diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll index ef7186d07a0e..76746eceba4e 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll @@ -40,7 +40,7 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith result = this.(Call).getTarget().getName() } - override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() { + override Crypto::EllipticCurveType getEllipticCurveType() { if Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _, _) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll index 55b2dcd7af4c..0facc99519d7 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll @@ -72,7 +72,7 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } - override Crypto::THashType getHashFamily() { + override Crypto::THashType getHashType() { knownOpenSslConstantToHashFamilyType(this, result) or not knownOpenSslConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType() diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected index 1aa63644947a..58b6b5766f2f 100644 --- a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -228,14 +228,24 @@ ql/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfig ql/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql ql/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql ql/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql -ql/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql -ql/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql -ql/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql -ql/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql +ql/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +ql/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql ql/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql +ql/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql +ql/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql +ql/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql ql/java/ql/src/experimental/quantum/Examples/TestAESGCMNonce.ql ql/java/ql/src/experimental/quantum/Examples/TestCipher.ql ql/java/ql/src/experimental/quantum/Examples/TestHash.ql +ql/java/ql/src/experimental/quantum/Examples/UnknownHash.ql +ql/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql +ql/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql +ql/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +ql/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql +ql/java/ql/src/experimental/quantum/Examples/WeakHash.ql +ql/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql +ql/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql +ql/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql ql/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql ql/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql ql/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 8b27409410a3..c0ddd1ae7fa4 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -20,23 +20,16 @@ module JCAModel { abstract class SignatureAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + abstract class MacAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + // TODO: Verify that the PBEWith% case works correctly bindingset[algo] predicate cipher_names(string algo) { algo.toUpperCase() .matches([ "AES", "AESWrap", "AESWrapPad", "ARCFOUR", "Blowfish", "ChaCha20", "ChaCha20-Poly1305", - "DES", "DESede", "DESedeWrap", "ECIES", "PBEWith%", "RC2", "RC4", "RC5", "RSA" - ].toUpperCase()) - } - - // TODO: Verify that the CFB% case works correctly - bindingset[mode] - predicate cipher_modes(string mode) { - mode.toUpperCase() - .matches([ - "NONE", "CBC", "CCM", "CFB", "CFB%", "CTR", "CTS", "ECB", "GCM", "KW", "KWP", "OFB", - "OFB%", "PCBC" + "DES", "DESede", "DESedeWrap", "ECIES", "PBEWith%", "RC2", "RC4", "RC5", "RSA", + "Skipjack", "Idea" ].toUpperCase()) } @@ -52,11 +45,7 @@ module JCAModel { } bindingset[hash] - predicate hash_names(string hash) { - hash.toUpperCase() - .matches(["SHA-%", "SHA3-%", "BLAKE2b%", "BLAKE2s%", "MD5", "RIPEMD160", "Whirlpool"] - .toUpperCase()) - } + predicate hash_names(string hash) { exists(hash_name_to_type_known(hash, _)) } bindingset[kdf] predicate kdf_names(string kdf) { @@ -98,7 +87,7 @@ module JCAModel { name.toUpperCase() .matches([ "HMAC%", "AESCMAC", "DESCMAC", "GMAC", "Poly1305", "SipHash", "BLAKE2BMAC", - "HMACRIPEMD160" + "HMACRIPEMD160", "%CMAC" ].toUpperCase()) } @@ -110,7 +99,8 @@ module JCAModel { predicate signature_names(string name) { name.toUpperCase().splitAt("WITH", 1).matches(["RSA%", "ECDSA%", "DSA%"]) or - name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"]) + name.toUpperCase() + .matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS", "DSA"]) } bindingset[name] @@ -131,41 +121,47 @@ module JCAModel { // TODO: add additional } - bindingset[name] - Crypto::HashType hash_name_to_type_known(string name, int digestLength) { - name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 - or - name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and - result instanceof Crypto::SHA2 and - digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() - or - name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and - result instanceof Crypto::SHA3 and - digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() - or - ( - name.matches("BLAKE2b%") and - result instanceof Crypto::BLAKE2B + bindingset[nameRaw] + Crypto::HashType hash_name_to_type_known(string nameRaw, int digestLength) { + exists(string name | name = nameRaw.toUpperCase() | + name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 + or + name in ["SHA-256", "SHA-224", "SHA-384", "SHA-512", "SHA224", "SHA256", "SHA384", "SHA512"] and + result instanceof Crypto::SHA2 and + digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() + or + name in ["SHA-512/224", "SHA-512/256", "SHA512/224", "SHA512/256"] and + result instanceof Crypto::SHA2 and + digestLength = name.replaceAll("-", "").splitAt("SHA-512/", 1).toInt() + or + name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and + result instanceof Crypto::SHA3 and + digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() or - name = "BLAKE2s" and result instanceof Crypto::BLAKE2S - ) and - ( - if exists(name.indexOf("-")) - then name.splitAt("-", 1).toInt() = digestLength - else digestLength = 512 + ( + name.toUpperCase().matches("BLAKE2B%") and + result instanceof Crypto::BLAKE2B + or + name.toUpperCase() = "BLAKE2S" and result instanceof Crypto::BLAKE2S + ) and + ( + if exists(name.indexOf("-")) + then name.splitAt("-", 1).toInt() = digestLength + else digestLength = 512 + ) + or + name = "MD5" and + result instanceof Crypto::MD5 and + digestLength = 128 + or + name = "RIPEMD160" and + result instanceof Crypto::RIPEMD160 and + digestLength = 160 + or + name = "WHIRLPOOL" and + result instanceof Crypto::WHIRLPOOL and + digestLength = 512 // TODO: verify ) - or - name = "MD5" and - result instanceof Crypto::MD5 and - digestLength = 128 - or - name = "RIPEMD160" and - result instanceof Crypto::RIPEMD160 and - digestLength = 160 - or - name = "Whirlpool" and - result instanceof Crypto::WHIRLPOOL and - digestLength = 512 // TODO: verify } bindingset[name] @@ -185,6 +181,14 @@ module JCAModel { type = KeyOpAlg::SIV() and name = "SIV" or type = KeyOpAlg::OCB() and name = "OCB" + or + type = KeyOpAlg::CFB() and name = "CFB" + or + type = KeyOpAlg::OFB() and name = "OFB" + or + type = KeyOpAlg::PCBC() and name = "PCBC" + or + type = KeyOpAlg::KWP() and name = "KWP" } bindingset[name] @@ -193,7 +197,8 @@ module JCAModel { upper.matches("AES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) or - upper = "DES" and + // NOTE: there is DES and DESede + upper.matches("DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or upper = "TRIPLEDES" and @@ -208,6 +213,9 @@ module JCAModel { upper = "CHACHA20" and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CHACHA20()) or + upper = "RC2" and + type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) + or upper = "RC4" and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or @@ -216,19 +224,25 @@ module JCAModel { or upper = "RSA" and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + or + upper = "SKIPJACK" and + type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SKIPJACK()) + or + upper = "BLOWFISH" and + type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) ) } bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and - name.toUpperCase() in ["DH", "XDH"] + name.toUpperCase() = "DH" or type = Crypto::EDH() and name.toUpperCase() = "EDH" or type = Crypto::ECDH() and - name.toUpperCase() in ["ECDH", "X25519", "X448"] + name.toUpperCase() in ["ECDH", "X25519", "X448", "XDH"] or type = Crypto::OtherKeyAgreementType() and name.toUpperCase().matches("ML-KEM%") @@ -257,6 +271,8 @@ module JCAModel { name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) or name.toUpperCase() = "HSS/LMS" and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) + or + name.toUpperCase() = "DSA" and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) } bindingset[name] @@ -265,9 +281,9 @@ module JCAModel { } /** - * A `StringLiteral` in the `"ALG/MODE/PADDING"` or `"ALG"` format + * A `JavaConstant` in the `"ALG/MODE/PADDING"` or `"ALG"` format */ - class CipherStringLiteral extends StringLiteral { + class CipherStringLiteral extends JavaConstant { CipherStringLiteral() { cipher_names(this.getValue().splitAt("/")) } string getAlgorithmName() { result = this.getValue().splitAt("/", 0) } @@ -426,7 +442,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = super.getPadding() } - override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } @@ -696,6 +712,8 @@ module JCAModel { abstract DataFlow::Node getInputNode(); } + // TODO: for all parametert specs, I think they can be set through the constructor + // and through setter methods class IvParameterSpecInstance extends NonceParameterInstantiation { IvParameterSpecInstance() { super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec") @@ -836,7 +854,7 @@ module JCAModel { * Flow from a known hash algorithm name to a `MessageDigest.getInstance(sink)` call. */ module KnownHashAlgorithmLiteralToMessageDigestConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { hash_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { hash_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(HashAlgorithmValueConsumer consumer | sink = consumer.getInputNode()) @@ -846,7 +864,7 @@ module JCAModel { module KnownHashAlgorithmLiteralToMessageDigestFlow = DataFlow::Global; - class KnownHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof StringLiteral { + class KnownHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof JavaConstant { HashAlgorithmValueConsumer consumer; KnownHashAlgorithm() { @@ -859,7 +877,7 @@ module JCAModel { override string getRawHashAlgorithmName() { result = super.getValue() } - override Crypto::THashType getHashFamily() { + override Crypto::THashType getHashType() { result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _) } @@ -1019,7 +1037,8 @@ module JCAModel { } class KeyGenerationAlgorithmValueConsumer extends CipherAlgorithmValueConsumer, - KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer instanceof Expr + KeyAgreementAlgorithmValueConsumer, EllipticCurveAlgorithmValueConsumer, + SignatureAlgorithmValueConsumer instanceof Expr { KeyGeneratorGetInstanceCall instantiationCall; @@ -1095,21 +1114,6 @@ module JCAModel { } } - /** - * An instance of `java.security.SecureRandom.nextBytes(byte[])` call. - * This is already generally modeled for Java in CodeQL, but - * we model it again as part of the crypto API model to have a cohesive model. - */ - class JavaSecuritySecureRandom extends Crypto::RandomNumberGenerationInstance instanceof Call { - JavaSecuritySecureRandom() { - this.getCallee().hasQualifiedName("java.security", "SecureRandom", "nextBytes") - } - - override Crypto::DataFlowNode getOutputNode() { result.asExpr() = this.(Call).getArgument(0) } - - override string getGeneratorName() { result = this.(Call).getCallee().getName() } - } - class KeyGeneratorGenerateCall extends Crypto::KeyGenerationOperationInstance instanceof MethodCall { Crypto::KeyArtifactType type; @@ -1206,7 +1210,7 @@ module JCAModel { } module KDFAlgorithmStringToGetInstanceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { kdf_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { kdf_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(SecretKeyFactoryGetInstanceCall call | sink.asExpr() = call.getAlgorithmArg()) @@ -1247,7 +1251,7 @@ module JCAModel { predicate isIntermediate() { none() } } - class KdfAlgorithmStringLiteral extends Crypto::KeyDerivationAlgorithmInstance instanceof StringLiteral + class KdfAlgorithmStringLiteral extends Crypto::KeyDerivationAlgorithmInstance instanceof JavaConstant { SecretKeyFactoryKDFAlgorithmValueConsumer consumer; @@ -1268,7 +1272,7 @@ module JCAModel { class Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral() { - this.(StringLiteral).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) + this.(JavaConstant).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) } override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { @@ -1289,7 +1293,7 @@ module JCAModel { override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } - override string getRawAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawAlgorithmName() { result = this.(JavaConstant).getValue() } } class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral @@ -1297,12 +1301,12 @@ module JCAModel { string hashName; Pbkdf2WithHmac_HashAlgorithmStringLiteral() { - hashName = this.(StringLiteral).getValue().splitAt("WithHmac", 1) + hashName = this.(JavaConstant).getValue().splitAt("WithHmac", 1) } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = this.(JavaConstant).getValue() } - override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + override Crypto::THashType getHashType() { result = hash_name_to_type_known(hashName, _) } override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } @@ -1414,7 +1418,7 @@ module JCAModel { GetInstanceInitUseFlowAnalysis; - class KeyAgreementStringLiteral extends StringLiteral { + class KeyAgreementStringLiteral extends JavaConstant { KeyAgreementStringLiteral() { key_agreement_names(this.getValue()) } } @@ -1532,7 +1536,7 @@ module JCAModel { */ module MacKnownAlgorithmToConsumerConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { mac_names(src.asExpr().(StringLiteral).getValue()) } + predicate isSource(DataFlow::Node src) { mac_names(src.asExpr().(JavaConstant).getValue()) } predicate isSink(DataFlow::Node sink) { exists(MacGetInstanceCall call | sink.asExpr() = call.getAlgorithmArg()) @@ -1566,7 +1570,7 @@ module JCAModel { module MacInitCallToMacOperationFlow = DataFlow::Global; - class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof StringLiteral { + class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof JavaConstant { MacGetInstanceAlgorithmValueConsumer consumer; KnownMacAlgorithm() { @@ -1582,7 +1586,7 @@ module JCAModel { if super.getValue().toUpperCase().matches("HMAC%") then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) else - if super.getValue().toUpperCase().matches("CMAC%") + if super.getValue().toUpperCase().matches("%CMAC%") then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) } @@ -1602,6 +1606,54 @@ module JCAModel { override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } + class KnownHmacAlgorithmInstance extends Crypto::HmacAlgorithmInstance instanceof KnownMacAlgorithm + { + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + result = this.(KnownMacAlgorithm).getConsumer() + } + + override int getKeySizeFixed() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeFixed() + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeConsumer() + } + + override string getRawAlgorithmName() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getRawAlgorithmName() + } + + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } + } + + class KnownMacHashAlgorithm extends Crypto::HashAlgorithmInstance instanceof KnownMacAlgorithm, + JavaConstant + { + Crypto::THashType hashType; + int digestLength; + + KnownMacHashAlgorithm() { + super.getValue().toUpperCase().matches("HMAC%") and + hashType = + hash_name_to_type_known(super.getValue().toUpperCase().splitAt("HMAC", 1), digestLength) + } + + override string getRawHashAlgorithmName() { result = super.getValue() } + + override Crypto::THashType getHashType() { result = hashType } + + override int getFixedDigestLength() { result = digestLength } + } + class MacGetInstanceCall extends MethodCall { MacGetInstanceCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "getInstance") } @@ -1631,7 +1683,9 @@ module JCAModel { } } - class MacGetInstanceAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { + class MacGetInstanceAlgorithmValueConsumer extends MacAlgorithmValueConsumer, + HashAlgorithmValueConsumer + { MacGetInstanceAlgorithmValueConsumer() { this = any(MacGetInstanceCall c).getAlgorithmArg() } override Crypto::ConsumerInputDataFlowNode getInputNode() { result.asExpr() = this } @@ -1641,7 +1695,7 @@ module JCAModel { } } - class MacOperationCall extends Crypto::MacOperationInstance instanceof MethodCall { + class MacOperationCall extends MethodCall { Expr output; MacOperationCall() { @@ -1651,34 +1705,65 @@ module JCAModel { or super.getMethod().hasStringSignature("doFinal(byte[], int)") and this.getArgument(0) = output + or + super.getMethod().hasStringSignature("update(byte[])") and this = output ) } - override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { - exists(MacGetInstanceCall instantiation | - instantiation.getOperation() = this and result = instantiation.getAlgorithmArg() - ) + predicate isIntermediate() { super.getMethod().getName() = "update" } + + Expr getOutput() { result = output } + + Expr getInput() { + super.getMethod().hasStringSignature("doFinal(byte[])") and result = this.getArgument(0) + or + super.getMethod().hasStringSignature("update(byte[])") and result = this.getArgument(0) } + } - override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { - exists(MacGetInstanceCall instantiation, MacInitCall initCall | - instantiation.getOperation() = this and - initCall.getOperation() = this and - instantiation.getInitCall() = initCall and - result.asExpr() = initCall.getKeyArg() - ) + module MacFlowAnalysisImpl = + GetInstanceInitUseFlowAnalysis; + + class MacOperationInstance extends Crypto::MacOperationInstance instanceof MacOperationCall { + MacOperationInstance() { not super.isIntermediate() } + + MacGetInstanceCall getInstantiationCall() { + result = MacFlowAnalysisImpl::getInstantiationFromUse(this, _, _) } + MacInitCall getInitCall() { result = MacFlowAnalysisImpl::getInitFromUse(this, _, _) } + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { - result.asExpr() = super.getArgument(0) and - super.getMethod().getParameterType(0).hasName("byte[]") + result.asExpr() = super.getInput() or + result.asExpr() = MacFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getInput() } - override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result.asExpr() = output } + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + result = this.getInstantiationCall().getAlgorithmArg() + } - override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { none() } + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + result.asExpr() = this.getInitCall().getKeyArg() + } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + result.asExpr() = super.getOutput() or + result.asExpr() = + MacFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getOutput() + } - override predicate hasHashAlgorithmConsumer() { none() } + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + result = this.getInstantiationCall().getAlgorithmArg() + } + + override predicate hasHashAlgorithmConsumer() { + // TODO: do we consider that these operations have no hash and that it is only associated to the mac algorithm node? + // in JCA that seems to be correct, but would removing the hash consumer here break things generally? + this.getHashAlgorithmValueConsumer() + .getAKnownAlgorithmSource() + .(Crypto::KeyOperationAlgorithmInstance) + .getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } override Crypto::KeyOperationSubtype getKeyOperationSubtype() { result instanceof Crypto::TMacMode @@ -1722,7 +1807,7 @@ module JCAModel { } } - class SignatureStringLiteral extends StringLiteral { + class SignatureStringLiteral extends JavaConstant { SignatureStringLiteral() { signature_names(this.getValue()) } } @@ -1765,12 +1850,12 @@ module JCAModel { int digestLength; SignatureHashAlgorithmInstance() { - hashType = signature_name_to_hash_type_known(this.(StringLiteral).getValue(), digestLength) + hashType = signature_name_to_hash_type_known(this.(JavaConstant).getValue(), digestLength) } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = this.(JavaConstant).getValue() } - override Crypto::THashType getHashFamily() { result = hashType } + override Crypto::THashType getHashType() { result = hashType } override int getFixedDigestLength() { result = digestLength } } @@ -1786,7 +1871,7 @@ module JCAModel { } } - private class SignatureOperationCall extends MethodCall { + class SignatureOperationCall extends MethodCall { SignatureOperationCall() { this.getMethod().hasQualifiedName("java.security", "Signature", ["update", "sign", "verify"]) } @@ -1891,7 +1976,7 @@ module JCAModel { module EllipticCurveStringToConsumerFlow = DataFlow::Global; - class EllipticCurveStringLiteral extends StringLiteral { + class EllipticCurveStringLiteral extends JavaConstant { EllipticCurveStringLiteral() { elliptic_curve_names(this.getValue()) } } @@ -1905,7 +1990,7 @@ module JCAModel { override string getRawEllipticCurveName() { result = super.getValue() } - override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() { + override Crypto::EllipticCurveType getEllipticCurveType() { if Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getRawEllipticCurveName(), _, _) then diff --git a/java/ql/lib/experimental/quantum/Language.qll b/java/ql/lib/experimental/quantum/Language.qll index e203d2a15873..bcc8b62ca87f 100644 --- a/java/ql/lib/experimental/quantum/Language.qll +++ b/java/ql/lib/experimental/quantum/Language.qll @@ -30,7 +30,7 @@ module CryptoInput implements InputSig { class UnknownLocation = UnknownDefaultLocation; string locationToFileBaseNameAndLineNumberString(Location location) { - result = location.getFile().getBaseName() + ":" + location.getStartLine() + result = location.toString() } LocatableElement dfn_to_element(DataFlow::Node node) { @@ -55,7 +55,18 @@ final class DefaultRemoteFlowSource = RemoteFlowSource; private class GenericUnreferencedParameterSource extends Crypto::GenericUnreferencedParameterSource { GenericUnreferencedParameterSource() { - exists(Parameter p | this = p and not exists(p.getAnArgument())) + exists(Parameter p | + this = p and + not exists(p.getAnArgument()) + // or + // // TODO: this is test code which causes regression in unit tests, but will + // // find sources where ordinarily a source might be missing + // // If all calls to a function occur in a test file, ignore those calls + // // and consider the parameter to the function a potential source as well. + // forall(Call testCall | testCall.getCallee() = p.getCallable() | + // testCall.getFile().getBaseName().toUpperCase().matches("%TEST%") + // ) + ) } override predicate flowsTo(Crypto::FlowAwareElement other) { @@ -93,8 +104,54 @@ private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource { override string getAdditionalDescription() { result = this.toString() } } -private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal { - ConstantDataSource() { +import semmle.code.java.frameworks.Properties +private import semmle.code.configfiles.ConfigFiles + +/** + * A class to represent constants in Java code, either literals or + * values retrieved from properties files. + * Java CodeQL does not consider the values of known properties to be literals, + * hence we need to model both literals and property calls. + */ +class JavaConstant extends Expr { + string value; + + JavaConstant() { + // If arg 0 in a getProperty call, consider it a literal only if + // we haven't resolved it to a known property value, otherwise + // use the resolved config value. + // If getProperty is used, always assume the default value is potentially used. + // CAVEAT/ASSUMPTION: this assumes the literal is immediately known at arg0 + // of a getProperty call. + // also if the properties file is reloaded in a way where the reloaded file + // wouldn't have the property but the original does, we would erroneously + // consider the literal to be mapped to that property value. + exists(ConfigPair p, PropertiesGetPropertyMethodCall c | + c.getArgument(0).(Literal).getValue() = p.getNameElement().getName() and + value = p.getValueElement().getValue() and + this = c + ) + or + // in this case, the property value is not known, use the literal property name as the value + exists(PropertiesGetPropertyMethodCall c | + value = c.getArgument(0).(Literal).getValue() and + not exists(ConfigPair p | + c.getArgument(0).(Literal).getValue() = p.getNameElement().getName() + ) and + this = c + ) + or + // in this case, there is not propery getter, we just have a literal + not exists(PropertiesGetPropertyMethodCall c | c.getArgument(0) = this) and + value = this.(Literal).getValue() + } + + string getValue() { result = value } +} + +private class ConstantDataSourceLiteral extends Crypto::GenericConstantSourceInstance instanceof JavaConstant +{ + ConstantDataSourceLiteral() { // TODO: this is an API specific workaround for JCA, as 'EC' is a constant that may be used // where typical algorithms are specified, but EC specifically means set up a // default curve container, that will later be specified explicitly (or if not a default) @@ -112,6 +169,20 @@ private class ConstantDataSource extends Crypto::GenericConstantSourceInstance i override string getAdditionalDescription() { result = this.toString() } } +private class ConstantDataSourceArrayInitializer extends Crypto::GenericConstantSourceInstance instanceof ArrayInit +{ + ConstantDataSourceArrayInitializer() { this.getAnInit() instanceof Literal } + + override DataFlow::Node getOutputNode() { result.asExpr() = this } + + override predicate flowsTo(Crypto::FlowAwareElement other) { + // TODO: separate config to avoid blowing up data-flow analysis + GenericDataSourceFlow::flow(this.getOutputNode(), other.getInputNode()) + } + + override string getAdditionalDescription() { result = this.toString() } +} + /** * An instance of random number generation, modeled as the expression * tied to an output node (i.e., the result of the source of randomness) @@ -215,7 +286,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig { module GenericDataSourceFlow = TaintTracking::Global; -module ArtifactFlow = DataFlow::Global; +module ArtifactFlow = TaintTracking::Global; // Import library-specific modeling import JCA diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql deleted file mode 100644 index f00621d4d2b6..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql +++ /dev/null @@ -1,22 +0,0 @@ -/** - * @name Insecure nonce at a cipher operation - * @id java/quantum/insecure-nonce - * @description A nonce is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) { - src = n.getSourceNode() and - not src.asElement() instanceof SecureRandomnessInstance -} - -from Crypto::KeyOperationNode op, Crypto::NodeBase src -where isInsecureNonceSource(op.getANonce(), src) -select op, "Operation uses insecure nonce source $@", src, src.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql deleted file mode 100644 index 2dd5b0b006be..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @name Weak known key derivation function iteration count - * @description Detects key derivation operations with a known weak iteration count. - * @id java/quantum/weak-kdf-iteration-count - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import java -import experimental.quantum.Language - -from Crypto::KeyDerivationOperationNode op, Literal l -where - op.getIterationCount().asElement() = l and - l.getValue().toInt() < 100000 -select op, "Key derivation operation configures iteration count below 100k: $@", l, - l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql b/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql deleted file mode 100644 index ed2872bb67e1..000000000000 --- a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql +++ /dev/null @@ -1,17 +0,0 @@ -/** - * @name Reuse of cryptographic nonce - * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. - * @id java/quantum/reused-nonce - * @kind problem - * @problem.severity error - * @precision medium - * @tags quantum - * experimental - */ - -import java -import ArtifactReuse - -from Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2 -where isArtifactReuse(nonce1, nonce2) -select nonce1, "Reuse with nonce $@", nonce2, nonce2.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll similarity index 50% rename from java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll rename to java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll index 0e28d9ffe5e3..776510b52ad1 100644 --- a/java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll +++ b/java/ql/src/experimental/quantum/Examples/ArtifactReuse.qll @@ -8,7 +8,7 @@ import experimental.quantum.Language * NOTE: TODO: need to handle call by refernece for now. Need to re-evaluate (see notes below) * Such functions may be 'wrappers' for some derived value. */ -private module WrapperConfig implements DataFlow::ConfigSig { +private module ArtifactGeneratingWrapperConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof Call and // not handling references yet, I think we want to flat say references are only ok @@ -28,25 +28,41 @@ private module WrapperConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(Crypto::ArtifactNode i).asElement() } } -module WrapperFlow = DataFlow::Global; +module ArtifactGeneratingWrapperFlow = TaintTracking::Global; /** * Using a set approach to determine if reuse of an artifact exists. * This predicate produces a set of 'wrappers' that flow to the artifact node. * This set can be compared with the set to another artifact node to determine if they are the same. */ -private DataFlow::Node getWrapperSet(Crypto::NonceArtifactNode a) { - WrapperFlow::flow(result, DataFlow::exprNode(a.asElement())) +private DataFlow::Node getGeneratingWrapperSet(Crypto::NonceArtifactNode a) { + ArtifactGeneratingWrapperFlow::flow(result, DataFlow::exprNode(a.asElement())) or result.asExpr() = a.getSourceElement() } +private predicate ancestorOfArtifact( + Crypto::ArtifactNode a, Callable enclosingCallable, ControlFlow::Node midOrTarget +) { + a.asElement().(Expr).getEnclosingCallable() = enclosingCallable and + ( + midOrTarget.asExpr() = a.asElement() or + midOrTarget.asExpr().(Call).getCallee().calls*(a.asElement().(Expr).getEnclosingCallable()) + ) +} + /** * Two different artifact nodes are considered reuse if any of the following conditions are met: * 1. The source for artifact `a` and artifact `b` are the same and the source is a literal. * 2. The source for artifact `a` and artifact `b` are not the same and the source is a literal of the same value. - * 3. For all 'wrappers' that return the source of artifact `a`, and that wrapper also exists for artifact `b`. - * 4. For all 'wrappers' that return the source of artifact `b`, and that wrapper also exists for artifact `a`. + * 3. For all 'wrappers' that return the source of artifact `a`, and each wrapper also exists for artifact `b`. + * 4. For all 'wrappers' that return the source of artifact `b`, and each wrapper also exists for artifact `a`. + * + * The above conditions determine that the use of the IV is from the same source, but the use may + * be on separate code paths that do not occur sequentially. We must therefore also find a common callable ancestor + * for both uses, and in that ancestor, there must be control flow from the call or use of one to the call or use of the other. + * Note that if no shared ancestor callable exists, it means the flow is more nuanced and ignore the shared ancestor + * use flow. */ predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) { a != b and @@ -55,12 +71,32 @@ predicate isArtifactReuse(Crypto::ArtifactNode a, Crypto::ArtifactNode b) { or a.getSourceElement().(Literal).getValue() = b.getSourceElement().(Literal).getValue() or - forex(DataFlow::Node e | e = getWrapperSet(a) | - exists(DataFlow::Node e2 | e2 = getWrapperSet(b) | e = e2) + forex(DataFlow::Node e | e = getGeneratingWrapperSet(a) | + exists(DataFlow::Node e2 | e2 = getGeneratingWrapperSet(b) | e = e2) ) or - forex(DataFlow::Node e | e = getWrapperSet(b) | - exists(DataFlow::Node e2 | e2 = getWrapperSet(a) | e = e2) + forex(DataFlow::Node e | e = getGeneratingWrapperSet(b) | + exists(DataFlow::Node e2 | e2 = getGeneratingWrapperSet(a) | e = e2) + ) + ) and + // If there is a common parent, there is control flow between the two uses in the parent + // TODO: this logic needs to be examined/revisited to ensure it is correct + ( + exists(Callable commonParent | + ancestorOfArtifact(a, commonParent, _) and + ancestorOfArtifact(b, commonParent, _) + ) + implies + exists(Callable commonParent, ControlFlow::Node aMid, ControlFlow::Node bMid | + ancestorOfArtifact(a, commonParent, aMid) and + ancestorOfArtifact(b, commonParent, bMid) and + a instanceof Crypto::NonceArtifactNode and + b instanceof Crypto::NonceArtifactNode and + ( + aMid.getASuccessor*() = bMid + or + bMid.getASuccessor*() = aMid + ) ) ) } diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll new file mode 100644 index 000000000000..645a092d57ca --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrder.qll @@ -0,0 +1,178 @@ +import java +import experimental.quantum.Language +import codeql.util.Option + +/** + * Holds when the src node is the output artifact of a decrypt operation + * that flows to the input artifact of a mac operation. + */ +predicate isDecryptToMacFlow(ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink) { + ArtifactFlow::flowPath(src, sink) and + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TDecryptMode() and + cipherOp.getAnOutputArtifact().asElement() = src.getNode().asExpr() + ) and + exists(Crypto::MacOperationNode macOp | + macOp.getAnInputArtifact().asElement() = sink.getNode().asExpr() + ) +} + +predicate isDecryptToMacNode(Crypto::ArtifactNode node) { + exists(ArtifactFlow::PathNode src | + isDecryptToMacFlow(src, _) and + node.asElement() = src.getNode().asExpr() + ) +} + +/** + * Holds when the src node is used as plaintext input to both + * an encryption operation and a mac operation, via the + * argument represented by InterimArg. + */ +predicate isPlaintextInEncryptionAndMac( + PlaintextUseAsMacAndCipherInputFlow::PathNode src, + PlaintextUseAsMacAndCipherInputFlow::PathNode sink, InterimArg arg +) { + PlaintextUseAsMacAndCipherInputFlow::flowPath(src, sink) and + arg = sink.getState().asSome() +} + +module ArgToSinkConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { exists(Call c | c.getAnArgument() = source.asExpr()) } + + predicate isSink(DataFlow::Node sink) { targetSinks(sink) } + + // Don't go in to a known out node, this will prevent the plaintext + // from tracing out of cipher operations for example, we just want to trace + // the plaintext to uses. + // NOTE: we are not using a barrier out on input nodes, because + // that would remove 'use-use' flows, which we need + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module ArgToSinkFlow = TaintTracking::Global; + +/** + * Target sinks for this query are either encryption operations or mac operation message inputs + */ +predicate targetSinks(DataFlow::Node n) { + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = n.asExpr() + ) + or + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = n.asExpr()) +} + +/** + * An argument of a target sink or a parent call whose parameter flows to a target sink + */ +class InterimArg extends DataFlow::Node { + DataFlow::Node targetSink; + + InterimArg() { + targetSinks(targetSink) and + ( + this = targetSink + or + ArgToSinkFlow::flow(this, targetSink) and + this.getEnclosingCallable().calls+(targetSink.getEnclosingCallable()) + ) + } + + DataFlow::Node getTargetSink() { result = targetSink } +} + +/** + * A wrapper class to represent a target argument dataflow node. + */ +class TargetArg extends DataFlow::Node { + TargetArg() { targetSinks(this) } + + predicate isCipher() { + exists(Crypto::CipherOperationNode cipherOp | + cipherOp.getKeyOperationSubtype() = Crypto::TEncryptMode() and + cipherOp.getAnInputArtifact().asElement() = this.asExpr() + ) + } + + predicate isMac() { + exists(Crypto::MacOperationNode macOp | macOp.getAnInputArtifact().asElement() = this.asExpr()) + } +} + +module PlaintextUseAsMacAndCipherInputConfig implements DataFlow::StateConfigSig { + class FlowState = Option::Option; + + // TODO: can we approximate a message source better? + predicate isSource(DataFlow::Node source, FlowState state) { + // TODO: can we find the 'closest' parameter to the sinks? + // i.e., use a generic source if we have it, but also isolate the + // lowest level in the flow to the closest parameter node in the call graph? + exists(Crypto::GenericSourceNode other | + other.asElement() = CryptoInput::dfn_to_element(source) + ) and + state.isNone() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof TargetArg and + ( + sink.(TargetArg).isMac() and state.asSome().isCipher() + or + sink.(TargetArg).isCipher() and state.asSome().isMac() + ) + } + + predicate isBarrierOut(DataFlow::Node node, FlowState state) { + // Stop at the first sink for now + isSink(node, state) + } + + // Don't go in to a known out node, this will prevent the plaintext + // from tracing out of cipher operations for example, we just want to trace + // the plaintext to uses. + // NOTE: we are not using a barrier out on input nodes, because + // that would remove 'use-use' flows, which we need + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + (exists(state1.asSome()) or state1.isNone()) and + targetSinks(node1) and + node1 instanceof TargetArg and + //use-use flow, either flow directly from the node1 use + //or find a parent call in the call in the call stack + //and continue flow from that parameter + node2.(InterimArg).getTargetSink() = node1 and + state2.asSome() = node1 + } +} + +module PlaintextUseAsMacAndCipherInputFlow = + TaintTracking::GlobalWithState; diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql new file mode 100644 index 000000000000..fb9d8795b4d1 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql @@ -0,0 +1,18 @@ +/** + * @name Bad MAC order: decrypt to mac + * @description MAC should be on a cipher, not a raw message + * @id java/quantum/examples/bad-mac-order-decrypt-to-mac + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import ArtifactFlow::PathGraph +import BadMacOrder + +from ArtifactFlow::PathNode src, ArtifactFlow::PathNode sink +where isDecryptToMacFlow(src, sink) +select sink, src, sink, + "Incorrect decryption and MAC order: decryption output plaintext flows to MAC message input." diff --git a/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql new file mode 100644 index 000000000000..b3ff84b091ac --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql @@ -0,0 +1,21 @@ +/** + * @name Bad MAC order: Mac and Encryption share the same plaintext + * @description MAC should be on a cipher, not a raw message + * @id java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import BadMacOrder +import PlaintextUseAsMacAndCipherInputFlow::PathGraph + +from + PlaintextUseAsMacAndCipherInputFlow::PathNode src, + PlaintextUseAsMacAndCipherInputFlow::PathNode sink, InterimArg arg +where isPlaintextInEncryptionAndMac(src, sink, arg) +select sink, src, sink, + "Incorrect MAC usage: Encryption plaintext also used for MAC. Flow shows plaintext to final use through intermediate mac or encryption operation here $@", + arg.asExpr(), arg.asExpr().toString() diff --git a/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql b/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql index 1aee95152328..b449f118bc34 100644 --- a/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql +++ b/java/ql/src/experimental/quantum/Examples/BrokenCrypto.ql @@ -4,7 +4,6 @@ * @kind problem * @problem.severity warning * @security-severity 7.5 - * @precision high * @id java/weak-cryptographic-algorithm-new-model * @tags security * external/cwe/cwe-327 diff --git a/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql new file mode 100644 index 000000000000..1c35d50a2d92 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql @@ -0,0 +1,88 @@ +/** + * @name Insecure nonce/iv (static value or weak random source) + * @id java/quantum/examples/insecure-iv-or-nonce + * @description A nonce/iv is generated from a source that is not secure. This can lead to + * vulnerabilities such as replay attacks or key recovery. Insecure generation + * is any static nonce, or any known insecure source for a nonce/iv if + * the value is used for an encryption operation (decryption operations are ignored + * as the nonce/iv would be provided alongside the ciphertext). + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +module NonceSrcFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::NonceArtifactNode nonce | sink.asExpr() = nonce.asElement()) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module NonceSrcFlow = TaintTracking::Global; + +import NonceSrcFlow::PathGraph + +from + Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg, + NonceSrcFlow::PathNode srcNode, NonceSrcFlow::PathNode sinkNode +where + nonce.getSourceNode() = src and + // NOTE: null nonces should be handled seaparately, often used for default values prior to initialization + // failure to initialize should, in practice, lead to a NullPointerException, which is a separate concern + // however there may be APIs where NULL uses a default nonce or action. + not src.asElement() instanceof NullLiteral and + ( + // Case 1: Any constant nonce/iv is bad, regardless of how it is used + src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op = nonce and // binding op but not using it + msg = "Nonce or IV uses constant source $@" + or + // Case 2: The nonce has a non-random source and there is no known operation for the nonce + // assume it is used for encryption + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and // binding op, but not using it + msg = + "Nonce or IV uses insecure source $@ with no observed nonce usage (assuming could be for encryption)." + or + // Case 3: The nonce has a non-random source and is used in an encryption operation + not src.asElement() instanceof SecureRandomnessInstance and + not src.asElement() instanceof Crypto::GenericConstantSourceInstance and + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Nonce or IV uses insecure source $@ at encryption operation $@" + ) and + srcNode.getNode().asExpr() = src.asElement() and + sinkNode.getNode().asExpr() = nonce.asElement() and + NonceSrcFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, msg, src, src.toString(), op, op.toString() diff --git a/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql new file mode 100644 index 000000000000..affe7917cf29 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/NonAESGCMCipher.ql @@ -0,0 +1,24 @@ +/** + * @name Cipher not AES-GCM mode + * @id java/quantum/examples/non-aes-gcm + * @description An AES cipher is in use without GCM + * @kind problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +class NonAESGCMAlgorithmNode extends Crypto::KeyOperationAlgorithmNode { + NonAESGCMAlgorithmNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + this.getModeOfOperation().getModeType() != Crypto::KeyOpAlg::GCM() + } +} + +from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode +where + op.getAKnownAlgorithm() instanceof NonAESGCMAlgorithmNode and + codeNode = op.getAnOutputArtifact() +select op, "Non-AES-GCM instance." diff --git a/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql new file mode 100644 index 000000000000..54eddd8fc06c --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/ReusedNonce.ql @@ -0,0 +1,88 @@ +/** + * @name Reuse of cryptographic nonce + * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities. + * @id java/quantum/examples/reused-nonce + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import ArtifactReuse + +module NonceSrcFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::NonceArtifactNode nonce | sink.asExpr() = nonce.asElement()) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module NonceSrcFlow = TaintTracking::Global; + +import NonceSrcFlow::PathGraph + +from + Crypto::NonceArtifactNode nonce1, Crypto::NonceArtifactNode nonce2, Crypto::NodeBase src, + NonceSrcFlow::PathNode srcNode, NonceSrcFlow::PathNode sinkNode +where + isArtifactReuse(nonce1, nonce2) and + // NOTE: in general we may not know a source, but see possible reuse, + // we are not detecting these cases here (only where the source is the same). + src = nonce1.getSourceNode() and + src = nonce2.getSourceNode() and + // Null literals are typically used for initialization, and if two 'nulls' + // are reused, it is likely an uninitialization path that would result in a NullPointerException. + not src.asElement() instanceof NullLiteral and + // if the nonce is used in an encryption and decryption, ignore that reuse + not exists(Crypto::CipherOperationNode op1, Crypto::CipherOperationNode op2 | + op1 != op2 and + op1.getANonce() = nonce1 and + op2.getANonce() = nonce2 and + ( + ( + op1.getKeyOperationSubtype() instanceof Crypto::TEncryptMode or + op1.getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + ( + op2.getKeyOperationSubtype() instanceof Crypto::TDecryptMode or + op2.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode + ) + or + ( + op2.getKeyOperationSubtype() instanceof Crypto::TEncryptMode or + op2.getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + ( + op1.getKeyOperationSubtype() instanceof Crypto::TDecryptMode or + op1.getKeyOperationSubtype() instanceof Crypto::TUnwrapMode + ) + ) + ) and + srcNode.getNode().asExpr() = src.asElement() and + sinkNode.getNode().asExpr() = nonce1.asElement() and + NonceSrcFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, "Nonce source is reused, see alternate sink $@", nonce2, + nonce2.toString() diff --git a/java/ql/src/experimental/quantum/Examples/UnknownHash.ql b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql new file mode 100644 index 000000000000..32d8fa3b753f --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/UnknownHash.ql @@ -0,0 +1,19 @@ +/** + * @name Unknown hashes + * @description Finds uses of cryptographic hashing algorithms of unknown type. + * @id java/quantum/examples/unknown-hash + * @kind problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +from Crypto::HashAlgorithmNode alg +where + not exists(alg.getHashType()) + or + alg.getHashType() = Crypto::OtherHashType() +select alg, "Use of unknown hash algorithm." diff --git a/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql new file mode 100644 index 000000000000..3537fca594ae --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/UnknownIVorNonceSource.ql @@ -0,0 +1,35 @@ +/** + * @name Unknown nonce/iv source + * @id java/quantum/examples/unknown-iv-or-nonce-source + * @description A nonce/iv is generated from a source that is not secure. Failure to initialize + * an IV or nonce properly can lead to vulnerabilities such as replay attacks or key recovery. + * IV may be unknown at a decryption operation (IV would be provided alongside the ciphertext). + * These cases are ignored. + * @kind problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import experimental.quantum.Language + +from Crypto::NonceArtifactNode nonce, Crypto::NodeBase op, string msg +where + not exists(nonce.getSourceNode()) and + ( + // Nonce not associated with any known cipher operation, assume unknown as insecure + not exists(Crypto::CipherOperationNode o | o.getANonce() = nonce) and + op = nonce and + msg = + "Unknown IV/Nonce initialization source with no observed nonce usage (assuming could be for encryption)." + or + // Nonce associated cipher operation where the mode is not explicitly encryption + op.(Crypto::CipherOperationNode).getANonce() = nonce and + ( + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TEncryptMode + or + op.(Crypto::CipherOperationNode).getKeyOperationSubtype() instanceof Crypto::TWrapMode + ) and + msg = "Unknown IV/Nonce initialization source at encryption operation $@" + ) +select nonce, msg, op, op.toString() diff --git a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql similarity index 87% rename from java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql rename to java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql index 21bca11cc1af..3f8f1306a1d3 100644 --- a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql +++ b/java/ql/src/experimental/quantum/Examples/UnknownKDFIterationCount.ql @@ -1,10 +1,9 @@ /** * @name Unknown key derivation function iteration count * @description Detects key derivation operations with an unknown iteration count. - * @id java/quantum/unknown-kdf-iteration-count + * @id java/quantum/examples/unknown-kdf-iteration-count * @kind problem - * @precision medium - * @severity warning + * @problem.severity error * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql new file mode 100644 index 000000000000..ee81e7bd6d0a --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql @@ -0,0 +1,69 @@ +/** + * @name Weak Asymmetric Key Size + * @id java/quantum/examples/weak-asymmetric-key-gen-size + * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation. + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +module KeySizeFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyCreationOperationNode kgen | + sink = kgen.getKeySizeConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module KeySizeFlow = TaintTracking::Global; + +import KeySizeFlow::PathGraph + +from + Crypto::KeyCreationOperationNode keygen, int keySize, Crypto::AlgorithmNode alg, + KeySizeFlow::PathNode srcNode, KeySizeFlow::PathNode sinkNode +where + // ASSUMPTION/NOTE: if the key size is set on a key creation, but the key creation itself is not observed + // (i.e., the size is initialized but the operation not observed) currently we will not + // detect the size. A key creation operation currently must be observed. + keygen.getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and + // NOTE: if algorithm is not known (doesn't bind) we need a separate query + // Also note the algorithm may also be re-specified at a use of the key + alg = keygen.getAKnownAlgorithm() and + not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm + not alg.(Crypto::KeyAgreementAlgorithmNode).getKeyAgreementType() = Crypto::ECDH() and // ECDH key sizes should be handled with elliptic curves + alg instanceof Crypto::AsymmetricAlgorithmNode and + keySize < 2048 and + srcNode.getNode().asExpr() = keygen.getAKeySizeSource().asElement() and + sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode() and + KeySizeFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg, + alg.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql new file mode 100644 index 000000000000..c5fb224ea1f5 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql @@ -0,0 +1,32 @@ +/** + * @name Weak AES Block mode + * @id java/quantum/examples/weak-block-modes + * @description An AES cipher is in use with an insecure block mode + * @kind problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +class WeakAESBlockModeAlgNode extends Crypto::KeyOperationAlgorithmNode { + Crypto::ModeOfOperationAlgorithmNode mode; + + WeakAESBlockModeAlgNode() { + this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and + mode = super.getModeOfOperation() and + ( + mode.getModeType() = Crypto::KeyOpAlg::ECB() or + mode.getModeType() = Crypto::KeyOpAlg::CFB() or + mode.getModeType() = Crypto::KeyOpAlg::OFB() or + mode.getModeType() = Crypto::KeyOpAlg::CTR() + ) + } + + Crypto::ModeOfOperationAlgorithmNode getMode() { result = mode } +} + +from WeakAESBlockModeAlgNode alg +select alg, "Weak AES block mode instance $@.", alg.getMode(), alg.getMode().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.ql b/java/ql/src/experimental/quantum/Examples/WeakHash.ql new file mode 100644 index 000000000000..cb61c2f860aa --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql @@ -0,0 +1,16 @@ +/** + * @name Weak hashes + * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak. + * @id java/quantum/examples/weak-hash + * @kind problem + * @problem.severity error + * @tags external/cwe/cwe-327 + * quantum + * experimental + */ + +import WeakHash + +from Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg +where isUnapprovedHash(alg, htype, msg) +select alg, msg diff --git a/java/ql/src/experimental/quantum/Examples/WeakHash.qll b/java/ql/src/experimental/quantum/Examples/WeakHash.qll new file mode 100644 index 000000000000..add6cc870aed --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakHash.qll @@ -0,0 +1,23 @@ +import experimental.quantum.Language + +predicate isUnapprovedHash(Crypto::HashAlgorithmNode alg, Crypto::HashType htype, string msg) { + htype = alg.getHashType() and + ( + (htype != Crypto::SHA2() and htype != Crypto::SHA3()) and + msg = "Use of unapproved hash algorithm or API: " + htype.toString() + "." + or + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + not exists(alg.getDigestLength()) and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but unknown digest size." + or + exists(int digestLength | + digestLength = alg.getDigestLength() and + (htype = Crypto::SHA2() or htype = Crypto::SHA3()) and + digestLength < 256 and + msg = + "Use of approved hash algorithm or API type " + htype.toString() + " but weak digest size (" + + digestLength + ")." + ) + ) +} diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql new file mode 100644 index 000000000000..98f97335eaeb --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql @@ -0,0 +1,59 @@ +/** + * @name Weak known key derivation function iteration count + * @description Detects key derivation operations with a known weak iteration count. + * @id java/quantum/examples/weak-kdf-iteration-count + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +module IterationCountConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyDerivationOperationInstance kdev | + sink = kdev.getIterationCountConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module IterationCountFlow = TaintTracking::Global; + +import IterationCountFlow::PathGraph + +from + Crypto::KeyDerivationOperationNode op, Literal l, IterationCountFlow::PathNode srcNode, + IterationCountFlow::PathNode sinkNode +where + op.getIterationCount().asElement() = l and + l.getValue().toInt() < 100000 and + srcNode.getNode().asExpr() = l and + sinkNode.getNode() = op.getIterationCountConsumer().getConsumer().getInputNode() and + IterationCountFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Key derivation operation configures iteration count below 100k: $@", l, l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql new file mode 100644 index 000000000000..3d0be43392f2 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql @@ -0,0 +1,59 @@ +/** + * @name Weak known key derivation function output length + * @description Detects key derivation operations with a known weak output length + * @id java/quantum/examples/weak-kdf-key-size + * @kind path-problem + * @problem.severity error + * @tags quantum + * experimental + */ + +import java +import experimental.quantum.Language + +module KeySizeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Crypto::GenericSourceInstance i).getOutputNode() or + source = any(Crypto::ArtifactInstance artifact).getOutputNode() + } + + predicate isSink(DataFlow::Node sink) { + exists(Crypto::KeyDerivationOperationInstance kdev | + sink = kdev.getKeySizeConsumer().getConsumer().getInputNode() + ) + } + + predicate isBarrierOut(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getInputNode() + } + + predicate isBarrierIn(DataFlow::Node node) { + node = any(Crypto::FlowAwareElement element).getOutputNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or + exists(MethodCall m | + m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and + node1.asExpr() = m.getQualifier() and + node2.asExpr() = m + ) + } +} + +module KeySizeFlow = TaintTracking::Global; + +import KeySizeFlow::PathGraph + +from + Crypto::KeyDerivationOperationNode op, Literal l, KeySizeFlow::PathNode srcNode, + KeySizeFlow::PathNode sinkNode +where + op.getOutputKeySize().asElement() = l and + l.getValue().toInt() < 256 and + srcNode.getNode().asExpr() = l and + sinkNode.getNode() = op.getKeySizeConsumer().getConsumer().getInputNode() and + KeySizeFlow::flowPath(srcNode, sinkNode) +select sinkNode, srcNode, sinkNode, + "Key derivation operation configures output key length below 256: $@", l, l.getValue().toString() diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql new file mode 100644 index 000000000000..fe08599b6603 --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql @@ -0,0 +1,16 @@ +/** + * @name Weak symmetric ciphers + * @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak. + * @id java/quantum/examples/weak-ciphers + * @kind problem + * @problem.severity error + * @tags external/cwe/cwe-327 + * quantum + * experimental + */ + +import WeakSymmetricCipher + +from Crypto::KeyOperationAlgorithmNode alg, string msg +where isUnapprovedSymmetricCipher(alg, msg) +select alg, msg diff --git a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll new file mode 100644 index 000000000000..457d2b6cd18d --- /dev/null +++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll @@ -0,0 +1,24 @@ +import experimental.quantum.Language +import Crypto::KeyOpAlg as KeyOpAlg + +/** + * Holds when the given symmetric cipher algorithm is unapproved or weak. + */ +predicate isUnapprovedSymmetricCipher(Crypto::KeyOperationAlgorithmNode alg, string msg) { + exists(KeyOpAlg::AlgorithmType algType | + algType = alg.getAlgorithmType() and + msg = "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." and + algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) + ) + // NOTE: an org could decide to disallow very specific algorithms as well, shown below + // ( + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DOUBLE_DES()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH()) or + // algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SKIPJACK()) + // ) +} diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 94e4d2bf0561..905304ac7715 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -29,7 +29,6 @@ | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | @@ -38,7 +37,6 @@ | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | @@ -46,8 +44,7 @@ | jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | -| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | @@ -56,7 +53,6 @@ | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | -| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | @@ -64,8 +60,7 @@ | jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | -| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | @@ -112,7 +107,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | @@ -142,7 +136,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | @@ -160,34 +153,35 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | H | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | H | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | -| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:24:44:24:52 | Message | @@ -198,34 +192,36 @@ | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | -| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | -| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | -| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | | jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | | jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | @@ -233,7 +229,6 @@ | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | Source | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | -| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | @@ -244,7 +239,6 @@ | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | Source | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | -| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:100:55:100:69 | Message | @@ -255,7 +249,6 @@ | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | Source | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | -| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:105:61:105:75 | Message | @@ -266,7 +259,6 @@ | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | Source | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | -| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:52:110:75 | Message | @@ -293,7 +285,6 @@ | jca/Digest.java:75:23:75:62 | HashOperation | Digest | jca/Digest.java:75:23:75:62 | Digest | | jca/Digest.java:75:23:75:62 | HashOperation | Message | jca/Digest.java:75:43:75:61 | Message | | jca/Digest.java:75:43:75:61 | Message | Source | jca/Digest.java:73:49:73:63 | Parameter | -| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:87:23:87:56 | Digest | Source | jca/Digest.java:87:23:87:56 | Digest | | jca/Digest.java:87:23:87:56 | HashOperation | Algorithm | jca/Digest.java:85:58:85:66 | HashAlgorithm | @@ -302,7 +293,6 @@ | jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:87:37:87:55 | Message | | jca/Digest.java:87:37:87:55 | Message | Source | jca/Digest.java:83:37:83:51 | Parameter | | jca/Digest.java:97:42:97:63 | Message | Source | jca/Digest.java:95:37:95:51 | Parameter | -| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:98:65:98:86 | HMACAlgorithm | H | jca/Digest.java:98:65:98:86 | HashAlgorithm | | jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:98:65:98:86 | HMACAlgorithm | @@ -315,11 +305,10 @@ | jca/Digest.java:109:23:109:57 | HashOperation | Digest | jca/Digest.java:109:23:109:57 | Digest | | jca/Digest.java:109:23:109:57 | HashOperation | Message | jca/Digest.java:109:41:109:56 | Message | | jca/Digest.java:109:41:109:56 | Message | Source | jca/Digest.java:107:40:107:51 | Parameter | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Mode | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Padding | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | H | jca/Digest.java:118:36:118:47 | HashAlgorithm | | jca/Digest.java:120:19:120:27 | Key | Source | jca/Digest.java:117:49:117:58 | Parameter | -| jca/Digest.java:121:23:121:52 | MACOperation | Algorithm | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | -| jca/Digest.java:121:23:121:52 | MACOperation | HashAlgorithm | jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:23:121:52 | MACOperation | Algorithm | jca/Digest.java:118:36:118:47 | HMACAlgorithm | +| jca/Digest.java:121:23:121:52 | MACOperation | HashAlgorithm | jca/Digest.java:118:36:118:47 | HashAlgorithm | | jca/Digest.java:121:23:121:52 | MACOperation | Input | jca/Digest.java:121:36:121:51 | Message | | jca/Digest.java:121:23:121:52 | MACOperation | Key | jca/Digest.java:120:19:120:27 | Key | | jca/Digest.java:121:23:121:52 | MACOperation | Message | jca/Digest.java:121:36:121:51 | Message | @@ -328,7 +317,13 @@ | jca/Digest.java:121:36:121:51 | Message | Source | jca/Digest.java:117:35:117:46 | Parameter | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:140:44:140:62 | ModeOfOperation | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:140:44:140:62 | PaddingAlgorithm | -| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:121:23:121:52 | KeyOperationOutput | | jca/Digest.java:142:32:142:74 | EncryptOperation | Algorithm | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | | jca/Digest.java:142:32:142:74 | EncryptOperation | Input | jca/Digest.java:142:47:142:73 | Message | | jca/Digest.java:142:32:142:74 | EncryptOperation | Key | jca/Digest.java:141:42:141:44 | Key | @@ -336,7 +331,6 @@ | jca/Digest.java:142:32:142:74 | EncryptOperation | Output | jca/Digest.java:142:32:142:74 | KeyOperationOutput | | jca/Digest.java:142:47:142:73 | Message | Source | jca/Digest.java:142:47:142:62 | Constant | | jca/Digest.java:176:42:176:71 | Message | Source | jca/Digest.java:171:50:171:62 | Parameter | -| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/Digest.java:177:65:177:86 | HMACAlgorithm | H | jca/Digest.java:177:65:177:86 | HashAlgorithm | | jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:177:65:177:86 | HMACAlgorithm | @@ -353,11 +347,10 @@ | jca/Digest.java:188:29:188:78 | EncryptOperation | Nonce | jca/Digest.java:188:29:188:78 | EncryptOperation | | jca/Digest.java:188:29:188:78 | EncryptOperation | Output | jca/Digest.java:188:29:188:78 | KeyOperationOutput | | jca/Digest.java:188:44:188:77 | Message | Source | jca/Digest.java:188:44:188:66 | Constant | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Mode | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Padding | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | H | jca/Digest.java:191:35:191:46 | HashAlgorithm | | jca/Digest.java:192:18:192:23 | Key | Source | jca/Digest.java:192:18:192:23 | Key | -| jca/Digest.java:193:30:193:52 | MACOperation | Algorithm | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | -| jca/Digest.java:193:30:193:52 | MACOperation | HashAlgorithm | jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:30:193:52 | MACOperation | Algorithm | jca/Digest.java:191:35:191:46 | HMACAlgorithm | +| jca/Digest.java:193:30:193:52 | MACOperation | HashAlgorithm | jca/Digest.java:191:35:191:46 | HashAlgorithm | | jca/Digest.java:193:30:193:52 | MACOperation | Input | jca/Digest.java:193:42:193:51 | Message | | jca/Digest.java:193:30:193:52 | MACOperation | Key | jca/Digest.java:192:18:192:23 | Key | | jca/Digest.java:193:30:193:52 | MACOperation | Message | jca/Digest.java:193:42:193:51 | Message | @@ -396,8 +389,10 @@ | jca/EllipticCurve1.java:106:16:106:36 | Key | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | | jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | | jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Output | jca/EllipticCurve1.java:106:16:106:36 | Key | -| jca/EllipticCurve1.java:115:16:115:36 | Key | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | -| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | +| jca/EllipticCurve1.java:115:16:115:36 | Key | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | | jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Output | jca/EllipticCurve1.java:115:16:115:36 | Key | | jca/EllipticCurve2.java:47:16:47:36 | Key | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | | jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | @@ -411,8 +406,10 @@ | jca/EllipticCurve2.java:73:16:73:36 | Key | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | | jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | | jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Output | jca/EllipticCurve2.java:73:16:73:36 | Key | -| jca/EllipticCurve2.java:81:16:81:36 | Key | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | -| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:81:16:81:36 | Key | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Output | jca/EllipticCurve2.java:81:16:81:36 | Key | | jca/EllipticCurve2.java:106:17:106:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | | jca/EllipticCurve2.java:107:20:107:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | @@ -481,7 +478,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | | jca/EllipticCurve2.java:223:42:223:47 | Key | Source | jca/EllipticCurve2.java:223:42:223:47 | Key | -| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | | jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Input | jca/EllipticCurve2.java:224:44:224:52 | Message | @@ -494,7 +490,6 @@ | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | | jca/Encryption1.java:67:42:67:44 | Key | Source | jca/Encryption1.java:62:25:62:44 | Key | -| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | | jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | Algorithm | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | Input | jca/Encryption1.java:68:47:68:73 | Message | @@ -564,7 +559,6 @@ | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | | jca/Encryption1.java:175:45:175:50 | Key | Source | jca/Encryption1.java:163:28:163:47 | Key | -| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | | jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Algorithm | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Input | jca/Encryption1.java:176:50:176:64 | Message | @@ -590,8 +584,7 @@ | jca/Encryption2.java:100:44:100:55 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | -| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:109:45:109:50 | Key | -| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | +| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:100:30:100:56 | Digest | | jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Algorithm | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | Input | jca/Encryption2.java:110:50:110:64 | Message | @@ -602,7 +595,6 @@ | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | | jca/Encryption2.java:149:45:149:50 | Key | Source | jca/Encryption2.java:149:45:149:50 | Key | -| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | | jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Algorithm | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Input | jca/Encryption2.java:150:50:150:97 | Message | @@ -610,11 +602,10 @@ | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Nonce | jca/Encryption2.java:149:53:149:59 | Nonce | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | Output | jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | | jca/Encryption2.java:150:50:150:97 | Message | Source | jca/Encryption2.java:150:50:150:86 | Constant | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | H | jca/Encryption2.java:173:36:173:47 | HashAlgorithm | | jca/Encryption2.java:175:19:175:27 | Key | Source | jca/Encryption2.java:132:68:132:88 | Parameter | -| jca/Encryption2.java:176:31:176:52 | MACOperation | Algorithm | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:176:31:176:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Algorithm | jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | +| jca/Encryption2.java:176:31:176:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:173:36:173:47 | HashAlgorithm | | jca/Encryption2.java:176:31:176:52 | MACOperation | Input | jca/Encryption2.java:176:44:176:51 | Message | | jca/Encryption2.java:176:31:176:52 | MACOperation | Key | jca/Encryption2.java:175:19:175:27 | Key | | jca/Encryption2.java:176:31:176:52 | MACOperation | Message | jca/Encryption2.java:176:44:176:51 | Message | @@ -656,6 +647,7 @@ | jca/Hash.java:174:23:174:52 | HashOperation | Message | jca/Hash.java:174:37:174:51 | Message | | jca/Hash.java:174:37:174:51 | Message | Source | jca/Hash.java:172:43:172:53 | Parameter | | jca/Hash.java:195:27:195:57 | Digest | Source | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:31:192:48 | Constant | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:32:191:38 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:41:191:49 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:52:191:60 | HashAlgorithm | @@ -664,31 +656,60 @@ | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:85:191:94 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:97:191:106 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:13:192:25 | HashAlgorithm | -| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:28:192:40 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:43:192:47 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | HashOperation | Digest | jca/Hash.java:195:27:195:57 | Digest | | jca/Hash.java:195:27:195:57 | HashOperation | Message | jca/Hash.java:195:41:195:56 | Message | | jca/Hash.java:195:41:195:56 | Message | Source | jca/Hash.java:190:43:190:54 | Parameter | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | H | jca/Hash.java:212:102:212:115 | HashAlgorithm | | jca/Hash.java:216:22:216:30 | Key | Source | jca/Hash.java:211:57:211:66 | Parameter | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | -| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:31:212:116 | Constant | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:72:212:83 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:86:212:99 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:102:212:115 | HMACAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:212:102:212:115 | HashAlgorithm | | jca/Hash.java:217:27:217:55 | MACOperation | Input | jca/Hash.java:217:39:217:54 | Message | | jca/Hash.java:217:27:217:55 | MACOperation | Key | jca/Hash.java:216:22:216:30 | Key | | jca/Hash.java:217:27:217:55 | MACOperation | Message | jca/Hash.java:217:39:217:54 | Message | @@ -696,7 +717,6 @@ | jca/Hash.java:217:27:217:55 | MACOperation | Output | jca/Hash.java:217:27:217:55 | KeyOperationOutput | | jca/Hash.java:217:39:217:54 | Message | Source | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:235:42:235:63 | Message | Source | jca/Hash.java:232:40:232:54 | Parameter | -| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:9:310:42 | RandomNumberGeneration | | jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/Hash.java:236:65:236:86 | HMACAlgorithm | H | jca/Hash.java:236:65:236:86 | HashAlgorithm | | jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:236:65:236:86 | HMACAlgorithm | @@ -705,6 +725,7 @@ | jca/Hash.java:237:23:237:50 | KeyDerivation | Output | jca/Hash.java:237:23:237:50 | Key | | jca/Hash.java:237:23:237:50 | KeyDerivation | Salt | jca/Hash.java:235:66:235:69 | Salt | | jca/Hash.java:252:23:252:70 | Digest | Source | jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:16:294:66 | Constant | | jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:16:294:66 | LocalData | | jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:57:294:65 | HashAlgorithm | | jca/Hash.java:252:23:252:70 | HashOperation | Digest | jca/Hash.java:252:23:252:70 | Digest | @@ -712,6 +733,7 @@ | jca/Hash.java:252:37:252:69 | Message | Source | jca/Hash.java:252:37:252:58 | Constant | | jca/Hash.java:270:27:270:30 | Message | Source | jca/Hash.java:269:27:269:38 | Constant | | jca/Hash.java:271:40:271:54 | Digest | Source | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:31:266:76 | Constant | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:32:266:40 | HashAlgorithm | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:43:266:51 | HashAlgorithm | | jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:54:266:63 | HashAlgorithm | @@ -721,7 +743,6 @@ | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | | jca/IVArtifact.java:31:42:31:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Algorithm | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Input | jca/IVArtifact.java:32:44:32:72 | Message | @@ -730,9 +751,9 @@ | jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Output | jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | | jca/IVArtifact.java:32:44:32:72 | Message | Source | jca/IVArtifact.java:32:44:32:61 | Constant | | jca/IVArtifact.java:38:42:38:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | Constant | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | LocalData | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Input | jca/IVArtifact.java:39:44:39:52 | Message | @@ -758,7 +779,6 @@ | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | | jca/IVArtifact.java:134:42:134:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | | jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:116:31:116:34 | Constant | -| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | | jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | | jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Input | jca/IVArtifact.java:135:31:135:39 | Message | @@ -774,7 +794,7 @@ | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | | jca/IVArtifact.java:158:42:158:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | -| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:154:31:154:78 | Digest | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Input | jca/IVArtifact.java:159:31:159:39 | Message | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Key | jca/IVArtifact.java:158:42:158:44 | Key | @@ -784,7 +804,6 @@ | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | | jca/IVArtifact.java:182:46:182:48 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | -| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | | jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | | jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | | jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Input | jca/IVArtifact.java:183:45:183:57 | Message | @@ -834,7 +853,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | @@ -859,8 +877,7 @@ | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | @@ -879,7 +896,6 @@ | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | | jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | @@ -890,7 +906,6 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | -| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | @@ -898,11 +913,10 @@ | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | -| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Input | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Key | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Message | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | @@ -924,16 +938,20 @@ | jca/KeyArtifact.java:42:26:42:53 | Key | Algorithm | jca/KeyArtifact.java:42:26:42:53 | Key | | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Algorithm | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Output | jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | Constant | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | LocalData | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | | jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Output | jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Output | jca/KeyArtifact.java:73:16:73:43 | Key | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | Mode | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | Padding | jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:80:42:80:63 | Message | Source | jca/KeyDerivation1.java:78:39:78:53 | Parameter | -| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | | jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | @@ -942,7 +960,6 @@ | jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Output | jca/KeyDerivation1.java:82:22:82:49 | Key | | jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:80:66:80:69 | Salt | | jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:36:92:50 | Parameter | -| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | @@ -951,7 +968,6 @@ | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Output | jca/KeyDerivation1.java:96:22:96:49 | Key | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:94:66:94:69 | Salt | | jca/KeyDerivation1.java:108:42:108:63 | Message | Source | jca/KeyDerivation1.java:106:37:106:51 | Parameter | -| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | | jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | @@ -960,7 +976,6 @@ | jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Output | jca/KeyDerivation1.java:110:22:110:49 | Key | | jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:108:66:108:69 | Salt | | jca/KeyDerivation1.java:122:42:122:63 | Message | Source | jca/KeyDerivation1.java:120:32:120:46 | Parameter | -| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | | jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | @@ -969,7 +984,6 @@ | jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Output | jca/KeyDerivation1.java:124:22:124:49 | Key | | jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:122:66:122:69 | Salt | | jca/KeyDerivation1.java:136:42:136:63 | Message | Source | jca/KeyDerivation1.java:134:34:134:48 | Parameter | -| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | | jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | @@ -978,14 +992,12 @@ | jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Output | jca/KeyDerivation1.java:138:22:138:49 | Key | | jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:136:66:136:69 | Salt | | jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:154:28:154:42 | Parameter | -| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:72 | Constant | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Input | jca/KeyDerivation1.java:157:42:157:63 | Message | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Output | jca/KeyDerivation1.java:159:22:159:49 | Key | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:157:66:157:69 | Salt | | jca/KeyDerivation1.java:172:42:172:63 | Message | Source | jca/KeyDerivation1.java:169:30:169:44 | Parameter | -| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:173:65:173:72 | Constant | | jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Input | jca/KeyDerivation1.java:172:42:172:63 | Message | @@ -998,7 +1010,7 @@ | jca/KeyDerivation1.java:244:43:244:58 | Message | Source | jca/KeyDerivation1.java:242:45:242:56 | Parameter | | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | -| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:244:29:244:59 | Digest | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Input | jca/KeyDerivation1.java:251:44:251:73 | Message | | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Key | jca/KeyDerivation1.java:250:55:250:57 | Key | @@ -1008,15 +1020,14 @@ | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | | jca/KeyDerivation1.java:314:42:314:63 | Message | Source | jca/KeyDerivation1.java:302:37:302:51 | Parameter | -| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | Constant | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | LocalData | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Input | jca/KeyDerivation1.java:314:42:314:63 | Message | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Output | jca/KeyDerivation1.java:316:26:316:53 | Key | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:314:66:314:69 | Salt | | jca/KeyDerivation1.java:333:42:333:63 | Message | Source | jca/KeyDerivation1.java:283:43:283:57 | Parameter | -| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | @@ -1024,11 +1035,11 @@ | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Input | jca/KeyDerivation1.java:333:42:333:63 | Message | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Output | jca/KeyDerivation1.java:335:16:335:43 | Key | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:333:66:333:69 | Salt | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:347:19:347:27 | Key | -| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | H | jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Input | jca/KeyDerivation1.java:348:35:348:37 | Message | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Message | jca/KeyDerivation1.java:348:35:348:37 | Message | @@ -1036,9 +1047,9 @@ | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Output | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:269:32:269:41 | Parameter | | jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:283:60:283:78 | Parameter | -| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:352:19:352:54 | Key | -| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Input | jca/KeyDerivation1.java:353:35:353:61 | Message | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:352:19:352:54 | Key | @@ -1062,7 +1073,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | | jca/KeyEncapsulation.java:77:45:77:50 | Key | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | -| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:78:47:78:79 | Message | @@ -1093,8 +1103,7 @@ | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:136:45:136:50 | Key | -| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:137:47:137:72 | Message | @@ -1171,22 +1180,20 @@ | jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:212:20:212:28 | Key | | jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:211:17:211:26 | Key | | jca/KeyExchange.java:213:16:213:34 | SharedSecret | Source | jca/KeyExchange.java:213:16:213:34 | SharedSecret | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | H | jca/MACOperation.java:60:35:60:46 | HashAlgorithm | | jca/MACOperation.java:62:18:62:26 | Key | Source | jca/MACOperation.java:59:52:59:61 | Parameter | -| jca/MACOperation.java:63:16:63:46 | MACOperation | Algorithm | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:63:16:63:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Algorithm | jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | +| jca/MACOperation.java:63:16:63:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:60:35:60:46 | HashAlgorithm | | jca/MACOperation.java:63:16:63:46 | MACOperation | Input | jca/MACOperation.java:63:28:63:45 | Message | | jca/MACOperation.java:63:16:63:46 | MACOperation | Key | jca/MACOperation.java:62:18:62:26 | Key | | jca/MACOperation.java:63:16:63:46 | MACOperation | Message | jca/MACOperation.java:63:28:63:45 | Message | | jca/MACOperation.java:63:16:63:46 | MACOperation | Nonce | jca/MACOperation.java:63:16:63:46 | MACOperation | | jca/MACOperation.java:63:16:63:46 | MACOperation | Output | jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | | jca/MACOperation.java:63:28:63:45 | Message | Source | jca/MACOperation.java:59:36:59:49 | Parameter | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | H | jca/MACOperation.java:71:35:71:48 | HashAlgorithm | | jca/MACOperation.java:73:18:73:26 | Key | Source | jca/MACOperation.java:70:50:70:59 | Parameter | -| jca/MACOperation.java:74:16:74:46 | MACOperation | Algorithm | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:74:16:74:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Algorithm | jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | +| jca/MACOperation.java:74:16:74:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:71:35:71:48 | HashAlgorithm | | jca/MACOperation.java:74:16:74:46 | MACOperation | Input | jca/MACOperation.java:74:28:74:45 | Message | | jca/MACOperation.java:74:16:74:46 | MACOperation | Key | jca/MACOperation.java:73:18:73:26 | Key | | jca/MACOperation.java:74:16:74:46 | MACOperation | Message | jca/MACOperation.java:74:28:74:45 | Message | @@ -1224,11 +1231,10 @@ | jca/MACOperation.java:110:16:110:46 | MACOperation | Nonce | jca/MACOperation.java:110:16:110:46 | MACOperation | | jca/MACOperation.java:110:16:110:46 | MACOperation | Output | jca/MACOperation.java:110:16:110:46 | KeyOperationOutput | | jca/MACOperation.java:110:28:110:45 | Message | Source | jca/MACOperation.java:106:30:106:43 | Parameter | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | H | jca/MACOperation.java:118:35:118:44 | HashAlgorithm | | jca/MACOperation.java:120:18:120:26 | Key | Source | jca/MACOperation.java:117:52:117:61 | Parameter | -| jca/MACOperation.java:121:16:121:46 | MACOperation | Algorithm | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:121:16:121:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Algorithm | jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | +| jca/MACOperation.java:121:16:121:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:118:35:118:44 | HashAlgorithm | | jca/MACOperation.java:121:16:121:46 | MACOperation | Input | jca/MACOperation.java:121:28:121:45 | Message | | jca/MACOperation.java:121:16:121:46 | MACOperation | Key | jca/MACOperation.java:120:18:120:26 | Key | | jca/MACOperation.java:121:16:121:46 | MACOperation | Message | jca/MACOperation.java:121:28:121:45 | Message | @@ -1245,7 +1251,6 @@ | jca/MACOperation.java:138:32:138:74 | EncryptOperation | Output | jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | | jca/MACOperation.java:138:47:138:73 | Message | Source | jca/MACOperation.java:138:47:138:62 | Constant | | jca/MACOperation.java:170:42:170:68 | Message | Source | jca/MACOperation.java:166:47:166:62 | Parameter | -| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | | jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | H | jca/MACOperation.java:171:65:171:86 | HashAlgorithm | | jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | @@ -1262,11 +1267,10 @@ | jca/MACOperation.java:182:29:182:78 | EncryptOperation | Nonce | jca/MACOperation.java:182:29:182:78 | EncryptOperation | | jca/MACOperation.java:182:29:182:78 | EncryptOperation | Output | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | | jca/MACOperation.java:182:44:182:77 | Message | Source | jca/MACOperation.java:182:44:182:66 | Constant | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | H | jca/MACOperation.java:185:35:185:46 | HashAlgorithm | | jca/MACOperation.java:186:18:186:30 | Key | Source | jca/MACOperation.java:186:18:186:30 | Key | -| jca/MACOperation.java:187:30:187:52 | MACOperation | Algorithm | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:187:30:187:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Algorithm | jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | +| jca/MACOperation.java:187:30:187:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:185:35:185:46 | HashAlgorithm | | jca/MACOperation.java:187:30:187:52 | MACOperation | Input | jca/MACOperation.java:187:42:187:51 | Message | | jca/MACOperation.java:187:30:187:52 | MACOperation | Key | jca/MACOperation.java:186:18:186:30 | Key | | jca/MACOperation.java:187:30:187:52 | MACOperation | Message | jca/MACOperation.java:187:42:187:51 | Message | @@ -1284,24 +1288,28 @@ | jca/MACOperation.java:219:47:219:50 | Message | Source | jca/MACOperation.java:150:36:150:51 | Parameter | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | Algorithm | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | Output | jca/MACOperation.java:234:16:234:35 | Key | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | H | jca/Nonce.java:24:35:24:46 | HashAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | -| jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | -| jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:26:20:26:24 | Message | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | HMACAlgorithm | +| jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:24:35:24:46 | HashAlgorithm | +| jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:27:40:27:68 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Key | jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:27:28:27:69 | MACOperation | Message | jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Message | jca/Nonce.java:27:40:27:68 | Message | | jca/Nonce.java:27:28:27:69 | MACOperation | Nonce | jca/Nonce.java:27:28:27:69 | MACOperation | | jca/Nonce.java:27:28:27:69 | MACOperation | Output | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | | jca/Nonce.java:27:40:27:68 | Message | Source | jca/Nonce.java:27:40:27:57 | Constant | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | H | jca/Nonce.java:37:35:37:46 | HashAlgorithm | | jca/Nonce.java:38:18:38:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | -| jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | -| jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:39:20:39:24 | Message | Source | jca/Nonce.java:35:24:35:41 | Constant | +| jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | HMACAlgorithm | +| jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:37:35:37:46 | HashAlgorithm | +| jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:40:40:40:66 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Key | jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:40:28:40:67 | MACOperation | Message | jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Message | jca/Nonce.java:40:40:40:66 | Message | | jca/Nonce.java:40:28:40:67 | MACOperation | Nonce | jca/Nonce.java:40:28:40:67 | MACOperation | | jca/Nonce.java:40:28:40:67 | MACOperation | Output | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | @@ -1319,7 +1327,6 @@ | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:61:44:61:62 | ModeOfOperation | | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | | jca/Nonce.java:62:42:62:44 | Key | Source | jca/Nonce.java:58:37:58:49 | Parameter | -| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | | jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Algorithm | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Input | jca/Nonce.java:63:44:63:52 | Message | @@ -1327,13 +1334,16 @@ | jca/Nonce.java:63:29:63:53 | EncryptOperation | Nonce | jca/Nonce.java:62:47:62:53 | Nonce | | jca/Nonce.java:63:29:63:53 | EncryptOperation | Output | jca/Nonce.java:63:29:63:53 | KeyOperationOutput | | jca/Nonce.java:63:44:63:52 | Message | Source | jca/Nonce.java:58:52:58:67 | Parameter | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | H | jca/Nonce.java:70:53:70:64 | HashAlgorithm | | jca/Nonce.java:78:18:78:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | -| jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | -| jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:79:20:79:24 | Message | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:79:20:79:24 | Message | Source | jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | +| jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | HMACAlgorithm | +| jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:70:53:70:64 | HashAlgorithm | +| jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:80:40:80:66 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Key | jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:80:28:80:67 | MACOperation | Message | jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Message | jca/Nonce.java:80:40:80:66 | Message | | jca/Nonce.java:80:28:80:67 | MACOperation | Nonce | jca/Nonce.java:80:28:80:67 | MACOperation | | jca/Nonce.java:80:28:80:67 | MACOperation | Output | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | @@ -1348,6 +1358,8 @@ | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:62:28:62:34 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | @@ -1357,19 +1369,24 @@ | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:69:30:69:35 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:69:30:69:35 | Key | | jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | | jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:84:16:84:31 | Key | | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:97:44:97:52 | Message | @@ -1377,27 +1394,37 @@ | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | | jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | | jca/SignEncryptCombinations.java:112:42:112:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:113:31:113:40 | Message | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:112:42:112:44 | Key | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:113:31:113:40 | Message | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | H | jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | -| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Input | jca/SignEncryptCombinations.java:123:28:123:31 | Message | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Key | jca/SignEncryptCombinations.java:122:18:122:20 | Key | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Message | jca/SignEncryptCombinations.java:123:28:123:31 | Message | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Output | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | | jca/SignatureOperation.java:54:16:54:36 | Key | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | @@ -1446,8 +1473,10 @@ | jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Signature | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:236:27:236:30 | Constant | -| jca/SignatureOperation.java:133:16:133:36 | Key | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | -| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:133:16:133:36 | Key | Algorithm | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Output | jca/SignatureOperation.java:133:16:133:36 | Key | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | @@ -1540,7 +1569,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:56:44:56:52 | Message | @@ -1561,7 +1589,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:99:44:99:52 | Message | @@ -1590,7 +1617,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | Source | jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | -| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:151:44:151:52 | Message | @@ -1601,7 +1627,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | Source | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | -| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | @@ -1612,7 +1637,6 @@ | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | -| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:195:44:195:52 | Message | @@ -1631,8 +1655,7 @@ | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | Source | jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | -| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | @@ -1641,7 +1664,6 @@ | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | Source | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | | jca/SymmetricAlgorithm.java:287:42:287:66 | Message | Source | jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | -| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | | jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | @@ -1652,7 +1674,6 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | Source | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | -| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | @@ -1660,11 +1681,10 @@ | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | Source | jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | Source | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | -| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Input | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Key | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Message | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | @@ -1689,7 +1709,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | | jca/SymmetricModesTest.java:83:42:83:44 | Key | Source | jca/SymmetricModesTest.java:78:43:78:55 | Parameter | -| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:84:44:84:52 | Message | @@ -1715,7 +1734,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | | jca/UniversalFlowTest.java:33:42:33:44 | Key | Source | jca/UniversalFlowTest.java:27:25:27:44 | Key | -| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Input | jca/UniversalFlowTest.java:34:47:34:73 | Message | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index ea071871fd94..20c7276cc4f6 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -31,7 +31,6 @@ | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:109:27:109:54 | jca/AesWrapAndPBEWith.java:109:27:109:54 | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | -| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:122:9:122:42 | jca/AesWrapAndPBEWith.java:122:9:122:42 | | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:122:38:122:41 | jca/AesWrapAndPBEWith.java:122:38:122:41 | | jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | | jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | @@ -45,7 +44,6 @@ | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:125:27:125:54 | jca/AesWrapAndPBEWith.java:125:27:125:54 | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | -| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:140:9:140:42 | jca/AesWrapAndPBEWith.java:140:9:140:42 | | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:140:38:140:41 | jca/AesWrapAndPBEWith.java:140:38:140:41 | | jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | | jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | @@ -61,11 +59,9 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | -| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:148:9:148:40 | jca/AesWrapAndPBEWith.java:148:9:148:40 | | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:148:38:148:39 | jca/AesWrapAndPBEWith.java:148:38:148:39 | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:150:42:150:47 | jca/AesWrapAndPBEWith.java:150:42:150:47 | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:151:29:151:64 | jca/AesWrapAndPBEWith.java:151:29:151:64 | -| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:167:9:167:42 | jca/AesWrapAndPBEWith.java:167:9:167:42 | | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:167:38:167:41 | jca/AesWrapAndPBEWith.java:167:38:167:41 | | jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | | jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | @@ -81,12 +77,12 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | -| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:175:9:175:40 | jca/AesWrapAndPBEWith.java:175:9:175:40 | | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:175:38:175:39 | jca/AesWrapAndPBEWith.java:175:38:175:39 | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:177:42:177:47 | jca/AesWrapAndPBEWith.java:177:42:177:47 | | jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:178:29:178:64 | jca/AesWrapAndPBEWith.java:178:29:178:64 | | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | Description | password | jca/AesWrapAndPBEWith.java:200:55:200:69 | jca/AesWrapAndPBEWith.java:200:55:200:69 | | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | Description | plaintext | jca/AesWrapAndPBEWith.java:200:72:200:87 | jca/AesWrapAndPBEWith.java:200:72:200:87 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | CurveType | SEC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | KeySize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | Name | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | ParsedName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | @@ -122,7 +118,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | @@ -152,7 +147,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | @@ -175,12 +169,18 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | Description | plaintext | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | DigestSize | 160 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | Name | SHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | @@ -196,7 +196,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | -| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:21:9:21:40 | jca/ChainedEncryptionTest.java:21:9:21:40 | | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:21:38:21:39 | jca/ChainedEncryptionTest.java:21:38:21:39 | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:23:42:23:44 | jca/ChainedEncryptionTest.java:23:42:23:44 | | jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:24:29:24:53 | jca/ChainedEncryptionTest.java:24:29:24:53 | @@ -211,7 +210,6 @@ | jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:35:16:35:41 | jca/ChainedEncryptionTest.java:35:16:35:41 | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | -| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:42:9:42:43 | jca/ChainedEncryptionTest.java:42:9:42:43 | | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:42:38:42:42 | jca/ChainedEncryptionTest.java:42:38:42:42 | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:43:42:43:44 | jca/ChainedEncryptionTest.java:43:42:43:44 | | jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:44:29:44:53 | jca/ChainedEncryptionTest.java:44:29:44:53 | @@ -233,7 +231,6 @@ | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | | jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:85:30:85:52 | jca/ChainedEncryptionTest.java:85:30:85:52 | -| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:89:9:89:43 | jca/ChainedEncryptionTest.java:89:9:89:43 | | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:89:38:89:42 | jca/ChainedEncryptionTest.java:89:38:89:42 | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | @@ -244,7 +241,6 @@ | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:92:45:92:52 | jca/ChainedEncryptionTest.java:92:45:92:52 | | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:93:34:93:62 | jca/ChainedEncryptionTest.java:93:34:93:62 | -| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:97:9:97:49 | jca/ChainedEncryptionTest.java:97:9:97:49 | | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:97:38:97:48 | jca/ChainedEncryptionTest.java:97:38:97:48 | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | @@ -312,8 +308,11 @@ | jca/Digest.java:108:62:108:68 | HashAlgorithm | RawName | SHA-1 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | | jca/Digest.java:117:35:117:46 | Parameter | Description | input | jca/Digest.java:117:35:117:46 | jca/Digest.java:117:35:117:46 | | jca/Digest.java:117:49:117:58 | Parameter | Description | key | jca/Digest.java:117:49:117:58 | jca/Digest.java:117:49:117:58 | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | Name | HMAC | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | Name | SHA2 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | | jca/Digest.java:120:19:120:27 | Key | KeyType | Unknown | jca/Digest.java:120:19:120:27 | jca/Digest.java:120:19:120:27 | | jca/Digest.java:121:23:121:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:121:23:121:52 | jca/Digest.java:121:23:121:52 | | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | @@ -350,8 +349,11 @@ | jca/Digest.java:187:42:187:54 | Key | KeyType | Unknown | jca/Digest.java:187:42:187:54 | jca/Digest.java:187:42:187:54 | | jca/Digest.java:188:29:188:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:188:29:188:78 | jca/Digest.java:188:29:188:78 | | jca/Digest.java:188:44:188:66 | Constant | Description | "Further Use Test Data" | jca/Digest.java:188:44:188:66 | jca/Digest.java:188:44:188:66 | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | Name | HMAC | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | Name | SHA2 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | | jca/Digest.java:192:18:192:23 | Key | KeyType | Unknown | jca/Digest.java:192:18:192:23 | jca/Digest.java:192:18:192:23 | | jca/Digest.java:193:30:193:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:193:30:193:52 | jca/Digest.java:193:30:193:52 | | jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | @@ -369,18 +371,20 @@ | jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | | jca/Digest.java:240:21:240:23 | Constant | Description | 256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | | jca/Digest.java:241:16:241:35 | Key | KeyType | Symmetric | jca/Digest.java:241:16:241:35 | jca/Digest.java:241:16:241:35 | -| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:253:9:253:42 | jca/Digest.java:253:9:253:42 | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:253:38:253:41 | jca/Digest.java:253:38:253:41 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | CurveType | SEC | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | | jca/EllipticCurve1.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:47:16:47:36 | jca/EllipticCurve1.java:47:16:47:36 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | CurveType | SEC | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | | jca/EllipticCurve1.java:57:16:57:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:57:16:57:36 | jca/EllipticCurve1.java:57:16:57:36 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | CurveType | BRAINPOOL | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | @@ -392,6 +396,7 @@ | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | Name | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | RawName | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | | jca/EllipticCurve1.java:84:16:84:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:84:16:84:36 | jca/EllipticCurve1.java:84:16:84:36 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | CurveType | SEC | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | KeySize | 163 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | Name | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | ParsedName | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | @@ -399,18 +404,22 @@ | jca/EllipticCurve1.java:95:16:95:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:95:16:95:36 | jca/EllipticCurve1.java:95:16:95:36 | | jca/EllipticCurve1.java:105:66:105:76 | Constant | Description | "sm2p256v1" | jca/EllipticCurve1.java:105:66:105:76 | jca/EllipticCurve1.java:105:66:105:76 | | jca/EllipticCurve1.java:106:16:106:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:106:16:106:36 | jca/EllipticCurve1.java:106:16:106:36 | -| jca/EllipticCurve1.java:114:61:114:69 | Constant | Description | "Ed25519" | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | | jca/EllipticCurve1.java:115:16:115:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:115:16:115:36 | jca/EllipticCurve1.java:115:16:115:36 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | CurveType | SEC | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | | jca/EllipticCurve2.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:47:16:47:36 | jca/EllipticCurve2.java:47:16:47:36 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | CurveType | SEC | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:56:16:56:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:56:16:56:36 | jca/EllipticCurve2.java:56:16:56:36 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | CurveType | BRAINPOOL | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | @@ -419,7 +428,8 @@ | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | | jca/EllipticCurve2.java:73:16:73:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:73:16:73:36 | jca/EllipticCurve2.java:73:16:73:36 | -| jca/EllipticCurve2.java:80:61:80:69 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | | jca/EllipticCurve2.java:81:16:81:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:81:16:81:36 | jca/EllipticCurve2.java:81:16:81:36 | | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | @@ -465,7 +475,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | -| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:221:9:221:40 | jca/EllipticCurve2.java:221:9:221:40 | | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:221:38:221:39 | jca/EllipticCurve2.java:221:38:221:39 | | jca/EllipticCurve2.java:223:42:223:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:42:223:47 | jca/EllipticCurve2.java:223:42:223:47 | | jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:224:29:224:53 | jca/EllipticCurve2.java:224:29:224:53 | @@ -484,7 +493,6 @@ | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | -| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:65:9:65:40 | jca/Encryption1.java:65:9:65:40 | | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:65:38:65:39 | jca/Encryption1.java:65:38:65:39 | | jca/Encryption1.java:67:42:67:44 | Key | KeyType | Unknown | jca/Encryption1.java:67:42:67:44 | jca/Encryption1.java:67:42:67:44 | | jca/Encryption1.java:68:32:68:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:68:32:68:74 | jca/Encryption1.java:68:32:68:74 | @@ -575,10 +583,10 @@ | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | -| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:173:9:173:40 | jca/Encryption1.java:173:9:173:40 | | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | | jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | CurveType | SEC | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | | jca/Encryption2.java:55:60:55:70 | EllipticCurve | KeySize | 256 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | | jca/Encryption2.java:55:60:55:70 | EllipticCurve | Name | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | | jca/Encryption2.java:55:60:55:70 | EllipticCurve | ParsedName | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | @@ -600,7 +608,6 @@ | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | -| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:107:9:107:40 | jca/Encryption2.java:107:9:107:40 | | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:107:38:107:39 | jca/Encryption2.java:107:38:107:39 | | jca/Encryption2.java:109:45:109:50 | Key | KeyType | Unknown | jca/Encryption2.java:109:45:109:50 | jca/Encryption2.java:109:45:109:50 | | jca/Encryption2.java:110:32:110:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:110:32:110:65 | jca/Encryption2.java:110:32:110:65 | @@ -613,13 +620,15 @@ | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | -| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:147:9:147:40 | jca/Encryption2.java:147:9:147:40 | | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:147:38:147:39 | jca/Encryption2.java:147:38:147:39 | | jca/Encryption2.java:149:45:149:50 | Key | KeyType | Unknown | jca/Encryption2.java:149:45:149:50 | jca/Encryption2.java:149:45:149:50 | | jca/Encryption2.java:150:32:150:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:150:32:150:98 | jca/Encryption2.java:150:32:150:98 | | jca/Encryption2.java:150:50:150:86 | Constant | Description | "Post-Quantum Hybrid Encryption Data" | jca/Encryption2.java:150:50:150:86 | jca/Encryption2.java:150:50:150:86 | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Name | HMAC | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | Name | HMAC | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | DigestSize | 256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | Name | SHA2 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | | jca/Encryption2.java:175:19:175:27 | Key | KeyType | Unknown | jca/Encryption2.java:175:19:175:27 | jca/Encryption2.java:175:19:175:27 | | jca/Encryption2.java:176:31:176:52 | MACOperation | KeyOperationSubtype | Mac | jca/Encryption2.java:176:31:176:52 | jca/Encryption2.java:176:31:176:52 | | jca/Hash.java:75:58:75:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | @@ -654,10 +663,12 @@ | jca/Hash.java:173:58:173:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | | jca/Hash.java:173:58:173:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | | jca/Hash.java:190:43:190:54 | Parameter | Description | input | jca/Hash.java:190:43:190:54 | jca/Hash.java:190:43:190:54 | +| jca/Hash.java:191:31:192:48 | Constant | Description | {...