Skip to content

3.1.0
Compare
Choose a tag to compare
@smeyer198 smeyer198 released this 07 Feb 08:56
· 717 commits to develop since this release
3.1.0
e5820a1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Add basic support for subsequent error detection. Each error references preceding and subsequent errors, which improves the overall error detection, and which allows comprehending errors. In addition to that, the analysis is able to parse and deal with predicates that contain the keyword this. An example could look like this:

KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.initialize(64);                    // constraint error
SecretKey key = kg.generateKey();     // the key is not generated securely

A key size of 64 is not allowed. Therefore, the analysis reports a ConstraintError for KeyGenerator and kg is not secure. Hence, the returned key from generateKey() is not secure, too, and a RequiredPredicateError is reported. This RequiredPredicateError references the previous ConstraintError and allows reasoning that the RequiredPredicateError is caused by the ConstraintError (and vice versa: the ConstraintError references the RequiredPredicateError, that is, the ConstraintError causes the RequiredPredicateError).

Note: Currently, preceding and subsequent errors are not included in the reports, yet. They are only stored internally, which still allows testing the functionality.

Running CryptoAnalysis 3.1.0 requires at least Java 11 and rulesets with version 3.0.0 or higher (recommended JCA 3.1.0).

Attached you can find the CryptoAnalysis.jar, the CryptoAnalysis-Android.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading