Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d3af687

Browse files
alexrfordalexrford
committed
Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames
Strong encryption algorithms: ARIA, IDEA, SEED, SM4 Strong block modes: CBC, CFB, CTR, OFB
1 parent bdb2d8b commit d3af687

3 files changed

Lines changed: 90 additions & 18 deletions

File tree

javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,9 @@
1414
* The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
1515
*/
1616
module AlgorithmNames {
17-
predicate isStrongBlockMode(string name) { name = ["CCM", "GCM"] }
18-
19-
predicate isWeakBlockMode(string name) { name = "ECB" }
20-
17+
/**
18+
* Holds if `name` corresponds to a strong hashing algorithm.
19+
*/
2120
predicate isStrongHashingAlgorithm(string name) {
2221
name =
2322
[
@@ -26,6 +25,9 @@ module AlgorithmNames {
2625
]
2726
}
2827

28+
/**
29+
* Holds if `name` corresponds to a weak hashing algorithm.
30+
*/
2931
predicate isWeakHashingAlgorithm(string name) {
3032
name =
3133
[
@@ -34,16 +36,22 @@ module AlgorithmNames {
3436
]
3537
}
3638

39+
/**
40+
* Holds if `name` corresponds to a strong encryption algorithm.
41+
*/
3742
predicate isStrongEncryptionAlgorithm(string name) {
3843
name =
3944
[
4045
"AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
41-
"RSA", "RABBIT", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
46+
"ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
4247
"CAMELLIA192", "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA",
43-
"GOST", "GOST89"
48+
"GOST", "GOST89", "IDEA", "RABBIT", "RSA", "SEED", "SM4"
4449
]
4550
}
4651

52+
/**
53+
* Holds if `name` corresponds to a weak encryption algorithm.
54+
*/
4755
predicate isWeakEncryptionAlgorithm(string name) {
4856
name =
4957
[
@@ -52,11 +60,27 @@ module AlgorithmNames {
5260
]
5361
}
5462

63+
/**
64+
* Holds if `name` corresponds to a strong password hashing algorithm.
65+
*/
5566
predicate isStrongPasswordHashingAlgorithm(string name) {
5667
name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
5768
}
5869

70+
/**
71+
* Holds if `name` corresponds to a weak password hashing algorithm.
72+
*/
5973
predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
74+
75+
/**
76+
* Holds if `name` corresponds to a strong block cipher mode of operation.
77+
*/
78+
predicate isStrongBlockMode(string name) { name = ["CBC", "CCM", "CFB", "CTR", "GCM", "OFB"] }
79+
80+
/**
81+
* Holds if `name` corresponds to a weak block cipher mode of operation.
82+
*/
83+
predicate isWeakBlockMode(string name) { name = "ECB" }
6084
}
6185

6286
private import AlgorithmNames

python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,9 @@
1414
* The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
1515
*/
1616
module AlgorithmNames {
17-
predicate isStrongBlockMode(string name) { name = ["CCM", "GCM"] }
18-
19-
predicate isWeakBlockMode(string name) { name = "ECB" }
20-
17+
/**
18+
* Holds if `name` corresponds to a strong hashing algorithm.
19+
*/
2120
predicate isStrongHashingAlgorithm(string name) {
2221
name =
2322
[
@@ -26,6 +25,9 @@ module AlgorithmNames {
2625
]
2726
}
2827

28+
/**
29+
* Holds if `name` corresponds to a weak hashing algorithm.
30+
*/
2931
predicate isWeakHashingAlgorithm(string name) {
3032
name =
3133
[
@@ -34,16 +36,22 @@ module AlgorithmNames {
3436
]
3537
}
3638

39+
/**
40+
* Holds if `name` corresponds to a strong encryption algorithm.
41+
*/
3742
predicate isStrongEncryptionAlgorithm(string name) {
3843
name =
3944
[
4045
"AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
41-
"RSA", "RABBIT", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
46+
"ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
4247
"CAMELLIA192", "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA",
43-
"GOST", "GOST89"
48+
"GOST", "GOST89", "IDEA", "RABBIT", "RSA", "SEED", "SM4"
4449
]
4550
}
4651

52+
/**
53+
* Holds if `name` corresponds to a weak encryption algorithm.
54+
*/
4755
predicate isWeakEncryptionAlgorithm(string name) {
4856
name =
4957
[
@@ -52,11 +60,27 @@ module AlgorithmNames {
5260
]
5361
}
5462

63+
/**
64+
* Holds if `name` corresponds to a strong password hashing algorithm.
65+
*/
5566
predicate isStrongPasswordHashingAlgorithm(string name) {
5667
name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
5768
}
5869

70+
/**
71+
* Holds if `name` corresponds to a weak password hashing algorithm.
72+
*/
5973
predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
74+
75+
/**
76+
* Holds if `name` corresponds to a strong block cipher mode of operation.
77+
*/
78+
predicate isStrongBlockMode(string name) { name = ["CBC", "CCM", "CFB", "CTR", "GCM", "OFB"] }
79+
80+
/**
81+
* Holds if `name` corresponds to a weak block cipher mode of operation.
82+
*/
83+
predicate isWeakBlockMode(string name) { name = "ECB" }
6084
}
6185

6286
private import AlgorithmNames

ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,9 @@
1414
* The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
1515
*/
1616
module AlgorithmNames {
17-
predicate isStrongBlockMode(string name) { name = ["CCM", "GCM"] }
18-
19-
predicate isWeakBlockMode(string name) { name = "ECB" }
20-
17+
/**
18+
* Holds if `name` corresponds to a strong hashing algorithm.
19+
*/
2120
predicate isStrongHashingAlgorithm(string name) {
2221
name =
2322
[
@@ -26,6 +25,9 @@ module AlgorithmNames {
2625
]
2726
}
2827

28+
/**
29+
* Holds if `name` corresponds to a weak hashing algorithm.
30+
*/
2931
predicate isWeakHashingAlgorithm(string name) {
3032
name =
3133
[
@@ -34,16 +36,22 @@ module AlgorithmNames {
3436
]
3537
}
3638

39+
/**
40+
* Holds if `name` corresponds to a strong encryption algorithm.
41+
*/
3742
predicate isStrongEncryptionAlgorithm(string name) {
3843
name =
3944
[
4045
"AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
41-
"RSA", "RABBIT", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
46+
"ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
4247
"CAMELLIA192", "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA",
43-
"GOST", "GOST89"
48+
"GOST", "GOST89", "IDEA", "RABBIT", "RSA", "SEED", "SM4"
4449
]
4550
}
4651

52+
/**
53+
* Holds if `name` corresponds to a weak encryption algorithm.
54+
*/
4755
predicate isWeakEncryptionAlgorithm(string name) {
4856
name =
4957
[
@@ -52,11 +60,27 @@ module AlgorithmNames {
5260
]
5361
}
5462

63+
/**
64+
* Holds if `name` corresponds to a strong password hashing algorithm.
65+
*/
5566
predicate isStrongPasswordHashingAlgorithm(string name) {
5667
name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
5768
}
5869

70+
/**
71+
* Holds if `name` corresponds to a weak password hashing algorithm.
72+
*/
5973
predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
74+
75+
/**
76+
* Holds if `name` corresponds to a strong block cipher mode of operation.
77+
*/
78+
predicate isStrongBlockMode(string name) { name = ["CBC", "CCM", "CFB", "CTR", "GCM", "OFB"] }
79+
80+
/**
81+
* Holds if `name` corresponds to a weak block cipher mode of operation.
82+
*/
83+
predicate isWeakBlockMode(string name) { name = "ECB" }
6084
}
6185

6286
private import AlgorithmNames

0 commit comments

Comments
 (0)