} | jca/Hash.java:191:31:192:48 | jca/Hash.java:191:31:192:48 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | Name | SHA1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | | jca/Hash.java:191:32:191:38 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | -| jca/Hash.java:191:41:191:49 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | DigestSize | 224 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | | jca/Hash.java:191:41:191:49 | HashAlgorithm | RawName | SHA-224 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | | jca/Hash.java:191:52:191:60 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | | jca/Hash.java:191:52:191:60 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | @@ -674,27 +685,45 @@ | jca/Hash.java:191:97:191:106 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | | jca/Hash.java:191:97:191:106 | HashAlgorithm | Name | SHA3 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | | jca/Hash.java:191:97:191:106 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | -| jca/Hash.java:192:13:192:25 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | Name | BLAKE2B | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | | jca/Hash.java:192:13:192:25 | HashAlgorithm | RawName | BLAKE2B-512 | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | -| jca/Hash.java:192:28:192:40 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | -| jca/Hash.java:192:28:192:40 | HashAlgorithm | RawName | BLAKE2S-256 | jca/Hash.java:192:28:192:40 | jca/Hash.java:192:28:192:40 | | jca/Hash.java:192:43:192:47 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:192:43:192:47 | HashAlgorithm | Name | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:192:43:192:47 | HashAlgorithm | RawName | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | | jca/Hash.java:211:43:211:54 | Parameter | Description | input | jca/Hash.java:211:43:211:54 | jca/Hash.java:211:43:211:54 | | jca/Hash.java:211:57:211:66 | Parameter | Description | key | jca/Hash.java:211:57:211:66 | jca/Hash.java:211:57:211:66 | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:31:212:116 | Constant | Description | {...} | jca/Hash.java:212:31:212:116 | jca/Hash.java:212:31:212:116 | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | Name | SHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | Name | SHA2 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | DigestSize | 384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | Name | SHA2 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | Name | SHA2 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | Name | SHA3 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | Name | HMAC | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | Name | SHA3 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | | jca/Hash.java:216:22:216:30 | Key | KeyType | Unknown | jca/Hash.java:216:22:216:30 | jca/Hash.java:216:22:216:30 | | jca/Hash.java:217:27:217:55 | MACOperation | KeyOperationSubtype | Mac | jca/Hash.java:217:27:217:55 | jca/Hash.java:217:27:217:55 | | jca/Hash.java:232:40:232:54 | Parameter | Description | password | jca/Hash.java:232:40:232:54 | jca/Hash.java:232:40:232:54 | @@ -711,6 +740,7 @@ | jca/Hash.java:237:23:237:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | | jca/Hash.java:237:23:237:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | | jca/Hash.java:252:37:252:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:252:37:252:58 | jca/Hash.java:252:37:252:58 | +| jca/Hash.java:266:31:266:76 | Constant | Description | {...} | jca/Hash.java:266:31:266:76 | jca/Hash.java:266:31:266:76 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | | jca/Hash.java:266:32:266:40 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | @@ -724,11 +754,11 @@ | jca/Hash.java:266:66:266:75 | HashAlgorithm | Name | SHA3 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | | jca/Hash.java:266:66:266:75 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | | jca/Hash.java:269:27:269:38 | Constant | Description | "fixed-seed" | jca/Hash.java:269:27:269:38 | jca/Hash.java:269:27:269:38 | +| jca/Hash.java:294:16:294:66 | Constant | Description | getProperty(...) | jca/Hash.java:294:16:294:66 | jca/Hash.java:294:16:294:66 | | jca/Hash.java:294:16:294:66 | LocalData | Description | getProperty(...) | jca/Hash.java:294:16:294:66 | jca/Hash.java:294:16:294:66 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | | jca/Hash.java:294:57:294:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | -| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:310:9:310:42 | jca/Hash.java:310:9:310:42 | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:310:38:310:41 | jca/Hash.java:310:38:310:41 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | @@ -743,6 +773,7 @@ | jca/IVArtifact.java:38:42:38:44 | Key | KeyType | Unknown | jca/IVArtifact.java:38:42:38:44 | jca/IVArtifact.java:38:42:38:44 | | jca/IVArtifact.java:39:29:39:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:39:29:39:53 | jca/IVArtifact.java:39:29:39:53 | | jca/IVArtifact.java:49:27:49:42 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:49:27:49:42 | jca/IVArtifact.java:49:27:49:42 | +| jca/IVArtifact.java:70:16:70:81 | Constant | Description | getProperty(...) | jca/IVArtifact.java:70:16:70:81 | jca/IVArtifact.java:70:16:70:81 | | jca/IVArtifact.java:70:16:70:81 | LocalData | Description | getProperty(...) | jca/IVArtifact.java:70:16:70:81 | jca/IVArtifact.java:70:16:70:81 | | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | @@ -757,7 +788,6 @@ | jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | | jca/IVArtifact.java:75:21:75:23 | Constant | Description | 256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | | jca/IVArtifact.java:76:16:76:35 | Key | KeyType | Symmetric | jca/IVArtifact.java:76:16:76:35 | jca/IVArtifact.java:76:16:76:35 | -| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:81:9:81:40 | jca/IVArtifact.java:81:9:81:40 | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:81:38:81:39 | jca/IVArtifact.java:81:38:81:39 | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | Description | java.util.Random | jca/IVArtifact.java:87:32:87:33 | jca/IVArtifact.java:87:32:87:33 | | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | @@ -770,7 +800,6 @@ | jca/IVArtifact.java:108:42:108:44 | Key | KeyType | Unknown | jca/IVArtifact.java:108:42:108:44 | jca/IVArtifact.java:108:42:108:44 | | jca/IVArtifact.java:109:16:109:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:109:16:109:40 | jca/IVArtifact.java:109:16:109:40 | | jca/IVArtifact.java:116:31:116:34 | Constant | Description | null | jca/IVArtifact.java:116:31:116:34 | jca/IVArtifact.java:116:31:116:34 | -| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:130:13:130:50 | jca/IVArtifact.java:130:13:130:50 | | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:130:42:130:49 | jca/IVArtifact.java:130:42:130:49 | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | @@ -794,7 +823,6 @@ | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | | jca/IVArtifact.java:158:42:158:44 | Key | KeyType | Unknown | jca/IVArtifact.java:158:42:158:44 | jca/IVArtifact.java:158:42:158:44 | | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:159:16:159:40 | jca/IVArtifact.java:159:16:159:40 | -| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:177:9:177:40 | jca/IVArtifact.java:177:9:177:40 | | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:177:38:177:39 | jca/IVArtifact.java:177:38:177:39 | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | @@ -828,6 +856,7 @@ | jca/IVArtifact.java:275:34:275:46 | Constant | Description | "Message One" | jca/IVArtifact.java:275:34:275:46 | jca/IVArtifact.java:275:34:275:46 | | jca/IVArtifact.java:275:60:275:72 | Constant | Description | "Message Two" | jca/IVArtifact.java:275:60:275:72 | jca/IVArtifact.java:275:60:275:72 | | jca/IVArtifact.java:275:86:275:100 | Constant | Description | "Message Three" | jca/IVArtifact.java:275:86:275:100 | jca/IVArtifact.java:275:86:275:100 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | CurveType | SEC | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | KeySize | 256 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | Name | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | @@ -851,7 +880,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | -| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | @@ -873,7 +901,6 @@ | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | -| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | @@ -905,12 +932,14 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | -| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | KeyOperationSubtype | Mac | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | @@ -919,7 +948,6 @@ | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | -| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | @@ -945,6 +973,7 @@ | jca/KeyArtifact.java:37:29:37:56 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:37:29:37:56 | jca/KeyArtifact.java:37:29:37:56 | | jca/KeyArtifact.java:41:31:41:33 | Constant | Description | 256 | jca/KeyArtifact.java:41:31:41:33 | jca/KeyArtifact.java:41:31:41:33 | | jca/KeyArtifact.java:42:26:42:53 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:42:26:42:53 | jca/KeyArtifact.java:42:26:42:53 | +| jca/KeyArtifact.java:62:28:62:73 | Constant | Description | getProperty(...) | jca/KeyArtifact.java:62:28:62:73 | jca/KeyArtifact.java:62:28:62:73 | | jca/KeyArtifact.java:62:28:62:73 | LocalData | Description | getProperty(...) | jca/KeyArtifact.java:62:28:62:73 | jca/KeyArtifact.java:62:28:62:73 | | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:65:21:65:23 | jca/KeyArtifact.java:65:21:65:23 | | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | @@ -954,10 +983,12 @@ | jca/KeyArtifact.java:66:32:66:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:66:32:66:51 | jca/KeyArtifact.java:66:32:66:51 | | jca/KeyArtifact.java:72:31:72:34 | Constant | Description | 2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:73:16:73:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:73:16:73:43 | jca/KeyArtifact.java:73:16:73:43 | +| jca/KeyArtifact.java:78:31:78:54 | Constant | Description | {...} | jca/KeyArtifact.java:78:31:78:54 | jca/KeyArtifact.java:78:31:78:54 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | -| jca/KeyArtifact.java:78:45:78:53 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | Name | EDSA | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | RawName | Ed25519 | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | Description | password | jca/KeyDerivation1.java:78:39:78:53 | jca/KeyDerivation1.java:78:39:78:53 | | jca/KeyDerivation1.java:80:72:80:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | | jca/KeyDerivation1.java:80:79:80:81 | Constant | Description | 256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | @@ -1055,6 +1086,7 @@ | jca/KeyDerivation1.java:283:43:283:57 | Parameter | Description | password | jca/KeyDerivation1.java:283:43:283:57 | jca/KeyDerivation1.java:283:43:283:57 | | jca/KeyDerivation1.java:283:60:283:78 | Parameter | Description | sharedSecret | jca/KeyDerivation1.java:283:60:283:78 | jca/KeyDerivation1.java:283:60:283:78 | | jca/KeyDerivation1.java:302:37:302:51 | Parameter | Description | password | jca/KeyDerivation1.java:302:37:302:51 | jca/KeyDerivation1.java:302:37:302:51 | +| jca/KeyDerivation1.java:309:25:309:76 | Constant | Description | getProperty(...) | jca/KeyDerivation1.java:309:25:309:76 | jca/KeyDerivation1.java:309:25:309:76 | | jca/KeyDerivation1.java:309:25:309:76 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:309:25:309:76 | jca/KeyDerivation1.java:309:25:309:76 | | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | @@ -1063,10 +1095,14 @@ | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:310:43:310:86 | Constant | Description | getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | | jca/KeyDerivation1.java:310:43:310:86 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:311:40:311:78 | Constant | Description | getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:311:40:311:78 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:316:26:316:53 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:316:26:316:53 | jca/KeyDerivation1.java:316:26:316:53 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Iterations | Constant:getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Iterations | LocalData:getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | KeySize | Constant:getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | KeySize | LocalData:getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | | jca/KeyDerivation1.java:333:72:333:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | | jca/KeyDerivation1.java:333:79:333:81 | Constant | Description | 256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | @@ -1080,14 +1116,16 @@ | jca/KeyDerivation1.java:335:16:335:43 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:335:16:335:43 | jca/KeyDerivation1.java:335:16:335:43 | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Name | HMAC | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | | jca/KeyDerivation1.java:347:19:347:27 | Key | KeyType | Unknown | jca/KeyDerivation1.java:347:19:347:27 | jca/KeyDerivation1.java:347:19:347:27 | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:348:22:348:38 | jca/KeyDerivation1.java:348:22:348:38 | | jca/KeyDerivation1.java:352:19:352:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:352:19:352:54 | jca/KeyDerivation1.java:352:19:352:54 | | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:353:22:353:62 | jca/KeyDerivation1.java:353:22:353:62 | | jca/KeyDerivation1.java:353:35:353:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:353:35:353:50 | jca/KeyDerivation1.java:353:35:353:50 | -| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:365:9:365:42 | jca/KeyDerivation1.java:365:9:365:42 | | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:365:38:365:41 | jca/KeyDerivation1.java:365:38:365:41 | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | @@ -1113,7 +1151,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | -| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:75:9:75:40 | jca/KeyEncapsulation.java:75:9:75:40 | | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:75:38:75:39 | jca/KeyEncapsulation.java:75:38:75:39 | | jca/KeyEncapsulation.java:77:45:77:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:77:45:77:50 | jca/KeyEncapsulation.java:77:45:77:50 | | jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:78:29:78:80 | jca/KeyEncapsulation.java:78:29:78:80 | @@ -1131,6 +1168,7 @@ | jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | | jca/KeyEncapsulation.java:93:45:93:51 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:93:45:93:51 | jca/KeyEncapsulation.java:93:45:93:51 | | jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/KeyEncapsulation.java:94:30:94:58 | jca/KeyEncapsulation.java:94:30:94:58 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | CurveType | SEC | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | @@ -1147,11 +1185,11 @@ | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | -| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:135:9:135:40 | jca/KeyEncapsulation.java:135:9:135:40 | | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:135:38:135:39 | jca/KeyEncapsulation.java:135:38:135:39 | | jca/KeyEncapsulation.java:136:45:136:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:136:45:136:50 | jca/KeyEncapsulation.java:136:45:136:50 | | jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:137:29:137:73 | jca/KeyEncapsulation.java:137:29:137:73 | | jca/KeyEncapsulation.java:137:47:137:61 | Constant | Description | "ECIES message" | jca/KeyEncapsulation.java:137:47:137:61 | jca/KeyEncapsulation.java:137:47:137:61 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | CurveType | SEC | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | @@ -1166,6 +1204,7 @@ | jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | RawName | RSA | jca/KeyEncapsulation.java:207:64:207:68 | jca/KeyEncapsulation.java:207:64:207:68 | | jca/KeyEncapsulation.java:208:27:208:30 | Constant | Description | 2048 | jca/KeyEncapsulation.java:208:27:208:30 | jca/KeyEncapsulation.java:208:27:208:30 | | jca/KeyEncapsulation.java:209:25:209:48 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:209:25:209:48 | jca/KeyEncapsulation.java:209:25:209:48 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | CurveType | SEC | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | @@ -1188,6 +1227,7 @@ | jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:99:52:99:55 | jca/KeyExchange.java:99:52:99:55 | | jca/KeyExchange.java:100:17:100:26 | Key | KeyType | Unknown | jca/KeyExchange.java:100:17:100:26 | jca/KeyExchange.java:100:17:100:26 | | jca/KeyExchange.java:101:20:101:28 | Key | KeyType | Unknown | jca/KeyExchange.java:101:20:101:28 | jca/KeyExchange.java:101:20:101:28 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | CurveType | SEC | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | KeySize | 256 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | Name | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | @@ -1215,14 +1255,20 @@ | jca/KeyExchange.java:212:20:212:28 | Key | KeyType | Unknown | jca/KeyExchange.java:212:20:212:28 | jca/KeyExchange.java:212:20:212:28 | | jca/MACOperation.java:59:36:59:49 | Parameter | Description | message | jca/MACOperation.java:59:36:59:49 | jca/MACOperation.java:59:36:59:49 | | jca/MACOperation.java:59:52:59:61 | Parameter | Description | key | jca/MACOperation.java:59:52:59:61 | jca/MACOperation.java:59:52:59:61 | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | | jca/MACOperation.java:62:18:62:26 | Key | KeyType | Unknown | jca/MACOperation.java:62:18:62:26 | jca/MACOperation.java:62:18:62:26 | | jca/MACOperation.java:63:16:63:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:63:16:63:46 | jca/MACOperation.java:63:16:63:46 | | jca/MACOperation.java:70:34:70:47 | Parameter | Description | message | jca/MACOperation.java:70:34:70:47 | jca/MACOperation.java:70:34:70:47 | | jca/MACOperation.java:70:50:70:59 | Parameter | Description | key | jca/MACOperation.java:70:50:70:59 | jca/MACOperation.java:70:50:70:59 | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | Name | SHA3 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | | jca/MACOperation.java:73:18:73:26 | Key | KeyType | Unknown | jca/MACOperation.java:73:18:73:26 | jca/MACOperation.java:73:18:73:26 | | jca/MACOperation.java:74:16:74:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:74:16:74:46 | jca/MACOperation.java:74:16:74:46 | | jca/MACOperation.java:81:34:81:47 | Parameter | Description | message | jca/MACOperation.java:81:34:81:47 | jca/MACOperation.java:81:34:81:47 | @@ -1244,8 +1290,11 @@ | jca/MACOperation.java:110:16:110:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:110:16:110:46 | jca/MACOperation.java:110:16:110:46 | | jca/MACOperation.java:117:36:117:49 | Parameter | Description | message | jca/MACOperation.java:117:36:117:49 | jca/MACOperation.java:117:36:117:49 | | jca/MACOperation.java:117:52:117:61 | Parameter | Description | key | jca/MACOperation.java:117:52:117:61 | jca/MACOperation.java:117:52:117:61 | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | DigestSize | 160 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | Name | SHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | | jca/MACOperation.java:120:18:120:26 | Key | KeyType | Unknown | jca/MACOperation.java:120:18:120:26 | jca/MACOperation.java:120:18:120:26 | | jca/MACOperation.java:121:16:121:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:121:16:121:46 | jca/MACOperation.java:121:16:121:46 | | jca/MACOperation.java:133:34:133:49 | Parameter | Description | macOutput | jca/MACOperation.java:133:34:133:49 | jca/MACOperation.java:133:34:133:49 | @@ -1283,8 +1332,11 @@ | jca/MACOperation.java:181:42:181:54 | Key | KeyType | Unknown | jca/MACOperation.java:181:42:181:54 | jca/MACOperation.java:181:42:181:54 | | jca/MACOperation.java:182:29:182:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:182:29:182:78 | jca/MACOperation.java:182:29:182:78 | | jca/MACOperation.java:182:44:182:66 | Constant | Description | "Further Use Test Data" | jca/MACOperation.java:182:44:182:66 | jca/MACOperation.java:182:44:182:66 | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | | jca/MACOperation.java:186:18:186:30 | Key | KeyType | Unknown | jca/MACOperation.java:186:18:186:30 | jca/MACOperation.java:186:18:186:30 | | jca/MACOperation.java:187:30:187:52 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:187:30:187:52 | jca/MACOperation.java:187:30:187:52 | | jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | @@ -1302,15 +1354,21 @@ | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | | jca/MACOperation.java:233:21:233:23 | Constant | Description | 256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | | jca/MACOperation.java:234:16:234:35 | Key | KeyType | Symmetric | jca/MACOperation.java:234:16:234:35 | jca/MACOperation.java:234:16:234:35 | -| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:246:9:246:42 | jca/MACOperation.java:246:9:246:42 | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:246:38:246:41 | jca/MACOperation.java:246:38:246:41 | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | DigestSize | 256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | Name | SHA2 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | | jca/Nonce.java:25:18:25:20 | Key | KeyType | Unknown | jca/Nonce.java:25:18:25:20 | jca/Nonce.java:25:18:25:20 | | jca/Nonce.java:27:28:27:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:27:28:27:69 | jca/Nonce.java:27:28:27:69 | | jca/Nonce.java:27:40:27:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:27:40:27:57 | jca/Nonce.java:27:40:27:57 | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:35:24:35:41 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:35:24:35:41 | jca/Nonce.java:35:24:35:41 | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | DigestSize | 256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | Name | SHA2 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | | jca/Nonce.java:38:18:38:20 | Key | KeyType | Unknown | jca/Nonce.java:38:18:38:20 | jca/Nonce.java:38:18:38:20 | | jca/Nonce.java:40:28:40:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:40:28:40:67 | jca/Nonce.java:40:28:40:67 | | jca/Nonce.java:40:40:40:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:40:40:40:55 | jca/Nonce.java:40:40:40:55 | @@ -1336,15 +1394,18 @@ | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | | jca/Nonce.java:62:42:62:44 | Key | KeyType | Unknown | jca/Nonce.java:62:42:62:44 | jca/Nonce.java:62:42:62:44 | | jca/Nonce.java:63:29:63:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:63:29:63:53 | jca/Nonce.java:63:29:63:53 | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | Name | HMAC | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | DigestSize | 256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | Name | SHA2 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | | jca/Nonce.java:78:18:78:20 | Key | KeyType | Unknown | jca/Nonce.java:78:18:78:20 | jca/Nonce.java:78:18:78:20 | | jca/Nonce.java:80:28:80:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:80:28:80:67 | jca/Nonce.java:80:28:80:67 | | jca/Nonce.java:80:40:80:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:80:40:80:55 | jca/Nonce.java:80:40:80:55 | | jca/Nonce.java:92:56:92:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:92:56:92:67 | jca/Nonce.java:92:56:92:67 | | jca/Nonce.java:93:16:93:35 | Key | KeyType | Symmetric | jca/Nonce.java:93:16:93:35 | jca/Nonce.java:93:16:93:35 | -| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:98:9:98:43 | jca/Nonce.java:98:9:98:43 | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:98:38:98:42 | jca/Nonce.java:98:38:98:42 | +| jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | Description | java.util.Random | jca/Nonce.java:104:32:104:36 | jca/Nonce.java:104:32:104:36 | | jca/Nonce.java:112:16:112:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:112:16:112:33 | jca/Nonce.java:112:16:112:33 | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Name | AES | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | @@ -1352,6 +1413,7 @@ | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Structure | Block | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | | jca/PrngTest.java:153:21:153:23 | Constant | Description | 256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | | jca/PrngTest.java:154:16:154:35 | Key | KeyType | Symmetric | jca/PrngTest.java:154:16:154:35 | jca/PrngTest.java:154:16:154:35 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | CurveType | SEC | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | KeySize | 256 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | Name | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | @@ -1384,7 +1446,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | -| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:94:9:94:28 | jca/SignEncryptCombinations.java:94:9:94:28 | | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:94:26:94:27 | jca/SignEncryptCombinations.java:94:26:94:27 | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:96:42:96:44 | jca/SignEncryptCombinations.java:96:42:96:44 | | jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:97:29:97:53 | jca/SignEncryptCombinations.java:97:29:97:53 | @@ -1397,8 +1458,11 @@ | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | | jca/SignEncryptCombinations.java:112:42:112:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:112:42:112:44 | jca/SignEncryptCombinations.java:112:42:112:44 | | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/SignEncryptCombinations.java:113:16:113:41 | jca/SignEncryptCombinations.java:113:16:113:41 | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:122:18:122:20 | jca/SignEncryptCombinations.java:122:18:122:20 | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | KeyOperationSubtype | Mac | jca/SignEncryptCombinations.java:123:16:123:32 | jca/SignEncryptCombinations.java:123:16:123:32 | | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | Description | "Hello, combinations!" | jca/SignEncryptCombinations.java:335:26:335:47 | jca/SignEncryptCombinations.java:335:26:335:47 | @@ -1421,6 +1485,7 @@ | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | | jca/SignatureOperation.java:76:30:76:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:76:30:76:38 | jca/SignatureOperation.java:76:30:76:38 | | jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:78:16:78:41 | jca/SignatureOperation.java:78:16:78:41 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | CurveType | SEC | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | Name | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | @@ -1440,7 +1505,8 @@ | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | | jca/SignatureOperation.java:116:30:116:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:116:30:116:38 | jca/SignatureOperation.java:116:30:116:38 | | jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:118:16:118:41 | jca/SignatureOperation.java:118:16:118:41 | -| jca/SignatureOperation.java:132:61:132:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | | jca/SignatureOperation.java:133:16:133:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:133:16:133:36 | jca/SignatureOperation.java:133:16:133:36 | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | @@ -1506,7 +1572,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | -| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:53:9:53:40 | jca/SymmetricAlgorithm.java:53:9:53:40 | | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:53:38:53:39 | jca/SymmetricAlgorithm.java:53:38:53:39 | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:55:42:55:44 | jca/SymmetricAlgorithm.java:55:42:55:44 | | jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:56:29:56:53 | jca/SymmetricAlgorithm.java:56:29:56:53 | @@ -1528,7 +1593,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | -| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:96:9:96:40 | jca/SymmetricAlgorithm.java:96:9:96:40 | | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:96:38:96:39 | jca/SymmetricAlgorithm.java:96:38:96:39 | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:98:42:98:44 | jca/SymmetricAlgorithm.java:98:42:98:44 | | jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:99:29:99:53 | jca/SymmetricAlgorithm.java:99:29:99:53 | @@ -1556,19 +1620,19 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | -| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:148:9:148:40 | jca/SymmetricAlgorithm.java:148:9:148:40 | | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:148:38:148:39 | jca/SymmetricAlgorithm.java:148:38:148:39 | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:150:42:150:44 | jca/SymmetricAlgorithm.java:150:42:150:44 | | jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:151:29:151:53 | jca/SymmetricAlgorithm.java:151:29:151:53 | | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | Description | key | jca/SymmetricAlgorithm.java:167:42:167:54 | jca/SymmetricAlgorithm.java:167:42:167:54 | | jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:167:57:167:72 | jca/SymmetricAlgorithm.java:167:57:167:72 | -| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Name | Unknown | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | KeySize | 56 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Name | DES | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | RawName | DESede/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | -| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:170:9:170:40 | jca/SymmetricAlgorithm.java:170:9:170:40 | | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:170:38:170:39 | jca/SymmetricAlgorithm.java:170:38:170:39 | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:172:42:172:44 | jca/SymmetricAlgorithm.java:172:42:172:44 | | jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:173:29:173:53 | jca/SymmetricAlgorithm.java:173:29:173:53 | @@ -1576,7 +1640,6 @@ | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | -| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:192:9:192:43 | jca/SymmetricAlgorithm.java:192:9:192:43 | | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:192:38:192:42 | jca/SymmetricAlgorithm.java:192:38:192:42 | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:194:42:194:44 | jca/SymmetricAlgorithm.java:194:42:194:44 | | jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:195:29:195:53 | jca/SymmetricAlgorithm.java:195:29:195:53 | @@ -1592,7 +1655,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | -| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:220:9:220:40 | jca/SymmetricAlgorithm.java:220:9:220:40 | | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:220:38:220:39 | jca/SymmetricAlgorithm.java:220:38:220:39 | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:222:42:222:51 | jca/SymmetricAlgorithm.java:222:42:222:51 | | jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:223:29:223:53 | jca/SymmetricAlgorithm.java:223:29:223:53 | @@ -1619,12 +1681,14 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | -| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:297:9:297:40 | jca/SymmetricAlgorithm.java:297:9:297:40 | | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:297:38:297:39 | jca/SymmetricAlgorithm.java:297:38:297:39 | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:298:42:298:47 | jca/SymmetricAlgorithm.java:298:42:298:47 | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:299:29:299:53 | jca/SymmetricAlgorithm.java:299:29:299:53 | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | DigestSize | 256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | Name | SHA2 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:302:18:302:30 | jca/SymmetricAlgorithm.java:302:18:302:30 | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:303:30:303:52 | jca/SymmetricAlgorithm.java:303:30:303:52 | | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | @@ -1633,7 +1697,6 @@ | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | | jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:333:16:333:31 | jca/SymmetricAlgorithm.java:333:16:333:31 | -| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:345:9:345:42 | jca/SymmetricAlgorithm.java:345:9:345:42 | | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:345:38:345:41 | jca/SymmetricAlgorithm.java:345:38:345:41 | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | @@ -1660,7 +1723,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | -| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:81:9:81:40 | jca/SymmetricModesTest.java:81:9:81:40 | | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:81:38:81:39 | jca/SymmetricModesTest.java:81:38:81:39 | | jca/SymmetricModesTest.java:83:42:83:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:83:42:83:44 | jca/SymmetricModesTest.java:83:42:83:44 | | jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:84:29:84:53 | jca/SymmetricModesTest.java:84:29:84:53 | @@ -1693,7 +1755,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | -| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:31:9:31:40 | jca/UniversalFlowTest.java:31:9:31:40 | | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:31:38:31:39 | jca/UniversalFlowTest.java:31:38:31:39 | | jca/UniversalFlowTest.java:33:42:33:44 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:33:42:33:44 | jca/UniversalFlowTest.java:33:42:33:44 | | jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:34:32:34:74 | jca/UniversalFlowTest.java:34:32:34:74 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 39816c682343..b9661aaf64f9 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -27,7 +27,6 @@ | jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | | jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | @@ -38,7 +37,6 @@ | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | | jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | @@ -50,14 +48,12 @@ | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | | jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | -| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | @@ -69,7 +65,6 @@ | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | @@ -109,7 +104,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | @@ -135,7 +129,6 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | @@ -155,12 +148,14 @@ | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HMACAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | HashAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | @@ -172,7 +167,6 @@ | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | @@ -188,7 +182,6 @@ | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | @@ -210,7 +203,6 @@ | jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | | jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | -| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | @@ -220,7 +212,6 @@ | jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | -| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | @@ -289,7 +280,8 @@ | jca/Digest.java:109:41:109:56 | Message | | jca/Digest.java:117:35:117:46 | Parameter | | jca/Digest.java:117:49:117:58 | Parameter | -| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:118:36:118:47 | HMACAlgorithm | +| jca/Digest.java:118:36:118:47 | HashAlgorithm | | jca/Digest.java:120:19:120:27 | Key | | jca/Digest.java:121:23:121:52 | KeyOperationOutput | | jca/Digest.java:121:23:121:52 | MACOperation | @@ -321,7 +313,8 @@ | jca/Digest.java:188:29:188:78 | KeyOperationOutput | | jca/Digest.java:188:44:188:66 | Constant | | jca/Digest.java:188:44:188:77 | Message | -| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:191:35:191:46 | HMACAlgorithm | +| jca/Digest.java:191:35:191:46 | HashAlgorithm | | jca/Digest.java:192:18:192:23 | Key | | jca/Digest.java:193:30:193:52 | KeyOperationOutput | | jca/Digest.java:193:30:193:52 | MACOperation | @@ -337,7 +330,6 @@ | jca/Digest.java:240:21:240:23 | Constant | | jca/Digest.java:241:16:241:35 | Key | | jca/Digest.java:241:16:241:35 | KeyGeneration | -| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | | jca/EllipticCurve1.java:47:16:47:36 | Key | @@ -360,7 +352,7 @@ | jca/EllipticCurve1.java:105:66:105:76 | Constant | | jca/EllipticCurve1.java:106:16:106:36 | Key | | jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | -| jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:114:61:114:69 | KeyOperationAlgorithm | | jca/EllipticCurve1.java:115:16:115:36 | Key | | jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | @@ -375,7 +367,7 @@ | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | | jca/EllipticCurve2.java:73:16:73:36 | Key | | jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | -| jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:80:61:80:69 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:81:16:81:36 | Key | | jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | @@ -422,7 +414,6 @@ | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | -| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | | jca/EllipticCurve2.java:223:42:223:47 | Key | | jca/EllipticCurve2.java:223:50:223:53 | Nonce | @@ -438,7 +429,6 @@ | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | -| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | | jca/Encryption1.java:67:42:67:44 | Key | | jca/Encryption1.java:67:47:67:53 | Nonce | @@ -508,7 +498,6 @@ | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | -| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | | jca/Encryption1.java:175:45:175:50 | Key | | jca/Encryption1.java:175:53:175:59 | Nonce | @@ -532,7 +521,6 @@ | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | -| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | | jca/Encryption2.java:109:45:109:50 | Key | | jca/Encryption2.java:109:53:109:59 | Nonce | @@ -544,7 +532,6 @@ | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | -| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | | jca/Encryption2.java:149:45:149:50 | Key | | jca/Encryption2.java:149:53:149:59 | Nonce | @@ -552,7 +539,8 @@ | jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | | jca/Encryption2.java:150:50:150:86 | Constant | | jca/Encryption2.java:150:50:150:97 | Message | -| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:173:36:173:47 | HMACAlgorithm | +| jca/Encryption2.java:173:36:173:47 | HashAlgorithm | | jca/Encryption2.java:175:19:175:27 | Key | | jca/Encryption2.java:176:31:176:52 | KeyOperationOutput | | jca/Encryption2.java:176:31:176:52 | MACOperation | @@ -590,6 +578,7 @@ | jca/Hash.java:174:23:174:52 | HashOperation | | jca/Hash.java:174:37:174:51 | Message | | jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:191:31:192:48 | Constant | | jca/Hash.java:191:32:191:38 | HashAlgorithm | | jca/Hash.java:191:41:191:49 | HashAlgorithm | | jca/Hash.java:191:52:191:60 | HashAlgorithm | @@ -598,19 +587,25 @@ | jca/Hash.java:191:85:191:94 | HashAlgorithm | | jca/Hash.java:191:97:191:106 | HashAlgorithm | | jca/Hash.java:192:13:192:25 | HashAlgorithm | -| jca/Hash.java:192:28:192:40 | HashAlgorithm | | jca/Hash.java:192:43:192:47 | HashAlgorithm | | jca/Hash.java:195:27:195:57 | Digest | | jca/Hash.java:195:27:195:57 | HashOperation | | jca/Hash.java:195:41:195:56 | Message | | jca/Hash.java:211:43:211:54 | Parameter | | jca/Hash.java:211:57:211:66 | Parameter | -| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | -| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | -| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | -| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | -| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | -| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:212:31:212:116 | Constant | +| jca/Hash.java:212:32:212:41 | HMACAlgorithm | +| jca/Hash.java:212:32:212:41 | HashAlgorithm | +| jca/Hash.java:212:44:212:55 | HMACAlgorithm | +| jca/Hash.java:212:44:212:55 | HashAlgorithm | +| jca/Hash.java:212:58:212:69 | HMACAlgorithm | +| jca/Hash.java:212:58:212:69 | HashAlgorithm | +| jca/Hash.java:212:72:212:83 | HMACAlgorithm | +| jca/Hash.java:212:72:212:83 | HashAlgorithm | +| jca/Hash.java:212:86:212:99 | HMACAlgorithm | +| jca/Hash.java:212:86:212:99 | HashAlgorithm | +| jca/Hash.java:212:102:212:115 | HMACAlgorithm | +| jca/Hash.java:212:102:212:115 | HashAlgorithm | | jca/Hash.java:216:22:216:30 | Key | | jca/Hash.java:217:27:217:55 | KeyOperationOutput | | jca/Hash.java:217:27:217:55 | MACOperation | @@ -629,6 +624,7 @@ | jca/Hash.java:252:23:252:70 | HashOperation | | jca/Hash.java:252:37:252:58 | Constant | | jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:266:31:266:76 | Constant | | jca/Hash.java:266:32:266:40 | HashAlgorithm | | jca/Hash.java:266:43:266:51 | HashAlgorithm | | jca/Hash.java:266:54:266:63 | HashAlgorithm | @@ -637,9 +633,9 @@ | jca/Hash.java:270:27:270:30 | Message | | jca/Hash.java:271:40:271:54 | Digest | | jca/Hash.java:271:40:271:54 | HashOperation | +| jca/Hash.java:294:16:294:66 | Constant | | jca/Hash.java:294:16:294:66 | LocalData | | jca/Hash.java:294:57:294:65 | HashAlgorithm | -| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | @@ -656,6 +652,7 @@ | jca/IVArtifact.java:39:29:39:53 | KeyOperationOutput | | jca/IVArtifact.java:39:44:39:52 | Message | | jca/IVArtifact.java:49:27:49:42 | Constant | +| jca/IVArtifact.java:70:16:70:81 | Constant | | jca/IVArtifact.java:70:16:70:81 | LocalData | | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | | jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | @@ -664,7 +661,6 @@ | jca/IVArtifact.java:75:21:75:23 | Constant | | jca/IVArtifact.java:76:16:76:35 | Key | | jca/IVArtifact.java:76:16:76:35 | KeyGeneration | -| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | @@ -676,7 +672,6 @@ | jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | | jca/IVArtifact.java:109:31:109:39 | Message | | jca/IVArtifact.java:116:31:116:34 | Constant | -| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | | jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | @@ -699,7 +694,6 @@ | jca/IVArtifact.java:159:16:159:40 | EncryptOperation | | jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | | jca/IVArtifact.java:159:31:159:39 | Message | -| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | @@ -748,7 +742,6 @@ | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | @@ -770,7 +763,6 @@ | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | @@ -799,14 +791,14 @@ | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | HashAlgorithm | | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | KeyOperationOutput | | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | @@ -815,7 +807,6 @@ | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | -| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | | jca/KeyArtifact.java:19:21:19:23 | Constant | @@ -836,6 +827,7 @@ | jca/KeyArtifact.java:41:31:41:33 | Constant | | jca/KeyArtifact.java:42:26:42:53 | Key | | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | +| jca/KeyArtifact.java:62:28:62:73 | Constant | | jca/KeyArtifact.java:62:28:62:73 | LocalData | | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | | jca/KeyArtifact.java:65:21:65:23 | Constant | @@ -844,8 +836,9 @@ | jca/KeyArtifact.java:72:31:72:34 | Constant | | jca/KeyArtifact.java:73:16:73:43 | Key | | jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | +| jca/KeyArtifact.java:78:31:78:54 | Constant | | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:78:45:78:53 | KeyOperationAlgorithm | | jca/KeyDerivation1.java:78:39:78:53 | Parameter | | jca/KeyDerivation1.java:80:42:80:63 | Message | | jca/KeyDerivation1.java:80:66:80:69 | Salt | @@ -929,11 +922,14 @@ | jca/KeyDerivation1.java:283:43:283:57 | Parameter | | jca/KeyDerivation1.java:283:60:283:78 | Parameter | | jca/KeyDerivation1.java:302:37:302:51 | Parameter | +| jca/KeyDerivation1.java:309:25:309:76 | Constant | | jca/KeyDerivation1.java:309:25:309:76 | LocalData | | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:310:43:310:86 | Constant | | jca/KeyDerivation1.java:310:43:310:86 | LocalData | +| jca/KeyDerivation1.java:311:40:311:78 | Constant | | jca/KeyDerivation1.java:311:40:311:78 | LocalData | | jca/KeyDerivation1.java:314:42:314:63 | Message | | jca/KeyDerivation1.java:314:66:314:69 | Salt | @@ -948,7 +944,8 @@ | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | | jca/KeyDerivation1.java:335:16:335:43 | Key | | jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | -| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | HMACAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | HashAlgorithm | | jca/KeyDerivation1.java:347:19:347:27 | Key | | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | @@ -958,7 +955,6 @@ | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | | jca/KeyDerivation1.java:353:35:353:50 | Constant | | jca/KeyDerivation1.java:353:35:353:61 | Message | -| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:61:21:61:23 | Constant | @@ -975,7 +971,6 @@ | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:77:45:77:50 | Key | | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | @@ -1004,7 +999,6 @@ | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | | jca/KeyEncapsulation.java:136:45:136:50 | Key | | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | @@ -1074,14 +1068,16 @@ | jca/KeyExchange.java:213:16:213:34 | SharedSecret | | jca/MACOperation.java:59:36:59:49 | Parameter | | jca/MACOperation.java:59:52:59:61 | Parameter | -| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:60:35:60:46 | HMACAlgorithm | +| jca/MACOperation.java:60:35:60:46 | HashAlgorithm | | jca/MACOperation.java:62:18:62:26 | Key | | jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | | jca/MACOperation.java:63:16:63:46 | MACOperation | | jca/MACOperation.java:63:28:63:45 | Message | | jca/MACOperation.java:70:34:70:47 | Parameter | | jca/MACOperation.java:70:50:70:59 | Parameter | -| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:71:35:71:48 | HMACAlgorithm | +| jca/MACOperation.java:71:35:71:48 | HashAlgorithm | | jca/MACOperation.java:73:18:73:26 | Key | | jca/MACOperation.java:74:16:74:46 | KeyOperationOutput | | jca/MACOperation.java:74:16:74:46 | MACOperation | @@ -1109,7 +1105,8 @@ | jca/MACOperation.java:110:28:110:45 | Message | | jca/MACOperation.java:117:36:117:49 | Parameter | | jca/MACOperation.java:117:52:117:61 | Parameter | -| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:118:35:118:44 | HMACAlgorithm | +| jca/MACOperation.java:118:35:118:44 | HashAlgorithm | | jca/MACOperation.java:120:18:120:26 | Key | | jca/MACOperation.java:121:16:121:46 | KeyOperationOutput | | jca/MACOperation.java:121:16:121:46 | MACOperation | @@ -1142,7 +1139,8 @@ | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | | jca/MACOperation.java:182:44:182:66 | Constant | | jca/MACOperation.java:182:44:182:77 | Message | -| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:185:35:185:46 | HMACAlgorithm | +| jca/MACOperation.java:185:35:185:46 | HashAlgorithm | | jca/MACOperation.java:186:18:186:30 | Key | | jca/MACOperation.java:187:30:187:52 | KeyOperationOutput | | jca/MACOperation.java:187:30:187:52 | MACOperation | @@ -1158,16 +1156,20 @@ | jca/MACOperation.java:233:21:233:23 | Constant | | jca/MACOperation.java:234:16:234:35 | Key | | jca/MACOperation.java:234:16:234:35 | KeyGeneration | -| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | -| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:24:35:24:46 | HMACAlgorithm | +| jca/Nonce.java:24:35:24:46 | HashAlgorithm | | jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:26:20:26:24 | Message | | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | | jca/Nonce.java:27:28:27:69 | MACOperation | | jca/Nonce.java:27:40:27:57 | Constant | | jca/Nonce.java:27:40:27:68 | Message | -| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:35:24:35:41 | Constant | +| jca/Nonce.java:37:35:37:46 | HMACAlgorithm | +| jca/Nonce.java:37:35:37:46 | HashAlgorithm | | jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:39:20:39:24 | Message | | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | | jca/Nonce.java:40:28:40:67 | MACOperation | | jca/Nonce.java:40:40:40:55 | Constant | @@ -1192,8 +1194,10 @@ | jca/Nonce.java:63:29:63:53 | EncryptOperation | | jca/Nonce.java:63:29:63:53 | KeyOperationOutput | | jca/Nonce.java:63:44:63:52 | Message | -| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:70:53:70:64 | HMACAlgorithm | +| jca/Nonce.java:70:53:70:64 | HashAlgorithm | | jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:79:20:79:24 | Message | | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | | jca/Nonce.java:80:28:80:67 | MACOperation | | jca/Nonce.java:80:40:80:55 | Constant | @@ -1201,8 +1205,8 @@ | jca/Nonce.java:92:56:92:67 | Constant | | jca/Nonce.java:93:16:93:35 | Key | | jca/Nonce.java:93:16:93:35 | KeyGeneration | -| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:104:32:104:36 | RandomNumberGeneration | | jca/Nonce.java:112:16:112:33 | Constant | | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | | jca/PrngTest.java:153:21:153:23 | Constant | @@ -1230,7 +1234,6 @@ | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | | jca/SignEncryptCombinations.java:96:42:96:44 | Key | | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | @@ -1245,7 +1248,8 @@ | jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | | jca/SignEncryptCombinations.java:113:31:113:40 | Message | -| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | HMACAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | HashAlgorithm | | jca/SignEncryptCombinations.java:122:18:122:20 | Key | | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | @@ -1282,7 +1286,7 @@ | jca/SignatureOperation.java:117:26:117:29 | Message | | jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | -| jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:132:61:132:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:133:16:133:36 | Key | | jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | @@ -1335,7 +1339,6 @@ | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | @@ -1355,7 +1358,6 @@ | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | @@ -1379,7 +1381,6 @@ | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | @@ -1391,7 +1392,6 @@ | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | @@ -1399,7 +1399,6 @@ | jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | @@ -1416,7 +1415,6 @@ | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | @@ -1439,14 +1437,14 @@ | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | | jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | -| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | HashAlgorithm | | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | | jca/SymmetricAlgorithm.java:303:30:303:52 | KeyOperationOutput | | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | @@ -1455,7 +1453,6 @@ | jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | | jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | -| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:49:17:49:19 | Constant | @@ -1476,7 +1473,6 @@ | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | | jca/SymmetricModesTest.java:83:42:83:44 | Key | | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | @@ -1504,7 +1500,6 @@ | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | -| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | | jca/UniversalFlowTest.java:33:42:33:44 | Key | | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected deleted file mode 100644 index 38ba6187b595..000000000000 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected +++ /dev/null @@ -1,4 +0,0 @@ -| Test.java:40:47:40:52 | Nonce | Reuse with nonce $@ | Test.java:49:47:49:52 | Nonce | Nonce | -| Test.java:49:47:49:52 | Nonce | Reuse with nonce $@ | Test.java:40:47:40:52 | Nonce | Nonce | -| Test.java:76:48:76:54 | Nonce | Reuse with nonce $@ | Test.java:82:49:82:55 | Nonce | Nonce | -| Test.java:82:49:82:55 | Nonce | Reuse with nonce $@ | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref deleted file mode 100644 index bfe67a6c2e8e..000000000000 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/quantum/Analysis/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected new file mode 100644 index 000000000000..2a3c1d533dfb --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected @@ -0,0 +1,36 @@ +#select +| BadMacUse.java:56:42:56:50 | plaintext | BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | Incorrect decryption and MAC order: decryption output plaintext flows to MAC message input. | +| BadMacUse.java:124:42:124:51 | ciphertext | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | BadMacUse.java:124:42:124:51 | ciphertext | Incorrect decryption and MAC order: decryption output plaintext flows to MAC message input. | +edges +| BadMacUse.java:27:29:27:53 | doFinal(...) : byte[] | BadMacUse.java:32:42:32:51 | ciphertext | provenance | | +| BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | BadMacUse.java:56:42:56:50 | plaintext | provenance | | +| BadMacUse.java:84:83:84:91 | iv : byte[] | BadMacUse.java:90:63:90:64 | iv : byte[] | provenance | | +| BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | BadMacUse.java:91:42:91:56 | ivParameterSpec | provenance | Sink:MaD:1 | +| BadMacUse.java:90:63:90:64 | iv : byte[] | BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| BadMacUse.java:90:63:90:64 | iv : byte[] | BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:2 | +| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | BadMacUse.java:118:29:118:106 | cipherOperationWrapper(...) : byte[] | provenance | | +| BadMacUse.java:117:38:117:39 | iv : byte[] | BadMacUse.java:118:83:118:84 | iv : byte[] | provenance | | +| BadMacUse.java:118:29:118:106 | cipherOperationWrapper(...) : byte[] | BadMacUse.java:124:42:124:51 | ciphertext | provenance | | +| BadMacUse.java:118:83:118:84 | iv : byte[] | BadMacUse.java:84:83:84:91 | iv : byte[] | provenance | | +models +| 1 | Sink: javax.crypto; Cipher; true; init; (int,Key,AlgorithmParameterSpec); ; Argument[2]; encryption-iv; manual | +| 2 | Summary: javax.crypto.spec; IvParameterSpec; true; IvParameterSpec; ; ; Argument[0]; Argument[this]; taint; manual | +nodes +| BadMacUse.java:27:29:27:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:32:42:32:51 | ciphertext | semmle.label | ciphertext | +| BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:56:42:56:50 | plaintext | semmle.label | plaintext | +| BadMacUse.java:84:83:84:91 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:90:43:90:65 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| BadMacUse.java:90:63:90:64 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:91:42:91:56 | ivParameterSpec | semmle.label | ivParameterSpec | +| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] | +| BadMacUse.java:117:38:117:39 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:118:29:118:106 | cipherOperationWrapper(...) : byte[] | semmle.label | cipherOperationWrapper(...) : byte[] | +| BadMacUse.java:118:83:118:84 | iv : byte[] | semmle.label | iv : byte[] | +| BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext | +subpaths +testFailures +| BadMacUse.java:63:118:63:127 | // $Source | Missing result: Source | +| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | Unexpected result: Source | +| BadMacUse.java:124:42:124:51 | ciphertext | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref new file mode 100644 index 000000000000..6ee58d936818 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/BadMacOrderDecryptToMac.