rspec/rules/S3275/rule.adoc

== Why is this an issue?

When CBC (Cypher Block Chaining) is used for encryption, the IV (Initialization Vector) must be random an unpredictable. Otherwise it exposes the encrypted value to crypto-analysis attacks like "Chosen-Plaintext Attacks".


An IV should be used in one and only one encryption cycle because its purpose is to ensure that a different cyphertext value results each time a given plain text value is encrypted.


=== Noncompliant code example

[source,text]
----
public String cbcEncrypt(String strKey, String plainText) {

  String strIV = "7cVgr5cbdCZVw5WY";
  IvParameterSpec ivSpec = new IvParameterSpec(strIV.getBytes("UTF-8"));
  SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");

  /* Ciphering */
  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
  cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);  // Noncompliant
  byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes("UTF-8"));
  return DatatypeConverter.printBase64Binary(ivBytes) + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);
}
----


=== Compliant solution

[source,text]
----
private SecureRandom random = new SecureRandom();

public void cbcEncrypt(String strKey, String plainText) {

  byte ivBytes[] = new byte[16];
  random.nextBytes(ivBytes);
  IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
  SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");

  /* Ciphering */
  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
  cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec); 
  byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes("UTF-8"));
  return DatatypeConverter.printBase64Binary(ivBytes) + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);
}
----


== Resources

* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
* https://cwe.mitre.org/data/definitions/329[MITRE, CWE-329] - Not Using a Random IV with CBC Mode
* OWASP Top 10 2017 Category A6 - Security Misconfiguration
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`When CBC (Cypher Block Chaining) is used for encryption, the IV (Initialization Vector) must be random an unpredictable. Otherwise it exposes the encrypted value to crypto-analysis attacks like "Chosen-Plaintext Attacks".`


			`An IV should be used in one and only one encryption cycle because its purpose is to ensure that a different cyphertext value results each time a given plain text value is encrypted.`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`----`
			`public String cbcEncrypt(String strKey, String plainText) {`

			`String strIV = "7cVgr5cbdCZVw5WY";`
			`IvParameterSpec ivSpec = new IvParameterSpec(strIV.getBytes("UTF-8"));`
			`SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");`

			`/* Ciphering */`
			`Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");`
			`cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec); // Noncompliant`
			`byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes("UTF-8"));`
			`return DatatypeConverter.printBase64Binary(ivBytes) + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);`
			`}`
			`----`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`----`
			`private SecureRandom random = new SecureRandom();`

			`public void cbcEncrypt(String strKey, String plainText) {`

			`byte ivBytes[] = new byte[16];`
			`random.nextBytes(ivBytes);`
			`IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);`
			`SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");`

			`/* Ciphering */`
			`Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");`
			`cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);`
			`byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes("UTF-8"));`
			`return DatatypeConverter.printBase64Binary(ivBytes) + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);`
			`}`
			`----`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00			`* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures`
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/329[MITRE, CWE-329] - Not Using a Random IV with CBC Mode`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`* OWASP Top 10 2017 Category A6 - Security Misconfiguration`