CryptoAnalysis icon indicating copy to clipboard operation
CryptoAnalysis copied to clipboard
verified publisher icon CROSSINGTUD

Extend CrySL with static fields

Open smeyer198 opened this issue 1 year ago • 0 comments

Many APIs use static fields to define predefined values. For example, the class Cipher has the fields ENCRYPT_MODE that allows to call the method init as c.init(Cipher.ENCRYPT_MODE, ...). In reality, this static field just holds the value 1 (here). However, currently CrySL and CryptoAnalysis cannot deal with static fields in general. If we use a call c.init(1, ...), CryptoAnalysis can extract the value 1 and evaluate corresponding constraints. However, it cannot match the field ENCRYPT_MODE to the value 1, resulting in an ImpreciseValueExtractionError because it cannot evaluate the constraints correctly.

Solution: Extend CrySL rules with the functionality to specify static fields. Possible solutions include:

  • One can define a variable in the OBJECTS section and use it like other variables:
OBJECTS
     javax.crypto.Cipher.ENCRYPT_MODE enc_mode;
  • One can use the static fields directly in the CONSTRAINTS section, e.g.
OBJECTS
     int mode;

CONSTRAINTS
    mode == 1 || mode == javax.crypto.Cipher.ENCRYPT_MODE => ...

Further issue: When implementing a static field strategy, also consider static fields that define method calls/events. For example, Tink uses static fields to initialize its objects extensively. An example includes the class MGF1ParameterSpec. Here, we can use a constructor with a parameter to initialize an object, but we can also use static fields to do the same:

// Here, we can extract the parameter 'SHA-256' and evaluate corresponding constraints
MGF1ParameterSpec spec1 = new MGF1ParameterSpec("SHA-256");

// Here, we cannot evaluate the constraints because we have no access to the static field
MGF1ParameterSpec spec2 = MGF1ParameterSpec.SHA256; // MGF1ParameterSpec.SHA256 just resolves to 'new MGF1ParameterSpec("SHA-256")'

Solution: Extend the EVENTS with static field calls. For the example above, this may look like

EVENTS
    Con1: MGF1ParameterSpec(algorithm);
    Con2: MGF1ParameterSpec.SHA256;

When extending CrySL with these functionalities, a corresponding functionality also has to be added to CryptoAnalysis to extract the static fields

smeyer198 avatar Feb 07 '25 09:02 smeyer198