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected new file mode 100644 index 000000000000..70733bbf8d35 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected @@ -0,0 +1,14 @@ +#select +| BadMacUse.java:76:44:76:52 | plaintext | BadMacUse.java:63:82:63:97 | plaintext : byte[] | BadMacUse.java:76:44:76:52 | plaintext | Incorrect MAC usage: Encryption plaintext also used for MAC. Flow shows plaintext to final use through intermediate mac or encryption operation here $@ | BadMacUse.java:71:42:71:50 | plaintext | plaintext | +edges +| BadMacUse.java:63:82:63:97 | plaintext : byte[] | BadMacUse.java:71:42:71:50 | plaintext : byte[] | provenance | | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | BadMacUse.java:71:42:71:50 | plaintext : byte[] | provenance | Config | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | BadMacUse.java:76:44:76:52 | plaintext | provenance | | +nodes +| BadMacUse.java:63:82:63:97 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:71:42:71:50 | plaintext : byte[] | semmle.label | plaintext : byte[] | +| BadMacUse.java:76:44:76:52 | plaintext | semmle.label | plaintext | +subpaths +testFailures +| BadMacUse.java:50:56:50:65 | // $Source | Missing result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref new file mode 100644 index 000000000000..f094aa14a467 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java new file mode 100644 index 000000000000..597c2a106d82 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java @@ -0,0 +1,132 @@ + +import java.security.*; +import java.util.Arrays; +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +class BadMacUse { + + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } + + public void CipherThenMac(byte[] encryptionKeyBytes, byte[] macKeyBytes) throws Exception { + // Create keys directly from provided byte arrays + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // Encrypt some sample data using the encryption key + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] plaintext = "Further Use Test Data".getBytes(); + byte[] ciphertext = cipher.doFinal(plaintext); + + // Compute HMAC over the ciphertext using the MAC key + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(ciphertext); + + // Concatenate ciphertext and MAC + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + } + + public void BadDecryptThenMacOnPlaintextVerify(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] input) throws Exception { + // Split input into ciphertext and MAC + int macLength = 32; // HMAC-SHA256 output length + byte[] ciphertext = Arrays.copyOfRange(input, 0, input.length - macLength); + byte[] receivedMac = Arrays.copyOfRange(input, input.length - macLength, input.length); + + // Decrypt first (unsafe) + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] plaintext = cipher.doFinal(ciphertext); // $Source + + // Now verify MAC (too late) + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(plaintext); // $Alert[java/quantum/examples/bad-mac-order-decrypt-to-mac] + + if (!MessageDigest.isEqual(receivedMac, computedMac)) { + throw new SecurityException("MAC verification failed"); + } + } + + public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $Source + // Create keys directly from provided byte arrays + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // BAD Compute MAC over plaintext (not ciphertext) + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(plaintext); // Integrity not tied to encrypted data + + // Encrypt the plaintext + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] ciphertext = cipher.doFinal(plaintext); // $Alert[java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac] + + // Concatenate ciphertext and MAC + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + } + + public byte[] cipherOperationWrapper(byte[] bytes, byte[] encryptionKeyBytes, byte[] iv, int mode) + throws Exception { + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKeySpec secretKeySpec = new SecretKeySpec(encryptionKeyBytes, "AES"); + + IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); + cipher.init(mode, secretKeySpec, ivParameterSpec); + return cipher.doFinal(bytes); + } + + /** + * A use of the cipher operation wrapper for decryption to throw off the + * analysis + */ + public byte[] decryptUsingWrapper(byte[] ciphertext, byte[] encryptionKeyBytes, byte[] iv) throws Exception { + return cipherOperationWrapper(ciphertext, encryptionKeyBytes, iv, Cipher.DECRYPT_MODE); + } + + /** + * A use of the cipher operation wrapper for encryption to throw off the + * analysis + */ + public byte[] encryptUsingWrapper(byte[] plaintext, byte[] encryptionKeyBytes, byte[] iv) throws Exception { + return cipherOperationWrapper(plaintext, encryptionKeyBytes, iv, Cipher.ENCRYPT_MODE); + } + + /** + * Encrypt then mac using the wrapper function + */ + public byte[] falsePositiveDecryptToMac(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception { + // Encrypt the plaintext + byte[] iv = new byte[16]; + new SecureRandom().nextBytes(iv); + byte[] ciphertext = cipherOperationWrapper(plaintext, encryptionKeyBytes, iv, Cipher.ENCRYPT_MODE); + + // Compute HMAC over the ciphertext using the MAC key + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(ciphertext); // False Positive + + // Concatenate ciphertext and MAC + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + return output; + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected new file mode 100644 index 000000000000..3ad1b08e4762 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected @@ -0,0 +1,130 @@ +#select +| InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:14:21:14:81 | Constant | Constant | InsecureIVorNonceSource.java:20:51:20:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:42:21:42:21 | Constant | Constant | InsecureIVorNonceSource.java:49:51:49:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:57:13:57:62 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:58:13:58:63 | Constant | Constant | InsecureIVorNonceSource.java:65:51:65:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:73:13:73:73 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | Nonce or IV uses constant source $@ | InsecureIVorNonceSource.java:74:13:74:74 | Constant | Constant | InsecureIVorNonceSource.java:81:51:81:56 | Nonce | Nonce | +| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | Nonce or IV uses insecure source $@ at encryption operation $@ | InsecureIVorNonceSource.java:194:26:194:30 | RandomNumberGeneration | RandomNumberGeneration | InsecureIVorNonceSource.java:208:16:208:31 | EncryptOperation | EncryptOperation | +edges +| InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | provenance | | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | provenance | | +| InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | provenance | | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:107:26:107:27 | iv : byte[] | InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:113:51:113:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | provenance | | +| InsecureIVorNonceSource.java:123:28:123:43 | nextInt(...) : Number | InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | provenance | | +| InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:130:51:130:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:138:52:138:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | provenance | MaD:2 | +| InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:147:51:147:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | MaD:4 | +| InsecureIVorNonceSource.java:155:52:155:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | provenance | | +| InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | provenance | MaD:3 | +| InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | InsecureIVorNonceSource.java:164:51:164:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:174:52:174:62 | randomBytes : byte[] | InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | provenance | | +| InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:186:51:186:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:5 | +| InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | provenance | | +| InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | provenance | | +| InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | provenance | | +| InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | provenance | Sink:MaD:1 | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:5 | +models +| 1 | Sink: javax.crypto; Cipher; true; init; (int,Key,AlgorithmParameterSpec); ; Argument[2]; encryption-iv; manual | +| 2 | Summary: java.lang; System; false; arraycopy; ; ; Argument[0]; Argument[2]; taint; manual | +| 3 | Summary: java.util; Arrays; false; copyOf; ; ; Argument[0].ArrayElement; ReturnValue.ArrayElement; value; manual | +| 4 | Summary: javax.crypto.spec; GCMParameterSpec; true; GCMParameterSpec; ; ; Argument[1]; Argument[this]; taint; manual | +| 5 | Summary: javax.crypto.spec; IvParameterSpec; true; IvParameterSpec; ; ; Argument[0]; Argument[this]; taint; manual | +nodes +| InsecureIVorNonceSource.java:14:21:14:81 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:16:35:16:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:16:61:16:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:20:51:20:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:42:13:42:14 | iv [post update] : byte[] [[]] : Number | semmle.label | iv [post update] : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | semmle.label | 1 : Number | +| InsecureIVorNonceSource.java:45:34:45:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:45:54:45:55 | iv : byte[] [[]] : Number | semmle.label | iv : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:49:51:49:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:56:30:59:9 | {...} : byte[][] [[]] : byte[] | semmle.label | {...} : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:57:13:57:62 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:58:13:58:63 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:61:35:61:73 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:61:61:61:69 | staticIvs : byte[][] [[]] : byte[] | semmle.label | staticIvs : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:61:61:61:72 | ...[...] : byte[] | semmle.label | ...[...] : byte[] | +| InsecureIVorNonceSource.java:65:51:65:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:72:30:75:9 | {...} : byte[][] [[]] : byte[] | semmle.label | {...} : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:73:13:73:73 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:74:13:74:74 | {...} : byte[] | semmle.label | {...} : byte[] | +| InsecureIVorNonceSource.java:77:35:77:73 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:77:61:77:69 | staticIvs : byte[][] [[]] : byte[] | semmle.label | staticIvs : byte[][] [[]] : byte[] | +| InsecureIVorNonceSource.java:77:61:77:72 | ...[...] : byte[] | semmle.label | ...[...] : byte[] | +| InsecureIVorNonceSource.java:81:51:81:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:107:26:107:27 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:109:35:109:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:109:61:109:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:113:51:113:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:123:13:123:14 | iv [post update] : byte[] [[]] : Number | semmle.label | iv [post update] : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:123:21:123:43 | (...)... : Number | semmle.label | (...)... : Number | +| InsecureIVorNonceSource.java:123:28:123:43 | nextInt(...) : Number | semmle.label | nextInt(...) : Number | +| InsecureIVorNonceSource.java:126:35:126:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:126:61:126:62 | iv : byte[] [[]] : Number | semmle.label | iv : byte[] [[]] : Number | +| InsecureIVorNonceSource.java:130:51:130:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:138:52:138:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:141:26:141:36 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:141:42:141:43 | iv [post update] : byte[] | semmle.label | iv [post update] : byte[] | +| InsecureIVorNonceSource.java:143:35:143:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:143:61:143:62 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:147:51:147:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:155:52:155:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:158:14:158:43 | copyOf(...) : byte[] [[]] : Object | semmle.label | copyOf(...) : byte[] [[]] : Object | +| InsecureIVorNonceSource.java:158:28:158:38 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:160:35:160:63 | new GCMParameterSpec(...) : GCMParameterSpec | semmle.label | new GCMParameterSpec(...) : GCMParameterSpec | +| InsecureIVorNonceSource.java:160:61:160:62 | iv : byte[] [[]] : Object | semmle.label | iv : byte[] [[]] : Object | +| InsecureIVorNonceSource.java:164:51:164:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:174:52:174:62 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:175:16:175:26 | randomBytes : byte[] | semmle.label | randomBytes : byte[] | +| InsecureIVorNonceSource.java:180:21:180:32 | generate(...) : byte[] | semmle.label | generate(...) : byte[] | +| InsecureIVorNonceSource.java:182:34:182:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:182:54:182:55 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:186:51:186:56 | ivSpec | semmle.label | ivSpec | +| InsecureIVorNonceSource.java:194:26:194:30 | bytes : byte[] | semmle.label | bytes : byte[] | +| InsecureIVorNonceSource.java:195:16:195:20 | bytes : byte[] | semmle.label | bytes : byte[] | +| InsecureIVorNonceSource.java:200:21:200:51 | generateInsecureRandomBytes(...) : byte[] | semmle.label | generateInsecureRandomBytes(...) : byte[] | +| InsecureIVorNonceSource.java:202:34:202:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] | +| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec | +subpaths +testFailures +| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | Unexpected result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java new file mode 100644 index 000000000000..549c56dbd981 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java @@ -0,0 +1,210 @@ +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.util.Random; + +import java.security.SecureRandom; +import java.util.Arrays; + +public class InsecureIVorNonceSource { + + // BAD: AES-GCM with static IV from a byte array + public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from zero-initialized byte array + public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/unknown-iv-or-nonce-source] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-CBC with static IV from 1-initialized byte array + public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + for (byte i = 0; i < iv.length; i++) { + iv[i] = 1; + } + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a multidimensional byte array + public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws Exception { + byte[][] staticIvs = new byte[][] { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, // $Source + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } // $Source + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a multidimensional byte array + public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws Exception { + byte[][] staticIvs = new byte[][] { + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }, // $Source + new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 } // $Source + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // BAD: AES-GCM with static IV from a zero-initialized multidimensional byte array + public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception { + byte[][] ivs = new byte[][] { + new byte[8], + new byte[16] + }; + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/unknown-iv-or-nonce-source] + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIv(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = new byte[16]; + + SecureRandom random = SecureRandom.getInstanceStrong(); + random.nextBytes(iv); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvByteByByte(byte[] key, byte[] plaintext) throws Exception { + SecureRandom random = SecureRandom.getInstanceStrong(); + byte[] iv = new byte[16]; + for (int i = 0; i < iv.length; i++) { + iv[i] = (byte) random.nextInt(); + } + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvWithSystemArrayCopy(byte[] key, byte[] plaintext) throws Exception { + byte[] randomBytes = new byte[16]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + + byte[] iv = new byte[16]; + System.arraycopy(randomBytes, 0, iv, 0, 16); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + // GOOD: AES-GCM with a random IV + public byte[] encryptWithRandomIvWithArraysCopy(byte[] key, byte[] plaintext) throws Exception { + byte[] randomBytes = new byte[16]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + + byte[] iv = new byte[16]; + iv = Arrays.copyOf(randomBytes, 16); + + GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + public byte[] generate(int size) throws Exception { + if (size == 0) { + return new byte[0]; + } + byte[] randomBytes = new byte[size]; + SecureRandom.getInstanceStrong().nextBytes(randomBytes); + return randomBytes; + } + + // GOOD: AES-CBC with a random IV + public byte[] encryptWithGeneratedIvByteArray(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = generate(16); + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + cipher.update(plaintext); + return cipher.doFinal(); + } + + public byte[] generateInsecureRandomBytes(int numBytes) { + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); // $Source + return bytes; + } + + // BAD: AES-CBC with an insecure random IV + public byte[] encryptWithGeneratedIvByteArrayInsecure(byte[] key, byte[] plaintext) throws Exception { + byte[] iv = generateInsecureRandomBytes(16); + + IvParameterSpec ivSpec = new IvParameterSpec(iv); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce]] + cipher.update(plaintext); + return cipher.doFinal(); + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref new file mode 100644 index 000000000000..1b26475bb356 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/InsecureIVorNonceSource.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected new file mode 100644 index 000000000000..3759e19826b5 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.expected @@ -0,0 +1,2 @@ +| InsecureIVorNonceSource.java:33:51:33:56 | Nonce | Unknown IV/Nonce initialization source at encryption operation $@ | InsecureIVorNonceSource.java:35:16:35:31 | EncryptOperation | EncryptOperation | +| InsecureIVorNonceSource.java:97:51:97:56 | Nonce | Unknown IV/Nonce initialization source at encryption operation $@ | InsecureIVorNonceSource.java:99:16:99:31 | EncryptOperation | EncryptOperation | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref new file mode 100644 index 000000000000..8bdc38026ad0 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/UnknownIVorNonceSource.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/UnknownIVorNonceSource.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected new file mode 100644 index 000000000000..cf03a9053eb5 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.expected @@ -0,0 +1,91 @@ +edges +| Test.java:19:38:19:40 | val : byte[] | Test.java:20:16:20:18 | val : byte[] | provenance | | +| Test.java:20:16:20:18 | val : byte[] | Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | provenance | | +| Test.java:20:16:20:18 | val : byte[] | Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | provenance | | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | Test.java:26:16:26:18 | val : byte[] | provenance | | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | Test.java:27:16:27:18 | val : byte[] | provenance | | +| Test.java:26:16:26:18 | val : byte[] | Test.java:36:32:36:40 | iv : byte[] | provenance | | +| Test.java:27:16:27:18 | val : byte[] | Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | provenance | | +| Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | Test.java:33:16:33:18 | val : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:33:16:33:18 | val : byte[] | Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | provenance | | +| Test.java:36:32:36:40 | iv : byte[] | Test.java:37:54:37:55 | iv : byte[] | provenance | | +| Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:40:47:40:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:37:54:37:55 | iv : byte[] | Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:37:54:37:55 | iv : byte[] | Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | Test.java:46:54:46:55 | iv : byte[] | provenance | | +| Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:49:47:49:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:46:54:46:55 | iv : byte[] | Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:46:54:46:55 | iv : byte[] | Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | Test.java:55:54:55:55 | iv : byte[] | provenance | | +| Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:58:47:58:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:55:54:55:55 | iv : byte[] | Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:55:54:55:55 | iv : byte[] | Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | Test.java:64:54:64:55 | iv : byte[] | provenance | | +| Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:67:47:67:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:64:54:64:55 | iv : byte[] | Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:64:54:64:55 | iv : byte[] | Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | Test.java:73:55:73:56 | iv : byte[] | provenance | | +| Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | Test.java:76:48:76:54 | ivSpec1 | provenance | Sink:MaD:45890 | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:73:55:73:56 | iv : byte[] | Test.java:79:55:79:56 | iv : byte[] | provenance | | +| Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | Test.java:82:49:82:55 | ivSpec2 | provenance | Sink:MaD:45890 | +| Test.java:79:55:79:56 | iv : byte[] | Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:79:55:79:56 | iv : byte[] | Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:88:38:88:39 | iv : byte[] | Test.java:89:54:89:55 | iv : byte[] | provenance | | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:93:51:93:56 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:96:51:96:56 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:89:54:89:55 | iv : byte[] | Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:89:54:89:55 | iv : byte[] | Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +| Test.java:103:38:103:39 | iv : byte[] | Test.java:104:54:104:55 | iv : byte[] | provenance | | +| Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | Test.java:107:47:107:52 | ivSpec | provenance | Sink:MaD:45890 | +| Test.java:104:54:104:55 | iv : byte[] | Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | Config | +| Test.java:104:54:104:55 | iv : byte[] | Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | provenance | MaD:45920 | +nodes +| Test.java:19:38:19:40 | val : byte[] | semmle.label | val : byte[] | +| Test.java:20:16:20:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:25:15:25:33 | getRandomWrapper1(...) : byte[] | semmle.label | getRandomWrapper1(...) : byte[] | +| Test.java:26:16:26:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:27:16:27:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:32:15:32:33 | getRandomWrapper1(...) : byte[] | semmle.label | getRandomWrapper1(...) : byte[] | +| Test.java:33:16:33:18 | val : byte[] | semmle.label | val : byte[] | +| Test.java:36:32:36:40 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:37:34:37:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:37:54:37:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:40:47:40:52 | ivSpec | semmle.label | ivSpec | +| Test.java:45:21:45:40 | getRandomWrapper2A(...) : byte[] | semmle.label | getRandomWrapper2A(...) : byte[] | +| Test.java:46:34:46:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:46:54:46:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:49:47:49:52 | ivSpec | semmle.label | ivSpec | +| Test.java:54:21:54:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:55:34:55:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:55:54:55:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:58:47:58:52 | ivSpec | semmle.label | ivSpec | +| Test.java:63:21:63:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:64:34:64:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:64:54:64:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:67:47:67:52 | ivSpec | semmle.label | ivSpec | +| Test.java:72:21:72:40 | getRandomWrapper2b(...) : byte[] | semmle.label | getRandomWrapper2b(...) : byte[] | +| Test.java:73:35:73:57 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:73:55:73:56 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:76:48:76:54 | ivSpec1 | semmle.label | ivSpec1 | +| Test.java:79:35:79:57 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:79:55:79:56 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:82:49:82:55 | ivSpec2 | semmle.label | ivSpec2 | +| Test.java:88:38:88:39 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:89:34:89:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:89:54:89:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:93:51:93:56 | ivSpec | semmle.label | ivSpec | +| Test.java:96:51:96:56 | ivSpec | semmle.label | ivSpec | +| Test.java:103:38:103:39 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:104:34:104:56 | new IvParameterSpec(...) : IvParameterSpec | semmle.label | new IvParameterSpec(...) : IvParameterSpec | +| Test.java:104:54:104:55 | iv : byte[] | semmle.label | iv : byte[] | +| Test.java:107:47:107:52 | ivSpec | semmle.label | ivSpec | +subpaths +#select +| Test.java:40:47:40:52 | ivSpec | Test.java:19:38:19:40 | val : byte[] | Test.java:40:47:40:52 | ivSpec | Nonce source is reused, see alternate sink $@ | Test.java:49:47:49:52 | Nonce | Nonce | +| Test.java:49:47:49:52 | ivSpec | Test.java:19:38:19:40 | val : byte[] | Test.java:49:47:49:52 | ivSpec | Nonce source is reused, see alternate sink $@ | Test.java:40:47:40:52 | Nonce | Nonce | +| Test.java:76:48:76:54 | ivSpec1 | Test.java:19:38:19:40 | val : byte[] | Test.java:76:48:76:54 | ivSpec1 | Nonce source is reused, see alternate sink $@ | Test.java:82:49:82:55 | Nonce | Nonce | +| Test.java:82:49:82:55 | ivSpec2 | Test.java:19:38:19:40 | val : byte[] | Test.java:82:49:82:55 | ivSpec2 | Nonce source is reused, see alternate sink $@ | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref new file mode 100644 index 000000000000..6f8aa4b838b8 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref @@ -0,0 +1 @@ +experimental/quantum/Examples/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java similarity index 74% rename from java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java rename to java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java index 1b65e324275b..e384143db086 100644 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java @@ -83,6 +83,34 @@ private static void funcA3() throws Exception { byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); } + public void falsePositive1() throws Exception { + byte[] iv = null; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + if (iv != null) { + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } else if(iv.length > 0) { + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + } + + public void falsePositive2() throws Exception { + byte[] iv = null; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + + cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); // GOOD + byte[] decryptedData = cipher.doFinal(ciphertext); + } + public static void main(String[] args) { try { funcA2(); diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java new file mode 100644 index 000000000000..c330bf82a054 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java @@ -0,0 +1,28 @@ +import java.security.