You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, CryptoAnalysis does not take flow sensitivity into account when evaluating constraints and propagating predicates. Consider the following example:
byte[] bytes1 = newbyte[10];
byte[] bytes2 = newbyte[10];
SecureRandomsr = newSecureRandom(); // This call generates the predicate 'randomized' on srsr.nextBytes(bytes1); // Until here, sr is secure and 'bytes1' should be generated securelyAssertions.hasEnsuredPredicate(bytes1, "randomized"); // <- this should worksr.setSeed(12345); // This call makes sr inseure because the seed is hard coded (not randomized)sr.nextBytes(bytes2); // sr is not secure anymore s.t. 'bytes2' is not generated securelyAssertions.notHasEnsuredPredicate(bytes2, "randomized");
In this example, we use SecureRandom to generate two byte arrays. Between the generations, we violate its rule s.t. only the first array bytes1 is generated securely. However, in the current state, CryptoAnalysis does not mark bytes1 as secure because it considers all statements/calls when evaluating the constraints/predicates. More precisely, at the call sr.nextBytes(bytes1), it also includes the statement sr.setSeed(12345), although it comes after the call, leading to an insecure sr object and insure bytes bytes1.
Solution: Consider only statements/calls up until the evaluating statement to make the evaluation flow sensitive. In the example, this means to consider only the constructor call new SecureRandom() and sr.nextBytes(bytes1) when evaluating whether a predicate at sr.nextBytes(bytes1) should be generated. One can retrieve the calls up until a statement by calling getLastStateChangeStatements on the TransitionFunction from the IDEal results.
Currently, CryptoAnalysis does not take flow sensitivity into account when evaluating constraints and propagating predicates. Consider the following example:
In this example, we use
SecureRandomto generate two byte arrays. Between the generations, we violate its rule s.t. only the first arraybytes1is generated securely. However, in the current state, CryptoAnalysis does not markbytes1as secure because it considers all statements/calls when evaluating the constraints/predicates. More precisely, at the callsr.nextBytes(bytes1), it also includes the statementsr.setSeed(12345), although it comes after the call, leading to an insecuresrobject and insure bytesbytes1.Solution: Consider only statements/calls up until the evaluating statement to make the evaluation flow sensitive. In the example, this means to consider only the constructor call
new SecureRandom()andsr.nextBytes(bytes1)when evaluating whether a predicate atsr.nextBytes(bytes1)should be generated. One can retrieve the calls up until a statement by callinggetLastStateChangeStatementson theTransitionFunctionfrom the IDEal results.Obsoletes #310
The text was updated successfully, but these errors were encountered: