981e54d330
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
87 lines
2.4 KiB
Plaintext
87 lines
2.4 KiB
Plaintext
== How to fix it in Java Cryptographic Extension
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,kotlin,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
import java.nio.charset.StandardCharsets
|
|
import java.security.InvalidAlgorithmParameterException
|
|
import java.security.InvalidKeyException
|
|
import java.security.NoSuchAlgorithmException
|
|
import javax.crypto.Cipher
|
|
import javax.crypto.NoSuchPaddingException
|
|
import javax.crypto.spec.GCMParameterSpec
|
|
import javax.crypto.spec.SecretKeySpec
|
|
|
|
fun encrypt(key: String, plainText: String) {
|
|
|
|
val randomBytes = "7cVgr5cbdCZVw5WY".toByteArray(StandardCharsets.UTF_8)
|
|
|
|
val iv = GCMParameterSpec(128, randomBytes)
|
|
val keySpec = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "AES")
|
|
|
|
try {
|
|
val cipher = Cipher.getInstance("AES/CBC/NoPadding")
|
|
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv) // Noncompliant
|
|
|
|
} catch (e: NoSuchAlgorithmException) {
|
|
// ...
|
|
} catch (e: InvalidKeyException) {
|
|
// ...
|
|
} catch (e: NoSuchPaddingException) {
|
|
// ...
|
|
} catch (e: InvalidAlgorithmParameterException) {
|
|
// ...
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
:explicit_strong: java.security.SecureRandom
|
|
|
|
include::../../common/fix/explicit-fix.adoc[]
|
|
|
|
[source,kotlin,diff-id=1,diff-type=compliant]
|
|
----
|
|
import java.nio.charset.StandardCharsets
|
|
import java.security.SecureRandom
|
|
import java.security.InvalidAlgorithmParameterException
|
|
import java.security.InvalidKeyException
|
|
import java.security.NoSuchAlgorithmException
|
|
import javax.crypto.Cipher
|
|
import javax.crypto.NoSuchPaddingException
|
|
import javax.crypto.spec.GCMParameterSpec
|
|
import javax.crypto.spec.SecretKeySpec
|
|
|
|
fun encrypt(key: String, plainText: String) {
|
|
|
|
val random = SecureRandom();
|
|
val randomBytes = ByteArray(16);
|
|
random.nextBytes(randomBytes);
|
|
|
|
val iv = GCMParameterSpec(128, randomBytes)
|
|
val keySpec = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "AES")
|
|
|
|
try {
|
|
val cipher = Cipher.getInstance("AES/CBC/NoPadding")
|
|
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv)
|
|
|
|
} catch (e: NoSuchAlgorithmException) {
|
|
// ...
|
|
} catch (e: InvalidKeyException) {
|
|
// ...
|
|
} catch (e: NoSuchPaddingException) {
|
|
// ...
|
|
} catch (e: InvalidAlgorithmParameterException) {
|
|
// ...
|
|
}
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/fix.adoc[]
|