├── .github ├── dependabot.yml └── workflows │ ├── bouncycastle_jca_version.yml │ ├── bouncycastle_version.yml │ ├── deploy_bouncycastle.yml │ ├── deploy_bouncycastle_jca.yml │ ├── deploy_jca.yml │ ├── deploy_tink.yml │ ├── jca_version.yml │ ├── rule_correctness_test.yml │ └── tink_version.yml ├── BouncyCastle-JCA ├── .gitignore ├── LICENSE ├── README.md ├── assembly │ └── rules.xml ├── pom.xml └── src │ ├── AlgorithmParameterGenerator.crysl │ ├── AlgorithmParameters.crysl │ ├── CertPathTrustManagerParameters.crysl │ ├── CertificateFactory.crysl │ ├── Cipher.crysl │ ├── CipherInputStream.crysl │ ├── CipherOutputStream.crysl │ ├── DHGenParameterSpec.crysl │ ├── DHParameterSpec.crysl │ ├── DSAGenParameterSpec.crysl │ ├── DSAParameterSpec.crysl │ ├── DigestInputStream.crysl │ ├── DigestOutputStream.crysl │ ├── ECGenParameterSpec.crysl │ ├── ECParameterSpec.crysl │ ├── GCMParameterSpec.crysl │ ├── HMACParameterSpec.crysl │ ├── IvParameterSpec.crysl │ ├── Key.crysl │ ├── KeyAgreement.crysl │ ├── KeyFactory.crysl │ ├── KeyGenerator.crysl │ ├── KeyManagerFactory.crysl │ ├── KeyPair.crysl │ ├── KeyPairGenerator.crysl │ ├── KeyStore.crysl │ ├── KeyStoreBuilderParameters.crysl │ ├── MGF1ParameterSpec.crysl │ ├── Mac.crysl │ ├── MessageDigest.crysl │ ├── OAEPParameterSpec.crysl │ ├── PBEKeySpec.crysl │ ├── PBEParameterSpec.crysl │ ├── PKIXBuilderParameters.crysl │ ├── PKIXParameters.crysl │ ├── PasswordAuthentication.crysl │ ├── PrivateKey.crysl │ ├── PublicKey.crysl │ ├── RSAKeyGenParameterSpec.crysl │ ├── SSLContext.crysl │ ├── SSLEngine.crysl │ ├── SSLParameters.crysl │ ├── SecretKey.crysl │ ├── SecretKeyFactory.crysl │ ├── SecretKeySpec.crysl │ ├── SecureRandom.crysl │ ├── Signature.crysl │ ├── TrustAnchor.crysl │ ├── TrustManagerFactory.crysl │ └── X509EncodedKeySpec.crysl ├── BouncyCastle ├── .gitignore ├── LICENSE ├── README.md ├── assembly │ └── rules.xml ├── pom.xml ├── predicates │ ├── ensuresPreds │ └── requiresPreds └── src │ ├── AEADParameters.crysl │ ├── AESEngine.crysl │ ├── AESFastEngine.crysl │ ├── AESLightEngine.crysl │ ├── AsymmetricCipherKeyPair.crysl │ ├── BufferedBlockCipher.crysl │ ├── CCMBlockCipher.crysl │ ├── DefaultBufferedBlockCipher.crysl │ ├── ECDomainParameters.crysl │ ├── ECElGamalDecryptor.crysl │ ├── ECElGamalEncryptor.crysl │ ├── ECFixedTransform.crysl │ ├── ECKeyGenerationParameters.crysl │ ├── ECKeyPairGenerator.crysl │ ├── ECKeyParameters.crysl │ ├── ECNewPublicKeyTransform.crysl │ ├── ECNewRandomnessTransform.crysl │ ├── ECPair.crysl │ ├── ECPrivateKeyParameters.crysl │ ├── ECPublicKeyParameters.crysl │ ├── GCMBlockCipher.crysl │ ├── HMac.crysl │ ├── KeyParameter.crysl │ ├── PaddedBufferedBlockCipher.crysl │ ├── ParametersWithIV.crysl │ ├── ParametersWithRandom.crysl │ ├── RSADigestSigner.crysl │ ├── RSAEngine.crysl │ ├── RSAKeyGenerationParameters.crysl │ ├── RSAKeyPairGenerator.crysl │ ├── RSAKeyParameters.crysl │ ├── RSAPrivateCrtKeyParameters.crysl │ ├── RijndaelEngine.crysl │ ├── SHA256Digest.crysl │ ├── SICBlockCipher.crysl │ └── SecureRandom.crysl ├── JavaCryptographicArchitecture ├── .gitignore ├── LICENSE ├── assembly │ └── rules.xml ├── pom.xml ├── predicates │ ├── ensuresPreds.txt │ └── preds.txt └── src │ ├── AlgorithmParameterGenerator.crysl │ ├── AlgorithmParameters.crysl │ ├── CertPathTrustManagerParameters.crysl │ ├── CertificateFactory.crysl │ ├── Cipher.crysl │ ├── CipherInputStream.crysl │ ├── CipherOutputStream.crysl │ ├── Cookie.crysl │ ├── DHGenParameterSpec.crysl │ ├── DHParameterSpec.crysl │ ├── DSAGenParameterSpec.crysl │ ├── DSAParameterSpec.crysl │ ├── DigestInputStream.crysl │ ├── DigestOutputStream.crysl │ ├── ECGenParameterSpec.crysl │ ├── ECParameterSpec.crysl │ ├── GCMParameterSpec.crysl │ ├── HMACParameterSpec.crysl │ ├── IvParameterSpec.crysl │ ├── Key.crysl │ ├── KeyAgreement.crysl │ ├── KeyFactory.crysl │ ├── KeyGenerator.crysl │ ├── KeyManagerFactory.crysl │ ├── KeyPair.crysl │ ├── KeyPairGenerator.crysl │ ├── KeyStore.crysl │ ├── KeyStoreBuilderParameters.crysl │ ├── MGF1ParameterSpec.crysl │ ├── Mac.crysl │ ├── MessageDigest.crysl │ ├── OAEPParameterSpec.crysl │ ├── PBEKeySpec.crysl │ ├── PBEParameterSpec.crysl │ ├── PKIXBuilderParameters.crysl │ ├── PKIXParameters.crysl │ ├── PasswordAuthentication.crysl │ ├── PrivateKey.crysl │ ├── PublicKey.crysl │ ├── RSAKeyGenParameterSpec.crysl │ ├── SSLContext.crysl │ ├── SSLEngine.crysl │ ├── SSLParameters.crysl │ ├── SecretKey.crysl │ ├── SecretKeyFactory.crysl │ ├── SecretKeySpec.crysl │ ├── SecureRandom.crysl │ ├── Signature.crysl │ ├── TrustAnchor.crysl │ ├── TrustManagerFactory.crysl │ └── X509EncodedKeySpec.crysl ├── README.md ├── RuleCorrectnessTests ├── .gitignore ├── pom.xml └── src │ ├── main │ └── java │ │ └── de │ │ └── cognicrypt │ │ └── crysl │ │ └── Main.java │ └── test │ └── java │ └── de │ └── rulecorrectness │ └── tests │ └── RuleCorrectnessTest.java └── Tink ├── .gitignore ├── LICENSE ├── assembly └── rules.xml ├── pom.xml └── src ├── AeadFactory.crysl ├── AeadKeyTemplates.crysl ├── AeadPrimitive.crysl ├── DeterministicAead.crysl ├── DeterministicAeadFactory.crysl ├── DeterministicAeadKeyTemplates.crysl ├── HybridDecrypt.crysl ├── HybridDecryptFactory.crysl ├── HybridEncrypt.crysl ├── HybridEncryptFactory.crysl ├── HybridKeyTemplates.crysl ├── KeyTemplate.crysl ├── KeyTemplateOld.crysl ├── KeysetHandle.crysl ├── MacFactory.crysl ├── MacKeyTemplates.crysl ├── MacPrimitive.crysl ├── PublicKeySign.crysl ├── PublicKeySignFactory.crysl ├── PublicKeyVerify.crysl ├── PublicKeyVerifyFactory.crysl ├── SignatureKeyTemplates.crysl ├── StreamingAead.crysl ├── StreamingAeadFactory.crysl └── StreamingAeadKeyTemplates.crysl /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | # BouncyCastle 4 | - package-ecosystem: "maven" 5 | directory: "/BouncyCastle" 6 | schedule: 7 | interval: "weekly" 8 | 9 | # BouncyCastle-JCA 10 | - package-ecosystem: "maven" 11 | directory: "/BouncyCastle-JCA" 12 | schedule: 13 | interval: "weekly" 14 | 15 | # JavaCryptographicArchitecture 16 | - package-ecosystem: "maven" 17 | directory: "/JavaCryptographicArchitecture" 18 | schedule: 19 | interval: weekly 20 | 21 | # Tink 22 | - package-ecosystem: "maven" 23 | directory: "/Tink" 24 | schedule: 25 | interval: "weekly" -------------------------------------------------------------------------------- /.github/workflows/bouncycastle_jca_version.yml: -------------------------------------------------------------------------------- 1 | name: BouncyCastle-JCA version handling 2 | 3 | on: 4 | pull_request: 5 | types: 6 | - closed 7 | branches: 8 | - master 9 | paths: 10 | - BouncyCastle-JCA/** 11 | 12 | jobs: 13 | bouncycastle-jca-version-update: 14 | # This job does not run on self-opened PRs 15 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login != 'github-actions[bot]'}} 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout source code 19 | uses: actions/checkout@v3 20 | with: 21 | fetch-depth: 0 22 | # Sets up Java version 23 | - name: Set up Java 24 | uses: actions/setup-java@v3 25 | with: 26 | distribution: 'adopt' 27 | java-package: jdk 28 | java-version: '11' 29 | # Sets up Maven version 30 | - name: Set up Maven 31 | uses: stCarolas/setup-maven@v4.5 32 | with: 33 | maven-version: 3.6.3 34 | # Semantic versioning 35 | - name: Semantic versioning 36 | id: versioning 37 | uses: paulhatch/semantic-version@v5.1.0 38 | with: 39 | tag_prefix: "" 40 | # A string which, if present in a git commit, indicates that a change represents a 41 | # major (breaking) change 42 | major_pattern: "(MAJOR-BC-JCA)" 43 | # Same as above except indicating a minor change 44 | minor_pattern: "(MINOR-BC-JCA)" 45 | # A string to determine the format of the version output 46 | version_format: "${major}.${minor}.${patch}" 47 | # Run the version update only, if there are changes in the BouncyCastle-JCA directory 48 | change_path: "BouncyCastle-JCA" 49 | # Consider only tags/versions, which end with 'bc-jca' 50 | namespace: "bc-jca" 51 | # Check, whether there is an existing branch "bouncycastle_jca_" or an open PR "bouncy_castle_jca_" -> "master" 52 | # and store the results as environment variables 53 | - name: Check if branch and PR exist 54 | # The second command was copied from https://stackoverflow.com/questions/73812503/github-action-stop-the-action-if-pr-already-exists 55 | run: | 56 | echo VERSION_BRANCH_EXISTS=$(git ls-remote --heads origin refs/heads/bouncycastle_jca_${{ steps.versioning.outputs.version }} | wc -l) >> $GITHUB_ENV 57 | echo PR_EXISTS=$(gh pr list \ 58 | --repo "$GITHUB_REPOSITORY" \ 59 | --json baseRefName,headRefName \ 60 | --jq ' 61 | map(select(.baseRefName == "master" and .headRefName == "bouncycastle_jca_${{ steps.versioning.outputs.version }}")) 62 | | length 63 | ') >> $GITHUB_ENV 64 | env: 65 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 66 | # If the branch "bouncycastle_jca_" does not exist, create the branch and update the version in all files 67 | - name: Create branch and update BouncyCastle-JCA version 68 | if: ${{ env.VERSION_BRANCH_EXISTS == '0' }} 69 | run: | 70 | git config --global user.email "github-actions[bot]@users.noreply.github.com" 71 | git config --global user.name "github-actions[bot]" 72 | git checkout -b bouncycastle_jca_${{ steps.versioning.outputs.version }} 73 | mvn -f BouncyCastle-JCA build-helper:parse-version versions:set -DnewVersion=\${{ steps.versioning.outputs.version }} versions:commit 74 | git ls-files | grep 'pom.xml$' | xargs git add 75 | git commit --allow-empty -am "Update BouncyCastle-JCA version to ${{ steps.versioning.outputs.version }}" 76 | git push origin bouncycastle_jca_${{ steps.versioning.outputs.version }} 77 | # If a PR "bouncycastle_jca_" -> "master" does not exist, create the PR 78 | - name: Open pull request for version update 79 | if: ${{ env.PR_EXISTS == '0' }} 80 | run: | 81 | gh pr create -B master -H bouncycastle_jca_${{ steps.versioning.outputs.version }} -t "Update BouncyCastle-JCA version to ${{ steps.versioning.outputs.version }}" -b "This PR was created by the version-update workflow. Please make sure to delete the branch after merging, otherwise future workflows might fail." 82 | env: 83 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 84 | 85 | bouncycastle-jca-version-release: 86 | # This job runs only on merged PRs, which were opened by the version-update job and have "BouncyCastle-JCA version" in the title 87 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login == 'github-actions[bot]' && contains(github.event.pull_request.title, 'BouncyCastle-JCA version') }} 88 | runs-on: ubuntu-latest 89 | steps: 90 | - name: Checkout source code 91 | uses: actions/checkout@v3 92 | with: 93 | fetch-depth: 0 94 | # Semantic versioning 95 | - name: Semantic versioning 96 | id: versioning 97 | uses: paulhatch/semantic-version@v5.1.0 98 | with: 99 | tag_prefix: "" 100 | # A string which, if present in a git commit, indicates that a change represents a 101 | # major (breaking) change 102 | major_pattern: "(MAJOR-BC-JCA)" 103 | # Same as above except indicating a minor change 104 | minor_pattern: "(MINOR-BC-JCA)" 105 | # A string to determine the format of the version output 106 | version_format: "${major}.${minor}.${patch}" 107 | # Run the version update only, if there are changes in the BouncyCastle-JCA directory 108 | change_path: "BouncyCastle-JCA" 109 | # Consider only tags/versions, which end with 'bc-jca' 110 | namespace: "bc-jca" 111 | # Create a tag with the newest version to prepare a release 112 | - name: Create tag for new BouncyCastle-JCA version 113 | run: | 114 | git config --global user.email "${{ github.actor }}@users.noreply.github.com" 115 | git config --global user.name "${{ github.actor }}" 116 | git tag -a ${{ steps.versioning.outputs.version }}-bc-jca -m "BouncyCastle-JCA version ${{ steps.versioning.outputs.version }}" 117 | git push origin ${{ steps.versioning.outputs.version }}-bc-jca -------------------------------------------------------------------------------- /.github/workflows/bouncycastle_version.yml: -------------------------------------------------------------------------------- 1 | name: BouncyCastle version handling 2 | 3 | on: 4 | pull_request: 5 | types: 6 | - closed 7 | branches: 8 | - master 9 | paths: 10 | - BouncyCastle/** 11 | 12 | jobs: 13 | bouncycastle-version-update: 14 | # This job does not run on self-opened PRs 15 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login != 'github-actions[bot]'}} 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout source code 19 | uses: actions/checkout@v3 20 | with: 21 | fetch-depth: 0 22 | # Sets up Java version 23 | - name: Set up Java 24 | uses: actions/setup-java@v3 25 | with: 26 | distribution: 'adopt' 27 | java-package: jdk 28 | java-version: '11' 29 | # Sets up Maven version 30 | - name: Set up Maven 31 | uses: stCarolas/setup-maven@v4.5 32 | with: 33 | maven-version: 3.6.3 34 | # Semantic versioning 35 | - name: Semantic versioning 36 | id: versioning 37 | uses: paulhatch/semantic-version@v5.1.0 38 | with: 39 | tag_prefix: "" 40 | # A string which, if present in a git commit, indicates that a change represents a 41 | # major (breaking) change 42 | major_pattern: "(MAJOR-BC)" 43 | # Same as above except indicating a minor change 44 | minor_pattern: "(MINOR-BC)" 45 | # A string to determine the format of the version output 46 | version_format: "${major}.${minor}.${patch}" 47 | # Run the version update only, if there are changes in the BouncyCastle directory 48 | change_path: "BouncyCastle" 49 | # Consider only tags/versions, which end with 'bc' 50 | namespace: "bc" 51 | # Check, whether there is an existing branch "bouncycastle_" or an open PR "bouncycastle_" -> "master" 52 | # and store the results as environment variables 53 | - name: Check if branch and PR exist 54 | # The second command was copied from https://stackoverflow.com/questions/73812503/github-action-stop-the-action-if-pr-already-exists 55 | run: | 56 | echo VERSION_BRANCH_EXISTS=$(git ls-remote --heads origin refs/heads/bouncycastle_${{ steps.versioning.outputs.version }} | wc -l) >> $GITHUB_ENV 57 | echo PR_EXISTS=$(gh pr list \ 58 | --repo "$GITHUB_REPOSITORY" \ 59 | --json baseRefName,headRefName \ 60 | --jq ' 61 | map(select(.baseRefName == "master" and .headRefName == "bouncycastle_${{ steps.versioning.outputs.version }}")) 62 | | length 63 | ') >> $GITHUB_ENV 64 | env: 65 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 66 | # If the branch "bouncycastle_" does not exist, create the branch and update the version in all files 67 | - name: Create branch and update BouncyCastle version 68 | if: ${{ env.VERSION_BRANCH_EXISTS == '0' }} 69 | run: | 70 | git config --global user.email "github-actions[bot]@users.noreply.github.com" 71 | git config --global user.name "github-actions[bot]" 72 | git checkout -b bouncycastle_${{ steps.versioning.outputs.version }} 73 | mvn -f BouncyCastle build-helper:parse-version versions:set -DnewVersion=\${{ steps.versioning.outputs.version }} versions:commit 74 | git ls-files | grep 'pom.xml$' | xargs git add 75 | git commit --allow-empty -am "Update BouncyCastle version to ${{ steps.versioning.outputs.version }}" 76 | git push origin bouncycastle_${{ steps.versioning.outputs.version }} 77 | # If a PR "bouncycastle_" -> "master" does not exist, create the PR 78 | - name: Open pull request for version update 79 | if: ${{ env.PR_EXISTS == '0' }} 80 | run: | 81 | gh pr create -B master -H bouncycastle_${{ steps.versioning.outputs.version }} -t "Update BouncyCastle version to ${{ steps.versioning.outputs.version }}" -b "This PR was created by the version-update workflow. Please make sure to delete the branch after merging, otherwise future workflows might fail." 82 | env: 83 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 84 | 85 | bouncycastle-version-release: 86 | # This job runs only on merged PRs, which were opened by the version-update job and have "BouncyCastle version" in the title 87 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login == 'github-actions[bot]' && contains(github.event.pull_request.title, 'BouncyCastle version') }} 88 | runs-on: ubuntu-latest 89 | steps: 90 | - name: Checkout source code 91 | uses: actions/checkout@v3 92 | with: 93 | fetch-depth: 0 94 | # Semantic versioning 95 | - name: Semantic versioning 96 | id: versioning 97 | uses: paulhatch/semantic-version@v5.1.0 98 | with: 99 | tag_prefix: "" 100 | # A string which, if present in a git commit, indicates that a change represents a 101 | # major (breaking) change 102 | major_pattern: "(MAJOR-BC)" 103 | # Same as above except indicating a minor change 104 | minor_pattern: "(MINOR-BC)" 105 | # A string to determine the format of the version output 106 | version_format: "${major}.${minor}.${patch}" 107 | # Run the version update only, if there are changes in the BouncyCastle directory 108 | change_path: "BouncyCastle" 109 | # Consider only tags/versions, which end with 'bc' 110 | namespace: "bc" 111 | # Create a tag with the newest version to prepare a release 112 | - name: Create tag for new BouncyCastle version 113 | run: | 114 | git config --global user.email "${{ github.actor }}@users.noreply.github.com" 115 | git config --global user.name "${{ github.actor }}" 116 | git tag -a ${{ steps.versioning.outputs.version }}-bc -m "BouncyCastle version ${{ steps.versioning.outputs.version }}" 117 | git push origin ${{ steps.versioning.outputs.version }}-bc -------------------------------------------------------------------------------- /.github/workflows/deploy_bouncycastle.yml: -------------------------------------------------------------------------------- 1 | name: Deploy BouncyCastle 2 | 3 | on: 4 | workflow_dispatch: 5 | branches: [master] 6 | 7 | jobs: 8 | deployment: 9 | runs-on: ubuntu-latest 10 | environment: Deploy 11 | name: BouncyCastle deployment 12 | steps: 13 | - name: Checkout source code 14 | uses: actions/checkout@v3 15 | # Sets up Java version 16 | - name: Set up Java 17 | uses: actions/setup-java@v3 18 | with: 19 | distribution: 'adopt' 20 | java-package: 'jdk' 21 | java-version: '11' 22 | server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin 23 | server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name 24 | server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw 25 | gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret 26 | gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase 27 | # Sets up Maven version 28 | - name: Set up Maven 29 | uses: stCarolas/setup-maven@v4.5 30 | with: 31 | maven-version: 3.6.3 32 | - name: Build & Deploy BouncyCastle 33 | run: mvn -f BouncyCastle -B -U clean deploy -Pdeployment 34 | env: 35 | SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} 36 | OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }} 37 | OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }} 38 | -------------------------------------------------------------------------------- /.github/workflows/deploy_bouncycastle_jca.yml: -------------------------------------------------------------------------------- 1 | name: Deploy BouncyCastle-JCA 2 | 3 | on: 4 | workflow_dispatch: 5 | branches: [master] 6 | 7 | jobs: 8 | deployment: 9 | runs-on: ubuntu-latest 10 | environment: Deploy 11 | name: BouncyCastle-JCA deployment 12 | steps: 13 | - name: Checkout source code 14 | uses: actions/checkout@v3 15 | # Sets up Java version 16 | - name: Set up Java 17 | uses: actions/setup-java@v3 18 | with: 19 | distribution: 'adopt' 20 | java-package: 'jdk' 21 | java-version: '11' 22 | server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin 23 | server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name 24 | server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw 25 | gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret 26 | gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase 27 | # Sets up Maven version 28 | - name: Set up Maven 29 | uses: stCarolas/setup-maven@v4.5 30 | with: 31 | maven-version: 3.6.3 32 | - name: Build & Deploy BouncyCastle-JCA 33 | run: mvn -f BouncyCastle-JCA -B -U clean deploy -Pdeployment 34 | env: 35 | SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} 36 | OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }} 37 | OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }} 38 | -------------------------------------------------------------------------------- /.github/workflows/deploy_jca.yml: -------------------------------------------------------------------------------- 1 | name: Deploy JavaCryptographicArchitecture 2 | 3 | on: 4 | workflow_dispatch: 5 | branches: [master] 6 | 7 | jobs: 8 | deployment: 9 | runs-on: ubuntu-latest 10 | environment: Deploy 11 | name: JavaCryptographicArchitecture deployment 12 | steps: 13 | - name: Checkout source code 14 | uses: actions/checkout@v3 15 | # Sets up Java version 16 | - name: Set up Java 17 | uses: actions/setup-java@v3 18 | with: 19 | distribution: 'adopt' 20 | java-package: 'jdk' 21 | java-version: '11' 22 | server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin 23 | server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name 24 | server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw 25 | gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret 26 | gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase 27 | # Sets up Maven version 28 | - name: Set up Maven 29 | uses: stCarolas/setup-maven@v4.5 30 | with: 31 | maven-version: 3.6.3 32 | - name: Build & Deploy JavaCryptographicArchitecture 33 | run: mvn -f JavaCryptographicArchitecture -B -U clean deploy -Pdeployment 34 | env: 35 | SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} 36 | OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }} 37 | OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }} 38 | -------------------------------------------------------------------------------- /.github/workflows/deploy_tink.