Adapt BargaCryptoMisuse tests to conform rulesets 3.0.0

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/customCrypto/src/main/java/wc/customCrypto/RawSignatureRSA.java

@@ -4,10 +4,35 @@
 
 public final class RawSignatureRSA {
 
-	public static void main(String args[]) {
+	/**
+	 * Original test with updated constraints:
+	 * 	kg.initialize(2048, ...) -> kg.initialize(4096, ...)
+	 */
+	public void positiveTestCase() {
 		byte[] msg = "demo msg".getBytes();
 		try {
 			KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "SunJSSE");
+			kpg.initialize(4096);
+			KeyPair kp = kpg.generateKeyPair();
+			Signature sig = Signature.getInstance("SHA1WithRSA", "SunJSSE");
+			sig.initSign(kp.getPrivate());
+			sig.update(msg);
+			byte[] signed = sig.sign();
+			sig.initVerify(kp.getPublic());
+			sig.update(msg);
+		} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException e) {
+		}
+	}
+
+	/**
+	 * Original test without updates
+	 */
+	public void negativeTestCase() {
+		byte[] msg = "demo msg".getBytes();
+		try {
+			KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "SunJSSE");
+
+			// Since 3.0.0: key size of 2048 is not allowed
 			kpg.initialize(2048);
 			KeyPair kp = kpg.generateKeyPair();
 			Signature sig = Signature.getInstance("SHA1WithRSA", "SunJSSE");

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/incompleteValidation/src/main/java/icv/incompleteValidation/NoValidationAtAll.java

@@ -92,7 +92,7 @@ public static void main(String[] args) {
 
 	public static KeyPair genRSAKeyPair() throws Exception {
 		KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-		kpGen.initialize(2048, new SecureRandom());
+		kpGen.initialize(4096, new SecureRandom());
 		return kpGen.generateKeyPair();
 	}
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/incompleteValidation/src/main/java/icv/incompleteValidation/NoValidationCaPubKey.java

@@ -115,7 +115,7 @@ public static void main(String[] args) {
 
 	public static KeyPair genRSAKeyPair() throws Exception {
 		KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-		kpGen.initialize(2048, new SecureRandom());
+		kpGen.initialize(4096, new SecureRandom());
 		return kpGen.generateKeyPair();
 	}
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/incompleteValidation/src/main/java/icv/incompleteValidation/NoValidationCertDates.java

@@ -105,7 +105,7 @@ public static void main(String[] args) {
 
 	public static KeyPair genRSAKeyPair() throws Exception {
 		KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-		kpGen.initialize(2048, new SecureRandom());
+		kpGen.initialize(4096, new SecureRandom());
 		return kpGen.generateKeyPair();
 	}
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/incompleteValidation/src/main/java/icv/incompleteValidation/NoValidationIssuerOrSubject.java

@@ -102,7 +102,7 @@ public static void main(String[] args) {
 
 	public static KeyPair genRSAKeyPair() throws Exception {
 		KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-		kpGen.initialize(2048, new SecureRandom());
+		kpGen.initialize(4096, new SecureRandom());
 		return kpGen.generateKeyPair();
 	}
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/incompleteValidation/src/main/java/icv/incompleteValidation/ValidateCertChainButNoCRL.java

@@ -104,7 +104,7 @@ static X509Certificate getRootCert() throws Exception {
 
 	public static KeyPair genRSAKeyPair() throws Exception {
 		KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-		kpGen.initialize(2048, new SecureRandom());
+		kpGen.initialize(4096, new SecureRandom());
 		return kpGen.generateKeyPair();
 	}
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/insecureDefault/src/main/java/pdf/insecureDefault/InsecureDefaultOAEP.java

@@ -8,11 +8,42 @@
 import org.bouncycastle.jce.provider.*;
 
 public final class InsecureDefaultOAEP {
+
+	/**
+	 * Original test with updated constraints:
+	 * 	MGF1ParameterSpec.SHA1 -> MGF1ParameterSpec.SHA512
+	 * 	new OAEPParameterSpec("SHA1", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT) -> new OAEPParameterSpec("SHA512", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT)
+	 */
+	public void positiveTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
+		Security.addProvider(new BouncyCastleProvider());
+
+		int ksize = 384;
+		int hsize = 160;
+		String rsaName = "RSA/None/OAEPPadding";
+		int maxLenBytes = (ksize - 2 * hsize) / 8 - 2;
+
+		KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
+		kpg.initialize(ksize);
+		KeyPair kp = kpg.generateKeyPair();
 
