54 lines
2.4 KiB
Plaintext
54 lines
2.4 KiB
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
== Noncompliant Code Example
|
||
|
|
|
||
|
|
https://www.chilkatsoft.com/refdoc/swiftCkoCrypt2Ref.html[CkoCrypt2] library:
|
||
|
|
|
||
|
|
----
|
||
|
|
let crypt1 = CkoCrypt2()
|
||
|
|
crypt1.CryptAlgorithm = "3des" // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
|
||
|
|
|
||
|
|
let crypt2 = CkoCrypt2()
|
||
|
|
crypt2.CryptAlgorithm = "blowfish" // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
|
||
|
|
|
||
|
|
let crypt3 = CkoCrypt2()
|
||
|
|
crypt3.CryptAlgorithm = "des" // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
|
||
|
|
|
||
|
|
let crypt4 = CkoCrypt2()
|
||
|
|
crypt4.CryptAlgorithm = "rc2" // Noncompliant: RC2 is vulnerable to a related-key attack
|
||
|
|
|
||
|
|
let crypt5 = CkoCrypt2()
|
||
|
|
crypt5.CryptAlgorithm = "arc4" // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security)
|
||
|
|
----
|
||
|
|
|
||
|
|
https://github.com/IBM-Swift/BlueCryptor[BlueCryptor] library:
|
||
|
|
|
||
|
|
----
|
||
|
|
let cryptor1 = try Cryptor(operation: .encrypt, algorithm: .des, options: [.ecbMode], key: key, iv: []) // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
|
||
|
|
let cryptor2 = try Cryptor(operation: .encrypt, algorithm: .tripleDes, options: [.ecbMode], key: key, iv: []) // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
|
||
|
|
let cryptor3 = try Cryptor(operation: .encrypt, algorithm: .rc2, options: [.ecbMode], key: key, iv: []) // Noncompliant: RC2 is vulnerable to a related-key attack
|
||
|
|
let cryptor4 = try Cryptor(operation: .encrypt, algorithm: .blowfish, options: [.ecbMode], key: key, iv: []) // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
https://www.chilkatsoft.com/refdoc/swiftCkoCrypt2Ref.html[CkoCrypt2] library:
|
||
|
|
|
||
|
|
----
|
||
|
|
let crypt1 = CkoCrypt2() // Compliant: by default CryptAlgorithm property value is aes
|
||
|
|
|
||
|
|
let crypt2 = CkoCrypt2()
|
||
|
|
crypt2.CryptAlgorithm = "aes" // Compliant
|
||
|
|
----
|
||
|
|
|
||
|
|
https://github.com/IBM-Swift/BlueCryptor[BlueCryptor] library:
|
||
|
|
|
||
|
|
----
|
||
|
|
let cryptor1 = try Cryptor(operation: .encrypt, algorithm: .aes, options: [.ecbMode], key: key, iv: []) // Compliant
|
||
|
|
let cryptor2 = try Cryptor(operation: .encrypt, algorithm: .aes128, options: [.ecbMode], key: key, iv: []) // Compliant
|
||
|
|
let cryptor3 = try Cryptor(operation: .encrypt, algorithm: .aes192, options: [.ecbMode], key: key, iv: []) // Compliant
|
||
|
|
let cryptor4 = try Cryptor(operation: .encrypt, algorithm: .aes256, options: [.ecbMode], key: key, iv: []) // Compliant
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|