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Tink 2 | 3 | on: 4 | workflow_dispatch: 5 | branches: [master] 6 | 7 | jobs: 8 | deployment: 9 | runs-on: ubuntu-latest 10 | environment: Deploy 11 | name: Tink deployment 12 | steps: 13 | - name: Checkout source code 14 | uses: actions/checkout@v3 15 | # Sets up Java version 16 | - name: Set up Java 17 | uses: actions/setup-java@v3 18 | with: 19 | distribution: 'adopt' 20 | java-package: 'jdk' 21 | java-version: '11' 22 | server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin 23 | server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name 24 | server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw 25 | gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret 26 | gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase 27 | # Sets up Maven version 28 | - name: Set up Maven 29 | uses: stCarolas/setup-maven@v4.5 30 | with: 31 | maven-version: 3.6.3 32 | - name: Build & Deploy Tink 33 | run: mvn -f Tink -B -U clean deploy -Pdeployment 34 | env: 35 | SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} 36 | OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }} 37 | OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }} 38 | -------------------------------------------------------------------------------- /.github/workflows/jca_version.yml: -------------------------------------------------------------------------------- 1 | name: JavaCryptographicArchitecture version handling 2 | 3 | on: 4 | pull_request: 5 | types: 6 | - closed 7 | branches: 8 | - master 9 | paths: 10 | - JavaCryptographicArchitecture/** 11 | 12 | jobs: 13 | jca-version-update: 14 | # This job does not run on self-opened PRs 15 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login != 'github-actions[bot]'}} 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout source code 19 | uses: actions/checkout@v3 20 | with: 21 | fetch-depth: 0 22 | # Sets up Java version 23 | - name: Set up Java 24 | uses: actions/setup-java@v3 25 | with: 26 | distribution: 'adopt' 27 | java-package: jdk 28 | java-version: '11' 29 | # Sets up Maven version 30 | - name: Set up Maven 31 | uses: stCarolas/setup-maven@v4.5 32 | with: 33 | maven-version: 3.6.3 34 | # Semantic versioning 35 | - name: Semantic versioning 36 | id: versioning 37 | uses: paulhatch/semantic-version@v5.1.0 38 | with: 39 | tag_prefix: "" 40 | # A string which, if present in a git commit, indicates that a change represents a 41 | # major (breaking) change 42 | major_pattern: "(MAJOR-JCA)" 43 | # Same as above except indicating a minor change 44 | minor_pattern: "(MINOR-JCA)" 45 | # A string to determine the format of the version output 46 | version_format: "${major}.${minor}.${patch}" 47 | # Run the version update only, if there are changes in the JavaCryptographicArchitecture directory 48 | change_path: "JavaCryptographicArchitecture" 49 | # Consider only tags/versions, which end with 'jca' 50 | namespace: "jca" 51 | # Check, whether there is an existing branch "jca_" or an open PR "jca_" -> "master" 52 | # and store the results as environment variables 53 | - name: Check if branch and PR exist 54 | # The second command was copied from https://stackoverflow.com/questions/73812503/github-action-stop-the-action-if-pr-already-exists 55 | run: | 56 | echo VERSION_BRANCH_EXISTS=$(git ls-remote --heads origin refs/heads/jca_${{ steps.versioning.outputs.version }} | wc -l) >> $GITHUB_ENV 57 | echo PR_EXISTS=$(gh pr list \ 58 | --repo "$GITHUB_REPOSITORY" \ 59 | --json baseRefName,headRefName \ 60 | --jq ' 61 | map(select(.baseRefName == "master" and .headRefName == "jca_${{ steps.versioning.outputs.version }}")) 62 | | length 63 | ') >> $GITHUB_ENV 64 | env: 65 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 66 | # If the branch "jca_" does not exist, create the branch and update the version in all files 67 | - name: Create branch and update JavaCryptographicArchitecture version 68 | if: ${{ env.VERSION_BRANCH_EXISTS == '0' }} 69 | run: | 70 | git config --global user.email "github-actions[bot]@users.noreply.github.com" 71 | git config --global user.name "github-actions[bot]" 72 | git checkout -b jca_${{ steps.versioning.outputs.version }} 73 | mvn -f JavaCryptographicArchitecture build-helper:parse-version versions:set -DnewVersion=\${{ steps.versioning.outputs.version }} versions:commit 74 | git ls-files | grep 'pom.xml$' | xargs git add 75 | git commit --allow-empty -am "Update JavaCryptographicArchitecture version to ${{ steps.versioning.outputs.version }}" 76 | git push origin jca_${{ steps.versioning.outputs.version }} 77 | # If a PR "jca_" -> "master" does not exist, create the PR 78 | - name: Open pull request for version update 79 | if: ${{ env.PR_EXISTS == '0' }} 80 | run: | 81 | gh pr create -B master -H jca_${{ steps.versioning.outputs.version }} -t "Update JavaCryptographicArchitecture version to ${{ steps.versioning.outputs.version }}" -b "This PR was created by the version-update workflow. Please make sure to delete the branch after merging, otherwise future workflows might fail." 82 | env: 83 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 84 | 85 | jca-version-release: 86 | # This job runs only on merged PRs, which were opened by the version-update job and have "JavaCryptographicArchitecture version" in the title 87 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login == 'github-actions[bot]' && contains(github.event.pull_request.title, 'JavaCryptographicArchitecture version') }} 88 | runs-on: ubuntu-latest 89 | steps: 90 | - name: Checkout source code 91 | uses: actions/checkout@v3 92 | with: 93 | fetch-depth: 0 94 | # Semantic versioning 95 | - name: Semantic versioning 96 | id: versioning 97 | uses: paulhatch/semantic-version@v5.1.0 98 | with: 99 | tag_prefix: "" 100 | # A string which, if present in a git commit, indicates that a change represents a 101 | # major (breaking) change 102 | major_pattern: "(MAJOR-JCA)" 103 | # Same as above except indicating a minor change 104 | minor_pattern: "(MINOR-JCA)" 105 | # A string to determine the format of the version output 106 | version_format: "${major}.${minor}.${patch}" 107 | # Run the version update only, if there are changes in the JavaCryptographicArchitecture directory 108 | change_path: "JavaCryptographicArchitecture" 109 | # Consider only tags/versions, which end with 'jca' 110 | namespace: "jca" 111 | # Create a tag with the newest version to prepare a release 112 | - name: Create tag for new JavaCryptographicArchitecture version 113 | run: | 114 | git config --global user.email "${{ github.actor }}@users.noreply.github.com" 115 | git config --global user.name "${{ github.actor }}" 116 | git tag -a ${{ steps.versioning.outputs.version }}-jca -m "JavaCryptographicArchitecture version ${{ steps.versioning.outputs.version }}" 117 | git push origin ${{ steps.versioning.outputs.version }}-jca -------------------------------------------------------------------------------- /.github/workflows/rule_correctness_test.yml: -------------------------------------------------------------------------------- 1 | name: Validate CrySL Rules 2 | 3 | on: 4 | pull_request: 5 | 6 | jobs: 7 | Validation: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout source code 11 | uses: actions/checkout@v4 12 | - name: Set up JDK 17 13 | uses: actions/setup-java@v4 14 | with: 15 | distribution: temurin 16 | java-package: jdk 17 | java-version: 17 18 | - name: Validate Rules with Maven 19 | run: mvn clean test -f RuleCorrectnessTests 20 | -------------------------------------------------------------------------------- /.github/workflows/tink_version.yml: -------------------------------------------------------------------------------- 1 | name: Tink version handling 2 | 3 | on: 4 | pull_request: 5 | types: 6 | - closed 7 | branches: 8 | - master 9 | paths: 10 | - Tink/** 11 | 12 | jobs: 13 | tink-version-update: 14 | # This job does not run on self-opened PRs 15 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login != 'github-actions[bot]'}} 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout source code 19 | uses: actions/checkout@v3 20 | with: 21 | fetch-depth: 0 22 | # Sets up Java version 23 | - name: Set up Java 24 | uses: actions/setup-java@v3 25 | with: 26 | distribution: 'adopt' 27 | java-package: jdk 28 | java-version: '11' 29 | # Sets up Maven version 30 | - name: Set up Maven 31 | uses: stCarolas/setup-maven@v4.5 32 | with: 33 | maven-version: 3.6.3 34 | # Semantic versioning 35 | - name: Semantic versioning 36 | id: versioning 37 | uses: paulhatch/semantic-version@v5.1.0 38 | with: 39 | tag_prefix: "" 40 | # A string which, if present in a git commit, indicates that a change represents a 41 | # major (breaking) change 42 | major_pattern: "(MAJOR-TINK)" 43 | # Same as above except indicating a minor change 44 | minor_pattern: "(MINOR-TINK)" 45 | # A string to determine the format of the version output 46 | version_format: "${major}.${minor}.${patch}" 47 | # Run the version update only, if there are changes in the Tink directory 48 | change_path: "Tink" 49 | # Consider only tags/versions, which end with 'tink' 50 | namespace: "tink" 51 | # Check, whether there is an existing branch "tink_" or an open PR "tink_" -> "master" 52 | # and store the results as environment variables 53 | - name: Check if branch and PR exist 54 | # The second command was copied from https://stackoverflow.com/questions/73812503/github-action-stop-the-action-if-pr-already-exists 55 | run: | 56 | echo VERSION_BRANCH_EXISTS=$(git ls-remote --heads origin refs/heads/tink_${{ steps.versioning.outputs.version }} | wc -l) >> $GITHUB_ENV 57 | echo PR_EXISTS=$(gh pr list \ 58 | --repo "$GITHUB_REPOSITORY" \ 59 | --json baseRefName,headRefName \ 60 | --jq ' 61 | map(select(.baseRefName == "master" and .headRefName == "tink_${{ steps.versioning.outputs.version }}")) 62 | | length 63 | ') >> $GITHUB_ENV 64 | env: 65 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 66 | # If the branch "tink_" does not exist, create the branch and update the version in all files 67 | - name: Create branch and update Tink version 68 | if: ${{ env.VERSION_BRANCH_EXISTS == '0' }} 69 | run: | 70 | git config --global user.email "github-actions[bot]@users.noreply.github.com" 71 | git config --global user.name "github-actions[bot]" 72 | git checkout -b tink_${{ steps.versioning.outputs.version }} 73 | mvn -f Tink build-helper:parse-version versions:set -DnewVersion=\${{ steps.versioning.outputs.version }} versions:commit 74 | git ls-files | grep 'pom.xml$' | xargs git add 75 | git commit --allow-empty -am "Update Tink version to ${{ steps.versioning.outputs.version }}" 76 | git push origin tink_${{ steps.versioning.outputs.version }} 77 | # If a PR "tink_" -> "master" does not exist, create the PR 78 | - name: Open pull request for version update 79 | if: ${{ env.PR_EXISTS == '0' }} 80 | run: | 81 | gh pr create -B master -H tink_${{ steps.versioning.outputs.version }} -t "Update Tink version to ${{ steps.versioning.outputs.version }}" -b "This PR was created by the version-update workflow. Please make sure to delete the branch after merging, otherwise future workflows might fail." 82 | env: 83 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 84 | 85 | tink-version-release: 86 | # This job runs only on merged PRs, which were opened by the version-update job and have "Tink version" in the title 87 | if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login == 'github-actions[bot]' && contains(github.event.pull_request.title, 'Tink version') }} 88 | runs-on: ubuntu-latest 89 | steps: 90 | - name: Checkout source code 91 | uses: actions/checkout@v3 92 | with: 93 | fetch-depth: 0 94 | # Semantic versioning 95 | - name: Semantic versioning 96 | id: versioning 97 | uses: paulhatch/semantic-version@v5.1.0 98 | with: 99 | tag_prefix: "" 100 | # A string which, if present in a git commit, indicates that a change represents a 101 | # major (breaking) change 102 | major_pattern: "(MAJOR-TINK)" 103 | # Same as above except indicating a minor change 104 | minor_pattern: "(MINOR-TINK)" 105 | # A string to determine the format of the version output 106 | version_format: "${major}.${minor}.${patch}" 107 | # Run the version update only, if there are changes in the Tink directory 108 | change_path: "Tink" 109 | # Consider only tags/versions, which end with 'tink' 110 | namespace: "tink" 111 | # Create a tag with the newest version to prepare a release 112 | - name: Create tag for new Tink version 113 | run: | 114 | git config --global user.email "${{ github.actor }}@users.noreply.github.com" 115 | git config --global user.name "${{ github.actor }}" 116 | git tag -a ${{ steps.versioning.outputs.version }}-tink -m "Tink version ${{ steps.versioning.outputs.version }}" 117 | git push origin ${{ steps.versioning.outputs.version }}-tink -------------------------------------------------------------------------------- /BouncyCastle-JCA/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | .settings/ 3 | .classpath 4 | .project 5 | .DS_Store 6 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/README.md: -------------------------------------------------------------------------------- 1 | # CrySL Rules for BouncyCastle 2 | 3 | This project contains rules for BouncyCastle's JCA API. 4 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/assembly/rules.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | ruleset 9 | 10 | zip 11 | 12 | ${artifactId} 13 | 14 | 15 | / 16 | src 17 | 18 | *.crysl 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/pom.xml: -------------------------------------------------------------------------------- 1 | 4 | 4.0.0 5 | de.paderborn.uni 6 | BouncyCastle-JCA 7 | 3.1.5 8 | CrySL Rules Bundle 9 | 10 | 11 | Eclipse Public License - v2.0 12 | https://www.eclipse.org/legal/epl-2.0/ 13 | 14 | 15 | 16 | 17 | CogniCrypt 18 | CogniCrypt 19 | cognicrypt@eim.upb.de 20 | 21 | 22 | 23 | scm:git:git@github.com:CROSSINGTUD/Crypto-API-Rules.git 24 | scm:git:ssh://github.com:CROSSINGTUD/Crypto-API-Rules.git 25 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/BouncyCastle-JCA 26 | 27 | 28 | BouncyCastle-JCA CrySL ruleset 29 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/BouncyCastle-JCA 30 | 31 | 32 | 33 | deployment 34 | 35 | 36 | 37 | org.apache.maven.plugins 38 | maven-source-plugin 39 | 3.3.1 40 | 41 | 42 | attach-source 43 | 44 | jar 45 | 46 | 47 | 48 | 49 | 50 | org.apache.maven.plugins 51 | maven-gpg-plugin 52 | 3.2.7 53 | 54 | 55 | sign-artifacts 56 | verify 57 | 58 | sign 59 | 60 | 61 | 62 | --pinentry-mode 63 | loopback 64 | 65 | 66 | 67 | 68 | 69 | 70 | maven-release-plugin 71 | 3.1.1 72 | 73 | @{project.version} 74 | 75 | 76 | 77 | org.sonatype.plugins 78 | nexus-staging-maven-plugin 79 | 1.7.0 80 | true 81 | 82 | ossrh 83 | https://s01.oss.sonatype.org 84 | true 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | src 94 | 95 | 96 | org.apache.maven.plugins 97 | maven-assembly-plugin 98 | 99 | 100 | create-distribution 101 | package 102 | 103 | single 104 | 105 | 106 | 107 | assembly/rules.xml 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | org.bouncycastle 120 | bcprov-jdk18on 121 | 1.80 122 | 123 | 124 | 125 | 126 | 127 | ossrh 128 | https://s01.oss.sonatype.org/content/repositories/snapshots/ 129 | 130 | 131 | ossrh 132 | https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ 133 | 134 | 135 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/AlgorithmParameterGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.AlgorithmParameterGenerator 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.AlgorithmParameters algParams; 6 | java.security.spec.AlgorithmParameterSpec genParamSpec; 7 | java.security.SecureRandom random; 8 | int size; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(size); 16 | i2: init(size, random); 17 | i3: init(genParamSpec); 18 | i4: init(genParamSpec, random); 19 | Init := i1 | i2 | i3 | i4; 20 | 21 | gp1: algParams = generateParameters(); 22 | GenParam := gp1; 23 | 24 | ORDER 25 | Get, Init, GenParam 26 | 27 | CONSTRAINTS 28 | algorithm in {"AES", "Camellia", "Shacal2", "Shacal-2", "DH", "DiffieHellman", "DSA", "ElGamal"}; 29 | algorithm in {"DH", "DiffieHellman", "DSA", "ElGamal"} => size in {3072}; 30 | algorithm in {"AES", "Camellia", "Shacal2", "Shacal-2" } => size in {128, 192, 256}; 31 | 32 | REQUIRES 33 | randomized[random]; 34 | 35 | ENSURES 36 | preparedAlg[algParams, algorithm] after GenParam; 37 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/AlgorithmParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.AlgorithmParameters 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.spec.AlgorithmParameterSpec paramSpec; 6 | byte[] params; 7 | java.lang.String format; 8 | byte[] encParams; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(paramSpec); 16 | i2: init(params); 17 | i3: init(params, _); 18 | Init := i1 | i2 | i3; 19 | 20 | e1: encParams = getEncoded(); 21 | e2: encParams = getEncoded(format); 22 | GetEncoded := e1 | e2; 23 | 24 | ORDER 25 | Get, Init, GetEncoded? 26 | 27 | CONSTRAINTS 28 | algorithm in {"AES", "Camellia", "ChaCha7539", "DSA", "DiffieHellman", "DH", "EC", "ElGamal", "PBKDF2", "Rijndael", "Salsa20", "Tnepres", 29 | "Serpent", "SHACAL-2", "Shacal2", "Twofish", "XSalsa20", "OAEP", "PSS", "RSAPSS", "SHA256withRSA/PSS", "SHA384withRSA/PSS", 30 | "SHA512withRSA/PSS", "SHA256WITHRSAANDMGF1", "SHA386WITHRSAANDMGF1", "SHA512WITHRSAANDMGF1", "SHA3-256WITHRSAANDMGF1", 31 | "SHA3-386WITHRSAANDMGF1", "SHA3-512WITHRSAANDMGF1"}; 32 | 33 | REQUIRES 34 | preparedAlg[params, algorithm]; 35 | algorithm in {"AES", "Camellia", "ChaCha7539", "ElGamal", "PBKDF2", "Rijndael", "Salsa20", "Tnepres", "Serpent", "SHACAL-2", 36 | "Shacal2", "Twofish", "XSalsa20", "OAEP", "PSS", "RSAPSS", "SHA256withRSA/PSS", "SHA384withRSA/PSS", "SHA512withRSA/PSS", 37 | "SHA256WITHRSAANDMGF1", "SHA386WITHRSAANDMGF1", "SHA512WITHRSAANDMGF1", "SHA3-256WITHRSAANDMGF1", "SHA3-386WITHRSAANDMGF1", 38 | "SHA3-512WITHRSAANDMGF1"} => preparedIV[paramSpec]; 39 | algorithm in {"DiffieHellman", "DH"} => preparedDH[paramSpec]; 40 | algorithm in {"DSA"} => preparedDSA[paramSpec]; 41 | algorithm in {"EC"} => preparedEC[paramSpec]; 42 | algorithm in {"OAEP"} => preparedOAEP[paramSpec]; 43 | algorithm in {"PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", "PBEWithHmacSHA384AndAES_128", 44 | "PBEWithHmacSHA512AndAES_128", "PBEWithHmacSHA224AndAES_256", "PBEWithHmacSHA256AndAES_256", 45 | "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256"} => preparedPBE[paramSpec]; 46 | 47 | ENSURES 48 | preparedAlg[this, algorithm] after Init; 49 | preparedAlg[encParams, algorithm] after GetEncoded; 50 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/CertPathTrustManagerParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.CertPathTrustManagerParameters 2 | 3 | OBJECTS 4 | java.security.cert.CertPathParameters params; 5 | 6 | EVENTS 7 | c1: CertPathTrustManagerParameters(params); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | REQUIRES 14 | generatedCertPathParameters[params]; 15 | 16 | ENSURES 17 | generatedManagerFactoryParameters[this]; 18 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/CertificateFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.CertificateFactory 2 | 3 | OBJECTS 4 | java.io.InputStream inStream; 5 | java.lang.String encoding; 6 | java.lang.String type; 7 | 8 | EVENTS 9 | g1: getInstance(type); 10 | g2: getInstance(type, _); 11 | Get := g1 | g2; 12 | 13 | gc1: generateCertificate(inStream); 14 | GenCert := gc1; 15 | 16 | gen1: generateCertPath(inStream); 17 | gen2: generateCertPath(inStream, encoding); 18 | GenCertPath := gen1 | gen2; 19 | 20 | gcrl1: generateCRL(inStream); 21 | GenCRL := gcrl1; 22 | 23 | ORDER 24 | Get, (GenCert | GenCertPath | GenCRL)+ 25 | 26 | CONSTRAINTS 27 | type in {"X509", "X.509"}; 28 | encoding in {"PKCS7", "PkiPath"}; 29 | 30 | ENSURES 31 | generatedCert[type]; 32 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/Cipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.Cipher 2 | 3 | OBJECTS 4 | java.lang.String transformation; 5 | int encmode; 6 | java.security.Key key; 7 | java.security.cert.Certificate certificate; 8 | java.security.spec.AlgorithmParameterSpec paramSpec; 9 | java.security.AlgorithmParameters params; 10 | 11 | int prePlainTextOffset; 12 | int preCipherTextOffset; 13 | int plainTextOffset; 14 | int cipherTextOffset; 15 | int aadOffset; 16 | 17 | int prePlainTextLen; 18 | int plainTextLen; 19 | int aadLen; 20 | 21 | byte[] prePlainText; 22 | byte[] preCipherText; 23 | java.nio.ByteBuffer prePlainTextByteBuffer; 24 | java.nio.ByteBuffer preCipherTextByteBuffer; 25 | 26 | byte[] plainText; 27 | byte[] cipherText; 28 | byte[] wrappedKeyBytes; 29 | java.nio.ByteBuffer plainTextByteBuffer; 30 | java.nio.ByteBuffer cipherTextByteBuffer; 31 | 32 | byte[] aadBytes; 33 | java.nio.ByteBuffer aadByteBuffer; 34 | 35 | java.security.SecureRandom random; 36 | 37 | java.security.Key wrappedKey; 38 | 39 | EVENTS 40 | g1: getInstance(transformation); 41 | g2: getInstance(transformation, _); 42 | Get := g1 | g2; 43 | 44 | i1: init(encmode, certificate); 45 | i2: init(encmode, certificate, random); 46 | i3: init(encmode, key); 47 | i4: init(encmode, key, paramSpec); 48 | i5: init(encmode, key, params); 49 | i6: init(encmode, key, paramSpec, random); 50 | i7: init(encmode, key, params, random); 51 | i8: init(encmode, key, random); 52 | IWOIV := i1 | i2 | i3 | i8; 53 | IWIV := i4 | i5 | i6 | i7; 54 | Init := IWOIV | IWIV; 55 | 56 | u1: preCipherText = update(prePlainText); 57 | u2: preCipherText = update(prePlainText, prePlainTextOffset, prePlainTextLen); 58 | u3: update(prePlainText, prePlainTextOffset, prePlainTextLen, preCipherText); 59 | u4: update(prePlainText, prePlainTextOffset, prePlainTextLen, preCipherText, preCipherTextOffset); 60 | u5: update(prePlainTextByteBuffer, preCipherTextByteBuffer); 61 | Update := u1 | u2 | u3 | u4 | u5; 62 | 63 | ua1: updateAAD(aadBytes); 64 | ua2: updateAAD(aadBytes, aadOffset, aadLen); 65 | ua3: updateAAD(aadByteBuffer); 66 | AADUpdate := ua1 | ua2 | ua3; 67 | 68 | f1: cipherText = doFinal(); 69 | f2: cipherText = doFinal(plainText); 70 | f3: doFinal(cipherText, cipherTextOffset); 71 | f4: cipherText = doFinal(plainText, plainTextOffset, plainTextLen); 72 | f5: doFinal(plainText, plainTextOffset, plainTextLen, cipherText); 73 | f6: doFinal(plainText, plainTextOffset, plainTextLen, cipherText, cipherTextOffset); 74 | f7: doFinal(plainTextByteBuffer, cipherTextByteBuffer); 75 | FINWOU := f2 | f4 | f5 | f6 | f7; 76 | DoFinal := FINWOU | f1 | f3; 77 | 78 | wkb1: wrappedKeyBytes = wrap(wrappedKey); 79 | WKB := wkb1; 80 | 81 | ORDER 82 | Get, Init+, AADUpdate*, WKB+ | (FINWOU | (Update+, DoFinal))+ 83 | 84 | CONSTRAINTS 85 | instanceOf[key, java.security.PublicKey] || instanceOf[key, java.security.PrivateKey] || encmode in {3, 4} => alg(transformation) in {"RSA"}; 86 | instanceOf[key, javax.crypto.SecretKey] => alg(transformation) in {"AES", "RIJNDAEL", "ElGamal", 87 | "Twofish", "Camellia", "Serpent", "Tnepres", "Shacal2", "Shacal-2", "McEliece", 88 | "McEliecePointcheval", "McElieceKobaraImai", "McElieceFujisaki"}; 89 | noCallTo[Init] => alg(transformation) in {"AES", "RSA", "RIJNDAEL", "ElGamal", "Twofish", "Camellia", 90 | "Serpent", "Tnepres", "Shacal2", "Shacal-2", "McEliece", "McEliecePointcheval", "McElieceKobaraImai", 91 | "McElieceFujisaki"}; 92 | 93 | alg(transformation) in {"AES"} => mode(transformation) in { "GCM", "CTR", "CTS", "CFB", "OFB", "CCM"}; 94 | alg(transformation) in {"RIJNDAEL"} => mode(transformation) in { "GCM", "CTR", "CTS", "CFB", "OFB", "CCM"}; 95 | alg(transformation) in {"ElGamal"} => mode(transformation) in {"ECB"}; 96 | alg(transformation) in {"Serpent"} => mode(transformation) in { "CFB", "OFB"}; 97 | alg(transformation) in {"Tnepres"} => mode(transformation) in {"CFB", "OFB"}; 98 | 99 | alg(transformation) in {"ElGamal"} && mode(transformation) in {"ECB"} => pad(transformation) in {"PKCS1Padding"}; 100 | alg(transformation) in {"RSA"} && mode(transformation) in {""} => pad(transformation) in {""}; 101 | alg(transformation) in {"RSA"} && mode(transformation) in {"ECB"} => pad(transformation) in {"PKCS1Padding","OAEPWithMD5AndMGF1Padding", 102 | "OAEPWithSHA-224AndMGF1Padding", "OAEPWithSHA-256AndMGF1Padding", 103 | "OAEPWithSHA-384AndMGF1Padding", "OAEPWithSHA-512AndMGF1Padding"}; 104 | alg(transformation) in {"AES"} && mode(transformation) in {"GCM", "CTR", "CTS", "CFB", "OFB", "CCM"} => pad(transformation) in {"NoPadding"}; 105 | alg(transformation) in {"RIJNDAEL"} && mode(transformation) in {"GCM", "CTR", "CTS", "CFB", "OFB", "CCM"} => pad(transformation) in {"NoPadding"}; 106 | alg(transformation) in {"Serpent"} && mode(transformation) in {"CFB", "OFB"} => pad(transformation) in {"NoPadding"}; 107 | alg(transformation) in {"Tnepres"} && mode(transformation) in {"CFB", "OFB"} => pad(transformation) in {"NoPadding"}; 108 | 109 | mode(transformation) in { "CTR", "CTS", "CFB", "OFB", "CCM"} && encmode != 1 => noCallTo[IWOIV]; 110 | mode(transformation) in {"CTR", "CTS", "CFB", "ECB", "OFB"} => noCallTo[AADUpdate]; 111 | 112 | encmode in {1,2,3,4}; 113 | length[prePlainText] >= prePlainTextOffset + prePlainTextLen; 114 | length[preCipherText] >= preCipherTextOffset; 115 | prePlainTextOffset >= 0; 116 | prePlainTextLen > 0; 117 | preCipherTextOffset >= 0; 118 | length[plainText] >= plainTextOffset + plainTextLen; 119 | length[cipherText] >= cipherTextOffset; 120 | plainTextOffset >= 0; 121 | plainTextLen > 0; 122 | cipherTextOffset >= 0; 123 | 124 | REQUIRES 125 | generatedKey[key, alg(transformation)] || generatedPubkey[key] || generatedPrivkey[key]; 126 | randomized[random]; 127 | preparedAlg[params, alg(transformation)]; 128 | !macced[this, plainText]; 129 | mode(transformation) in {"CTR", "CTS", "CFB", "OFB"} && encmode == 1 => preparedIV[paramSpec]; 130 | mode(transformation) in {"GCM"} => preparedGCM[paramSpec]; 131 | mode(transformation) in {"OAEPWithMD5AndMGF1Padding", "OAEPWithSHA-224AndMGF1Padding", "OAEPWithSHA-256AndMGF1Padding", 132 | "OAEPWithSHA-384AndMGF1Padding", "OAEPWithSHA-512AndMGF1Padding"} => preparedOAEP[paramSpec]; 133 | 134 | ENSURES 135 | generatedCipher[this] after Init; 136 | encrypted[preCipherText, prePlainText] after Update; 137 | encrypted[cipherText, plainText]; 138 | encrypted[cipherTextByteBuffer, plainTextByteBuffer]; 139 | wrappedKey[wrappedKeyBytes, wrappedKey]; 140 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/CipherInputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.CipherInputStream 2 | 3 | OBJECTS 4 | java.io.InputStream inputStream; 5 | javax.crypto.Cipher cipher; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | 10 | EVENTS 11 | c1: CipherInputStream(inputStream, cipher); 12 | Con := c1; 13 | 14 | r1: read(); 15 | r2: read(data); 16 | r3: read(data, offset, len); 17 | Read := r1 | r2 | r3; 18 | 19 | cl1: close(); 20 | Close := cl1; 21 | 22 | ORDER 23 | Con, Read+, Close 24 | 25 | CONSTRAINTS 26 | length[data] >= offset + len; 27 | offset >= 0; 28 | len > 0; 29 | 30 | 31 | 32 | REQUIRES 33 | generatedCipher[cipher]; 34 | 35 | ENSURES 36 | cipheredInputStream[inputStream, cipher]; 37 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/CipherOutputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.CipherOutputStream 2 | 3 | OBJECTS 4 | java.io.OutputStream outputStream; 5 | javax.crypto.Cipher cipher; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | int specifiedByte; 10 | 11 | EVENTS 12 | c1: CipherOutputStream(outputStream, cipher); 13 | Con := c1; 14 | 15 | w1: write(specifiedByte); 16 | w2: write(data); 17 | w3: write(data, offset, len); 18 | Write := w1 | w2 | w3; 19 | 20 | cl1: close(); 21 | Close := cl1; 22 | 23 | ORDER 24 | Con, Write+, Close 25 | 26 | CONSTRAINTS 27 | length[data] >= offset + len; 28 | offset >= 0; 29 | len > 0; 30 | 31 | REQUIRES 32 | generatedCipher[cipher]; 33 | 34 | ENSURES 35 | cipheredOutputStream[outputStream, cipher]; 36 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/DHGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.DHGenParameterSpec 2 | 3 | OBJECTS 4 | int primeSize; 5 | int exponentSize; 6 | 7 | EVENTS 8 | c1: DHGenParameterSpec(primeSize, exponentSize); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | CONSTRAINTS 15 | exponentSize < primeSize; 16 | 17 | ENSURES 18 | preparedDH[this]; 19 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/DHParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.DHParameterSpec 2 | 3 | OBJECTS 4 | java.math.BigInteger p; 5 | java.math.BigInteger g; 6 | int l; 7 | 8 | EVENTS 9 | c1: DHParameterSpec(p, g); 10 | c2: DHParameterSpec(p, g, l); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | p >= 1^2048; 18 | g >= 1^2048; 19 | 20 | ENSURES 21 | preparedDH[this]; 22 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/DSAGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.DSAGenParameterSpec 2 | 3 | OBJECTS 4 | int primePLen; 5 | int subPrimeQLen; 6 | int seedLen; 7 | 8 | EVENTS 9 | c1: DSAGenParameterSpec(primePLen, subPrimeQLen); 10 | c2: DSAGenParameterSpec(primePLen, subPrimeQLen, seedLen); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | primePLen in {3072}; //BSI TR-02102-1 page 53 18 | subPrimeQLen in {256}; 19 | primePLen in {3072} => subPrimeQLen in {256}; 20 | 21 | ENSURES 22 | preparedDSA[this]; 23 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/DSAParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.DSAParameterSpec 2 | 3 | OBJECTS 4 | java.math.BigInteger p; 5 | java.math.BigInteger q; 6 | java.math.BigInteger g; 7 | 8 | EVENTS 9 | c1: DSAParameterSpec(p, q, g); 10 | Con := c1; 11 | 12 | ORDER 13 | Con 14 | 15 | CONSTRAINTS 16 | p >= 1^2048; 17 | g >= 1^2048; 18 | 19 | ENSURES 20 | preparedDSA[this]; 21 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/DigestInputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.DigestInputStream 2 | 3 | OBJECTS 4 | java.io.InputStream stream; 5 | java.security.MessageDigest digest; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | 10 | FORBIDDEN 11 | on(boolean) ; 12 | 13 | EVENTS 14 | c1: DigestInputStream(stream, digest); 15 | Con := c1; 16 | 17 | r1: read(); 18 | r2: read(data, offset, len); 19 | Read := r1 | r2; 20 | 21 | cl1: close(); 22 | Close := cl1; 23 | 24 | ORDER 25 | Con, Read+, Close 26 | 27 | CONSTRAINTS 28 | length[data] >= offset + len; 29 | offset >= 0; 30 | len > 0; 31 | 32 | REQUIRES 33 | generatedMessageDigest[digest]; 34 | 35 | ENSURES 36 | digestedInputStream[stream, digest]; 37 | 38 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/DigestOutputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.DigestOutputStream 2 | 3 | OBJECTS 4 | java.io.OutputStream stream; 5 | java.security.MessageDigest digest; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | int specifiedByte; 10 | 11 | FORBIDDEN 12 | on(boolean) ; 13 | 14 | EVENTS 15 | c1: DigestOutputStream(stream, digest); 16 | Con := c1; 17 | 18 | r1: write(specifiedByte); 19 | r2: write(data, offset, len); 20 | Write := r1 | r2; 21 | 22 | cl1: close(); 23 | Close := cl1; 24 | 25 | ORDER 26 | Con, Write+, Close 27 | 28 | CONSTRAINTS 29 | length[data] >= offset + len; 30 | offset >= 0; 31 | len > 0; 32 | 33 | REQUIRES 34 | generatedMessageDigest[digest]; 35 | 36 | ENSURES 37 | digestedOutputStream[stream, digest]; 38 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/ECGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.ECGenParameterSpec 2 | 3 | OBJECTS 4 | java.lang.String stdName; 5 | 6 | EVENTS 7 | c1: ECGenParameterSpec(stdName); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | CONSTRAINTS 14 | stdName in {"brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", 15 | "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 16 | "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", 17 | "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 18 | "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 19 | "secp224r1", "NIST P-224", "1.3.132.0.33", 20 | "secp256r1", "NIST P-256", "X9.62 prime256v1" ,"1.2.840.10045.3.1.7", 21 | "secp384r1", "NIST P-384", "1.3.132.0.34", 22 | "secp521r1", "NIST P-521", "1.3.132.0.35"}; 23 | 24 | ENSURES 25 | preparedEC[this]; 26 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/ECParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.ECParameterSpec 2 | 3 | OBJECTS 4 | java.security.spec.EllipticCurve curve; 5 | java.security.spec.ECPoint g; 6 | java.math.BigInteger n; 7 | int h; 8 | 9 | EVENTS 10 | c1: ECParameterSpec(curve, g, n, h); 11 | Con := c1; 12 | 13 | ORDER 14 | Con 15 | 16 | ENSURES 17 | preparedEC[this]; 18 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/GCMParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.GCMParameterSpec 2 | 3 | OBJECTS 4 | int tagLen; 5 | byte[] src; 6 | int offset; 7 | int len; 8 | 9 | EVENTS 10 | c1: GCMParameterSpec(tagLen, src); 11 | c2: GCMParameterSpec(tagLen, src, offset, len); 12 | Con := c1 | c2; 13 | 14 | ORDER 15 | Con 16 | 17 | CONSTRAINTS 18 | tagLen in {96, 104, 112, 120, 128}; 19 | length[src] >= offset + len; 20 | offset >= 0; 21 | len > 0; 22 | 23 | REQUIRES 24 | randomized[src]; 25 | 26 | ENSURES 27 | preparedGCM[this]; 28 | 29 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/HMACParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.xml.crypto.dsig.spec.HMACParameterSpec 2 | 3 | OBJECTS 4 | int outputLen; 5 | 6 | EVENTS 7 | c1: HMACParameterSpec(outputLen); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | ENSURES 14 | preparedHMAC[this]; 15 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/IvParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.IvParameterSpec 2 | 3 | OBJECTS 4 | byte[] iv; 5 | int offset; 6 | int len; 7 | 8 | EVENTS 9 | c1: IvParameterSpec(iv); 10 | c2: IvParameterSpec(iv, offset, len); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | length[iv] >= offset + len; 18 | offset >= 0; 19 | len > 0; 20 | 21 | REQUIRES 22 | randomized[iv]; 23 | 24 | ENSURES 25 | preparedIV[this]; 26 | 27 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/Key.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.Key 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | ORDER 11 | GetEnc* 12 | 13 | REQUIRES 14 | generatedKey[this, _] || generatedPubkey[this] || generatedPrivkey[this]; 15 | 16 | ENSURES 17 | preparedKeyMaterial[keyMaterial] after GetEnc; 18 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyAgreement.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.KeyAgreement 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.lang.String symmetricKeyAlgorithm; 6 | java.security.Key pubKey; 7 | java.security.Key privKey; 8 | javax.crypto.SecretKey sharedKey; 9 | boolean lastPhase; 10 | byte[] sharedSecretBuffer; 11 | int offset; 12 | java.security.spec.AlgorithmParameterSpec params; 13 | java.security.SecureRandom random; 14 | 15 | EVENTS 16 | g1: getInstance(algorithm); 17 | g2: getInstance(algorithm, _); 18 | Get := g1 | g2; 19 | 20 | i1: init(privKey); 21 | i2: init(privKey, params); 22 | i3: init(privKey, params, random); 23 | i4: init(privKey, random); 24 | Init := i1 | i2 | i3 | i4; 25 | 26 | dp1: doPhase(pubKey, lastPhase); 27 | DoPhase := dp1; 28 | 29 | gs1: sharedSecretBuffer = generateSecret(); 30 | gs2: generateSecret(sharedSecretBuffer, offset); 31 | GenSecretBuffer := gs1 | g2; 32 | 33 | gs3: sharedKey = generateSecret(symmetricKeyAlgorithm); 34 | GenSecret := gs3; 35 | 36 | ORDER 37 | Get, Init, DoPhase, (GenSecret | GenSecretBuffer) 38 | 39 | CONSTRAINTS 40 | algorithm in {"DH", "DiffieHellman", "NH" ,"ECDH", "ECDHC"}; 41 | symmetricKeyAlgorithm in {"AES", "HmacSHA256", "HmacSHA384", "HmacSHA512", 42 | "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512"}; 43 | 44 | REQUIRES 45 | randomized[random]; 46 | generatedPrivkey[privKey]; 47 | generatedPubkey[pubKey]; 48 | algorithm in {"DiffieHellman", "DH"} => preparedDH[params]; 49 | algorithm in {"ECDH", "ECDHC"} => preparedEC[params]; 50 | 51 | ENSURES 52 | generatedKey[sharedKey, symmetricKeyAlgorithm] after GenSecret; 53 | preparedKeyMaterial[sharedSecretBuffer] after GenSecretBuffer; 54 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyFactory 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.spec.KeySpec keySpec; 6 | java.security.PrivateKey privateKey; 7 | java.security.PublicKey publicKey; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | gpr1: privateKey = generatePrivate(keySpec); 15 | GenPriv := gpr1; 16 | 17 | gpu1: publicKey = generatePublic(keySpec); 18 | GenPubl := gpu1; 19 | 20 | ORDER 21 | Get, (GenPriv | GenPubl)* 22 | 23 | CONSTRAINTS 24 | algorithm in {"DiffieHellman", "DH", "DSA", "EC", "ECDH", "ECDHC", "ECDSA", "RSA", "ElGamal", 25 | "X.509", "McElieceKobaraImai", "McEliecePointcheval", "McElieceFujisaki", "McEliece", 26 | "McEliece-CCA2", "NH", "QTESLA", "Rainbow", "SPHINCS256", "XMSS", "XMSSMT"}; 27 | 28 | REQUIRES 29 | speccedKey[keySpec, _]; 30 | 31 | ENSURES 32 | generatedKeyFactory[this, algorithm] after Get; 33 | generatedPrivkey[privateKey] after GenPriv; 34 | generatedPubkey[publicKey] after GenPubl; 35 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.KeyGenerator 2 | 3 | OBJECTS 4 | int keysize; 5 | java.security.spec.AlgorithmParameterSpec params; 6 | javax.crypto.SecretKey key; 7 | java.lang.String algorithm; 8 | java.security.SecureRandom random; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(keysize); 16 | i2: init(keysize, random); 17 | i3: init(params); 18 | i4: init(params, random); 19 | i5: init(random); 20 | Init := i1 | i2 | i3 | i4 | i5; 21 | 22 | gk1: key = generateKey(); 23 | GenKey := gk1; 24 | 25 | ORDER 26 | Get, Init?, GenKey 27 | 28 | CONSTRAINTS 29 | algorithm in {"AES", "HmacSHA256", "HmacSHA384", "HmacSHA512", "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512", 30 | "Poly1305-AES", "Poly1305-Camellia", "Camellia", "ChaCha", 31 | "ChaCha7539", "Poly1305", "Rijndael", "Salsa20", "Serpent", "Tnepres", "Poly1305-Serpent", "SHACAL-2", "Shacal2", 32 | "Twofish", "Poly1305-Twofish", "XSalsa20"}; 33 | algorithm in {"AES", "Poly1305-Camellia", "Camellia", "ChaCha", "Salsa20", "SHACAL-2", "Shacal2", 34 | "Rijndael", "Serpent", "Tnepres", "ChaCha7539", "Poly1305", "Poly1305-Serpent", 35 | "Twofish", "Poly1305-Twofish", "XSalsa20"} => keysize in {128, 192, 256}; 36 | 37 | REQUIRES 38 | randomized[random]; 39 | 40 | ENSURES 41 | generatedKey[key, algorithm]; 42 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyManagerFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.KeyManagerFactory 2 | 3 | OBJECTS 4 | char[] password; 5 | java.lang.String algorithm; 6 | java.security.KeyStore keyStore; 7 | javax.net.ssl.ManagerFactoryParameters params; 8 | javax.net.ssl.KeyManager[] keyManager; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(keyStore, password); 16 | i2: init(params); 17 | Init := i1 | i2; 18 | 19 | gkm1: keyManager = getKeyManagers(); 20 | GetKeyMng := gkm1; 21 | 22 | ORDER 23 | Get, Init, GetKeyMng? 24 | 25 | CONSTRAINTS 26 | neverTypeOf[password, java.lang.String]; 27 | notHardCoded[password]; 28 | algorithm in {"PKIX", "X509", "X.509"}; 29 | 30 | REQUIRES 31 | generatedKeyStore[keyStore]; 32 | generatedManagerFactoryParameters[params]; 33 | 34 | ENSURES 35 | generatedKeyManager[this] after Init; 36 | generatedKeyManagers[keyManager] after GetKeyMng; 37 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyPair.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyPair 2 | 3 | OBJECTS 4 | java.security.PrivateKey privateKey; 5 | java.security.PublicKey publicKey; 6 | java.security.PrivateKey retPrivateKey; 7 | java.security.PublicKey retPublicKey; 8 | 9 | EVENTS 10 | c1: KeyPair(publicKey, privateKey); 11 | Con := c1; 12 | 13 | gpu1: retPublicKey = getPublic(); 14 | GetPubl := gpu1; 15 | 16 | gpr1: retPrivateKey = getPrivate(); 17 | GetPriv := gpr1; 18 | 19 | ORDER 20 | Con, (GetPubl | GetPriv)* 21 | 22 | REQUIRES 23 | generatedPrivkey[privateKey]; 24 | generatedPubkey[publicKey]; 25 | noCallTo[Con] => generatedKeypair[this, _]; 26 | 27 | ENSURES 28 | generatedKeypair[this, _] after Con; 29 | generatedPubkey[retPublicKey] after GetPubl; 30 | generatedPrivkey[retPrivateKey] after GetPriv; 31 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyPairGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyPairGenerator 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.KeyPair keyPair; 6 | java.security.spec.AlgorithmParameterSpec params; 7 | int keysize; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | i1: initialize(keysize); 15 | i2: initialize(keysize, _); 16 | i3: initialize(params); 17 | i4: initialize(params, _); 18 | Init := i1 | i2 | i3 | i4; 19 | 20 | k1: keyPair = generateKeyPair(); 21 | k2: keyPair = genKeyPair(); 22 | Gen := k1 | k2; 23 | 24 | ORDER 25 | Get, Init, Gen 26 | 27 | CONSTRAINTS 28 | algorithm in {"RSA", "DSA", "DiffieHellman", "DH", "EC", "ECDSA", "ECDH", "ECDHWITHSHA1KDF", "ECDHC", 29 | "ECIES", "ElGamal", "McElieceKobaraImai", "McEliecePointcheval", "McElieceFujisaki", 30 | "McEliece", "McEliece-CCA2", "NH", "QTESLA", "Rainbow", "SPHINCS256", "XMSS", "XMSSMT"}; 31 | 32 | algorithm in {"RSA"} => keysize in {4096, 3072}; //BSI TR-02102-1 Recommends atleast 3000bits for keys 33 | algorithm in {"DSA"} => keysize in {3072}; 34 | algorithm in {"DiffieHellman", "DH"} => keysize in {3072}; 35 | algorithm in {"EC", "ECDSA", "ECDH", "ECDHWITHSHA1KDF", "ECDHC", "ECIES"} => keysize in {256}; 36 | 37 | REQUIRES 38 | algorithm in {"RSA"} => preparedRSA[params]; 39 | algorithm in {"DSA"} => preparedDSA[params]; 40 | algorithm in {"DiffieHellman", "DH"} => preparedDH[params]; 41 | algorithm in {"EC"} => preparedEC[params]; 42 | 43 | ENSURES 44 | generatedKeypair[keyPair, algorithm]; 45 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyStore.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyStore 2 | 3 | OBJECTS 4 | java.io.InputStream fileInput; 5 | 6 | char[] passwordIn; 7 | char[] passwordOut; 8 | char[] passwordKey; 9 | 10 | java.security.KeyStore.Entry entry; 11 | byte[] byteKey; 12 | 13 | java.security.KeyStore.LoadStoreParameter paramLoad; 14 | java.security.KeyStore.ProtectionParameter protParamGet; 15 | java.security.KeyStore.ProtectionParameter protParamSet; 16 | java.lang.String aliasGet; 17 | java.lang.String aliasSet; 18 | java.io.OutputStream fileOutput; 19 | java.security.KeyStore.LoadStoreParameter paramStore; 20 | java.lang.String type; 21 | java.security.cert.Certificate cert; 22 | 23 | java.security.Key key; 24 | java.lang.String alias; 25 | 26 | EVENTS 27 | g1: getInstance(type); 28 | g2: getInstance(type, _); 29 | Get := g1 | g2; 30 | 31 | l1: load(fileInput, passwordIn); 32 | l2: load(paramLoad); 33 | Load := l1 | l2; 34 | 35 | s1: store(paramStore); 36 | s2: store(fileOutput, passwordOut); 37 | Store := s1 | s2; 38 | 39 | ge1: getEntry(aliasGet, protParamGet); 40 | GetEntry := ge1; 41 | 42 | se1: setEntry(aliasSet, entry, protParamSet); 43 | SetEntry := se1; 44 | 45 | gk1: key = getKey(alias, passwordKey); 46 | GetKey := gk1; 47 | 48 | ORDER 49 | Get, Load, ((GetEntry?, GetKey) | (SetEntry, Store))* 50 | 51 | CONSTRAINTS 52 | type in {"BCFKS", "BCFKS-DEF", "IBCFKS", "IBCFKS-DEF"}; 53 | neverTypeOf[passwordIn, java.lang.String]; 54 | neverTypeOf[passwordOut, java.lang.String]; 55 | neverTypeOf[passwordKey, java.lang.String]; 56 | notHardCoded[passwordIn]; 57 | 58 | ENSURES 59 | generatedKeyStore[this] after Load; 60 | generatedKey[key, _]; 61 | generatedPrivkey[key]; 62 | generatedPubkey[key]; 63 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/KeyStoreBuilderParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.KeyStoreBuilderParameters 2 | 3 | OBJECTS 4 | java.security.KeyStore.Builder builder; 5 | 6 | EVENTS 7 | c1: KeyStoreBuilderParameters(builder); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | ENSURES 14 | generatedManagerFactoryParameters[this]; 15 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/MGF1ParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.MGF1ParameterSpec 2 | 3 | OBJECTS 4 | java.lang.String mdName; 5 | 6 | EVENTS 7 | c1: MGF1ParameterSpec(mdName); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | CONSTRAINTS 14 | mdName in {"SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512"}; 15 | 16 | ENSURES 17 | preparedMGF1[this, mdName]; 18 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/Mac.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.Mac 2 | 3 | OBJECTS 4 | javax.crypto.Mac mac; 5 | java.security.Key key; 6 | byte inputByte; 7 | byte[] preInput; 8 | byte[] input; 9 | byte[] output1; 10 | byte[] output2; 11 | java.nio.ByteBuffer preInputByteBuffer; 12 | java.lang.String algorithm; 13 | java.security.spec.AlgorithmParameterSpec params; 14 | int offset; 15 | int outOffset; 16 | int len; 17 | 18 | EVENTS 19 | g1: getInstance(algorithm); 20 | g2: getInstance(algorithm, _); 21 | Get := g1 | g2; 22 | 23 | i1: init(key); 24 | i2: init(key, params); 25 | Init := i1 | i2; 26 | 27 | u1: update(inputByte); 28 | u2: update(preInput); 29 | u3: update(preInput, offset, len); 30 | u4: update(preInputByteBuffer); 31 | Update := u1 | u2 | u3 | u4; 32 | 33 | f1: output1 = doFinal(); 34 | f2: output2 = doFinal(input); 35 | f3: doFinal(output1, outOffset); 36 | FinalWU := f2; 37 | FinalWOU := f1 | f3; 38 | Final := FinalWU | FinalWOU; 39 | 40 | ORDER 41 | Get, Init, (FinalWU | (Update+, Final))+ 42 | 43 | CONSTRAINTS 44 | algorithm in {"AESCMAC", "AESCCMMAC", "HmacSHA256", "HmacSHA384", "HmacSHA512", 45 | "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512", 46 | "PBEWithHmacSHA256", "PBEWithHmacSHA384", "PBEWithHmacSHA512", "Poly1305", "Shacal-2CMAC"}; 47 | length[output1] > outOffset; 48 | length[preInput] >= offset + len; 49 | offset >= 0; 50 | len > 0; 51 | 52 | REQUIRES 53 | !encrypted[output1, _]; 54 | !encrypted[output2,_]; 55 | preparedHMAC[params]; 56 | generatedKey[key,_]; 57 | 58 | ENSURES 59 | macced[output1, inputByte]; 60 | macced[output1, preInput]; 61 | macced[output2, input]; 62 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/MessageDigest.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.MessageDigest 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | byte preInputByte; 6 | byte[] preInput; 7 | int preOffset; 8 | int preLen; 9 | java.nio.ByteBuffer preInputByteBuffer; 10 | byte[] input; 11 | int offset; 12 | int len; 13 | byte[] output; 14 | 15 | EVENTS 16 | g1: getInstance(algorithm); 17 | g2: getInstance(algorithm, _); 18 | Get := g1 | g2; 19 | 20 | u1: update(preInputByte); 21 | u2: update(preInput); 22 | u3: update(preInput, preOffset, preLen); 23 | u4: update(preInputByteBuffer); 24 | Update := u1 | u2 | u3 | u4; 25 | 26 | d1: output = digest(); 27 | d2: output = digest(input); 28 | d3: digest(output, offset, len); 29 | DWOU := d2; 30 | DWU := d1 | d3; 31 | Digest := DWU | DWOU; 32 | 33 | ORDER 34 | Get, (DWOU | (Update+, Digest))+ 35 | 36 | CONSTRAINTS 37 | algorithm in {"SHA-256", "SHA-384", "SHA-512", "SHA-512/256", "SHA3-256", "SHA3-384", "SHA3-512", 38 | "BLAKE2B-256", "BLAKE2B-384", "BLAKE2B-512", "BLAKE2S-256", 39 | "KECCAK-256", "KECCAK-384", "KECCAK-512", 40 | "WHIRLPOOL"}; 41 | length[preInput] >= preLen + preOffset; 42 | preOffset >= 0; 43 | preLen > 0; 44 | length[output] >= len + offset; 45 | offset >= 0; 46 | len > 0; 47 | 48 | ENSURES 49 | generatedMessageDigest[this] after Get; 50 | digested[output, _]; 51 | digested[output, input]; 52 | 53 | 54 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/OAEPParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.OAEPParameterSpec 2 | 3 | OBJECTS 4 | java.lang.String mdName; 5 | java.lang.String mgfName; 6 | java.security.spec.AlgorithmParameterSpec mgfSpec; 7 | javax.crypto.spec.PSource pSrc; 8 | 9 | EVENTS 10 | c1: OAEPParameterSpec(mdName, mgfName, mgfSpec, pSrc); 11 | Con := c1; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | mdName in {"SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512"}; 18 | mgfName in {"MGF1"}; 19 | 20 | REQUIRES 21 | preparedMGF1[mgfSpec, mdName]; 22 | 23 | ENSURES 24 | preparedOAEP[this]; 25 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PBEKeySpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.PBEKeySpec 2 | 3 | OBJECTS 4 | char[] password; 5 | byte[] salt; 6 | int iterationCount; 7 | int keyLength; 8 | 9 | FORBIDDEN 10 | PBEKeySpec(char[]) => Con; 11 | PBEKeySpec(char[],byte[],int) => Con; 12 | 13 | EVENTS 14 | c1: PBEKeySpec(password, salt, iterationCount, keyLength); 15 | Con := c1; 16 | 17 | cp1: clearPassword(); 18 | ClearPass := cp1; 19 | 20 | ORDER 21 | Con, ClearPass 22 | 23 | CONSTRAINTS 24 | iterationCount >= 10000; 25 | neverTypeOf[password, java.lang.String]; 26 | notHardCoded[password] ; 27 | 28 | REQUIRES 29 | randomized[salt]; 30 | 31 | ENSURES 32 | speccedKey[this, keyLength] after Con; 33 | 34 | NEGATES 35 | speccedKey[this, _] after ClearPass; 36 | 37 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PBEParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.PBEParameterSpec 2 | 3 | OBJECTS 4 | byte[] salt; 5 | int iterationCount; 6 | java.security.spec.AlgorithmParameterSpec params; 7 | 8 | EVENTS 9 | c1: PBEParameterSpec(salt, iterationCount); 10 | c2: PBEParameterSpec(salt, iterationCount, params); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | iterationCount >= 10000; 18 | 19 | REQUIRES 20 | randomized[salt]; 21 | 22 | ENSURES 23 | preparedPBE[this]; 24 | 25 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PKIXBuilderParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.PKIXBuilderParameters 2 | 3 | OBJECTS 4 | java.security.KeyStore keystore; 5 | java.security.cert.CertSelector targetConstraints; 6 | java.util.Set trustAnchors; 7 | 8 | EVENTS 9 | c1: PKIXBuilderParameters(keystore, targetConstraints); 10 | c2: PKIXBuilderParameters(trustAnchors, targetConstraints); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | REQUIRES 17 | generatedKeyStore[keystore]; 18 | 19 | ENSURES 20 | generatedCertPathParameters[this]; 21 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PKIXParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.PKIXParameters 2 | 3 | OBJECTS 4 | java.security.KeyStore keyStore; 5 | 6 | EVENTS 7 | c1: PKIXParameters(keyStore); 8 | c2: PKIXParameters(_); 9 | Con := c1 | c2; 10 | 11 | ORDER 12 | Con 13 | 14 | REQUIRES 15 | generatedKeyStore[keyStore]; 16 | 17 | ENSURES 18 | generatedCertPathParameters[this]; 19 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PasswordAuthentication.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.net.PasswordAuthentication 2 | 3 | OBJECTS 4 | java.lang.String userName; 5 | java.lang.String retUserName; 6 | char[] password; 7 | 8 | EVENTS 9 | c1: PasswordAuthentication(userName, password); 10 | Con := c1; 11 | 12 | gp1: getPassword(); 13 | GetPassword := gp1; 14 | 15 | gu1: retUserName = getUserName(); 16 | GetUserName := gu1; 17 | 18 | ORDER 19 | Con, (GetPassword | GetUserName)* 20 | 21 | CONSTRAINTS 22 | neverTypeOf[password, java.lang.String]; 23 | notHardCoded[password]; 24 | 25 | ENSURES 26 | generatedPasswordAuthentication[this]; 27 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PrivateKey.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.PrivateKey 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | ORDER 11 | GetEnc* 12 | 13 | REQUIRES 14 | generatedPrivkey[this]; 15 | 16 | ENSURES 17 | preparedKeyMaterial[keyMaterial] after GetEnc; 18 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/PublicKey.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.PublicKey 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | ORDER 11 | GetEnc* 12 | 13 | REQUIRES 14 | generatedPubkey[this]; 15 | 16 | ENSURES 17 | preparedKeyMaterial[keyMaterial] after GetEnc; 18 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/RSAKeyGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.RSAKeyGenParameterSpec 2 | 3 | OBJECTS 4 | int keysize; 5 | java.math.BigInteger publicExponent; 6 | 7 | EVENTS 8 | c1: RSAKeyGenParameterSpec(keysize, publicExponent); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | CONSTRAINTS 15 | keysize in {4096}; //BSI TR-02102-1 Recommends atleast 3000bits for keys 16 | publicExponent in {65537}; 17 | 18 | ENSURES 19 | preparedRSA[this]; 20 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SSLContext.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.SSLContext 2 | 3 | OBJECTS 4 | java.lang.String protocol; 5 | javax.net.ssl.KeyManager[] km; 6 | javax.net.ssl.TrustManager[] tm; 7 | javax.net.ssl.SSLEngine eng; 8 | java.security.SecureRandom random; 9 | 10 | FORBIDDEN 11 | getDefault() => Get; 12 | 13 | EVENTS 14 | g1: getInstance(protocol); 15 | g2: getInstance(protocol, _); 16 | Get := g1 | g2; 17 | 18 | i1: init(km, tm, random); 19 | Init := i1; 20 | 21 | se1: eng = createSSLEngine(); 22 | se2: eng = createSSLEngine(_,_); 23 | Engine := se1 | se2; 24 | 25 | ORDER 26 | Get, Init, Engine? 27 | 28 | CONSTRAINTS 29 | protocol in {"TLSv1.2"}; 30 | 31 | REQUIRES 32 | generatedKeyManagers[km]; 33 | generatedTrustManagers[tm]; 34 | randomized[random]; 35 | 36 | ENSURES 37 | generatedSSLContext[this] after Init; 38 | generatedSSLEngine[eng] after Engine; 39 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SSLEngine.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.SSLEngine 2 | 3 | OBJECTS 4 | java.lang.String[] cipherSuites; 5 | java.lang.String[] protocols; 6 | 7 | EVENTS 8 | ec1: setEnabledCipherSuites(cipherSuites); 9 | EnableCipher := ec1; 10 | 11 | ep1: setEnabledProtocols(protocols); 12 | EnableProtocol := ep1; 13 | 14 | ORDER 15 | (EnableCipher, EnableProtocol) | (EnableProtocol, EnableCipher) 16 | 17 | CONSTRAINTS 18 | elements(protocols) in {"TLSv1.2"}; 19 | elements(cipherSuites) in {"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 20 | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 21 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 22 | "TLS_RSA_WITH_AES_256_GCM_SHA384", 23 | "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 24 | "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 25 | "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 26 | "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 27 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 28 | "TLS_RSA_WITH_AES_128_GCM_SHA256", 29 | "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 30 | "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 31 | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 32 | "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}; 33 | 34 | ENSURES 35 | generatedSSLEngine[this]; 36 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SSLParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.SSLParameters 2 | 3 | OBJECTS 4 | java.lang.String[] cipherSuites; 5 | java.lang.String[] protocols; 6 | 7 | EVENTS 8 | Con1: SSLParameters(); 9 | Con2: SSLParameters(cipherSuites); 10 | Con3: SSLParameters(cipherSuites, protocols); 11 | 12 | CipherSuite: setCipherSuites(cipherSuites); 13 | SetProtocol: setProtocols(protocols); 14 | 15 | 16 | ORDER 17 | (Con1, ((CipherSuite , SetProtocol) | (SetProtocol , CipherSuite))) | (Con2, SetProtocol) | Con3 18 | 19 | CONSTRAINTS 20 | elements(protocols) in {"TLSv1.2"}; 21 | elements(cipherSuites) in {"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 22 | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 23 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 24 | "TLS_RSA_WITH_AES_256_GCM_SHA384", 25 | "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 26 | "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 27 | "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 28 | "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 29 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 30 | "TLS_RSA_WITH_AES_128_GCM_SHA256", 31 | "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 32 | "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 33 | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 34 | "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}; 35 | 36 | ENSURES 37 | generatedSSLParameters[this]; 38 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SecretKey.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.SecretKey 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | d1: destroy(); 11 | Destroy := d1; 12 | 13 | ORDER 14 | GetEnc*, Destroy? 15 | 16 | REQUIRES 17 | generatedKey[this, _]; 18 | 19 | ENSURES 20 | preparedKeyMaterial[keyMaterial] after GetEnc; 21 | 22 | NEGATES 23 | generatedKey[this, _] after Destroy; 24 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SecretKeyFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.SecretKeyFactory 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | javax.crypto.SecretKey key; 6 | javax.crypto.SecretKey otherKey; 7 | java.security.spec.KeySpec keySpec; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | gS: key = generateSecret(keySpec); 15 | tK: key = translateKey(otherKey); 16 | Gen := gS | tK; 17 | 18 | ORDER 19 | Get, Gen 20 | 21 | CONSTRAINTS 22 | algorithm in {"AES", "PBKDF2", "PBKDF2WithHmacSHA256", "PBKDF2WithHmacSHA384", "PBKDF2WithHmacSHA512", 23 | "PBKDF2WITHHMACSHA3-256", "PBKDF2WITHHMACSHA3-384", "PBKDF2WITHHMACSHA3-512", "Camellia"}; 24 | 25 | REQUIRES 26 | speccedKey[keySpec, _]; 27 | 28 | ENSURES 29 | generatedKey[key, algorithm]; 30 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SecretKeySpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.SecretKeySpec 2 | 3 | OBJECTS 4 | java.lang.String keyAlgorithm; 5 | byte[] keyMaterial; 6 | int len; 7 | int offset; 8 | 9 | EVENTS 10 | c1: SecretKeySpec(keyMaterial, keyAlgorithm); 11 | c2: SecretKeySpec(keyMaterial, offset, len, keyAlgorithm); 12 | Con := c1 | c2; 13 | 14 | ORDER 15 | Con 16 | 17 | CONSTRAINTS 18 | keyAlgorithm in {"AES", "HmacSHA256", "HmacSHA384", "HmacSHA512", 19 | "HMACSHA3-224", "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512", "HmacSHA3-1024"}; 20 | length[keyMaterial] >= offset + len; 21 | neverTypeOf[keyMaterial, java.lang.String]; 22 | 23 | REQUIRES 24 | preparedKeyMaterial[keyMaterial]; 25 | 26 | ENSURES 27 | speccedKey[this, _]; 28 | generatedKey[this, keyAlgorithm]; 29 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/SecureRandom.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.SecureRandom 2 | 3 | OBJECTS 4 | byte[] seed; 5 | byte[] genSeed; 6 | java.lang.String algorithm; 7 | long lSeed; 8 | byte[] bytes; 9 | int randInt; 10 | int randIntInRange; 11 | int range; 12 | 13 | EVENTS 14 | c1: SecureRandom(); 15 | c2: SecureRandom(seed); 16 | Con := c1 | c2; 17 | 18 | g1: getInstance(algorithm); 19 | g2: getInstance(algorithm, _); 20 | gI: getInstanceStrong(); 21 | Get := g1 | g2 | gI; 22 | 23 | Ins := Get | Con; 24 | 25 | s1: setSeed(seed); 26 | s2: setSeed(lSeed); 27 | Seed := s1 | s2; 28 | 29 | gS: genSeed = generateSeed(_); 30 | 31 | nB: nextBytes(bytes); 32 | nI: randInt = nextInt(); 33 | nIR: randIntInRange = nextInt(range); 34 | Next := nB | nI | nIR; 35 | 36 | End := gS | Next; 37 | 38 | ORDER 39 | Ins, (Seed?, End*)* 40 | 41 | CONSTRAINTS 42 | algorithm in {"DEFAULT", "NONCEANDIV"}; 43 | 44 | REQUIRES 45 | randomized[seed]; 46 | randomized[lSeed]; 47 | 48 | ENSURES 49 | randomized[this] after Ins; 50 | randomized[genSeed] after gS; 51 | randomized[bytes] after nB; 52 | randomized[randInt] after nI; 53 | randomized[randIntInRange] after nIR; 54 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/Signature.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.Signature 2 | 3 | OBJECTS 4 | byte[] sign; 5 | byte inputByte; 6 | byte[] input; 7 | byte[] output; 8 | java.nio.ByteBuffer inputByteBuffer; 9 | java.lang.String algorithm; 10 | java.security.PrivateKey privateKey; 11 | java.security.PublicKey publicKey; 12 | java.security.cert.Certificate cert; 13 | java.security.spec.AlgorithmParameterSpec params; 14 | boolean verified; 15 | int offset; 16 | int len; 17 | 18 | EVENTS 19 | g1: getInstance(algorithm); 20 | g2: getInstance(algorithm, _); 21 | Get := g1 | g2; 22 | 23 | i1: initSign(privateKey); 24 | i2: initSign(privateKey, _); 25 | i3: initVerify(cert); 26 | i4: initVerify(publicKey); 27 | InitSign := i1 | i2; 28 | InitVerify := i3 | i4; 29 | 30 | u1: update(input); 31 | u2: update(inputByte); 32 | u3: update(input, offset, len); 33 | u4: update(inputByteBuffer); 34 | Update := u1 | u2 | u3 | u4; 35 | 36 | s1: output = sign(); 37 | s2: sign(output, offset, len); 38 | Sign := s1 | s2; 39 | 40 | v1: verified = verify(sign); 41 | v2: verified = verify(sign, offset, len); 42 | Verify := v1 | v2; 43 | 44 | ORDER 45 | Get, ((InitSign+, (Update+, Sign+)+ )+ | (InitVerify+, (Update*, Verify+)+ )+ ) 46 | 47 | CONSTRAINTS 48 | algorithm in {"ECDDSA", "SHA256WITHECDDSA", "SHA384WITHECDDSA", "SHA512WITHECDDSA", "SHA3-256WITHECDDSA", "SHA3-384WITHECDDSA", 49 | "SHA3-512WITHECDDSA", "SHA256WITHECNR", "SHA384WITHECNR", "SHA512WITHECNR", "SHA256withECDSA", "SHA256withDSA", 50 | "SHA384withRSA", "SHA512withRSA", "SHA256withRSA", "SHA384withDSA", "SHA512withDSA", 51 | "QTESLA"}; 52 | length[input] >= offset + len; 53 | offset >= 0; 54 | len > 0; 55 | 56 | REQUIRES 57 | generatedPrivkey[privateKey]; 58 | generatedPubkey[publicKey]; 59 | 60 | ENSURES 61 | signed[output, inputByte] after Sign; 62 | signed[output, input] after Sign; 63 | signed[output, inputByteBuffer] after Sign; 64 | verified[verified, sign] after Verify; 65 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/TrustAnchor.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.TrustAnchor 2 | 3 | OBJECTS 4 | java.security.PublicKey publicKey; 5 | java.security.cert.X509Certificate trustedCert; 6 | javax.security.auth.x500.X500Principal caPrincipal; 7 | 8 | EVENTS 9 | c1: TrustAnchor(_, publicKey, _); 10 | c2: TrustAnchor(trustedCert, _); 11 | c3: TrustAnchor(caPrincipal, publicKey, _); 12 | Con := c1 | c2 | c3; 13 | 14 | ORDER 15 | Con 16 | 17 | REQUIRES 18 | generatedPubkey[publicKey]; 19 | 20 | ENSURES 21 | generatedTrustAnchor[this]; 22 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/TrustManagerFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.TrustManagerFactory 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.KeyStore keyStore; 6 | javax.net.ssl.ManagerFactoryParameters params; 7 | javax.net.ssl.TrustManager[] trustManager; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | i1: init(keyStore); 15 | i2: init(params); 16 | Init := i1 | i2; 17 | 18 | gtm1: trustManager = getTrustManagers(); 19 | GetTrustMng := gtm1; 20 | 21 | ORDER 22 | Get, Init, GetTrustMng? 23 | 24 | CONSTRAINTS 25 | algorithm in {"PKIX", "X509", "X.509"}; 26 | 27 | REQUIRES 28 | generatedKeyStore[keyStore]; 29 | generatedManagerFactoryParameters[params]; 30 | 31 | ENSURES 32 | generatedTrustManager[this] after Init; 33 | generatedTrustManagers[trustManager] after GetTrustMng; 34 | -------------------------------------------------------------------------------- /BouncyCastle-JCA/src/X509EncodedKeySpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.X509EncodedKeySpec 2 | 3 | OBJECTS 4 | byte[] encodedKey; 5 | 6 | EVENTS 7 | c1: X509EncodedKeySpec(encodedKey); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | REQUIRES 14 | preparedKeyMaterial[encodedKey]; 15 | 16 | ENSURES 17 | speccedKey[this, _] after Con; 18 | -------------------------------------------------------------------------------- /BouncyCastle/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | .settings/ 3 | .classpath 4 | .project 5 | .DS_Store 6 | -------------------------------------------------------------------------------- /BouncyCastle/README.md: -------------------------------------------------------------------------------- 1 | # CrySL Rules for BouncyCastle 2 | 3 | This project contains rules for BouncyCastle's lightweight API. The rules are specified according to "BSI TR-02102-1" Version 2019-01. 4 | 5 | ## TODOs 6 | 7 | - Rule set only covers symmetric encryption (AES with CBC, AES with GCM). -------------------------------------------------------------------------------- /BouncyCastle/assembly/rules.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | ruleset 9 | 10 | zip 11 | 12 | ${artifactId} 13 | 14 | 15 | / 16 | src 17 | 18 | *.crysl 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /BouncyCastle/pom.xml: -------------------------------------------------------------------------------- 1 | 4 | 4.0.0 5 | de.fraunhofer.iem 6 | BouncyCastle 7 | 3.1.4 8 | CrySL Rules Bundle 9 | 10 | 11 | 12 | Eclipse Public License - v2.0 13 | https://www.eclipse.org/legal/epl-2.0/ 14 | 15 | 16 | 17 | 18 | CogniCrypt 19 | CogniCrypt 20 | cognicrypt@eim.upb.de 21 | 22 | 23 | 24 | scm:git:git@github.com:CROSSINGTUD/Crypto-API-Rules.git 25 | scm:git:ssh://github.com:CROSSINGTUD/Crypto-API-Rules.git 26 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/BouncyCastle 27 | 28 | 29 | BouncyCastle CrySL ruleset 30 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/BouncyCastle 31 | 32 | 33 | 34 | deployment 35 | 36 | 37 | 38 | org.apache.maven.plugins 39 | maven-source-plugin 40 | 3.3.1 41 | 42 | 43 | attach-source 44 | 45 | jar 46 | 47 | 48 | 49 | 50 | 51 | org.apache.maven.plugins 52 | maven-gpg-plugin 53 | 3.2.7 54 | 55 | 56 | sign-artifacts 57 | verify 58 | 59 | sign 60 | 61 | 62 | 63 | --pinentry-mode 64 | loopback 65 | 66 | 67 | 68 | 69 | 70 | 71 | maven-release-plugin 72 | 3.1.1 73 | 74 | @{project.version} 75 | 76 | 77 | 78 | org.sonatype.plugins 79 | nexus-staging-maven-plugin 80 | 1.7.0 81 | true 82 | 83 | ossrh 84 | https://s01.oss.sonatype.org 85 | true 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | src 95 | 96 | 97 | org.apache.maven.plugins 98 | maven-assembly-plugin 99 | 100 | 101 | create-distribution 102 | package 103 | 104 | single 105 | 106 | 107 | 108 | assembly/rules.xml 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | org.bouncycastle 121 | bcprov-jdk18on 122 | 1.80 123 | 124 | 125 | 126 | 127 | 128 | ossrh 129 | https://s01.oss.sonatype.org/content/repositories/snapshots/ 130 | 131 | 132 | ossrh 133 | https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ 134 | 135 | 136 | -------------------------------------------------------------------------------- /BouncyCastle/predicates/ensuresPreds: -------------------------------------------------------------------------------- 1 | RULE ENSURES 2 | 3 | AEADParameters -> generatedAEADParameters[this]; 4 | 5 | AESEngine -> generatedAESEngine[this]; 6 | 7 | AsymmetricCipherKeyPair -> generatedRSAKeyPair[this] after co; 8 | 9 | BufferedBlockCipher -> encrypted[cipherText]; 10 | 11 | ECDomainParameters -> generatedECDomainParameters[this]; 12 | 13 | ECElGamalDecryptor -> generatedECElGamalDecrypt[plainText] after d1; 14 | 15 | ECElGamalEncryptor -> generatedECElGamalEncrypt[cipherText] after e1; 16 | 17 | ECFixedTransform -> generatedECFixedTransform[transformedCipherText] after t1; 18 | 19 | ECKeyGenerationParameters -> generatedECKeyGenerationParameters[this]; 20 | 21 | ECKeyPairGenerator -> generatedECKeyPair[this] after g; 22 | 23 | ECKeyParameters -> generatedECKeyParameters[this]; 24 | 25 | ECNewPublicKeyTransform -> generatedNewPublicKeyTransform[transformedCipherText] after t1; 26 | 27 | ECNewRandomnessTransform -> generatedECNewRandomnessTransform[transformedCipherText] after t1; 28 | 29 | ECPair -> generatedECPair[this]; 30 | 31 | ECPrivateKeyParameters -> generatedECPrivateKeyParameters[this]; 32 | 33 | ECPublicKeyParameters -> generatedECPublicKeyParameters[this]; 34 | 35 | GCMBlockCipher -> generatedGCMBlockCipherMode[this] after Cons; 36 | 37 | KeyParameter -> generatedKeyParameter[this]; 38 | 39 | PaddedBufferedBlockCipher -> encrypted[cipherText]; 40 | 41 | ParametersWithIV -> generatedParametersWithIV[this]; 42 | 43 | ParametersWithRandom -> generatedParametersWithRandom[this]; 44 | 45 | RSADigestSigner -> signed[out] after Signs; 46 | verified[sign] after Verify; 47 | 48 | RSAEngine -> generatedRSAEngine[this] after c; 49 | encrypted[cipherText] after p; 50 | 51 | RSAKeyGenerationParameters -> generatedRSAKeyGenerationParameters[this]; 52 | 53 | RSAKeyPairGenerator -> generatedRSAKeyPair[pair] after g; 54 | 55 | RSAKeyParameters -> generatedRSAKeyParameters[this]; 56 | 57 | RSAPrivateCrtKeyParameters -> generatedRSAPrivateCrtKeyParameters[this]; 58 | 59 | SecureRandom -> randomized[this] after Ins; 60 | randomized[genSeed]; 61 | randomized[next]; 62 | randomized[numB]; 63 | 64 | SHA256Digest -> generatedSHA256Digest[this] after Cons; 65 | digested[output]; -------------------------------------------------------------------------------- /BouncyCastle/predicates/requiresPreds: -------------------------------------------------------------------------------- 1 | RULE REQUIRES 2 | 3 | AEADParameters -> generatedKeyParameter[keyParam]; 4 | 5 | AESEngine -> none 6 | 7 | AsymmetricCipherKeyPair -> generatedRSAKeyParameters[pubParams]; 8 | generatedRSAPrivateCrtKeyParameters[privParams]; 9 | 10 | BufferedBlockCipher -> generatedGCMBlockCipher[engineOrMode]; 11 | generatedCipherParams[params]; 12 | 13 | ECDomainParameters -> randomized[seed]; 14 | 15 | ECElGamalDecryptor -> generatedECPair[pair]; 16 | generatedECPrivateKeyParameters[keyParams]; 17 | 18 | ECElGamalEncryptor -> generatedECPublicKeyParameters[params] || generatedParametersWithRandom[params]; 19 | 20 | ECFixedTransform -> generatedECPublicKeyParameters[keyParams]; 21 | generatedECPair[cipherText]; 22 | 23 | ECKeyGenerationParameters -> randomized[random]; 24 | generatedECDomainParameters[domainParams]; 25 | 26 | ECKeyPairGenerator -> generatedECKeyGenerationParameters[genParams]; 27 | 28 | ECKeyParameters -> generatedECDomainParameters[keyParams]; 29 | 30 | ECNewPublicKeyTransform -> generatedParametersWithRandom[keyParams] || generatedECPublicKeyParameters[keyParams]; 31 | generatedECPair[cipherText]; 32 | 33 | ECNewRandomnessTransform -> generatedParametersWithRandom[keyParams] || generatedECPublicKeyParameters[keyParams]; 34 | generatedECPair[cipherText]; 35 | 36 | ECPair -> none 37 | 38 | ECPrivateKeyParameters -> generatedECDomainParameters[params]; 39 | 40 | ECPublicKeyParameters -> generatedECDomainParameters[params]; 41 | 42 | GCMBlockCipher -> generatedAESEngine[engine]; 43 | generatedAEADParameters[params] || generatedParametersWithIV[params]; 44 | 45 | KeyParameter -> randomized[key]; 46 | 47 | PaddedBufferedBlockCipher -> generatedParametersWithIV[params]; 48 | generatedPKCS7Padding[padding]; 49 | 50 | ParametersWithIV -> randomized[iv]; 51 | generatedKeyParameter[params]; 52 | 53 | ParametersWithRandom -> randomized[random]; 54 | generatedRSAKeyParameters[params] || generatedRSAPrivateCrtKeyParameters[params] || generatedECPublicKeyParameters[params]; 55 | 56 | 57 | RSADigestSigner -> generatedSHA256Digest[digest]; 58 | generatedRSAKeyParameters[params] || generatedRSAPrivateCrtKeyParameters[params] || generatedECPublicKeyParameters[params]; 59 | 60 | RSAEngine -> generatedRSAKeyParameters[params] || generatedRSAPrivateCrtKeyParameters[params] || generatedECPublicKeyParameters[params]; 61 | 62 | RSAKeyGenerationParameters -> randomized[random]; 63 | 64 | RSAKeyPairGenerator -> generatedRSAKeyGenerationParameters[genParams]; 65 | 66 | RSAKeyParameters -> none 67 | 68 | RSAPrivateCrtKeyParameters -> randomized[p]; 69 | randomized[q]; 70 | 71 | SecureRandom -> randomized[seed]; 72 | 73 | SHA256Digest -> generatedSHA256Digest[digest]; -------------------------------------------------------------------------------- /BouncyCastle/src/AEADParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.AEADParameters 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.params.KeyParameter keyParam; 5 | int macSize; 6 | byte[] nonce; 7 | byte[] associatedText; 8 | 9 | EVENTS 10 | c1: AEADParameters(keyParam, macSize, nonce); 11 | c2: AEADParameters(keyParam, macSize, nonce, associatedText); 12 | Con := c1 | c2; 13 | 14 | ORDER 15 | Con 16 | 17 | REQUIRES 18 | generatedKeyParameter[keyParam]; 19 | 20 | ENSURES 21 | generatedAEADParameters[this]; 22 | -------------------------------------------------------------------------------- /BouncyCastle/src/AESEngine.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.engines.AESEngine 2 | 3 | FORBIDDEN 4 | AESEngine(); 5 | 6 | EVENTS 7 | c1: newInstance(); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | ENSURES 14 | generatedAESEngine[this]; 15 | 16 | -------------------------------------------------------------------------------- /BouncyCastle/src/AESFastEngine.crysl: -------------------------------------------------------------------------------- 1 | //The AESFastEngine class is deprecated and insecure. This crysl rule ensures that a AESFastEngine object is considered insecure. 2 | SPEC org.bouncycastle.crypto.engines.AESFastEngine 3 | 4 | FORBIDDEN 5 | AESFastEngine(); 6 | -------------------------------------------------------------------------------- /BouncyCastle/src/AESLightEngine.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.engines.AESLightEngine 2 | 3 | EVENTS 4 | c1: AESLightEngine(); 5 | Con := c1; 6 | 7 | ORDER 8 | Con 9 | 10 | ENSURES 11 | generatedAESLightEngine[this]; 12 | 13 | 14 | -------------------------------------------------------------------------------- /BouncyCastle/src/AsymmetricCipherKeyPair.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.AsymmetricCipherKeyPair 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.params.AsymmetricKeyParameter publicParams; 5 | org.bouncycastle.crypto.params.AsymmetricKeyParameter privateParams; 6 | 7 | EVENTS 8 | c1: AsymmetricCipherKeyPair(publicParams, privateParams); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | REQUIRES 15 | generatedRSAKeyParameters[publicParams]; 16 | generatedRSAPrivateCrtKeyParameters[privateParams]; 17 | 18 | ENSURES 19 | generatedRSAKeyPair[this] after Con; 20 | -------------------------------------------------------------------------------- /BouncyCastle/src/BufferedBlockCipher.crysl: -------------------------------------------------------------------------------- 1 | // Deprecated 2 | SPEC org.bouncycastle.crypto.BufferedBlockCipher 3 | 4 | FORBIDDEN 5 | BufferedBlockCipher(org.bouncycastle.crypto.BlockCipher); 6 | -------------------------------------------------------------------------------- /BouncyCastle/src/CCMBlockCipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.modes.CCMBlockCipher 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.BlockCipher engine; 5 | org.bouncycastle.crypto.CipherParameters params; 6 | 7 | byte aadByte; 8 | byte[] aadBytes; 9 | int aadOff; 10 | int aadLen; 11 | 12 | byte plainTextByte; 13 | byte[] plainText; 14 | int plainTextOffset; 15 | int plainTextLen; 16 | 17 | byte[] cipherText; 18 | int cipherTextOffset; 19 | 20 | boolean isEncryption; 21 | 22 | FORBIDDEN 23 | CCMBlockCipher(org.bouncycastle.crypto.BlockCipher); 24 | 25 | EVENTS 26 | c1: newInstance(engine); 27 | Con := c1; 28 | 29 | i1: init(isEncryption, params); 30 | Init := i1; 31 | 32 | pa1: processAADByte(aadByte); 33 | pa2: processAADBytes(aadBytes, aadOff, aadLen); 34 | ProcessAAD := pa1 | pa2; 35 | 36 | p1: processByte(plainTextByte, cipherText, cipherTextOffset); 37 | p2: processBytes(plainText, plainTextOffset, plainTextLen, cipherText, cipherTextOffset); 38 | Process := p1 | p2; 39 | 40 | df1: doFinal(cipherText, cipherTextOffset); 41 | DoFinal := df1; 42 | 43 | ORDER 44 | Con, Init, ProcessAAD*, Process+, DoFinal 45 | 46 | CONSTRAINTS 47 | length[cipherText] >= cipherTextOffset; 48 | length[plainText] >= plainTextOffset + plainTextLen; 49 | plainTextOffset >= 0; 50 | plainTextLen > 0; 51 | cipherTextOffset >= 0; 52 | 53 | REQUIRES 54 | generatedAESEngine[engine] || generatedAESLightEngine[engine] || generatedRijndaelEngine[engine]; 55 | generatedAEADParameters[params] || generatedParametersWithIV[params]; 56 | -------------------------------------------------------------------------------- /BouncyCastle/src/DefaultBufferedBlockCipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.DefaultBufferedBlockCipher 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.BlockCipher cipher; 5 | org.bouncycastle.crypto.CipherParameters params; 6 | 7 | byte plainTextByte; 8 | byte[] plainText; 9 | int plainTextOffset; 10 | int plainTextLen; 11 | 12 | byte[] cipherText; 13 | int cipherTextOffset; 14 | 15 | boolean isEncryption; 16 | 17 | EVENTS 18 | c1: DefaultBufferedBlockCipher(cipher); 19 | Con := c1; 20 | 21 | i1: init(isEncryption, params); 22 | Init := i1; 23 | 24 | // @return the number of output bytes copied to out. 25 | p1: processByte(plainTextByte, cipherText, cipherTextOffset); 26 | p2: processBytes(plainText, plainTextOffset, plainTextLen, cipherText, cipherTextOffset); 27 | Proc := p1 | p2; 28 | 29 | // @return the number of output bytes copied to out. 30 | df1: doFinal(cipherText, cipherTextOffset); 31 | DoFinal := df1; 32 | 33 | ORDER 34 | Con, (Init, Proc, DoFinal)+ 35 | 36 | CONSTRAINTS 37 | length[plainText] >= plainTextOffset + plainTextLen; 38 | length[cipherText] >= cipherTextOffset; 39 | plainTextOffset >= 0; 40 | plainTextLen > 0; 41 | cipherTextOffset >= 0; 42 | 43 | REQUIRES 44 | generatedGCMBlockCipher[cipher]; 45 | generatedCipherParams[params]; 46 | 47 | ENSURES 48 | encrypted[cipherText]; 49 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECDomainParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ECDomainParameters 2 | 3 | OBJECTS 4 | org.bouncycastle.math.ec.ECCurve curve; 5 | byte[] seed; 6 | org.bouncycastle.math.ec.ECPoint G; 7 | java.math.BigInteger n; 8 | java.math.BigInteger h; 9 | 10 | EVENTS 11 | c1: ECDomainParameters(curve, G, n); 12 | c2: ECDomainParameters(curve, G, n, h); 13 | c3: ECDomainParameters(curve, G, n, h, seed); 14 | Con := c1 | c2 | c3; 15 | 16 | ORDER 17 | Con 18 | 19 | REQUIRES 20 | randomized[seed]; 21 | 22 | ENSURES 23 | generatedECDomainParameters[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/ECElGamalDecryptor.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.ec.ECElGamalDecryptor 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters keyParams; 5 | org.bouncycastle.crypto.ec.ECPair pair; 6 | org.bouncycastle.math.ec.ECPoint plainText; 7 | 8 | EVENTS 9 | c1: ECElGamalDecryptor(); 10 | Con := c1; 11 | 12 | i1: init(keyParams); 13 | Init := i1; 14 | 15 | d1: plainText = decrypt(pair); 16 | Decrypt := d1; 17 | 18 | ORDER 19 | Con, (Init, Decrypt+)+ 20 | 21 | REQUIRES 22 | generatedECPair[pair]; 23 | generatedECPrivateKeyParameters[keyParams]; 24 | 25 | ENSURES 26 | generatedECElGamalDecrypt[plainText] after Decrypt; 27 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECElGamalEncryptor.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.ec.ECElGamalEncryptor 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters params; 5 | org.bouncycastle.math.ec.ECPoint data; 6 | org.bouncycastle.crypto.ec.ECPair cipherText; 7 | 8 | EVENTS 9 | c1: ECElGamalEncryptor(); 10 | Con := c1; 11 | 12 | i1: init(params); 13 | Init := i1; 14 | 15 | e1: cipherText = encrypt(data); 16 | Encrypt := e1; 17 | 18 | ORDER 19 | Con, (Init, Encrypt+)+ 20 | 21 | REQUIRES 22 | generatedECPublicKeyParameters[params] || generatedParametersWithRandom[params]; 23 | 24 | ENSURES 25 | generatedECElGamalEncrypt[cipherText] after Encrypt; 26 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECFixedTransform.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.ec.ECFixedTransform 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters keyParams; 5 | java.math.BigInteger k; 6 | org.bouncycastle.crypto.ec.ECPair cipherText; 7 | org.bouncycastle.crypto.ec.ECPair transformedCipherText; 8 | 9 | EVENTS 10 | c1: ECFixedTransform(k); 11 | Con := c1; 12 | 13 | i1: init(keyParams); 14 | Init := i1; 15 | 16 | t1: transformedCipherText = transform(cipherText); 17 | Transform := t1; 18 | 19 | ORDER 20 | Con, Init, Transform+ 21 | 22 | REQUIRES 23 | generatedECPublicKeyParameters[keyParams]; 24 | generatedECPair[cipherText]; 25 | 26 | ENSURES 27 | generatedECFixedTransform[transformedCipherText] after Transform; 28 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECKeyGenerationParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ECKeyGenerationParameters 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.params.ECDomainParameters domainParams; 5 | java.security.SecureRandom random; 6 | 7 | EVENTS 8 | c1: ECKeyGenerationParameters(domainParams, random); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | REQUIRES 15 | randomized[random]; 16 | generatedECDomainParameters[domainParams]; 17 | 18 | ENSURES 19 | generatedECKeyGenerationParameters[this]; 20 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECKeyPairGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.generators.ECKeyPairGenerator 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.KeyGenerationParameters genParams; 5 | 6 | EVENTS 7 | c1: ECKeyPairGenerator(); 8 | Con := c1; 9 | 10 | i1: init(genParams); 11 | Init := i1; 12 | 13 | gk1: generateKeyPair(); 14 | Gen := gk1; 15 | 16 | ORDER 17 | Con, Init, Gen 18 | 19 | REQUIRES 20 | generatedECKeyGenerationParameters[genParams]; 21 | 22 | ENSURES 23 | generatedECKeyPair[this] after Gen; -------------------------------------------------------------------------------- /BouncyCastle/src/ECKeyParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ECKeyParameters 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.params.ECDomainParameters params; 5 | boolean isPrivate; 6 | 7 | EVENTS 8 | c1: ECKeyParameters(isPrivate, params); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | REQUIRES 15 | generatedECDomainParameters[params]; 16 | 17 | ENSURES 18 | generatedECKeyParameters[this]; 19 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECNewPublicKeyTransform.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.ec.ECNewPublicKeyTransform 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters keyParams; 5 | org.bouncycastle.crypto.ec.ECPair cipherText; 6 | org.bouncycastle.crypto.ec.ECPair transformedCipherText; 7 | 8 | EVENTS 9 | c1: ECNewPublicKeyTransform(); 10 | Con := c1; 11 | 12 | i1: init(keyParams); 13 | Init := i1; 14 | 15 | t1: transformedCipherText = transform(cipherText); 16 | Transform := t1; 17 | 18 | ORDER 19 | Con, Init, Transform+ 20 | 21 | REQUIRES 22 | //As the keyParams can be an instance of ParametersWithRandom with ECPublicKeyParameters in it or instance of ECPublicKeyParameters itself. 23 | generatedParametersWithRandom[keyParams] || generatedECPublicKeyParameters[keyParams]; 24 | generatedECPair[cipherText]; 25 | 26 | ENSURES 27 | generatedNewPublicKeyTransform[transformedCipherText] after Transform; 28 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECNewRandomnessTransform.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.ec.ECNewRandomnessTransform 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters keyParams; 5 | org.bouncycastle.crypto.ec.ECPair cipherText; 6 | org.bouncycastle.crypto.ec.ECPair transformedCipherText; 7 | 8 | EVENTS 9 | c1: ECNewRandomnessTransform(); 10 | Con := c1; 11 | 12 | i1: init(keyParams); 13 | Init := i1; 14 | 15 | t1: transformedCipherText = transform(cipherText); 16 | Transform := t1; 17 | 18 | ORDER 19 | Con, Init, Transform+ 20 | 21 | REQUIRES 22 | generatedParametersWithRandom[keyParams] || generatedECPublicKeyParameters[keyParams]; 23 | generatedECPair[cipherText]; 24 | 25 | ENSURES 26 | generatedECNewRandomnessTransform[transformedCipherText] after Transform; 27 | -------------------------------------------------------------------------------- /BouncyCastle/src/ECPair.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.ec.ECPair 2 | 3 | OBJECTS 4 | org.bouncycastle.math.ec.ECPoint xPoint; 5 | org.bouncycastle.math.ec.ECPoint yPoint; 6 | 7 | EVENTS 8 | c1: ECPair(xPoint, yPoint); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | ENSURES 15 | generatedECPair[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/ECPrivateKeyParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ECPrivateKeyParameters 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.params.ECDomainParameters params; 5 | java.math.BigInteger d; 6 | 7 | EVENTS 8 | c1: ECPrivateKeyParameters(d, params); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | CONSTRAINTS 15 | notHardCoded[d]; 16 | 17 | REQUIRES 18 | generatedECDomainParameters[params]; 19 | 20 | ENSURES 21 | generatedECPrivateKeyParameters[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/ECPublicKeyParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ECPublicKeyParameters 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.params.ECDomainParameters params; 5 | org.bouncycastle.math.ec.ECPoint Q; 6 | 7 | EVENTS 8 | c1: ECPublicKeyParameters(Q, params); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | REQUIRES 15 | generatedECDomainParameters[params]; 16 | 17 | ENSURES 18 | generatedECPublicKeyParameters[this]; 19 | -------------------------------------------------------------------------------- /BouncyCastle/src/GCMBlockCipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.modes.GCMBlockCipher 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.BlockCipher engine; 5 | org.bouncycastle.crypto.CipherParameters params; 6 | 7 | byte aadByte; 8 | byte[] aadBytes; 9 | int aadOff; 10 | int aadLen; 11 | 12 | byte plainTextByte; 13 | byte[] plainText; 14 | int plainTextOffset; 15 | int plainTextLen; 16 | 17 | byte[] cipherText; 18 | int cipherTextOffset; 19 | 20 | boolean isEncryption; 21 | 22 | FORBIDDEN 23 | GCMBlockCipher(org.bouncycastle.crypto.BlockCipher); 24 | 25 | EVENTS 26 | c1: newInstance(engine); 27 | Con := c1; 28 | 29 | i1: init(isEncryption, params); 30 | Init := i1; 31 | 32 | pa1: processAADByte(aadByte); 33 | pa2: processAADBytes(aadBytes, aadOff, aadLen); 34 | ProcessAAD := pa1 | pa2; 35 | 36 | p1: processByte(plainTextByte, cipherText, cipherTextOffset); 37 | p2: processBytes(plainText, plainTextOffset, plainTextLen, cipherText, cipherTextOffset); 38 | Process := p1 | p2; 39 | 40 | df1: doFinal(cipherText, cipherTextOffset); 41 | DoFinal := df1; 42 | 43 | ORDER 44 | Con, Init, ProcessAAD*, Process+, DoFinal 45 | 46 | CONSTRAINTS 47 | neverTypeOf[engine, org.bouncycastle.crypto.engines.AESFastEngine]; 48 | length[aadBytes] >= aadOff + aadLen; 49 | length[plainText] >= plainTextOffset + plainTextLen; 50 | length[cipherText] >= cipherTextOffset; 51 | plainTextOffset >= 0; 52 | plainTextLen > 0; 53 | cipherTextOffset >= 0; 54 | 55 | REQUIRES 56 | generatedAESEngine[engine] || generatedAESLightEngine[engine]; 57 | generatedAEADParameters[params] || generatedParametersWithIV[params]; 58 | 59 | ENSURES 60 | generatedGCMBlockCipherMode[this] after Con; 61 | 62 | -------------------------------------------------------------------------------- /BouncyCastle/src/HMac.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.macs.HMac 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.Digest digest; 5 | int byteLen; 6 | 7 | org.bouncycastle.crypto.CipherParameters params; 8 | 9 | byte inputByte; 10 | byte[] inputBytes; 11 | int inputBytesLen; 12 | int inputBytesOffset; 13 | 14 | byte[] outputBytes; 15 | int outputBytesOffset; 16 | 17 | 18 | EVENTS 19 | c1: HMac(digest); 20 | Con := c1; 21 | 22 | i1 : init(params); 23 | Init := i1; 24 | 25 | u1: update(inputByte); 26 | u2: update(inputBytes, inputBytesOffset, inputBytesLen); 27 | Update := u1 | u2; 28 | 29 | DoFinal: doFinal(outputBytes, outputBytesOffset); 30 | 31 | ORDER 32 | Con, (Init, Update+, DoFinal)+ 33 | 34 | CONSTRAINTS 35 | length[inputBytes] >= inputBytesOffset + inputBytesLen; 36 | length[outputBytes] >= outputBytesOffset; 37 | inputBytesOffset >= 0; 38 | inputBytesLen > 0; 39 | outputBytesOffset >= 0; 40 | 41 | REQUIRES 42 | generatedSHA256Digest[digest]; 43 | generatedKeyParameter[params]; 44 | 45 | ENSURES 46 | macced[outputBytes]; 47 | -------------------------------------------------------------------------------- /BouncyCastle/src/KeyParameter.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.KeyParameter 2 | 3 | OBJECTS 4 | byte[] key; 5 | int keyOffset; 6 | int keyLen; 7 | 8 | EVENTS 9 | c1: KeyParameter(key); 10 | c2: KeyParameter(key, keyOffset, keyLen); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | length[key] >= keyOffset + keyLen; 18 | keyOffset >= 0; 19 | keyLen > 0; 20 | 21 | REQUIRES 22 | randomized[key]; 23 | 24 | ENSURES 25 | generatedKeyParameter[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/PaddedBufferedBlockCipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters params; 5 | org.bouncycastle.crypto.paddings.BlockCipherPadding padding; 6 | org.bouncycastle.crypto.BlockCipher cipher; 7 | 8 | byte plainTextByte; 9 | byte[] plainText; 10 | int plainTextOffset; 11 | int plainTextLen; 12 | 13 | byte[] cipherText; 14 | int cipherTextOffset; 15 | 16 | boolean isEncryption; 17 | 18 | EVENTS 19 | c1: PaddedBufferedBlockCipher(cipher); 20 | c2: PaddedBufferedBlockCipher(cipher, padding); 21 | Con := c1 | c2; 22 | 23 | i1: init(isEncryption, params); 24 | Init := i1; 25 | 26 | p1: processByte(plainTextByte, cipherText, cipherTextOffset); 27 | p2: processBytes(plainText, plainTextOffset, plainTextLen, cipherText, cipherTextOffset); 28 | Process := p1 | p2; 29 | 30 | df1: doFinal(cipherText, cipherTextOffset); 31 | DoFinal:= df1; 32 | 33 | ORDER 34 | Con, (Init, Process, DoFinal)+ 35 | 36 | CONSTRAINTS 37 | length[plainText] >= plainTextOffset + plainTextLen; 38 | length[cipherText] >= cipherTextOffset; 39 | plainTextOffset >= 0; 40 | plainTextLen > 0; 41 | cipherTextOffset >= 0; 42 | 43 | REQUIRES 44 | generatedBlockCipher[cipher]; 45 | generatedParametersWithIV[params]; 46 | generatedPKCS7Padding[padding]; 47 | 48 | ENSURES 49 | encrypted[cipherText]; -------------------------------------------------------------------------------- /BouncyCastle/src/ParametersWithIV.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ParametersWithIV 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters params; 5 | byte[] iv; 6 | int ivOffset; 7 | int ivLen; 8 | 9 | EVENTS 10 | c1: ParametersWithIV(params, iv); 11 | c2: ParametersWithIV(params, iv, ivOffset, ivLen); 12 | Con := c1 | c2; 13 | 14 | ORDER 15 | Con 16 | 17 | CONSTRAINTS 18 | length[iv] >= ivOffset + ivLen; 19 | ivOffset >= 0; 20 | ivLen > 0; 21 | 22 | REQUIRES 23 | randomized[iv]; 24 | generatedKeyParameter[params]; 25 | 26 | ENSURES 27 | generatedParametersWithIV[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/ParametersWithRandom.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.ParametersWithRandom 2 | 3 | OBJECTS 4 | java.security.SecureRandom random; 5 | org.bouncycastle.crypto.CipherParameters params; 6 | 7 | EVENTS 8 | c1: ParametersWithRandom(params, random); 9 | c2: ParametersWithRandom(params); 10 | Con := c1 | c2; 11 | 12 | ORDER 13 | Con 14 | 15 | REQUIRES 16 | randomized[random]; 17 | generatedRSAKeyParameters[params] || generatedRSAPrivateCrtKeyParameters[params] || generatedECPublicKeyParameters[params]; 18 | 19 | ENSURES 20 | generatedParametersWithRandom[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/RSADigestSigner.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.signers.RSADigestSigner 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.Digest digest; 5 | org.bouncycastle.crypto.CipherParameters params; 6 | 7 | byte inputByte; 8 | byte[] inputBytes; 9 | int inputBytesOffset; 10 | int inputBytesLen; 11 | 12 | byte[] generatedSignature; 13 | 14 | byte[] signature; 15 | boolean forSigning; 16 | 17 | EVENTS 18 | c1: RSADigestSigner(digest); 19 | c2: RSADigestSigner(digest, _); 20 | Con := c1 | c2; 21 | 22 | i1: init(forSigning, params); 23 | Init := i1; 24 | 25 | u1: update(inputByte); 26 | u2: update(inputBytes, inputBytesOffset, inputBytesLen); 27 | Update := u1 | u2; 28 | 29 | s1: generatedSignature = generateSignature(); 30 | Sign := s1; 31 | 32 | v1: verifySignature(signature); 33 | Verify := v1; 34 | 35 | ORDER 36 | (Con, Init, Update+, (Sign | Verify))+ 37 | 38 | CONSTRAINTS 39 | length[inputBytes] >= inputBytesOffset + inputBytesLen; 40 | inputBytesOffset >= 0; 41 | inputBytesLen > 0; 42 | forSigning in {true} => noCallTo[Verify]; 43 | forSigning in {false} => noCallTo[Sign]; 44 | 45 | REQUIRES 46 | generatedSHA256Digest[digest]; 47 | generatedRSAKeyParameters[params] || generatedRSAPrivateCrtKeyParameters[params] || generatedECPublicKeyParameters[params]; 48 | 49 | ENSURES 50 | signed[generatedSignature] after Sign; 51 | verified[signature] after Verify; 52 | -------------------------------------------------------------------------------- /BouncyCastle/src/RSAEngine.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.engines.RSAEngine 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.CipherParameters params; 5 | 6 | boolean isEncryption; 7 | byte[] cipherText; 8 | 9 | byte[] plainText; 10 | int plainTextLen; 11 | int plainTextOffset; 12 | 13 | EVENTS 14 | c1: RSAEngine(); 15 | Con := c1; 16 | 17 | i1: init(isEncryption, params); 18 | Init := i1; 19 | 20 | p1: cipherText = processBlock(plainText, plainTextOffset, plainTextLen); 21 | Process := p1; 22 | 23 | ORDER 24 | Con, (Init, Process)+ 25 | 26 | CONSTRAINTS 27 | length[plainText] >= plainTextOffset + plainTextLen; 28 | plainTextOffset >= 0; 29 | plainTextLen > 0; 30 | 31 | REQUIRES 32 | generatedRSAKeyParameters[params] || generatedRSAPrivateCrtKeyParameters[params] || generatedECPublicKeyParameters[params]; 33 | 34 | ENSURES 35 | generatedRSAEngine[this] after Con; 36 | encrypted[cipherText] after Process; 37 | -------------------------------------------------------------------------------- /BouncyCastle/src/RSAKeyGenerationParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.RSAKeyGenerationParameters 2 | 3 | OBJECTS 4 | java.security.SecureRandom random; 5 | java.math.BigInteger publicExponent; 6 | int strength; 7 | int certainty; 8 | 9 | EVENTS 10 | c1: RSAKeyGenerationParameters(publicExponent, random, strength, certainty); 11 | Con := c1; 12 | 13 | ORDER 14 | Con 15 | 16 | REQUIRES 17 | randomized[random]; 18 | 19 | ENSURES 20 | generatedRSAKeyGenerationParameters[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/RSAKeyPairGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.generators.RSAKeyPairGenerator 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.KeyGenerationParameters genParams; 5 | org.bouncycastle.crypto.AsymmetricCipherKeyPair pair; 6 | 7 | EVENTS 8 | c1: RSAKeyPairGenerator(); 9 | Con := c1; 10 | 11 | i1: init(genParams); 12 | Init := i1; 13 | 14 | g1: pair = generateKeyPair(); 15 | Gen := g1; 16 | 17 | ORDER 18 | Con, (Init, Gen)+ 19 | 20 | REQUIRES 21 | generatedRSAKeyGenerationParameters[genParams]; 22 | 23 | ENSURES 24 | generatedRSAKeyPair[pair] after Gen; 25 | -------------------------------------------------------------------------------- /BouncyCastle/src/RSAKeyParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.RSAKeyParameters 2 | 3 | OBJECTS 4 | boolean isPrivate; 5 | java.math.BigInteger modulus; 6 | java.math.BigInteger exponent; 7 | 8 | EVENTS 9 | c1: RSAKeyParameters(isPrivate, modulus, exponent); 10 | Con := c1; 11 | 12 | ORDER 13 | Con 14 | 15 | CONSTRAINTS 16 | modulus >= 3000; // BSI describes length of the modulus n to be at least 2000 bits 17 | isPrivate == true => notHardCoded[exponent]; 18 | 19 | ENSURES 20 | generatedRSAKeyParameters[this]; -------------------------------------------------------------------------------- /BouncyCastle/src/RSAPrivateCrtKeyParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters 2 | 3 | OBJECTS 4 | java.math.BigInteger modulus; 5 | java.math.BigInteger publicExponent; 6 | java.math.BigInteger privateExponent; 7 | java.math.BigInteger p; 8 | java.math.BigInteger q; 9 | java.math.BigInteger dP; 10 | java.math.BigInteger dQ; 11 | java.math.BigInteger qInv; 12 | 13 | EVENTS 14 | c1: RSAPrivateCrtKeyParameters(modulus, publicExponent, privateExponent, p, q, dP, dQ, qInv); 15 | Con := c1; 16 | 17 | ORDER 18 | Con 19 | 20 | CONSTRAINTS 21 | modulus >= 3000; // BSI describes length of the modulus n to be at least 2000 bits 22 | p != q; 23 | 24 | REQUIRES 25 | randomized[p]; // BSI describes p and q to be prime numbers chosen at random and independently of each other 26 | randomized[q]; 27 | 28 | ENSURES 29 | generatedRSAPrivateCrtKeyParameters[this]; 30 | -------------------------------------------------------------------------------- /BouncyCastle/src/RijndaelEngine.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.engines.RijndaelEngine 2 | 3 | OBJECTS 4 | int blockSize; 5 | 6 | EVENTS 7 | c1: RijndaelEngine(); 8 | c2: RijndaelEngine(blockSize); 9 | Con := c1 | c2; 10 | 11 | ORDER 12 | Con 13 | 14 | CONSTRAINTS 15 | blockSize in {128,192,256}; 16 | 17 | ENSURES 18 | generatedRijndaelEngine[this]; 19 | 20 | -------------------------------------------------------------------------------- /BouncyCastle/src/SHA256Digest.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.digests.SHA256Digest 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.digests.SHA256Digest digest; 5 | byte[] encodedState; 6 | 7 | byte inputByte; 8 | byte[] inputBytes; 9 | int inputBytesOffset; 10 | int inputBytesLen; 11 | 12 | byte[] outputBytes; 13 | int outputBytesOffset; 14 | 15 | EVENTS 16 | c1: SHA256Digest(); 17 | c2: SHA256Digest(digest); 18 | // @param encodedState the encoded state from the originating digest. 19 | c3: SHA256Digest(encodedState); 20 | Con := c1 | c2 | c3; 21 | 22 | u1: update(inputByte); 23 | u2: update(inputBytes, inputBytesOffset, inputBytesLen); 24 | Update := u1 | u2; 25 | 26 | df1: doFinal(outputBytes, outputBytesOffset); 27 | DoFinal := df1; 28 | 29 | r1: reset(); 30 | Reset := r1; 31 | 32 | ORDER 33 | Con, ((Reset?, Update+)+, DoFinal)* 34 | 35 | CONSTRAINTS 36 | length[inputBytes] >= inputBytesOffset + inputBytesLen; 37 | inputBytesOffset >= 0; 38 | inputBytesLen > 0; 39 | length[outputBytes] >= outputBytesOffset; 40 | outputBytesOffset >= 0; 41 | 42 | REQUIRES 43 | generatedSHA256Digest[digest]; 44 | 45 | ENSURES 46 | generatedSHA256Digest[this] after Con; 47 | digested[outputBytes]; 48 | 49 | -------------------------------------------------------------------------------- /BouncyCastle/src/SICBlockCipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC org.bouncycastle.crypto.modes.SICBlockCipher 2 | 3 | OBJECTS 4 | org.bouncycastle.crypto.BlockCipher engine; 5 | 6 | FORBIDDEN 7 | SICBlockCipher(org.bouncycastle.crypto.BlockCipher); 8 | 9 | EVENTS 10 | c1: newInstance(engine); 11 | Con := c1; 12 | 13 | // No need to specify the order, must be wrapped in BufferedCipher 14 | ORDER 15 | Con 16 | 17 | REQUIRES 18 | generatedAESEngine[engine] || generatedAESLightEngine[engine] || generatedRijndaelEngine[engine]; 19 | 20 | ENSURES 21 | generatedSICBlockCipher[this]; 22 | -------------------------------------------------------------------------------- /BouncyCastle/src/SecureRandom.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.SecureRandom 2 | 3 | OBJECTS 4 | byte[] seed; 5 | byte[] genSeed; 6 | java.lang.String algorithm; 7 | long lSeed; 8 | byte[] bytes; 9 | int randInt; 10 | int randIntInRange; 11 | int range; 12 | 13 | EVENTS 14 | c1: SecureRandom(); 15 | c2: SecureRandom(seed); 16 | Con := c1 | c2; 17 | 18 | g1: getInstance(algorithm); 19 | g2: getInstance(algorithm, _); 20 | gI: getInstanceStrong(); 21 | Get := g1 | g2 | gI; 22 | 23 | Ins := Get | Con; 24 | 25 | s1: setSeed(seed); 26 | s2: setSeed(lSeed); 27 | Seed := s1 | s2; 28 | 29 | gS: genSeed = generateSeed(_); 30 | 31 | nB: nextBytes(bytes); 32 | nI: randInt = nextInt(); 33 | nIR: randIntInRange = nextInt(range); 34 | Next := nB | nI | nIR; 35 | 36 | End := gS | Next; 37 | 38 | ORDER 39 | Ins, (Seed?, End*)* 40 | 41 | CONSTRAINTS 42 | algorithm in {"SHA1PRNG", "Windows-PRNG", "NativePRNG", "NativePRNGBlocking", "NativePRNGNonBlocking", "PKCS11"}; 43 | 44 | REQUIRES 45 | randomized[seed]; 46 | randomized[lSeed]; 47 | 48 | ENSURES 49 | randomized[this] after Ins; 50 | randomized[genSeed] after gS; 51 | randomized[bytes] after nB; 52 | randomized[randInt] after nI; 53 | randomized[randIntInRange] after nIR; 54 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | .settings/ 3 | .classpath 4 | .project 5 | .DS_Store 6 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/assembly/rules.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | ruleset 9 | 10 | zip 11 | 12 | ${artifactId} 13 | 14 | 15 | / 16 | src 17 | 18 | *.crysl 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/pom.xml: -------------------------------------------------------------------------------- 1 | 4 | 4.0.0 5 | de.darmstadt.tu.crossing 6 | JavaCryptographicArchitecture 7 | 3.1.3 8 | CrySL Rules Bundle 9 | 10 | 11 | Eclipse Public License - v2.0 12 | https://www.eclipse.org/legal/epl-2.0/ 13 | 14 | 15 | 16 | 17 | CogniCrypt 18 | CogniCrypt 19 | cognicrypt@eim.upb.de 20 | 21 | 22 | 23 | scm:git:git@github.com:CROSSINGTUD/Crypto-API-Rules.git 24 | scm:git:ssh://github.com:CROSSINGTUD/Crypto-API-Rules.git 25 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/JavaCryptographicArchitecture 26 | 27 | 28 | JavaCryptographicArchitecture CrySL ruleset 29 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/JavaCryptographicArchitecture 30 | 31 | 32 | 33 | deployment 34 | 35 | 36 | 37 | org.apache.maven.plugins 38 | maven-source-plugin 39 | 3.3.1 40 | 41 | 42 | attach-source 43 | 44 | jar 45 | 46 | 47 | 48 | 49 | 50 | org.apache.maven.plugins 51 | maven-gpg-plugin 52 | 3.2.7 53 | 54 | 55 | sign-artifacts 56 | verify 57 | 58 | sign 59 | 60 | 61 | 62 | --pinentry-mode 63 | loopback 64 | 65 | 66 | 67 | 68 | 69 | 70 | maven-release-plugin 71 | 3.1.1 72 | 73 | @{project.version} 74 | 75 | 76 | 77 | org.sonatype.plugins 78 | nexus-staging-maven-plugin 79 | 1.7.0 80 | true 81 | 82 | ossrh 83 | https://s01.oss.sonatype.org 84 | true 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | src 94 | 95 | 96 | org.apache.maven.plugins 97 | maven-assembly-plugin 98 | 99 | 100 | create-distribution 101 | package 102 | 103 | single 104 | 105 | 106 | 107 | assembly/rules.xml 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | javax.servlet 120 | javax.servlet-api 121 | 4.0.1 122 | provided 123 | 124 | 125 | 126 | 127 | 128 | ossrh 129 | https://s01.oss.sonatype.org/content/repositories/snapshots/ 130 | 131 | 132 | ossrh 133 | https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ 134 | 135 | 136 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/predicates/ensuresPreds.txt: -------------------------------------------------------------------------------- 1 | List of all predicates ensured by the crysl rules 2 | preparedAlg 3 | preparedHMAC 4 | encrypted 5 | preparedGCM 6 | preparedDH 7 | preparedDSA 8 | preparedHMAC 9 | preparedIV 10 | generatedKey 11 | generatedKeyStore 12 | generatedKeypair 13 | generatedPrivkey 14 | generatedPubkey 15 | generatedKeyManager 16 | generatedTrustManager 17 | macced 18 | digested 19 | speccedKey 20 | preparedPBE 21 | preparedRSAKey 22 | randomized 23 | signed 24 | verified 25 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/predicates/preds.txt: -------------------------------------------------------------------------------- 1 | pre-defined -> neverCallTo(iv) 2 | callTo(iv) 3 | neverTypeOf(pw, java.lang.String) 4 | 5 | Cipher -> updates => encrypted[pre_ciphertext, pre_plaintext]; 6 | encrypted[cipherText, plainText]; 7 | encrypted[cipherBuffer, plainBuffer]; 8 | 9 | KeyGenerator -> generatedKey[key, alg]; 10 | 11 | KeyPairGenerator -> generatedKeyPair[kp, alg]; 12 | 13 | MAC -> macced[output1, inp]; 14 | macced[output1, pre_input]; 15 | macced[output2, input]; 16 | 17 | MessageDigest -> digested[out, _]; 18 | digested[out, inbytearr]; 19 | 20 | PBEKeySpec -> c1 => keyspec[this, _, keylength]; 21 | cP => !keyspec[this, _, keylength]; 22 | 23 | SecretKeyFactory -> generatedKey(key, alg); 24 | 25 | SecretKeySpec -> keyspec[this, alg, keylength]; 26 | 27 | SecretKey -> !generatedKey[this, _]; 28 | 29 | SecureRandom -> Ins => random[this]; 30 | random[genSeed]; 31 | random[next]; 32 | random[numB]; 33 | 34 | Signature -> signed[inp]; 35 | verified[sign]; 36 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/AlgorithmParameterGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.AlgorithmParameterGenerator 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.AlgorithmParameters algParams; 6 | java.security.spec.AlgorithmParameterSpec genParamSpec; 7 | java.security.SecureRandom random; 8 | int size; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(size); 16 | i2: init(size, random); 17 | i3: init(genParamSpec); 18 | i4: init(genParamSpec, random); 19 | Init := i1 | i2 | i3 | i4; 20 | 21 | gp1: algParams = generateParameters(); 22 | GenParam := gp1; 23 | 24 | ORDER 25 | Get, Init, GenParam 26 | 27 | CONSTRAINTS 28 | algorithm in {"AES", "Camellia", "Shacal2", "Shacal-2", "DH", "DiffieHellman", "DSA", "ElGamal"}; 29 | algorithm in {"DH", "DiffieHellman", "DSA", "ElGamal"} => size in {3072}; 30 | algorithm in {"AES", "Camellia", "Shacal2", "Shacal-2" } => size in {128, 192, 256}; 31 | 32 | REQUIRES 33 | randomized[random]; 34 | 35 | ENSURES 36 | preparedAlg[algParams, algorithm] after GenParam; 37 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/AlgorithmParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.AlgorithmParameters 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.spec.AlgorithmParameterSpec paramSpec; 6 | byte[] params; 7 | java.lang.String format; 8 | byte[] encParams; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(paramSpec); 16 | i2: init(params); 17 | i3: init(params, _); 18 | Init := i1 | i2 | i3; 19 | 20 | e1: encParams = getEncoded(); 21 | e2: encParams = getEncoded(format); 22 | GetEncoded := e1 | e2; 23 | 24 | ORDER 25 | Get, Init, GetEncoded? 26 | 27 | CONSTRAINTS 28 | algorithm in {"AES", "DiffieHellman", "DH", "OAEP", "PBEWithHmacSHA224AndAES_128", 29 | "PBEWithHmacSHA256AndAES_128", "PBEWithHmacSHA384AndAES_128", "PBEWithHmacSHA512AndAES_128", 30 | "PBEWithHmacSHA224AndAES_256", "PBEWithHmacSHA256AndAES_256", "PBEWithHmacSHA384AndAES_256", 31 | "PBEWithHmacSHA512AndAES_256"}; 32 | 33 | REQUIRES 34 | preparedAlg[params, algorithm]; 35 | algorithm in {"AES"} => preparedIV[paramSpec]; 36 | algorithm in {"DiffieHellman", "DH"} => preparedDH[paramSpec]; 37 | algorithm in {"PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", "PBEWithHmacSHA384AndAES_128", 38 | "PBEWithHmacSHA512AndAES_128", "PBEWithHmacSHA224AndAES_256", "PBEWithHmacSHA256AndAES_256", 39 | "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256"} => preparedPBE[paramSpec]; 40 | algorithm in {"OAEP"} => preparedOAEP[paramSpec]; 41 | 42 | ENSURES 43 | preparedAlg[this, algorithm] after Init; 44 | preparedAlg[encParams, algorithm] after GetEncoded; 45 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/CertPathTrustManagerParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.CertPathTrustManagerParameters 2 | 3 | OBJECTS 4 | java.security.cert.CertPathParameters params; 5 | 6 | EVENTS 7 | c1: CertPathTrustManagerParameters(params); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | REQUIRES 14 | generatedCertPathParameters[params]; 15 | 16 | ENSURES 17 | generatedManagerFactoryParameters[this]; 18 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/CertificateFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.CertificateFactory 2 | 3 | OBJECTS 4 | java.io.InputStream inStream; 5 | java.lang.String encoding; 6 | java.lang.String type; 7 | 8 | EVENTS 9 | g1: getInstance(type); 10 | g2: getInstance(type, _); 11 | Get := g1 | g2; 12 | 13 | gc1: generateCertificate(inStream); 14 | GenCert := gc1; 15 | 16 | gen1: generateCertPath(_); 17 | gen2: generateCertPath(inStream, encoding); 18 | GenCertPath := gen1 | gen2; 19 | 20 | gcrl1: generateCRL(inStream); 21 | GenCRL := gcrl1; 22 | 23 | ORDER 24 | Get, (GenCert | GenCertPath | GenCRL)+ 25 | 26 | CONSTRAINTS 27 | type in {"X509", "X.509"}; 28 | encoding in {"PKCS7", "PkiPath"}; 29 | 30 | ENSURES 31 | generatedCert[type]; 32 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/Cipher.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.Cipher 2 | 3 | OBJECTS 4 | java.lang.String transformation; 5 | int encmode; 6 | java.security.Key key; 7 | java.security.cert.Certificate certificate; 8 | java.security.spec.AlgorithmParameterSpec paramSpec; 9 | java.security.AlgorithmParameters params; 10 | 11 | int prePlainTextOffset; 12 | int preCipherTextOffset; 13 | int plainTextOffset; 14 | int cipherTextOffset; 15 | int aadOffset; 16 | 17 | int prePlainTextLen; 18 | int plainTextLen; 19 | int aadLen; 20 | 21 | byte[] prePlainText; 22 | byte[] preCipherText; 23 | java.nio.ByteBuffer prePlainTextByteBuffer; 24 | java.nio.ByteBuffer preCipherTextByteBuffer; 25 | 26 | byte[] plainText; 27 | byte[] cipherText; 28 | byte[] wrappedKeyBytes; 29 | java.nio.ByteBuffer plainTextByteBuffer; 30 | java.nio.ByteBuffer cipherTextByteBuffer; 31 | 32 | byte[] aadBytes; 33 | java.nio.ByteBuffer aadByteBuffer; 34 | 35 | java.security.SecureRandom random; 36 | 37 | java.security.Key wrappedKey; 38 | 39 | EVENTS 40 | g1: getInstance(transformation); 41 | g2: getInstance(transformation, _); 42 | Get := g1 | g2; 43 | 44 | i1: init(encmode, certificate); 45 | i2: init(encmode, certificate, random); 46 | i3: init(encmode, key); 47 | i4: init(encmode, key, paramSpec); 48 | i5: init(encmode, key, params); 49 | i6: init(encmode, key, paramSpec, random); 50 | i7: init(encmode, key, params, random); 51 | i8: init(encmode, key, random); 52 | IWOIV := i1 | i2 | i3 | i8; 53 | IWIV := i4 | i5 | i6 | i7; 54 | Init := IWOIV | IWIV; 55 | 56 | u1: preCipherText = update(prePlainText); 57 | u2: preCipherText = update(prePlainText, prePlainTextOffset, prePlainTextLen); 58 | u3: update(prePlainText, prePlainTextOffset, prePlainTextLen, preCipherText); 59 | u4: update(prePlainText, prePlainTextOffset, prePlainTextLen, preCipherText, preCipherTextOffset); 60 | u5: update(prePlainTextByteBuffer, preCipherTextByteBuffer); 61 | Update := u1 | u2 | u3 | u4 | u5; 62 | 63 | ua1: updateAAD(aadBytes); 64 | ua2: updateAAD(aadBytes, aadOffset, aadLen); 65 | ua3: updateAAD(aadByteBuffer); 66 | AADUpdate := ua1 | ua2 | ua3; 67 | 68 | f1: cipherText = doFinal(); 69 | f2: cipherText = doFinal(plainText); 70 | f3: doFinal(cipherText, cipherTextOffset); 71 | f4: cipherText = doFinal(plainText, plainTextOffset, plainTextLen); 72 | f5: doFinal(plainText, plainTextOffset, plainTextLen, cipherText); 73 | f6: doFinal(plainText, plainTextOffset, plainTextLen, cipherText, cipherTextOffset); 74 | f7: doFinal(plainTextByteBuffer, cipherTextByteBuffer); 75 | FINWOU := f2 | f4 | f5 | f6 | f7; 76 | DoFinal := FINWOU | f1 | f3; 77 | 78 | wkb1: wrappedKeyBytes = wrap(wrappedKey); 79 | WKB := wkb1; 80 | 81 | ORDER 82 | Get, Init+, AADUpdate*, WKB+ | (FINWOU | (Update+, DoFinal))+ 83 | 84 | CONSTRAINTS 85 | instanceOf[key, java.security.PublicKey] || instanceOf[key, java.security.PrivateKey] || instanceOf[certificate, java.security.cert.Certificate] || 86 | encmode in {3, 4} => alg(transformation) in {"RSA"}; 87 | instanceOf[key, javax.crypto.SecretKey] => alg(transformation) in {"AES", "PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", 88 | "PBEWithHmacSHA384AndAES_128", "PBEWithHmacSHA512AndAES_128", 89 | "PBEWithHmacSHA224AndAES_256", "PBEWithHmacSHA256AndAES_256", 90 | "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256"}; 91 | noCallTo[Init] => alg(transformation) in {"AES", "RSA", "PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", 92 | "PBEWithHmacSHA384AndAES_128", "PBEWithHmacSHA512AndAES_128", "PBEWithHmacSHA224AndAES_256", 93 | "PBEWithHmacSHA256AndAES_256", "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256"}; 94 | alg(transformation) in {"AES"} => mode(transformation) in { "GCM", "CTR", "CTS", "CFB", "OFB"}; 95 | alg(transformation) in {"RSA"} => mode(transformation) in {"", "ECB"}; 96 | 97 | alg(transformation) in {"PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", "PBEWithHmacSHA384AndAES_128", 98 | "PBEWithHmacSHA512AndAES_128", "PBEWithHmacSHA224AndAES_256", "PBEWithHmacSHA256AndAES_256", 99 | "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256"} => pad(transformation) in {"PKCS5Padding"}; 100 | alg(transformation) in {"RSA"} && mode(transformation) in {""} => pad(transformation) in {""}; 101 | alg(transformation) in {"RSA"} && mode(transformation) in {"ECB"} => pad(transformation) in {"NoPadding", "PKCS1Padding", 102 | "OAEPWithMD5AndMGF1Padding", "OAEPWithSHA-224AndMGF1Padding", 103 | "OAEPWithSHA-256AndMGF1Padding", "OAEPWithSHA-384AndMGF1Padding", 104 | "OAEPWithSHA-512AndMGF1Padding"}; 105 | 106 | alg(transformation) in {"AES"} && mode(transformation) in {"GCM", "CTR", "CTS", "CFB", "OFB"} => pad(transformation) in {"NoPadding"}; 107 | 108 | mode(transformation) in {"CTR", "CTS", "CFB", "OFB"} && encmode != 1 => noCallTo[IWOIV]; 109 | mode(transformation) in {"CTR", "CTS", "CFB", "ECB", "OFB"} => noCallTo[AADUpdate]; 110 | 111 | 112 | encmode in {1,2,3,4}; 113 | length[prePlainText] >= prePlainTextOffset + prePlainTextLen; 114 | length[preCipherText] >= preCipherTextOffset; 115 | prePlainTextOffset >= 0; 116 | prePlainTextLen > 0; 117 | preCipherTextOffset >= 0; 118 | length[plainText] >= plainTextOffset + plainTextLen; 119 | length[cipherText] >= cipherTextOffset; 120 | plainTextOffset >= 0; 121 | plainTextLen > 0; 122 | cipherTextOffset >= 0; 123 | 124 | REQUIRES 125 | generatedKey[key, alg(transformation)] || generatedPubkey[key] || generatedPrivkey[key]; 126 | randomized[random]; 127 | preparedAlg[params, alg(transformation)]; 128 | !macced[this, plainText]; 129 | mode(transformation) in {"CTR", "CTS", "CFB", "OFB"} && encmode == 1 => preparedIV[paramSpec]; 130 | mode(transformation) in {"GCM"} => preparedGCM[paramSpec]; 131 | mode(transformation) in {"OAEPWithMD5AndMGF1Padding", "OAEPWithSHA-224AndMGF1Padding", "OAEPWithSHA-256AndMGF1Padding", 132 | "OAEPWithSHA-384AndMGF1Padding", "OAEPWithSHA-512AndMGF1Padding"} => preparedOAEP[paramSpec]; 133 | 134 | ENSURES 135 | generatedCipher[this] after Init; 136 | encrypted[preCipherText, prePlainText] after Update; 137 | encrypted[cipherText, plainText]; 138 | encrypted[cipherTextByteBuffer, plainTextByteBuffer]; 139 | wrappedKey[wrappedKeyBytes, wrappedKey]; 140 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/CipherInputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.CipherInputStream 2 | 3 | OBJECTS 4 | java.io.InputStream inputStream; 5 | javax.crypto.Cipher cipher; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | 10 | EVENTS 11 | c1: CipherInputStream(inputStream, cipher); 12 | Con := c1; 13 | 14 | r1: read(); 15 | r2: read(data); 16 | r3: read(data, offset, len); 17 | Read := r1 | r2 | r3; 18 | 19 | cl1: close(); 20 | Close := cl1; 21 | 22 | ORDER 23 | Con, Read+, Close 24 | 25 | CONSTRAINTS 26 | length[data] >= offset + len; 27 | offset >= 0; 28 | len > 0; 29 | 30 | REQUIRES 31 | generatedCipher[cipher]; 32 | 33 | ENSURES 34 | cipheredInputStream[inputStream, cipher]; 35 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/CipherOutputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.CipherOutputStream 2 | 3 | OBJECTS 4 | java.io.OutputStream outputStream; 5 | javax.crypto.Cipher cipher; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | int specifiedByte; 10 | 11 | EVENTS 12 | c1: CipherOutputStream(outputStream, cipher); 13 | Con := c1; 14 | 15 | w1: write(specifiedByte); 16 | w2: write(data); 17 | w3: write(data, offset, len); 18 | Write := w1 | w2 | w3; 19 | 20 | cl1: close(); 21 | Close := cl1; 22 | 23 | ORDER 24 | Con, Write+, Close 25 | 26 | CONSTRAINTS 27 | length[data] >= offset + len; 28 | offset >= 0; 29 | len > 0; 30 | 31 | REQUIRES 32 | generatedCipher[cipher]; 33 | 34 | ENSURES 35 | cipheredOutputStream[outputStream, cipher]; 36 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/Cookie.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.servlet.http.Cookie 2 | 3 | OBJECTS 4 | java.lang.String name; 5 | java.lang.String value; 6 | boolean flag; 7 | 8 | EVENTS 9 | c1: Cookie(name, value); 10 | Con := c1; 11 | 12 | s1: setSecure(flag); 13 | SetSecure := s1; 14 | 15 | ORDER 16 | Con, SetSecure 17 | 18 | CONSTRAINTS 19 | flag in {true}; 20 | 21 | ENSURES 22 | generatedCookie[this]; 23 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/DHGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.DHGenParameterSpec 2 | 3 | OBJECTS 4 | int primeSize; 5 | int exponentSize; 6 | 7 | EVENTS 8 | c1: DHGenParameterSpec(primeSize, exponentSize); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | CONSTRAINTS 15 | exponentSize < primeSize; 16 | 17 | ENSURES 18 | preparedDH[this]; 19 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/DHParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.DHParameterSpec 2 | 3 | OBJECTS 4 | java.math.BigInteger p; 5 | java.math.BigInteger g; 6 | int l; 7 | 8 | EVENTS 9 | c1: DHParameterSpec(p, g); 10 | c2: DHParameterSpec(p, g, l); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | p >= 1^2048; 18 | g >= 1^2048; 19 | 20 | ENSURES 21 | preparedDH[this]; 22 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/DSAGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.DSAGenParameterSpec 2 | 3 | OBJECTS 4 | int primePLen; 5 | int subPrimeQLen; 6 | int seedLen; 7 | 8 | EVENTS 9 | c1: DSAGenParameterSpec(primePLen, subPrimeQLen); 10 | c2: DSAGenParameterSpec(primePLen, subPrimeQLen, seedLen); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | primePLen in {3072}; //BSI TR-02102-1 page 53 18 | subPrimeQLen in {256}; 19 | 20 | primePLen in {3072} => subPrimeQLen in {256}; 21 | 22 | ENSURES 23 | preparedDSA[this]; 24 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/DSAParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.DSAParameterSpec 2 | 3 | OBJECTS 4 | java.math.BigInteger p; 5 | java.math.BigInteger q; 6 | java.math.BigInteger g; 7 | 8 | EVENTS 9 | c1: DSAParameterSpec(p, q, g); 10 | Con := c1; 11 | 12 | ORDER 13 | Con 14 | 15 | CONSTRAINTS 16 | p >= 1^2048; 17 | g >= 1^2048; 18 | 19 | ENSURES 20 | preparedDSA[this]; 21 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/DigestInputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.DigestInputStream 2 | 3 | OBJECTS 4 | java.io.InputStream stream; 5 | java.security.MessageDigest digest; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | 10 | FORBIDDEN 11 | on(boolean) ; 12 | 13 | EVENTS 14 | c1: DigestInputStream(stream, digest); 15 | Con := c1; 16 | 17 | r1: read(); 18 | r2: read(data, offset, len); 19 | Read := r1 | r2; 20 | 21 | cl1: close(); 22 | Close := cl1; 23 | 24 | ORDER 25 | Con, Read+, Close 26 | 27 | CONSTRAINTS 28 | length[data] >= offset + len; 29 | offset >= 0; 30 | len > 0; 31 | 32 | REQUIRES 33 | generatedMessageDigest[digest]; 34 | 35 | ENSURES 36 | digestedInputStream[stream, digest]; 37 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/DigestOutputStream.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.DigestOutputStream 2 | 3 | OBJECTS 4 | java.io.OutputStream stream; 5 | java.security.MessageDigest digest; 6 | byte[] data; 7 | int offset; 8 | int len; 9 | int specifiedByte; 10 | 11 | FORBIDDEN 12 | on(boolean) ; 13 | 14 | EVENTS 15 | c1: DigestOutputStream(stream, digest); 16 | Con := c1; 17 | 18 | r1: write(specifiedByte); 19 | r2: write(data, offset, len); 20 | Write := r1 | r2; 21 | 22 | cl1: close(); 23 | Close := cl1; 24 | 25 | ORDER 26 | Con, Write+, Close 27 | 28 | CONSTRAINTS 29 | length[data] >= offset + len; 30 | offset >= 0; 31 | len > 0; 32 | 33 | REQUIRES 34 | generatedMessageDigest[digest]; 35 | 36 | ENSURES 37 | digestedOutputStream[stream, digest]; 38 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/ECGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.ECGenParameterSpec 2 | 3 | OBJECTS 4 | java.lang.String stdName; 5 | 6 | EVENTS 7 | c1: ECGenParameterSpec(stdName); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | CONSTRAINTS 14 | stdName in {"brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", 15 | "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 16 | "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", 17 | "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 18 | "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 19 | "secp224r1", "NIST P-224", "1.3.132.0.33", 20 | "secp256r1", "NIST P-256", "X9.62 prime256v1" ,"1.2.840.10045.3.1.7", 21 | "secp384r1", "NIST P-384", "1.3.132.0.34", 22 | "secp521r1", "NIST P-521", "1.3.132.0.35"}; 23 | 24 | ENSURES 25 | preparedEC[this]; 26 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/ECParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.ECParameterSpec 2 | 3 | OBJECTS 4 | java.security.spec.EllipticCurve curve; 5 | java.security.spec.ECPoint g; 6 | java.math.BigInteger n; 7 | int h; 8 | 9 | EVENTS 10 | c1: ECParameterSpec(curve, g, n, h); 11 | Con := c1; 12 | 13 | ORDER 14 | Con 15 | 16 | ENSURES 17 | preparedEC[this]; 18 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/GCMParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.GCMParameterSpec 2 | 3 | OBJECTS 4 | int tagLen; 5 | byte[] src; 6 | int offset; 7 | int len; 8 | 9 | EVENTS 10 | c1: GCMParameterSpec(tagLen, src); 11 | c2: GCMParameterSpec(tagLen, src, offset, len); 12 | Con := c1 | c2; 13 | 14 | ORDER 15 | Con 16 | 17 | CONSTRAINTS 18 | tagLen in {96, 104, 112, 120, 128}; 19 | length[src] >= offset + len; 20 | offset >= 0; 21 | len > 0; 22 | 23 | REQUIRES 24 | randomized[src]; 25 | 26 | ENSURES 27 | preparedGCM[this]; 28 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/HMACParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.xml.crypto.dsig.spec.HMACParameterSpec 2 | 3 | OBJECTS 4 | int outputLen; 5 | 6 | EVENTS 7 | c1: HMACParameterSpec(outputLen); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | ENSURES 14 | preparedHMAC[this]; 15 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/IvParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.IvParameterSpec 2 | 3 | OBJECTS 4 | byte[] iv; 5 | int offset; 6 | int len; 7 | 8 | EVENTS 9 | c1: IvParameterSpec(iv); 10 | c2: IvParameterSpec(iv, offset, len); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | length[iv] >= offset + len; 18 | offset >= 0; 19 | len > 0; 20 | 21 | REQUIRES 22 | randomized[iv]; 23 | 24 | ENSURES 25 | preparedIV[this]; 26 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/Key.