*; +public class InsufficientAsymmetricKeySize{ + public static void test() throws Exception{ + KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA"); + keyPairGen1.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size] + keyPairGen1.generateKeyPair(); + + KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA"); + keyPairGen2.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size] + keyPairGen2.generateKeyPair(); + + KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH"); + keyPairGen3.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size] + keyPairGen3.generateKeyPair(); + + KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("RSA"); + keyPairGen4.initialize(2048); // GOOD + keyPairGen4.generateKeyPair(); + + KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("DSA"); + keyPairGen5.initialize(2048); // GOOD + keyPairGen5.generateKeyPair(); + + KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("DH"); + keyPairGen6.initialize(2048); // GOOD + keyPairGen6.generateKeyPair(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.expected new file mode 100644 index 000000000000..26dc1bfad245 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.expected @@ -0,0 +1,13 @@ +edges +nodes +| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | semmle.label | 1024 | +| InsufficientAsymmetricKeySize.java:17:32:17:35 | 2048 | semmle.label | 2048 | +| InsufficientAsymmetricKeySize.java:21:32:21:35 | 2048 | semmle.label | 2048 | +| InsufficientAsymmetricKeySize.java:25:32:25:35 | 2048 | semmle.label | 2048 | +subpaths +#select +| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA | +| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA | +| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref new file mode 100644 index 000000000000..085cf3e0b2a2 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakAsymmetricKeyGenSize.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java new file mode 100644 index 000000000000..0c8b3b6691db --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/Test.java @@ -0,0 +1,57 @@ +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; + +public class Test { + public static void main(String[] args) throws Exception { + SecretKey key = KeyGenerator.getInstance("AES").generateKey(); + IvParameterSpec iv = new IvParameterSpec(new byte[16]); + byte[] data = "SensitiveData".getBytes(); + + // Insecure block mode: ECB + Cipher cipherECB = Cipher.getInstance("AES/ECB/PKCS5Padding"); // $Alert + cipherECB.init(Cipher.ENCRYPT_MODE, key); + byte[] ecbEncrypted = cipherECB.doFinal(data); + System.out.println("ECB encrypted: " + bytesToHex(ecbEncrypted)); + + // Insecure block mode: CFB + Cipher cipherCFB = Cipher.getInstance("AES/CFB/PKCS5Padding"); // $Alert + cipherCFB.init(Cipher.ENCRYPT_MODE, key, iv); + byte[] cfbEncrypted = cipherCFB.doFinal(data); + System.out.println("CFB encrypted: " + bytesToHex(cfbEncrypted)); + + // Insecure block mode: OFB + Cipher cipherOFB = Cipher.getInstance("AES/OFB/PKCS5Padding"); // $Alert + cipherOFB.init(Cipher.ENCRYPT_MODE, key, iv); + byte[] ofbEncrypted = cipherOFB.doFinal(data); + System.out.println("OFB encrypted: " + bytesToHex(ofbEncrypted)); + + // Insecure block mode: CTR + Cipher cipherCTR = Cipher.getInstance("AES/CTR/NoPadding"); // $Alert + cipherCTR.init(Cipher.ENCRYPT_MODE, key, iv); + byte[] ctrEncrypted = cipherCTR.doFinal(data); + System.out.println("CTR encrypted: " + bytesToHex(ctrEncrypted)); + + // Secure block mode: CBC with random IV + IvParameterSpec randomIv = new IvParameterSpec(KeyGenerator.getInstance("AES").generateKey().getEncoded()); + Cipher cipherCBCRandomIV = Cipher.getInstance("AES/CBC/PKCS5Padding"); + cipherCBCRandomIV.init(Cipher.ENCRYPT_MODE, key, randomIv); + byte[] cbcRandomIVEncrypted = cipherCBCRandomIV.doFinal(data); + System.out.println("CBC (random IV) encrypted: " + bytesToHex(cbcRandomIVEncrypted)); + + // Secure block mode: GCM (authenticated encryption) + IvParameterSpec gcmIv = new IvParameterSpec(new byte[12]); + Cipher cipherGCM = Cipher.getInstance("AES/GCM/NoPadding"); + cipherGCM.init(Cipher.ENCRYPT_MODE, key, gcmIv); + byte[] gcmEncrypted = cipherGCM.doFinal(data); + System.out.println("GCM encrypted: " + bytesToHex(gcmEncrypted)); + } + + private static String bytesToHex(byte[] bytes) { + StringBuilder sb = new StringBuilder(); + for (byte b : bytes) + sb.append(String.format("%02x", b)); + return sb.toString(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected new file mode 100644 index 000000000000..859a138d3ebd --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.expected @@ -0,0 +1,4 @@ +| Test.java:13:47:13:68 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:13:47:13:68 | ModeOfOperation | ModeOfOperation | +| Test.java:19:47:19:68 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:19:47:19:68 | ModeOfOperation | ModeOfOperation | +| Test.java:25:47:25:68 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:25:47:25:68 | ModeOfOperation | ModeOfOperation | +| Test.java:31:47:31:65 | KeyOperationAlgorithm | Weak AES block mode instance $@. | Test.java:31:47:31:65 | ModeOfOperation | ModeOfOperation | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref new file mode 100644 index 000000000000..ec8500ddda7c --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownBlockMode/WeakBlockMode.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakBlockModes.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected new file mode 100644 index 000000000000..77eadf06cd3f --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected @@ -0,0 +1,4 @@ +| WeakHashing.java:15:55:15:83 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +| WeakHashing.java:18:56:18:95 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +| WeakHashing.java:21:86:21:90 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. | +| WeakHashing.java:24:56:24:62 | HashAlgorithm | Use of unapproved hash algorithm or API: SHA1. | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref new file mode 100644 index 000000000000..c5faee88aba7 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakHash.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java new file mode 100644 index 000000000000..cc3b9a859d1d --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java @@ -0,0 +1,50 @@ +package test.cwe327.semmle.tests; + +import java.util.Properties; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class WeakHashing { + void hashing() throws NoSuchAlgorithmException, IOException { + java.util.Properties props = new java.util.Properties(); + props.load(new FileInputStream("example.properties")); + + // BAD: Using a weak hashing algorithm even with a secure default + MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/examples/weak-hash] + + // BAD: Using a weak hashing algorithm even with a secure default + MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/examples/weak-hash] + + // BAD: Using a strong hashing algorithm but with a weak default + MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/examples/weak-hash] + + // BAD: Using a weak hash + MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/examples/weak-hash] + + // BAD: Property does not exist and default (used value) is unknown + MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/examples/unknown-hash] + + java.util.Properties props2 = new java.util.Properties(); + + props2.load(new FileInputStream("unobserved-file.properties")); + + // BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown + // FALSE NEGATIVE for unknown hash + MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash] + + // GOOD: Using a strong hashing algorithm + MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); + + // BAD?: Property does not exist (considered unknown) and but default is secure + MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash] + + // GOOD: Using a strong hashing algorithm + MessageDigest ok3 = MessageDigest.getInstance("SHA3-512"); + + // GOOD: Using a strong hashing algorithm + MessageDigest ok4 = MessageDigest.getInstance("SHA384"); + + } +} diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties new file mode 100644 index 000000000000..512e8090bee6 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/example.properties @@ -0,0 +1,2 @@ +hashAlg1=MD5 +hashAlg2=SHA-256 \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java new file mode 100644 index 000000000000..13f6d03ec720 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java @@ -0,0 +1,63 @@ +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; +import java.util.Properties; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +public class Test { + + public static byte[] generateSalt(int length) { + SecureRandom random = new SecureRandom(); + byte[] salt = new byte[length]; + random.nextBytes(salt); + return salt; + } + + /** + * PBKDF2 derivation with a very low iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far + * below acceptable security standards. - Flagged as insecure. + */ + public void pbkdf2LowIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 10; // $Source + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/examples/weak-kdf-iteration-count] + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } + + /** + * PBKDF2 derivation with a very low iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far + * below acceptable security standards. - Flagged as insecure. + */ + public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $Source + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/examples/unknown-kdf-iteration-count] + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } + + /** + * PBKDF2 derivation with a high iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Uses 1,000,000 iterations; this is secure + * but may impact performance. + */ + public void pbkdf2HighIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 1_000_000; + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected new file mode 100644 index 000000000000..472d79090496 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected @@ -0,0 +1,5 @@ +#select +| Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount | +testFailures +| Test.java:45:94:45:153 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] | +| Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref new file mode 100644 index 000000000000..a285aac54ade --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/UnknownKDFIterationCount.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected new file mode 100644 index 000000000000..3567afd03221 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected @@ -0,0 +1,16 @@ +#select +| Test.java:32:72:32:85 | iterationCount | Test.java:31:30:31:31 | 10 : Number | Test.java:32:72:32:85 | iterationCount | Key derivation operation configures iteration count below 100k: $@ | Test.java:31:30:31:31 | 10 | 10 | +edges +| Test.java:31:30:31:31 | 10 : Number | Test.java:32:72:32:85 | iterationCount | provenance | | +| Test.java:43:53:43:70 | iterationCount : Number | Test.java:45:72:45:85 | iterationCount | provenance | | +| Test.java:58:30:58:38 | 1_000_000 : Number | Test.java:59:72:59:85 | iterationCount | provenance | | +nodes +| Test.java:31:30:31:31 | 10 : Number | semmle.label | 10 : Number | +| Test.java:32:72:32:85 | iterationCount | semmle.label | iterationCount | +| Test.java:43:53:43:70 | iterationCount : Number | semmle.label | iterationCount : Number | +| Test.java:45:72:45:85 | iterationCount | semmle.label | iterationCount | +| Test.java:58:30:58:38 | 1_000_000 : Number | semmle.label | 1_000_000 : Number | +| Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount | +subpaths +testFailures +| Test.java:43:92:43:101 | // $Source | Missing result: Source | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref new file mode 100644 index 000000000000..1145083bf0d8 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakKDFIterationCount.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java new file mode 100644 index 000000000000..21619c8c5743 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java @@ -0,0 +1,42 @@ +import java.security.SecureRandom; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; + +public class Test { + + public static byte[] generateSalt(int length) { + SecureRandom random = new SecureRandom(); + byte[] salt = new byte[length]; + random.nextBytes(salt); + return salt; + } + + /** + * PBKDF2 derivation with a weak key size. + * + * SAST/CBOM: - Parent: PBKDF2. - Key size is only 64 bits, which is far below acceptable security standards. + * - Flagged as insecure. + */ + public void pbkdf2WeakKeySize(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 100_000; + int keySize = 64; // $Source + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); // $Alert[java/quantum/examples/weak-kdf-key-size] + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } + + /** + * PBKDF2 derivation with a secure key size. + * + * SAST/CBOM: - Parent: PBKDF2. - Key size is 256 bits, which meets modern security standards. + */ + public void pbkdf2SecureKeySize(String password) throws Exception { + byte[] salt = generateSalt(16); + int iterationCount = 100_000; + int keySize = 256; + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected new file mode 100644 index 000000000000..63df79a9f9b2 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.expected @@ -0,0 +1,11 @@ +#select +| Test.java:24:88:24:94 | keySize | Test.java:23:23:23:24 | 64 : Number | Test.java:24:88:24:94 | keySize | Key derivation operation configures output key length below 256: $@ | Test.java:23:23:23:24 | 64 | 64 | +edges +| Test.java:23:23:23:24 | 64 : Number | Test.java:24:88:24:94 | keySize | provenance | | +| Test.java:37:23:37:25 | 256 : Number | Test.java:38:88:38:94 | keySize | provenance | | +nodes +| Test.java:23:23:23:24 | 64 : Number | semmle.label | 64 : Number | +| Test.java:24:88:24:94 | keySize | semmle.label | keySize | +| Test.java:37:23:37:25 | 256 : Number | semmle.label | 256 : Number | +| Test.java:38:88:38:94 | keySize | semmle.label | keySize | +subpaths diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref new file mode 100644 index 000000000000..2b2b1228de27 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/WeakKDFKeySize.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakKDFKeySize.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java new file mode 100644 index 000000000000..5f48f75eeb00 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/Test.java @@ -0,0 +1,77 @@ +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import java.security.Key; +import java.security.NoSuchAlgorithmException; + +public class Test { + public static void main(String[] args) throws Exception { + byte[] data = "Sensitive Data".getBytes(); + + // BAD: DES (unsafe) + KeyGenerator desKeyGen = KeyGenerator.getInstance("DES"); // $Alert + SecretKey desKey = desKeyGen.generateKey(); + Cipher desCipher = Cipher.getInstance("DES"); // $Alert + desCipher.init(Cipher.ENCRYPT_MODE, desKey); + byte[] desEncrypted = desCipher.doFinal(data); + + // BAD: DESede (Triple DES, considered weak) + KeyGenerator desedeKeyGen = KeyGenerator.getInstance("DESede"); // $Alert + SecretKey desedeKey = desedeKeyGen.generateKey(); + Cipher desedeCipher = Cipher.getInstance("DESede"); // $Alert + desedeCipher.init(Cipher.ENCRYPT_MODE, desedeKey); + byte[] desedeEncrypted = desedeCipher.doFinal(data); + + // BAD: Blowfish (considered weak) + KeyGenerator blowfishKeyGen = KeyGenerator.getInstance("Blowfish"); // $Alert + SecretKey blowfishKey = blowfishKeyGen.generateKey(); + Cipher blowfishCipher = Cipher.getInstance("Blowfish"); // $Alert + blowfishCipher.init(Cipher.ENCRYPT_MODE, blowfishKey); + byte[] blowfishEncrypted = blowfishCipher.doFinal(data); + + // BAD: RC2 (unsafe) + KeyGenerator rc2KeyGen = KeyGenerator.getInstance("RC2"); // $Alert + SecretKey rc2Key = rc2KeyGen.generateKey(); + Cipher rc2Cipher = Cipher.getInstance("RC2"); // $Alert + rc2Cipher.init(Cipher.ENCRYPT_MODE, rc2Key); + byte[] rc2Encrypted = rc2Cipher.doFinal(data); + + // BAD: RC4 (stream cipher, unsafe) + KeyGenerator rc4KeyGen = KeyGenerator.getInstance("RC4"); // $Alert + SecretKey rc4Key = rc4KeyGen.generateKey(); + Cipher rc4Cipher = Cipher.getInstance("RC4"); // $Alert + rc4Cipher.init(Cipher.ENCRYPT_MODE, rc4Key); + byte[] rc4Encrypted = rc4Cipher.doFinal(data); + + // BAD: IDEA (considered weak) + KeyGenerator ideaKeyGen = KeyGenerator.getInstance("IDEA"); // $Alert + SecretKey ideaKey = ideaKeyGen.generateKey(); + Cipher ideaCipher = Cipher.getInstance("IDEA"); // $Alert + ideaCipher.init(Cipher.ENCRYPT_MODE, ideaKey); + byte[] ideaEncrypted = ideaCipher.doFinal(data); + + // BAD: Skipjack (unsafe) + KeyGenerator skipjackKeyGen = KeyGenerator.getInstance("Skipjack"); // $Alert + SecretKey skipjackKey = skipjackKeyGen.generateKey(); + Cipher skipjackCipher = Cipher.getInstance("Skipjack"); // $Alert + skipjackCipher.init(Cipher.ENCRYPT_MODE, skipjackKey); + byte[] skipjackEncrypted = skipjackCipher.doFinal(data); + + // GOOD: AES (safe) + KeyGenerator aesKeyGen = KeyGenerator.getInstance("AES"); + SecretKey aesKey = aesKeyGen.generateKey(); + Cipher aesCipher = Cipher.getInstance("AES"); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey); + byte[] aesEncrypted = aesCipher.doFinal(data); + + // GOOD: AES with CBC mode and PKCS5Padding + Cipher aesCbcCipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + aesCbcCipher.init(Cipher.ENCRYPT_MODE, aesKey); + byte[] aesCbcEncrypted = aesCbcCipher.doFinal(data); + + // GOOD: AES with GCM mode (authenticated encryption) + Cipher aesGcmCipher = Cipher.getInstance("AES/GCM/NoPadding"); + aesGcmCipher.init(Cipher.ENCRYPT_MODE, aesKey); + byte[] aesGcmEncrypted = aesGcmCipher.doFinal(data); + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected new file mode 100644 index 000000000000..13a316ee9b50 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.expected @@ -0,0 +1,14 @@ +| Test.java:12:59:12:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:14:47:14:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:19:62:19:69 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:21:50:21:57 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: DES. | +| Test.java:26:64:26:73 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Blowfish. | +| Test.java:28:52:28:61 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Blowfish. | +| Test.java:33:59:33:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC2. | +| Test.java:35:47:35:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC2. | +| Test.java:40:59:40:63 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC4. | +| Test.java:42:47:42:51 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: RC4. | +| Test.java:47:60:47:65 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: IDEA. | +| Test.java:49:48:49:53 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: IDEA. | +| Test.java:54:64:54:73 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Skipjack. | +| Test.java:56:52:56:61 | KeyOperationAlgorithm | Use of unapproved symmetric cipher algorithm or API: Skipjack. | diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref new file mode 100644 index 000000000000..d27fed11bfcd --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownSymmetricCipher/WeakSymmetricCipher.qlref @@ -0,0 +1,4 @@ +query: experimental/quantum/Examples/WeakSymmetricCipher.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 5ee0d1eb2982..f5ab5190e1ff 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -825,20 +825,20 @@ module CryptographyBase Input> { */ abstract string getRawEllipticCurveName(); - abstract TEllipticCurveFamilyType getEllipticCurveFamilyType(); + abstract TEllipticCurveType getEllipticCurveType(); abstract int getKeySize(); /** * The 'parsed' curve name, e.g., "P-256" or "secp256r1" - * The parsed name is full name of the curve, including the family, key size, and other + * The parsed name is full name of the curve, including the type, key size, and other * typical parameters found on the name. * * In many cases this will be equivalent to `getRawEllipticCurveAlgorithmName()`, * but not always (e.g., if the curve is specified through a raw NID). * * In cases like an NID, we want the standardized name so users can quickly - * understand what the curve is, while also parsing out the family and key size + * understand what the curve is, while also parsing out the type and key size * separately. */ string getParsedEllipticCurveName() { result = this.getRawEllipticCurveName() } @@ -854,7 +854,7 @@ module CryptographyBase Input> { /** * Gets the type of this digest algorithm, e.g., "SHA1", "SHA2", "MD5" etc. */ - abstract THashType getHashFamily(); + abstract THashType getHashType(); /** * Gets the isolated name as it appears in source, e.g., "SHA-256" in "SHA-256/PKCS7Padding". @@ -1467,7 +1467,8 @@ module CryptographyBase Input> { class AsymmetricAlgorithmNode extends TKeyCreationCandidateAlgorithm instanceof AlgorithmNode { AsymmetricAlgorithmNode() { this instanceof EllipticCurveNode or - this.(KeyOperationAlgorithmNode).isAsymmetric() + this.(KeyOperationAlgorithmNode).isAsymmetric() or + this instanceof KeyAgreementAlgorithmNode } string toString() { result = super.toString() } @@ -1497,6 +1498,10 @@ module CryptographyBase Input> { .getAGenericSourceNode() } + KeyCreationOperationNode getCreatingOperation() { + instance.(KeyArtifactOutputInstance).getCreator() = result.asElement() + } + KeyCreationCandidateAlgorithmNode getAKnownAlgorithm() { result = instance @@ -1575,6 +1580,8 @@ module CryptographyBase Input> { result = instance.getKeySizeConsumer().getConsumer().getAKnownSourceNode() } + ConsumerInputDataFlowNode getKeySizeConsumer() { result = instance.getKeySizeConsumer() } + /** * Gets the key artifact produced by this operation. */ @@ -1705,6 +1712,8 @@ module CryptographyBase Input> { } override string getAlgorithmName() { result = this.getRawAlgorithmName() } // TODO: standardize? + + KeyAgreementType getKeyAgreementType() { result = instance.asAlg().getKeyAgreementType() } } class KeyGenerationOperationNode extends KeyCreationOperationNode { @@ -1748,11 +1757,19 @@ module CryptographyBase Input> { } GenericSourceNode getIterationCount() { - result.asElement() = kdfInstance.getIterationCountConsumer().getConsumer().getAGenericSource() + result.asElement() = this.getIterationCountConsumer().getConsumer().getAGenericSource() } GenericSourceNode getOutputKeySize() { - result.asElement() = kdfInstance.getOutputKeySizeConsumer().getConsumer().getAGenericSource() + result.asElement() = this.getOutputKeySizeConsumer().getConsumer().getAGenericSource() + } + + ConsumerInputDataFlowNode getIterationCountConsumer() { + result = kdfInstance.getIterationCountConsumer() + } + + ConsumerInputDataFlowNode getOutputKeySizeConsumer() { + result = kdfInstance.getOutputKeySizeConsumer() } override predicate isCandidateAlgorithmNode(AlgorithmNode node) { @@ -1976,9 +1993,20 @@ module CryptographyBase Input> { string nodeName; CipherOperationNode() { - this.getKeyOperationSubtype() = TEncryptMode() and nodeName = "EncryptOperation" - or - this.getKeyOperationSubtype() = TDecryptMode() and nodeName = "DecryptOperation" + ( + if + this.getKeyOperationSubtype() = TEncryptMode() and + this.getKeyOperationSubtype() = TDecryptMode() + then nodeName = "CipherOperation" + else ( + if this.getKeyOperationSubtype() = TEncryptMode() + then nodeName = "EncryptOperation" + else ( + this.getKeyOperationSubtype() = TDecryptMode() and + nodeName = "DecryptOperation" + ) + ) + ) } override string getInternalType() { result = nodeName } @@ -1988,9 +2016,20 @@ module CryptographyBase Input> { string nodeName; KeyEncapsulationOperationNode() { - this.getKeyOperationSubtype() = TWrapMode() and nodeName = "WrapOperation" - or - this.getKeyOperationSubtype() = TUnwrapMode() and nodeName = "UnwrapOperation" + ( + if + this.getKeyOperationSubtype() = TWrapMode() and + this.getKeyOperationSubtype() = TUnwrapMode() + then nodeName = "KeyEncapsulationOperation" + else ( + if this.getKeyOperationSubtype() = TWrapMode() + then nodeName = "WrapOperation" + else ( + this.getKeyOperationSubtype() = TUnwrapMode() and + nodeName = "UnwrapOperation" + ) + ) + ) } override string getInternalType() { result = nodeName } @@ -2293,13 +2332,13 @@ module CryptographyBase Input> { * * When modeling a new hashing algorithm, use this predicate to specify the type of the algorithm. */ - HashType getHashFamily() { result = instance.asAlg().getHashFamily() } + HashType getHashType() { result = instance.asAlg().getHashType() } - override string getAlgorithmName() { result = this.getHashFamily().toString() } + override string getAlgorithmName() { result = this.getHashType().toString() } int getDigestLength() { result = instance.asAlg().getFixedDigestLength() or - fixedImplicitDigestLength(instance.asAlg().getHashFamily(), result) + fixedImplicitDigestLength(instance.asAlg().getHashType(), result) } final override predicate properties(string key, string value, Location location) { @@ -2340,9 +2379,7 @@ module CryptographyBase Input> { override string getAlgorithmName() { result = this.getRawAlgorithmName() } - EllipticCurveFamilyType getEllipticCurveFamilyType() { - result = instance.asAlg().getEllipticCurveFamilyType() - } + EllipticCurveType getEllipticCurveType() { result = instance.asAlg().getEllipticCurveType() } override predicate properties(string key, string value, Location location) { super.properties(key, value, location) @@ -2356,6 +2393,10 @@ module CryptographyBase Input> { key = "ParsedName" and value = instance.asAlg().getParsedEllipticCurveName() and location = this.getLocation() + or + key = "CurveType" and + value = this.getEllipticCurveType().toString() and + location = this.getLocation() } } } diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index c713865f9aca..cc43fcec6e2f 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -39,6 +39,7 @@ module Types { RC5() or SEED() or SM4() or + SKIPJACK() or OtherSymmetricCipherType() newtype TAsymmetricCipherType = @@ -118,6 +119,8 @@ module Types { or type = SM4() and name = "SM4" and s = Block() or + type = SKIPJACK() and name = "Skipjack" and s = Block() + or type = OtherSymmetricCipherType() and name = "UnknownSymmetricCipher" and s = OtherCipherStructureType() @@ -214,7 +217,9 @@ module Types { CCM() or // Used in lightweight cryptography (IoT, WPA2) SIV() or // Misuse-resistant encryption, used in secure storage OCB() or // Efficient AEAD mode + KWP() or OFB() or + PCBC() or OtherMode() class ModeOfOperationType extends TModeOfOperationType { @@ -344,7 +349,7 @@ module Types { /** * Elliptic curve algorithms */ - newtype TEllipticCurveFamilyType = + newtype TEllipticCurveType = NIST() or SEC() or NUMS() or @@ -357,7 +362,7 @@ module Types { ES() or OtherEllipticCurveType() - class EllipticCurveFamilyType extends TEllipticCurveFamilyType { + class EllipticCurveType extends TEllipticCurveType { string toString() { this = NIST() and result = "NIST" or @@ -445,7 +450,7 @@ module Types { */ bindingset[rawName] predicate ellipticCurveNameToKnownKeySizeAndFamilyMapping( - string rawName, int keySize, TEllipticCurveFamilyType curveFamily + string rawName, int keySize, TEllipticCurveType curveFamily ) { exists(string curveName | curveName = rawName.toUpperCase() | isSecCurve(curveName, keySize) and curveFamily = SEC()