-	public static void main(String args[])
-			throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
-			IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
+		MGF1ParameterSpec mgf1ps = MGF1ParameterSpec.SHA512;
+		OAEPParameterSpec OAEPps = new OAEPParameterSpec("SHA-512", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT);
+		Cipher c = Cipher.getInstance(rsaName, "BC");
+
+		c.init(Cipher.ENCRYPT_MODE, kp.getPublic(), OAEPps);
+		byte[] pt1 = "This is a demo text".substring(0, maxLenBytes).getBytes();
+		byte[] ct = c.doFinal(pt1);
 
+		c.init(Cipher.DECRYPT_MODE, kp.getPrivate(), OAEPps);
+		byte[] pt2 = c.doFinal(ct);
+	}
+
+	/**
+	 * Original test without updates
+	 */
+	public void negativeTestCase() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException,
+										IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException {
 		Security.addProvider(new BouncyCastleProvider());
 
 		int ksize = 384;
@@ -24,6 +55,7 @@ public static void main(String args[])
 		kpg.initialize(ksize);
 		KeyPair kp = kpg.generateKeyPair();
 
+		// Since 3.0.0: SHA1 is not allowed for both parameter specs
 		MGF1ParameterSpec mgf1ps = MGF1ParameterSpec.SHA1;
 		OAEPParameterSpec OAEPps = new OAEPParameterSpec("SHA1", "MGF1", mgf1ps, PSource.PSpecified.DEFAULT);
 		Cipher c = Cipher.getInstance(rsaName, "BC");
@@ -34,7 +66,6 @@ public static void main(String args[])
 
 		c.init(Cipher.DECRYPT_MODE, kp.getPrivate(), OAEPps);
 		byte[] pt2 = c.doFinal(ct);
-
 	}
 
 }

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/insecureDefault/src/main/java/pdf/insecureDefault/InsecureDefaultRSA.java

@@ -14,11 +14,44 @@
 
 public final class InsecureDefaultRSA {
 
-	public static void main(String args[]) {
+	/**
+	 * Original test with updated constraints:
+	 * 	kg.initialize(2048, ...) -> kg.initialize(4096, ...)
+	 */
+	public void positiveTestCase() {
 		try {
 			Security.addProvider(new BouncyCastleProvider());
 			byte[] msg1 = ("Insecure default RSA.").getBytes();
 			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+			g.initialize(4096);
+			KeyPair kp = g.generateKeyPair();
+
+			Cipher enc = Cipher.getInstance("RSA", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] ct = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+				ct[i] = enc.doFinal(msg1);
+				byte[] pt2 = dec.doFinal(ct[i]);
+			}
+
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException
+				| BadPaddingException | NoSuchProviderException e) {
+		}
+	}
+
+	/**
+	 * Original test without updates
+	 */
+	public void negativeTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] msg1 = ("Insecure default RSA.").getBytes();
+			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+
+			// Since 3.0.0: key size of 2048 is not allowed
 			g.initialize(2048);
 			KeyPair kp = g.generateKeyPair();
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/insecurePadding/src/main/java/pkc/enc/insecurePadding/InsecurePaddingRSA1.java

@@ -14,11 +14,44 @@
 
 public final class InsecurePaddingRSA1 {
 
-	public static void main(String args[]) {
+	/**
+	 * Original test with updated constraints:
+	 * 	kg.initialize(2048, ...) -> kg.initialize(4096, ...)
+	 */
+	public void positiveTestCase() {
 		try {
 			Security.addProvider(new BouncyCastleProvider());
 			byte[] msg1 = ("demo msg").getBytes();
 			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+			g.initialize(4096);
+			KeyPair kp = g.generateKeyPair();
+
+			Cipher enc = Cipher.getInstance("RSA/ECB/NoPadding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/ECB/NoPadding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] ct = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+				ct[i] = enc.doFinal(msg1);
+				byte[] deciphered = dec.doFinal(ct[i]);
+			}
+
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException
+				| BadPaddingException | NoSuchProviderException e) {
+		}
+	}
+
+	/**
+	 * Original test without updates
+	 */
+	public void negativeTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] msg1 = ("demo msg").getBytes();
+			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+
+			// Since 3.0.0: key size of 2048 is not allowed
 			g.initialize(2048);
 			KeyPair kp = g.generateKeyPair();
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/insecurePadding/src/main/java/pkc/enc/insecurePadding/InsecurePaddingRSA2.java

@@ -14,11 +14,44 @@
 
 public final class InsecurePaddingRSA2 {
 
-	public static void main(String args[]) {
+	/**
+	 * Original test with updated constraints:
+	 * 	kg.initialize(2048, ...) -> kg.initialize(4096, ...)
+	 */
+	public void positiveTestCase() {
 		try {
 			Security.addProvider(new BouncyCastleProvider());
 			byte[] msg1 = ("demo msg").getBytes();
 			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+			g.initialize(4096);
+			KeyPair kp = g.generateKeyPair();
+
+			Cipher enc = Cipher.getInstance("RSA/None/NoPadding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/None/NoPadding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] ct = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+				ct[i] = enc.doFinal(msg1);
+				byte[] deciphered = dec.doFinal(ct[i]);
+			}
+
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException
+				| BadPaddingException | NoSuchProviderException e) {
+		}
+	}
+
+	/**
+	 * Original test without updates
+	 */
+	public void negativeTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] msg1 = ("demo msg").getBytes();
+			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+
+			// Since 3.0.0: key size of 2048 is not allowed
 			g.initialize(2048);
 			KeyPair kp = g.generateKeyPair();
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/insecurePadding/src/main/java/pkc/enc/insecurePadding/InsecurePaddingRSA3.java

@@ -14,11 +14,44 @@
 
 public final class InsecurePaddingRSA3 {
 
-	public static void main(String args[]) {
+	/**
+	 * Original test with updated constraints:
+	 * 	kg.initialize(2048, ...) -> kg.initialize(4096, ...)
+	 */
+	public void positiveTestCase() {
 		try {
 			Security.addProvider(new BouncyCastleProvider());
 			byte[] msg1 = ("demo msg").getBytes();
 			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+			g.initialize(4096);
+			KeyPair kp = g.generateKeyPair();
+
+			Cipher enc = Cipher.getInstance("RSA/NONE/NoPadding", "BC");
+			enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
+			Cipher dec = Cipher.getInstance("RSA/NONE/NoPadding", "BC");
+			dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
+
+			byte[][] ct = new byte[2][];
+			for (int i = 0; i < 2; i++) {
+				ct[i] = enc.doFinal(msg1);
+				byte[] deciphered = dec.doFinal(ct[i]);
+			}
+
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException
+				| BadPaddingException | NoSuchProviderException e) {
+		}
+	}
+
+	/**
+	 * Original test without updates
+	 */
+	public void negativeTestCase() {
+		try {
+			Security.addProvider(new BouncyCastleProvider());
+			byte[] msg1 = ("demo msg").getBytes();
+			KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
+
+			// Since 3.0.0: key size of 2048 is not allowed
 			g.initialize(2048);
 			KeyPair kp = g.generateKeyPair();
 

CryptoAnalysisTargets/BragaCryptoBench/cryptomisuses/insecurePaddingSign/src/main/java/pkc/sign/insecurePaddingSign/PKCS1Signature.java

@@ -9,11 +9,34 @@
 
 public final class PKCS1Signature {
 
-	public static void main(String[] args) throws Exception {
+	/**
+	 * Original test with updated constraints:
+	 * 	kg.initialize(2048, ...) -> kg.initialize(4096, ...)
+	 */
+	public void positiveTestCase() throws Exception {
+		Security.addProvider(new BouncyCastleProvider());
+
+		KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA", "BC");
+		kg.initialize(4096, new SecureRandom());
+		KeyPair kp = kg.generateKeyPair();
+		Signature sig = Signature.getInstance("SHA1withRSA", "BC");
+
+		byte[] m = "Testing RSA PKCS1".getBytes("UTF-8");
+
+		sig.initSign(kp.getPrivate(), new SecureRandom());
+		sig.update(m);
+		byte[] s = sig.sign();
+
+		sig.initVerify(kp.getPublic());
+		sig.update(m);
+	}
 
+	public void negativeTestCase() throws Exception {
 		Security.addProvider(new BouncyCastleProvider());
 
 		KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA", "BC");
+
+		// Since 3.0.0: key size of 2048 is not allowed
 		kg.initialize(2048, new SecureRandom());
 		KeyPair kp = kg.generateKeyPair();
 		Signature sig = Signature.getInstance("SHA1withRSA", "BC");
@@ -26,6 +49,5 @@ public static void main(String[] args) throws Exception {
 
 		sig.initVerify(kp.getPublic());
 		sig.update(m);
-
 	}
 }