2 changes: 1 addition & 1 deletion ...les/detection/jca/algorithmparametergenerator/JcaAlgorithmParameterGeneratorInitTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ public void asserts(
INode publicKeyEncryptionNode = nodes.get(0);
assertThat(publicKeyEncryptionNode.getKind()).isEqualTo(PublicKeyEncryption.class);
assertThat(publicKeyEncryptionNode.getChildren()).hasSize(2);
assertThat(publicKeyEncryptionNode.asString()).isEqualTo("DH");
assertThat(publicKeyEncryptionNode.asString()).isEqualTo("DH-2048");

// KeyLength under PublicKeyEncryption
INode keyLengthNode = publicKeyEncryptionNode.getChildren().get(KeyLength.class);
Expand Down
2 changes: 1 addition & 1 deletion ...test/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHGenParameterSpecTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public void asserts(
INode node = nodes.get(0);
assertThat(node).isInstanceOf(PublicKeyEncryption.class);
assertThat(node).isInstanceOf(DH.class);
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-2048");

INode defaultKeyLength = node.getChildren().get(KeyLength.class);
assertThat(defaultKeyLength).isNotNull();
Expand Down
5 changes: 3 additions & 2 deletions java/src/test/java/com/ibm/plugin/rules/detection/jca/cipher/JcaCipherInitTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import com.ibm.mapper.model.KeyLength;
import com.ibm.mapper.model.Mode;
import com.ibm.mapper.model.Padding;
import com.ibm.mapper.model.PublicKeyEncryption;
import com.ibm.mapper.model.functionality.Decrypt;
import com.ibm.plugin.TestBase;
import java.util.List;
Expand Down Expand Up @@ -78,8 +79,8 @@ public void asserts(
*/
assertThat(nodes).hasSize(1);
INode node = nodes.get(0);
assertThat(node).isInstanceOf(com.ibm.mapper.model.Algorithm.class);
assertThat(node.asString()).isEqualTo("RSA");
assertThat(node).isInstanceOf(PublicKeyEncryption.class);
assertThat(node.asString()).isEqualTo("RSA-2048");

INode mode = node.getChildren().get(Mode.class);
assertThat(mode).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...m/plugin/rules/detection/jca/keyagreement/JcaKeyAgreementGenerateSecretAlgorithmTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public void asserts(
assertThat(nodes).hasSize(1);
INode node = nodes.get(0);
assertThat(node).isNotNull();
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-3072");
assertThat(node.is(PublicKeyEncryption.class)).isTrue();

INode oid = node.getChildren().get(Oid.class);
Expand Down
2 changes: 1 addition & 1 deletion ...ibm/plugin/rules/detection/jca/keyagreement/JcaKeyAgreementGenerateSecretKeySizeTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ public void asserts(
assertThat(nodes).hasSize(1);
INode node = nodes.get(0);
assertThat(node).isNotNull();
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-2048");

INode oid = node.getChildren().get(Oid.class);
assertThat(oid).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...va/com/ibm/plugin/rules/detection/jca/keyagreement/JcaKeyAgreementGenerateSecretTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public void asserts(
assertThat(nodes).hasSize(1);
INode node = nodes.get(0);
assertThat(node).isNotNull();
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-3072");

INode oid = node.getChildren().get(Oid.class);
assertThat(oid).isNotNull();
Expand Down
5 changes: 3 additions & 2 deletions .../java/com/ibm/plugin/rules/detection/jca/keyagreement/JcaKeyAgreementGetInstanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@
import com.ibm.engine.model.Algorithm;
import com.ibm.engine.model.IValue;
import com.ibm.engine.model.context.KeyAgreementContext;
import com.ibm.mapper.model.*;
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.KeyLength;
import com.ibm.plugin.TestBase;
import java.util.List;
import org.jetbrains.annotations.NotNull;
Expand Down Expand Up @@ -67,7 +68,7 @@ public void asserts(
assertThat(nodes).hasSize(1);
INode node = nodes.get(0);
assertThat(node).isNotNull();
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-3072");

INode keyLength = node.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...rc/test/java/com/ibm/plugin/rules/detection/jca/keyagreement/JcaKeyAgreementInitTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ public void asserts(
assertThat(nodes).hasSize(1);
INode node = nodes.get(0);
assertThat(node).isNotNull();
assertThat(node.asString()).isEqualTo("DH");
assertThat(node.asString()).isEqualTo("DH-512");

INode keyLength = node.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...rc/test/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaKeyFactoryGenerateTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public void asserts(

INode algorithm = node.getChildren().get(com.ibm.mapper.model.PublicKeyEncryption.class);
assertThat(algorithm).isNotNull();
assertThat(algorithm.asString()).isEqualTo("RSA");
assertThat(algorithm.asString()).isEqualTo("RSA-2048");

INode defaultKeyLength = algorithm.getChildren().get(KeyLength.class);
assertThat(defaultKeyLength).isNotNull();
Expand Down
7 changes: 5 additions & 2 deletions ...test/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaKeyFactoryGetInstanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@
import com.ibm.engine.model.Algorithm;
import com.ibm.engine.model.IValue;
import com.ibm.engine.model.context.KeyContext;
import com.ibm.mapper.model.*;
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.Key;
import com.ibm.mapper.model.KeyLength;
import com.ibm.mapper.model.PublicKeyEncryption;
import com.ibm.plugin.TestBase;
import java.util.List;
import javax.annotation.Nonnull;
Expand Down Expand Up @@ -75,7 +78,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(PublicKeyEncryption.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("RSA");
assertThat(blockCipher.asString()).isEqualTo("RSA-2048");

INode defaultKeyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(defaultKeyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion .../com/ibm/plugin/rules/detection/jca/keyfactory/JcaSecretKeyFactoryGenerateSecretTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(BlockCipher.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("DES");
assertThat(blockCipher.asString()).isEqualTo("DES56");

INode defaultKeyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(defaultKeyLength).isNotNull();
Expand Down
7 changes: 5 additions & 2 deletions ...ava/com/ibm/plugin/rules/detection/jca/keyfactory/JcaSecretKeyFactoryGetInstanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@
import com.ibm.engine.model.Algorithm;
import com.ibm.engine.model.IValue;
import com.ibm.engine.model.context.SecretKeyContext;
import com.ibm.mapper.model.*;
import com.ibm.mapper.model.BlockCipher;
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.KeyLength;
import com.ibm.mapper.model.SecretKey;
import com.ibm.plugin.TestBase;
import java.util.List;
import javax.annotation.Nonnull;
Expand Down Expand Up @@ -75,7 +78,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(BlockCipher.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("DES");
assertThat(blockCipher.asString()).isEqualTo("DES56");

INode defaultKeyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(defaultKeyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...va/com/ibm/plugin/rules/detection/jca/keyfactory/JcaSecretKeyFactoryTranslateKeyTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(BlockCipher.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("DES");
assertThat(blockCipher.asString()).isEqualTo("DES56");

INode defaultKeyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(defaultKeyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInitParameterSpecTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ public void asserts(

INode algorithm = node.getChildren().get(BlockCipher.class);
assertThat(algorithm).isNotNull();
assertThat(algorithm.asString()).isEqualTo("DES");
assertThat(algorithm.asString()).isEqualTo("DES56");

INode keyLength = algorithm.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
Expand Down
7 changes: 5 additions & 2 deletions ...a/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyPairGeneratorGetInstanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@
import com.ibm.engine.model.Algorithm;
import com.ibm.engine.model.IValue;
import com.ibm.engine.model.context.KeyContext;
import com.ibm.mapper.model.*;
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.Key;
import com.ibm.mapper.model.KeyLength;
import com.ibm.mapper.model.PublicKeyEncryption;
import com.ibm.plugin.TestBase;
import java.util.List;
import javax.annotation.Nonnull;
Expand Down Expand Up @@ -74,7 +77,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(PublicKeyEncryption.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("RSA");
assertThat(blockCipher.asString()).isEqualTo("RSA-2048");

INode keyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...va/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyPairGeneratorInitializeTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(PublicKeyEncryption.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("RSA");
assertThat(blockCipher.asString()).isEqualTo("RSA-2048");

INode keyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion java/src/test/java/com/ibm/plugin/rules/detection/jca/keyspec/JcaDESKeySpecTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public void asserts(

INode blockCipher = node.getChildren().get(BlockCipher.class);
assertThat(blockCipher).isNotNull();
assertThat(blockCipher.asString()).isEqualTo("DES");
assertThat(blockCipher.asString()).isEqualTo("DES56");

keyLength = blockCipher.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
Expand Down
2 changes: 1 addition & 1 deletion ...rc/test/java/com/ibm/plugin/rules/detection/jca/signature/JcaSignatureActionSignTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ public void asserts(
INode signatureNode = nodes.get(0);
assertThat(signatureNode.getKind()).isEqualTo(Signature.class);
assertThat(signatureNode.getChildren()).hasSize(4);
assertThat(signatureNode.asString()).isEqualTo("DSA");
assertThat(signatureNode.asString()).isEqualTo("SHA384withDSA");

// KeyLength under Signature
INode keyLengthNode = signatureNode.getChildren().get(KeyLength.class);
Expand Down
2 changes: 1 addition & 1 deletion .../test/java/com/ibm/plugin/rules/detection/jca/signature/JcaSignatureActionVerifyTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ public void asserts(
INode signatureNode = nodes.get(0);
assertThat(signatureNode.getKind()).isEqualTo(Signature.class);
assertThat(signatureNode.getChildren()).hasSize(4);
assertThat(signatureNode.asString()).isEqualTo("DSA");
assertThat(signatureNode.asString()).isEqualTo("SHA384withDSA");

// KeyLength under Signature
INode keyLengthNode = signatureNode.getChildren().get(KeyLength.class);
Expand Down
2 changes: 1 addition & 1 deletion ...c/test/java/com/ibm/plugin/rules/detection/jca/signature/JcaSignatureGetInstanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ public void asserts(
INode signatureNode = nodes.get(0);
assertThat(signatureNode.getKind()).isEqualTo(Signature.class);
assertThat(signatureNode.getChildren()).hasSize(3);
assertThat(signatureNode.asString()).isEqualTo("DSA");
assertThat(signatureNode.asString()).isEqualTo("SHA384withDSA");

// KeyLength under Signature
INode keyLengthNode = signatureNode.getChildren().get(KeyLength.class);
Expand Down
16 changes: 1 addition & 15 deletions ...test/java/com/ibm/plugin/rules/detection/jca/signature/JcaSignatureSetParameter2Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,10 @@
import com.ibm.engine.model.SaltSize;
import com.ibm.engine.model.context.SignatureContext;
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.KeyLength;
import com.ibm.mapper.model.MaskGenerationFunction;
import com.ibm.mapper.model.MessageDigest;
import com.ibm.mapper.model.Oid;
import com.ibm.mapper.model.ProbabilisticSignatureScheme;
import com.ibm.mapper.model.PublicKeyEncryption;
import com.ibm.mapper.model.SaltLength;
import com.ibm.mapper.model.Signature;
import com.ibm.plugin.TestBase;
Expand Down Expand Up @@ -101,19 +99,7 @@ public void asserts(
assertThat(node.is(ProbabilisticSignatureScheme.class)).isTrue();
assertThat(node.asString()).isEqualTo("RSASSA-PSS");

INode algorithm = node.getChildren().get(PublicKeyEncryption.class);
assertThat(algorithm).isNotNull();
assertThat(algorithm.asString()).isEqualTo("RSA");

INode oid = algorithm.getChildren().get(Oid.class);
assertThat(oid).isNotNull();
assertThat(oid.asString()).isEqualTo("1.2.840.113549.1.1.1");

INode keyLength = algorithm.getChildren().get(KeyLength.class);
assertThat(keyLength).isNotNull();
assertThat(keyLength.asString()).isEqualTo("2048");

oid = node.getChildren().get(Oid.class);
INode oid = node.getChildren().get(Oid.class);
assertThat(oid).isNotNull();
assertThat(oid.asString()).isEqualTo("1.2.840.113549.1.1.10");

Expand Down
23 changes: 1 addition & 22 deletions ...test/java/com/ibm/plugin/rules/detection/jca/signature/JcaSignatureSetParameter3Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,10 @@
import com.ibm.mapper.model.BlockSize;
import com.ibm.mapper.model.DigestSize;
import com.ibm.mapper.model.INode;
import com.ibm.mapper.model.KeyLength;
import com.ibm.mapper.model.MaskGenerationFunction;
import com.ibm.mapper.model.MessageDigest;
import com.ibm.mapper.model.Oid;
import com.ibm.mapper.model.ProbabilisticSignatureScheme;
import com.ibm.mapper.model.PublicKeyEncryption;
import com.ibm.mapper.model.SaltLength;
import com.ibm.mapper.model.functionality.Digest;
import com.ibm.plugin.TestBase;
Expand Down Expand Up @@ -104,28 +102,9 @@ public void asserts(
INode probabilisticSignatureSchemeNode = nodes.get(0);
assertThat(probabilisticSignatureSchemeNode.getKind())
.isEqualTo(ProbabilisticSignatureScheme.class);
assertThat(probabilisticSignatureSchemeNode.getChildren()).hasSize(5);
assertThat(probabilisticSignatureSchemeNode.getChildren()).hasSize(4);
assertThat(probabilisticSignatureSchemeNode.asString()).isEqualTo("RSASSA-PSS");

// PublicKeyEncryption under ProbabilisticSignatureScheme
INode publicKeyEncryptionNode =
probabilisticSignatureSchemeNode.getChildren().get(PublicKeyEncryption.class);
assertThat(publicKeyEncryptionNode).isNotNull();
assertThat(publicKeyEncryptionNode.getChildren()).hasSize(2);
assertThat(publicKeyEncryptionNode.asString()).isEqualTo("RSA");

// KeyLength under PublicKeyEncryption under ProbabilisticSignatureScheme
INode keyLengthNode = publicKeyEncryptionNode.getChildren().get(KeyLength.class);
assertThat(keyLengthNode).isNotNull();
assertThat(keyLengthNode.getChildren()).isEmpty();
assertThat(keyLengthNode.asString()).isEqualTo("2048");

// Oid under PublicKeyEncryption under ProbabilisticSignatureScheme
INode oidNode = publicKeyEncryptionNode.getChildren().get(Oid.class);
assertThat(oidNode).isNotNull();
assertThat(oidNode.getChildren()).isEmpty();
assertThat(oidNode.asString()).isEqualTo("1.2.840.113549.1.1.1");

// SaltLength under ProbabilisticSignatureScheme
INode saltLengthNode = probabilisticSignatureSchemeNode.getChildren().get(SaltLength.class);
assertThat(saltLengthNode).isNotNull();
Expand Down
Loading

0 comments on commit baa7a69

Please sign in to comment.