rspec/rules/S4432/java/rule.adoc

== Why is this an issue?

The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:

* Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
* Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks.

In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.


This rule raises an issue when a ``++Cipher++`` instance is created with either ECB or CBC/PKCS5Padding mode.

=== Noncompliant code example

[source,java]
----
Cipher c1 = Cipher.getInstance("AES/ECB/NoPadding"); // Noncompliant
Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Noncompliant
----

=== Compliant solution

[source,java]
----
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
----

== Resources

* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
* https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[Recommendation for Block Cipher Modes of Operation]
* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#ECB_MODE[ECB_MODE]
* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE[PADDING_ORACLE]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Use Galois/Counter Mode (GCM/NoPadding) instead.


=== Highlighting

Cipher.getInstance() call


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`* Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.`
			`* Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks.`

			`In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.`

Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			This rule raises an issue when a ``++Cipher++`` instance is created with either ECB or CBC/PKCS5Padding mode.
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`----`
			`Cipher c1 = Cipher.getInstance("AES/ECB/NoPadding"); // Noncompliant`
			`Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Noncompliant`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`----`
			`Cipher c = Cipher.getInstance("AES/GCM/NoPadding");`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00			`* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration`
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00			`* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms`
			`* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses`
			`* https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[Recommendation for Block Cipher Modes of Operation]`
			`* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#ECB_MODE[ECB_MODE]`
			`* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE[PADDING_ORACLE]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Use Galois/Counter Mode (GCM/NoPadding) instead.`


			`=== Highlighting`

			`Cipher.getInstance() call`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`