-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathProtocolJWS_PS.ql
More file actions
32 lines (30 loc) · 1.11 KB
/
ProtocolJWS_PS.ql
File metadata and controls
32 lines (30 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/**
* @name JWS PS protocol detected (PS256/PS384/PS512)
* @description Detects RSA-PSS signature with SHA-2 hash, corresponding to JWS PS256/PS384/PS512.
* @id java/quantum/examples/demo/protocol-jws-ps
* @kind problem
* @problem.severity warning
* @tags quantum
* experimental
*/
import experimental.quantum.Language
import Crypto::KeyOpAlg as KeyOpAlg
from
Crypto::SignatureOperationNode sigOp, Crypto::KeyOperationAlgorithmNode alg,
Crypto::PSSPaddingAlgorithmNode pss, Crypto::HashAlgorithmNode hash, int digestLen
where
alg = sigOp.getAKnownAlgorithm() and
alg.getAlgorithmType() = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) and
pss = alg.getPaddingAlgorithm() and
// Get hash from the PSS padding or from the signature operation
(
hash = pss.getPSSHashAlgorithm()
or
hash = sigOp.getHashAlgorithm() and not exists(pss.getPSSHashAlgorithm())
) and
hash.getHashType() = Crypto::SHA2() and
digestLen = hash.getDigestLength() and
digestLen in [256, 384, 512]
select alg,
"JWS PS" + digestLen.toString() + " protocol detected (RSA-PSS + SHA-" + digestLen.toString() +
")."