Create rule S4426: Cryptographic keys should be robust (#4659)

* Add go to rule S4426

* Add description for S4426 for Go

---------

Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com>
Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com>
Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>

rules/S4426/common/fix/fix.adoc

@@ -9,7 +9,7 @@ The security of these algorithms depends on the difficulty of attacks
 attempting to solve their underlying mathematical problem.
 
 In general, a minimum key size of *2048* bits is recommended for both.  It
-provides 112 bits of security. A key length of *3072* or *4092* should be
+provides 112 bits of security. A key length of *3072* or *4096* should be
 preferred when possible.
 
 ==== AES (Advanced Encryption Standard)

rules/S4426/go/metadata.json

@@ -0,0 +1,2 @@
+{
+}

rules/S4426/go/rule.adoc

@@ -0,0 +1,135 @@
+
+include::../summary.adoc[]
+
+== Why is this an issue?
+
+include::../rationale.adoc[]
+
+include::../impact.adoc[]
+
+// How to fix it section
+
+== How to fix it
+
+=== Code examples
+
+include::../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+include::../common/fix/rsa.adoc[]
+
+[source,go,diff-id=1,diff-type=noncompliant]
+----
+import (
+    "crypto/rand"
+    "crypto/rsa"
+)
+
+func generateRsaKey() rsa.PrivateKey {
+    privateKey, _ := rsa.GenerateKey(rand.Reader, 1024) // Noncompliant
+    return *privateKey
+}
+----
+
+include::../common/fix/dsa.adoc[]
+
+[source,go,diff-id=2,diff-type=noncompliant]
+----
+import (
+    "crypto/dsa"
+    "crypto/rand"
+)
+
+func generateDsaKey() dsa.PrivateKey {
+    var parameters dsa.Parameters
+    dsa.GenerateParameters(&parameters, rand.Reader, dsa.L1024N160) // Noncompliant
+    var privateKey dsa.PrivateKey
+    privateKey.Parameters = parameters
+    dsa.GenerateKey(&privateKey, rand.Reader)
+    return privateKey
+}
+----
+
+==== Compliant solution
+
+include::../common/fix/rsa.adoc[]
+
+[source,go,diff-id=1,diff-type=compliant]
+----
+import (
+    "crypto/rand"
+    "crypto/rsa"
+)
+
+func generateRsaKey() rsa.PrivateKey {
+    privateKey, _ := rsa.GenerateKey(rand.Reader, 4096)
+    return *privateKey
+}
+----
+
+include::../common/fix/dsa.adoc[]
+
+[source,go,diff-id=2,diff-type=compliant]
+----
+import (
+    "crypto/dsa"
+    "crypto/rand"
+)
+
+func generateDsaKey() dsa.PrivateKey {
+    var parameters dsa.Parameters
+    dsa.GenerateParameters(&parameters, rand.Reader, dsa.L3072N256)
+    var privateKey dsa.PrivateKey
+    privateKey.Parameters = parameters
+    dsa.GenerateKey(&privateKey, rand.Reader)
+    return privateKey
+}
+----
+
+
+=== How does this work?
+
+As a rule of thumb, use the cryptographic algorithms and mechanisms that are
+considered strong by the cryptography community.
+
+==== RSA (Rivest-Shamir-Adleman) and DSA (Digital Signature Algorithm)
+
+The security of these algorithms depends on the difficulty of attacks
+attempting to solve their underlying mathematical problem.
+
+In general, a minimum key size of *2048* bits is recommended for both.  It
+provides 112 bits of security. A key length of *3072* or *4096* should be
+preferred when possible.
+
+=== Going the extra mile
+
+include::../common/extra-mile/pre-quantum.adoc[]
+
+
+== Resources
+
+include::../common/resources/docs.adoc[]
+
+include::../common/resources/articles.adoc[]
+
+include::../common/resources/presentations.adoc[]
+
+include::../common/resources/standards.adoc[]
+
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+include::../comments-and-links.adoc[]
+
+endif::env-github,rspecator-view[]