Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way

      Description

      Noncompliant Code Examples

      botan

      #include <botan/dl_group.h>
      #include <botan/ec_group.h>
      #include <botan/pubkey.h>
      #include <botan/rng.h>
      #include <botan/rsa.h>
      
      // RSA
      std::unique_ptr<Botan::RandomNumberGenerator> rng(new Botan::System_RNG);
      Botan::RSA_PrivateKey rsaKey(*rng, 1024); // Noncompliant; 2nd argument "bits" should be ≥ 2048
      
      // DSA / DH
      Botan::DL_Group("modp/ietf/1024"); // Noncompliant; 1st argument "name" last component should be ≥ 2048
      Botan::DL_Group("dsa/botan/1024"); // Noncompliant; 1st argument "name" last component should be ≥ 2048
      
      // EC
      Botan::EC_Group("secp160k1");      // Noncompliant; EC key length is 160. Should be ≥ 224
      

      crypto++

      #include <cryptopp/dh.h>
      #include <cryptopp/oids.h>
      #include <cryptopp/rsa.h>
      #include <cryptopp/rng.h>
      #include <cryptopp/osrng.h>
      
      CryptoPP::AutoSeededRandomPool rng;
      
      // RSA
      CryptoPP::InvertibleRSAFunction params;
      params.GenerateRandomWithKeySize(rng,1024); // Noncompliant; 2nd argument "keySize" should be  ≥ 2048
      
      // DSA
      CryptoPP::DSA::PrivateKey privateKey;
      privateKey.GenerateRandomWithKeySize(rng, 1024); // Noncompliant; 2nd argument "keySize" should be  ≥ 2048
      
      // DH
      CryptoPP::DH dh;
      dh.AccessGroupParameters().GenerateRandomWithKeySize(rnd, 1024); // Noncompliant; 2nd argument "keySize" should be  ≥ 2048
      
      // EC
      CryptoPP::ASN1::secp112r1(); // Noncompliant; EC key length is 112. Should be ≥ 224
      

      OpenSSL

      #include <openssl/dh.h>
      #include <openssl/dsa.h>
      #include <openssl/ec.h>
      #include <openssl/obj_mac.h>
      #include <openssl/rsa.h>
      
      // RSA
      RSA_generate_key_ex(key, 1024, e, NULL);  // Noncompliant; 2nd argument "bits" must be ≥ 2048
      
      // DSA
      DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL); // Noncompliant; 2nd argument "bits" must be ≥ 2048
      
      // DH
      DH_generate_parameters_ex(dh, 1024, DH_GENERATOR_2, NULL); // Noncompliant; 2nd argument "prime_len" must be ≥ 2048
      
      // EC
      EC_KEY_new_by_curve_name(NID_secp112r1); // Noncompliant; EC key length is 112. Should be ≥ 224
      

      Compliant Solution

      botan

      #include <botan/dl_group.h>
      #include <botan/ec_group.h>
      #include <botan/pubkey.h>
      #include <botan/rng.h>
      #include <botan/rsa.h>
      
      std::unique_ptr<Botan::RandomNumberGenerator> rng(new Botan::System_RNG);
      
      // RSA
      Botan::RSA_PrivateKey rsaKey(*rng, 2048); // Compliant; 2nd argument "bits" is ≥ 2048
      
      // DSA / DH
      Botan::DL_Group("modp/ietf/2048"); // Compliant; 1st argument "name" last component is ≥2048
      Botan::DL_Group("dsa/botan/2048"); // Compliant; 1st argument "name" last component is ≥ 2048
      
      // EC
      Botan::EC_Group("secp224k1");      // Compliant; EC key length is 224.
      

      crypto++

      #include <cryptopp/dh.h>
      #include <cryptopp/oids.h>
      #include <cryptopp/rsa.h>
      #include <cryptopp/rng.h>
      #include <cryptopp/osrng.h>
      
      CryptoPP::AutoSeededRandomPool rng;
      
      // RSA
      CryptoPP::InvertibleRSAFunction params;
      params.GenerateRandomWithKeySize(rng,2048); // Compliant; 2nd argument "keySize" is ≥ 2048
      
      // DSA
      CryptoPP::DSA::PrivateKey privateKey;
      privateKey.GenerateRandomWithKeySize(rng, 2048); // Compliant; 2nd argument "keySize" is ≥ 2048
      
      // DH
      CryptoPP::DH dh;
      dh.AccessGroupParameters().GenerateRandomWithKeySize(rnd, 2048); // Compliant; 2nd argument "keySize" is ≥ 2048
      
      // EC
      CryptoPP::ASN1::secp256r1(); // Compliant; EC key lenght is 256
      

      OpenSSL

      #include <openssl/dh.h>
      #include <openssl/dsa.h>
      #include <openssl/ec.h>
      #include <openssl/obj_mac.h>
      #include <openssl/rsa.h>
      
      // RSA
      RSA_generate_key_ex(key, 2048, e, NULL);  // Compliant; key size ≥ 2048
      
      // DSA
      DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL, NULL); // Compliant; key size ≥ 2048
      
      // DH
      DH_generate_parameters_ex(dh, 2048, DH_GENERATOR_2, NULL); // Compliant; "prime_len" is ≥ 2048
      
      // EC
      EC_KEY_new_by_curve_name(NID_secp224r1); // Compliant; EC key lenght is 224
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jeanchristophe.collet Jean-Christophe Collet (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: