New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Swift: detect the use of static initialization vectors #11084
base: main
Are you sure you want to change the base?
Conversation
|
QHelp previews: swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.qhelpStatic initialization vector for encryptionWhen a cipher is used in certain modes (such as CBC or GCM), it requires an initialization vector (IV). Under the same secret key, IVs should be unique and ideally unpredictable. If the same IV is used with the same secret key, then the same plaintext results in the same ciphertext. This behavior may enable an attacker to learn if the same data pieces are transferred or stored, or help the attacker run a dictionary attack. RecommendationUse a randomly generated IV. ExampleThe following example shows a few cases of instantiating a cipher with various encryption keys. In the 'BAD' cases, the IV is hardcoded or constant, making the encrypted data vulnerable to recovery. In the 'GOOD' cases, the IV is randomly generated and not hardcoded, which protects the encrypted data against recovery. References
|
| @@ -0,0 +1,72 @@ | |||
| /** | |||
| * @name Static initialization vector for encryption | |||
| * @description Using a static initialization vector (IV) for encryption is not secure. To maximize encryption and prevent dictionary attacks, IVs should rather be unique and unpredictable. | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the bit about dictionary attacks right, I thought the main attack on this one is recognizing repeated plaintext?
| "CCM", "CTR" | ||
| ], fName) and | ||
| fName.matches("%init(%iv:%") and | ||
| arg = [0, 1] and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will sometimes recognize flow to arguments other than the iv.
| let randomIv = getRandomArray() | ||
| let randomIvString = String(cString: getRandomArray()) | ||
|
|
||
| let blockMode = CBC(iv: randomIv) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe blockMode is unused.
Using a static initialization vector (IV) for encryption is not secure. To maximize encryption and prevent dictionary attacks, IVs should rather be unique and unpredictable (e.g., randomly generated).
The rule currently supports all ciphers that the CryptoSwift API provides, but we can always extend it further if more APIs are added.
I'd appreciate a review of the query itself, the accompanying tests, and the associated documentation.