|
| 1 | +/** |
| 2 | + * @name Insecure or unknown nonce source at a cipher operation |
| 3 | + * @id java/insecure-or-unknown-nonce-at-operation |
| 4 | + * @kind problem |
| 5 | + */ |
| 6 | + |
| 7 | +import experimental.Quantum.Language |
| 8 | + |
| 9 | + |
| 10 | +from Crypto::NonceNode n, Crypto::CipherOperationNode op, Crypto::FlowAwareElement src, string msg |
| 11 | +where |
| 12 | + op.getANonce() = n and |
| 13 | + ( |
| 14 | + // Known sources cases that are not secure |
| 15 | + src = n.getSourceElement() and |
| 16 | + not src instanceof SecureRandomnessInstance and |
| 17 | + msg = "Operation uses insecure nonce source $@" |
| 18 | + |
| 19 | + or |
| 20 | + // Totally unknown sources (unmodeled input sources) |
| 21 | + not exists(n.getSourceElement()) and msg = "Operation uses unknown nonce source" and src = n.asElement() |
| 22 | + ) |
| 23 | +select n, msg, src, src.toString() |
| 24 | + |
| 25 | + |
| 26 | +// variant using instances, does not yield the same results |
| 27 | +// from Crypto::NonceArtifactConsumer n, Crypto::CipherOperationInstance op, Crypto::FlowAwareElement src, string msg |
| 28 | +// where |
| 29 | +// op.getNonceConsumer() = n and |
| 30 | +// ( |
| 31 | +// // Known sources cases that are not secure |
| 32 | +// src = n.getAKnownArtifactSource()and |
| 33 | +// not src instanceof SecureRandomnessInstance and |
| 34 | +// msg = "Operation uses insecure nonce source $@" |
| 35 | + |
| 36 | +// or |
| 37 | +// // Totally unknown sources (unmodeled input sources) |
| 38 | +// // When this occurs set src to n, just to bind it, but the output message will not report any source |
| 39 | +// not exists(n.getAKnownArtifactSource()) and msg = "Operation uses unknown nonce source" and src = n |
| 40 | +// ) |
| 41 | +// select n, msg, src, src.toString() |
| 42 | + |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | + |
| 47 | + |
| 48 | + |
| 49 | + |
| 50 | + |
| 51 | + |
| 52 | + |
| 53 | + |
| 54 | + |
| 55 | +// NOTE: this will find all unknowns too, constants, and allocations, without needing to model them |
| 56 | +// which is kinda nice, but accidental, since getSourceElement is not modeled for everything |
| 57 | +// If users want to find constants or unallocated, they need to model those sources, and output the |
| 58 | +// getSourceElement |
| 59 | +// QUESTION: why isn't the source element a node? |
| 60 | +// NOTE: when not all sources are modeled, if one source is secure, even if others do exist, you |
| 61 | +// will see the nonce and operation are secure, regardless of potentially insecure IV sources |
| 62 | +// resulting in False Negatives |
| 63 | +// NOTE: need to have a query where the op has no Nonce |
| 64 | + |
| 65 | +// // Ideal query |
| 66 | +// from Crypto::NonceNode n, Crypto::CipherOperationNode op |
| 67 | +// where |
| 68 | +// n = op.getANonce() and |
| 69 | +// // n = op.getAnUnknownNonce() |
| 70 | +// not n.asElement() instanceof SecureRandomSource |
| 71 | +// select op, "Operation uses insecure nonce source @", n, n.toString() |
| 72 | +// from Crypto::Nonce n, Crypto::ArtifactLocatableElement nonceSrc |
| 73 | +// where |
| 74 | +// n.() = nonceSrc and |
| 75 | +// not nonceSrc instanceof SecureRandomnessInstance |
| 76 | +// select n, nonceSrc |
0 commit comments