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.Key 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | ORDER 11 | GetEnc* 12 | 13 | REQUIRES 14 | generatedKey[this, _] || generatedPubkey[this] || generatedPrivkey[this]; 15 | 16 | ENSURES 17 | preparedKeyMaterial[keyMaterial] after GetEnc; 18 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyAgreement.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.KeyAgreement 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.lang.String symmetricKeyAlgorithm; 6 | java.security.Key pubKey; 7 | java.security.Key privKey; 8 | javax.crypto.SecretKey sharedKey; 9 | boolean lastPhase; 10 | byte[] sharedSecretBuffer; 11 | int offset; 12 | java.security.spec.AlgorithmParameterSpec params; 13 | java.security.SecureRandom random; 14 | 15 | EVENTS 16 | g1: getInstance(algorithm); 17 | g2: getInstance(algorithm, _); 18 | Get := g1 | g2; 19 | 20 | i1: init(privKey); 21 | i2: init(privKey, params); 22 | i3: init(privKey, params, random); 23 | i4: init(privKey, random); 24 | Init := i1 | i2 | i3 | i4; 25 | 26 | dp1: doPhase(pubKey, lastPhase); 27 | DoPhase := dp1; 28 | 29 | gs1: sharedSecretBuffer = generateSecret(); 30 | gs2: generateSecret(sharedSecretBuffer, offset); 31 | GenSecretBuffer := gs1 | g2; 32 | 33 | gs3: sharedKey = generateSecret(symmetricKeyAlgorithm); 34 | GenSecret := gs3 | GenSecretBuffer; 35 | 36 | ORDER 37 | Get, Init, DoPhase, GenSecretBuffer 38 | 39 | CONSTRAINTS 40 | algorithm in {"DH", "DiffieHellman", "ECDH"}; 41 | noCallTo[gs3]; 42 | 43 | REQUIRES 44 | randomized[random]; 45 | generatedPrivkey[privKey]; 46 | generatedPubkey[pubKey]; 47 | algorithm in {"DiffieHellman", "DH"} => preparedDH[params]; 48 | algorithm in {"ECDH"} => preparedEC[params]; 49 | 50 | ENSURES 51 | preparedKeyMaterial[sharedSecretBuffer] after GenSecretBuffer; 52 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyFactory 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.spec.KeySpec keySpec; 6 | java.security.PrivateKey privateKey; 7 | java.security.PublicKey publicKey; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | gpr1: privateKey = generatePrivate(keySpec); 15 | GenPriv := gpr1; 16 | 17 | gpu1: publicKey = generatePublic(keySpec); 18 | GenPubl := gpu1; 19 | 20 | ORDER 21 | Get, (GenPriv | GenPubl)* 22 | 23 | CONSTRAINTS 24 | algorithm in {"RSA", "DiffieHellman", "DH", "DSA", "EC"}; 25 | 26 | REQUIRES 27 | speccedKey[keySpec, _]; 28 | 29 | ENSURES 30 | generatedKeyFactory[this, algorithm] after Get; 31 | generatedPrivkey[privateKey] after GenPriv; 32 | generatedPubkey[publicKey] after GenPubl; 33 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.KeyGenerator 2 | 3 | OBJECTS 4 | int keysize; 5 | java.security.spec.AlgorithmParameterSpec params; 6 | javax.crypto.SecretKey key; 7 | java.lang.String algorithm; 8 | java.security.SecureRandom random; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(keysize); 16 | i2: init(keysize, random); 17 | i3: init(params); 18 | i4: init(params, random); 19 | i5: init(random); 20 | Init := i1 | i2 | i3 | i4 | i5; 21 | 22 | gk1: key = generateKey(); 23 | GenKey := gk1; 24 | 25 | ORDER 26 | Get, Init?, GenKey 27 | 28 | CONSTRAINTS 29 | algorithm in {"AES", "HmacSHA256", "HmacSHA384", "HmacSHA512"}; 30 | algorithm in {"AES"} => keysize in {128, 192, 256}; 31 | 32 | REQUIRES 33 | randomized[random]; 34 | 35 | ENSURES 36 | generatedKey[key, algorithm]; 37 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyManagerFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.KeyManagerFactory 2 | 3 | OBJECTS 4 | char[] password; 5 | java.lang.String algorithm; 6 | java.security.KeyStore keyStore; 7 | javax.net.ssl.ManagerFactoryParameters params; 8 | javax.net.ssl.KeyManager[] keyManager; 9 | 10 | EVENTS 11 | g1: getInstance(algorithm); 12 | g2: getInstance(algorithm, _); 13 | Get := g1 | g2; 14 | 15 | i1: init(keyStore, password); 16 | i2: init(params); 17 | Init := i1 | i2; 18 | 19 | gkm1: keyManager = getKeyManagers(); 20 | GetKeyMng := gkm1; 21 | 22 | ORDER 23 | Get, Init, GetKeyMng? 24 | 25 | CONSTRAINTS 26 | neverTypeOf[password, java.lang.String]; 27 | notHardCoded[password]; 28 | algorithm in {"PKIX", "SunX509"}; 29 | 30 | REQUIRES 31 | generatedKeyStore[keyStore]; 32 | generatedManagerFactoryParameters[params]; 33 | 34 | ENSURES 35 | generatedKeyManager[this] after Init; 36 | generatedKeyManagers[keyManager] after GetKeyMng; 37 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyPair.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyPair 2 | 3 | OBJECTS 4 | java.security.PrivateKey privateKey; 5 | java.security.PublicKey publicKey; 6 | java.security.PrivateKey retPrivateKey; 7 | java.security.PublicKey retPublicKey; 8 | 9 | EVENTS 10 | c1: KeyPair(publicKey, privateKey); 11 | Con := c1; 12 | 13 | gpu1: retPublicKey = getPublic(); 14 | GetPubl := gpu1; 15 | 16 | gpr1: retPrivateKey = getPrivate(); 17 | GetPriv := gpr1; 18 | 19 | ORDER 20 | Con, (GetPubl | GetPriv)* 21 | 22 | REQUIRES 23 | generatedPrivkey[privateKey]; 24 | generatedPubkey[publicKey]; 25 | noCallTo[Con] => generatedKeypair[this, _]; 26 | 27 | ENSURES 28 | generatedKeypair[this, _] after Con; 29 | generatedPubkey[retPublicKey] after GetPubl; 30 | generatedPrivkey[retPrivateKey] after GetPriv; 31 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyPairGenerator.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyPairGenerator 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.KeyPair keyPair; 6 | java.security.spec.AlgorithmParameterSpec params; 7 | int keysize; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | i1: initialize(keysize); 15 | i2: initialize(keysize, _); 16 | i3: initialize(params); 17 | i4: initialize(params, _); 18 | Init := i1 | i2 | i3 | i4; 19 | 20 | k1: keyPair = generateKeyPair(); 21 | k2: keyPair = genKeyPair(); 22 | Gen := k1 | k2; 23 | 24 | ORDER 25 | Get, Init, Gen 26 | 27 | CONSTRAINTS 28 | algorithm in {"RSA", "EC", "DSA", "DiffieHellman", "DH"}; //BSI TR-02102-1 Recommends atleast 3000bits for keys 29 | algorithm in {"RSA"} => keysize in {4096, 3072}; 30 | algorithm in {"DSA"} => keysize in {3072}; 31 | algorithm in {"DiffieHellman", "DH"} => keysize in {3072}; 32 | algorithm in {"EC"} => keysize in {256}; 33 | 34 | REQUIRES 35 | algorithm in {"RSA"} => preparedRSA[params]; 36 | algorithm in {"DSA"} => preparedDSA[params]; 37 | algorithm in {"DiffieHellman", "DH"} => preparedDH[params]; 38 | algorithm in {"EC"} => preparedEC[params]; 39 | 40 | ENSURES 41 | generatedKeypair[keyPair, algorithm]; 42 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyStore.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.KeyStore 2 | 3 | OBJECTS 4 | java.io.InputStream fileInput; 5 | 6 | char[] passwordIn; 7 | char[] passwordOut; 8 | char[] passwordKey; 9 | 10 | java.security.KeyStore.Entry entry; 11 | byte[] byteKey; 12 | 13 | java.security.KeyStore.LoadStoreParameter paramLoad; 14 | java.security.KeyStore.ProtectionParameter protParamGet; 15 | java.security.KeyStore.ProtectionParameter protParamSet; 16 | java.lang.String aliasGet; 17 | java.lang.String aliasSet; 18 | java.io.OutputStream fileOutput; 19 | java.security.KeyStore.LoadStoreParameter paramStore; 20 | java.lang.String type; 21 | java.security.cert.Certificate cert; 22 | 23 | java.security.Key key; 24 | java.lang.String alias; 25 | 26 | EVENTS 27 | g1: getInstance(type); 28 | g2: getInstance(type, _); 29 | Get := g1 | g2; 30 | 31 | l1: load(fileInput, passwordIn); 32 | l2: load(paramLoad); 33 | Load := l1 | l2; 34 | 35 | s1: store(paramStore); 36 | s2: store(fileOutput, passwordOut); 37 | Store := s1 | s2; 38 | 39 | ge1: getEntry(aliasGet, protParamGet); 40 | GetEntry := ge1; 41 | 42 | se1: setEntry(aliasSet, entry, protParamSet); 43 | SetEntry := se1; 44 | 45 | gk1: key = getKey(alias, passwordKey); 46 | GetKey := gk1; 47 | 48 | ORDER 49 | Get, Load, ((GetEntry?, GetKey) | (SetEntry, Store))* 50 | 51 | CONSTRAINTS 52 | type in {"JCEKS", "JKS", "DKS", "PKCS11", "PKCS12"}; 53 | neverTypeOf[passwordIn, java.lang.String]; 54 | neverTypeOf[passwordOut, java.lang.String]; 55 | neverTypeOf[passwordKey, java.lang.String]; 56 | notHardCoded[passwordIn]; 57 | 58 | ENSURES 59 | generatedKeyStore[this] after Load; 60 | generatedKey[key, _]; 61 | generatedPrivkey[key]; 62 | generatedPubkey[key]; 63 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/KeyStoreBuilderParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.KeyStoreBuilderParameters 2 | 3 | OBJECTS 4 | java.security.KeyStore.Builder builder; 5 | 6 | EVENTS 7 | c1: KeyStoreBuilderParameters(builder); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | ENSURES 14 | generatedManagerFactoryParameters[this]; 15 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/MGF1ParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.MGF1ParameterSpec 2 | 3 | OBJECTS 4 | java.lang.String mdName; 5 | 6 | EVENTS 7 | c1: MGF1ParameterSpec(mdName); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | CONSTRAINTS 14 | mdName in {"SHA-256", "SHA-384", "SHA-512"}; 15 | 16 | ENSURES 17 | preparedMGF1[this, mdName]; 18 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/Mac.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.Mac 2 | 3 | OBJECTS 4 | javax.crypto.Mac mac; 5 | java.security.Key key; 6 | byte inputByte; 7 | byte[] preInput; 8 | byte[] input; 9 | byte[] output1; 10 | byte[] output2; 11 | java.nio.ByteBuffer preInputByteBuffer; 12 | java.lang.String algorithm; 13 | java.security.spec.AlgorithmParameterSpec params; 14 | int offset; 15 | int outOffset; 16 | int len; 17 | 18 | EVENTS 19 | g1: getInstance(algorithm); 20 | g2: getInstance(algorithm, _); 21 | Get := g1 | g2; 22 | 23 | i1: init(key); 24 | i2: init(key, params); 25 | Init := i1 | i2; 26 | 27 | u1: update(inputByte); 28 | u2: update(preInput); 29 | u3: update(preInput, offset, len); 30 | u4: update(preInputByteBuffer); 31 | Update := u1 | u2 | u3 | u4; 32 | 33 | f1: output1 = doFinal(); 34 | f2: output2 = doFinal(input); 35 | f3: doFinal(output1, outOffset); 36 | FinalWU := f2; 37 | FinalWOU := f1 | f3; 38 | Final := FinalWU | FinalWOU; 39 | 40 | ORDER 41 | Get, Init, (FinalWU | (Update+, Final))+ 42 | 43 | CONSTRAINTS 44 | algorithm in {"HmacSHA256", "HmacSHA384", "HmacSHA512", "HmacPBESHA1", "PBEWithHmacSHA1", "PBEWithHmacSHA224", "PBEWithHmacSHA256", "PBEWithHmacSHA384", "PBEWithHmacSHA512"}; 45 | length[output1] > outOffset; 46 | length[preInput] >= offset + len; 47 | offset >= 0; 48 | len > 0; 49 | 50 | REQUIRES 51 | !encrypted[output1, _]; 52 | !encrypted[output2,_]; 53 | preparedHMAC[params]; 54 | generatedKey[key,_]; 55 | 56 | ENSURES 57 | macced[output1, inputByte]; 58 | macced[output1, preInput]; 59 | macced[output2, input]; 60 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/MessageDigest.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.MessageDigest 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | byte preInputByte; 6 | byte[] preInput; 7 | int preOffset; 8 | int preLen; 9 | java.nio.ByteBuffer preInputByteBuffer; 10 | byte[] input; 11 | int offset; 12 | int len; 13 | byte[] output; 14 | 15 | EVENTS 16 | g1: getInstance(algorithm); 17 | g2: getInstance(algorithm, _); 18 | Get := g1 | g2; 19 | 20 | u1: update(preInputByte); 21 | u2: update(preInput); 22 | u3: update(preInput, preOffset, preLen); 23 | u4: update(preInputByteBuffer); 24 | Update := u1 | u2 | u3 | u4; 25 | 26 | d1: output = digest(); 27 | d2: output = digest(input); 28 | d3: digest(output, offset, len); 29 | DWOU := d2; 30 | DWU := d1 | d3; 31 | Digest := DWU | DWOU; 32 | 33 | ORDER 34 | Get, (DWOU | (Update+, Digest))+ 35 | 36 | CONSTRAINTS 37 | algorithm in {"SHA-256", "SHA-384", "SHA-512"}; 38 | length[preInput] >= preLen + preOffset; 39 | preOffset >= 0; 40 | preLen > 0; 41 | length[output] >= len + offset; 42 | offset >= 0; 43 | len > 0; 44 | 45 | ENSURES 46 | generatedMessageDigest[this] after Get; 47 | digested[output, _]; 48 | digested[output, input]; 49 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/OAEPParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.OAEPParameterSpec 2 | 3 | OBJECTS 4 | java.lang.String mdName; 5 | java.lang.String mgfName; 6 | java.security.spec.AlgorithmParameterSpec mgfSpec; 7 | javax.crypto.spec.PSource pSrc; 8 | 9 | EVENTS 10 | c1: OAEPParameterSpec(mdName, mgfName, mgfSpec, pSrc); 11 | Con := c1; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | mdName in {"SHA-256", "SHA-384", "SHA-512"}; 18 | mgfName in {"MGF1"}; 19 | 20 | REQUIRES 21 | preparedMGF1[mgfSpec, mdName]; 22 | 23 | ENSURES 24 | preparedOAEP[this]; 25 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PBEKeySpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.PBEKeySpec 2 | 3 | OBJECTS 4 | char[] password; 5 | byte[] salt; 6 | int iterationCount; 7 | int keyLength; 8 | 9 | FORBIDDEN 10 | PBEKeySpec(char[]) => Con; 11 | PBEKeySpec(char[],byte[],int) => Con; 12 | 13 | EVENTS 14 | c1: PBEKeySpec(password, salt, iterationCount, keyLength); 15 | Con := c1; 16 | 17 | cp1: clearPassword(); 18 | ClearPass := cp1; 19 | 20 | ORDER 21 | Con, ClearPass 22 | 23 | CONSTRAINTS 24 | iterationCount >= 10000; 25 | neverTypeOf[password, java.lang.String]; 26 | notHardCoded[password] ; 27 | 28 | REQUIRES 29 | randomized[salt]; 30 | 31 | ENSURES 32 | speccedKey[this, keyLength] after Con; 33 | 34 | NEGATES 35 | speccedKey[this, _] after ClearPass; 36 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PBEParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.PBEParameterSpec 2 | 3 | OBJECTS 4 | byte[] salt; 5 | int iterationCount; 6 | java.security.spec.AlgorithmParameterSpec params; 7 | 8 | EVENTS 9 | c1: PBEParameterSpec(salt, iterationCount); 10 | c2: PBEParameterSpec(salt, iterationCount, params); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | CONSTRAINTS 17 | iterationCount >= 10000; 18 | 19 | REQUIRES 20 | randomized[salt]; 21 | 22 | ENSURES 23 | preparedPBE[this]; 24 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PKIXBuilderParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.PKIXBuilderParameters 2 | 3 | OBJECTS 4 | java.security.KeyStore keystore; 5 | java.security.cert.CertSelector targetConstraints; 6 | java.util.Set trustAnchors; 7 | 8 | EVENTS 9 | c1: PKIXBuilderParameters(keystore, targetConstraints); 10 | c2: PKIXBuilderParameters(trustAnchors, targetConstraints); 11 | Con := c1 | c2; 12 | 13 | ORDER 14 | Con 15 | 16 | REQUIRES 17 | generatedKeyStore[keystore]; 18 | //generatedTrustAnchor[]; 19 | 20 | ENSURES 21 | generatedCertPathParameters[this]; 22 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PKIXParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.PKIXParameters 2 | 3 | OBJECTS 4 | java.security.KeyStore keyStore; 5 | 6 | EVENTS 7 | c1: PKIXParameters(keyStore); 8 | c2: PKIXParameters(_); 9 | Con := c1 | c2; 10 | 11 | ORDER 12 | Con 13 | 14 | REQUIRES 15 | generatedKeyStore[keyStore]; 16 | 17 | ENSURES 18 | generatedCertPathParameters[this]; 19 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PasswordAuthentication.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.net.PasswordAuthentication 2 | 3 | OBJECTS 4 | java.lang.String userName; 5 | java.lang.String retUserName; 6 | char[] password; 7 | 8 | EVENTS 9 | c1: PasswordAuthentication(userName, password); 10 | Con := c1; 11 | 12 | gp1: getPassword(); 13 | GetPassword := gp1; 14 | 15 | gu1: retUserName = getUserName(); 16 | GetUserName := gu1; 17 | 18 | ORDER 19 | Con, (GetPassword | GetUserName)* 20 | 21 | CONSTRAINTS 22 | neverTypeOf[password, java.lang.String]; 23 | notHardCoded[password]; 24 | 25 | ENSURES 26 | generatedPasswordAuthentication[this]; 27 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PrivateKey.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.PrivateKey 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | ORDER 11 | GetEnc* 12 | 13 | REQUIRES 14 | generatedPrivkey[this]; 15 | 16 | ENSURES 17 | preparedKeyMaterial[keyMaterial] after GetEnc; 18 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/PublicKey.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.PublicKey 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | ORDER 11 | GetEnc* 12 | 13 | REQUIRES 14 | generatedPubkey[this]; 15 | 16 | ENSURES 17 | preparedKeyMaterial[keyMaterial] after GetEnc; 18 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/RSAKeyGenParameterSpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.RSAKeyGenParameterSpec 2 | 3 | OBJECTS 4 | int keysize; 5 | java.math.BigInteger publicExponent; 6 | 7 | EVENTS 8 | c1: RSAKeyGenParameterSpec(keysize, publicExponent); 9 | Con := c1; 10 | 11 | ORDER 12 | Con 13 | 14 | CONSTRAINTS 15 | keysize in {3072, 4096}; //BSI TR-02102-1 Recommends atleast 3000bits for keys 16 | publicExponent in {65537}; 17 | 18 | ENSURES 19 | preparedRSA[this]; 20 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SSLContext.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.SSLContext 2 | 3 | OBJECTS 4 | java.lang.String protocol; 5 | javax.net.ssl.KeyManager[] km; 6 | javax.net.ssl.TrustManager[] tm; 7 | javax.net.ssl.SSLEngine eng; 8 | java.security.SecureRandom random; 9 | 10 | FORBIDDEN 11 | getDefault() => Get; 12 | 13 | EVENTS 14 | g1: getInstance(protocol); 15 | g2: getInstance(protocol, _); 16 | Get := g1 | g2; 17 | 18 | i1: init(km, tm, random); 19 | Init := i1; 20 | 21 | se1: eng = createSSLEngine(); 22 | se2: eng = createSSLEngine(_,_); 23 | Engine := se1 | se2; 24 | 25 | ORDER 26 | Get, Init, Engine? 27 | 28 | CONSTRAINTS 29 | protocol in {"TLSv1.2", "TLSv1.3"}; 30 | 31 | REQUIRES 32 | generatedKeyManagers[km]; 33 | generatedTrustManagers[tm]; 34 | randomized[random]; 35 | 36 | ENSURES 37 | generatedSSLContext[this] after Init; 38 | generatedSSLEngine[eng] after Engine; 39 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SSLEngine.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.SSLEngine 2 | 3 | OBJECTS 4 | java.lang.String[] cipherSuites; 5 | java.lang.String[] protocols; 6 | 7 | EVENTS 8 | ec1: setEnabledCipherSuites(cipherSuites); 9 | EnableCipher := ec1; 10 | 11 | ep1: setEnabledProtocols(protocols); 12 | EnableProtocol := ep1; 13 | 14 | ORDER 15 | (EnableCipher, EnableProtocol) | (EnableProtocol, EnableCipher) 16 | 17 | CONSTRAINTS 18 | elements(protocols) in {"TLSv1.2", "TLSv1.3"}; 19 | elements(protocols) in {"TLSv1.2"} => elements(cipherSuites) in { 20 | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 21 | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 22 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 23 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 24 | "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 25 | "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 26 | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 27 | "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 28 | "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 29 | "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 30 | "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 31 | "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}; 32 | elements(protocols) in {"TLSv1.3"} => elements(cipherSuites) in {"TLS_AES_128_GCM_SHA256", 33 | "TLS_AES_256_GCM_SHA384"}; 34 | 35 | ENSURES 36 | generatedSSLEngine[this]; 37 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SSLParameters.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.SSLParameters 2 | 3 | OBJECTS 4 | java.lang.String[] cipherSuites; 5 | java.lang.String[] protocols; 6 | 7 | EVENTS 8 | Con1: SSLParameters(); 9 | Con2: SSLParameters(cipherSuites); 10 | Con3: SSLParameters(cipherSuites, protocols); 11 | 12 | CipherSuite: setCipherSuites(cipherSuites); 13 | SetProtocol: setProtocols(protocols); 14 | 15 | 16 | ORDER 17 | (Con1, ((CipherSuite , SetProtocol) | (SetProtocol , CipherSuite))) | (Con2, SetProtocol) | Con3 18 | 19 | CONSTRAINTS 20 | elements(protocols) in {"TLSv1.2", "TLSv1.3"}; 21 | elements(protocols) in {"TLSv1.2"} => elements(cipherSuites) in { 22 | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 23 | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 24 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 25 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 26 | "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 27 | "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 28 | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 29 | "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 30 | "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 31 | "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 32 | "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 33 | "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}; 34 | elements(protocols) in {"TLSv1.3"} => elements(cipherSuites) in {"TLS_AES_128_GCM_SHA256", 35 | "TLS_AES_256_GCM_SHA384"}; 36 | 37 | ENSURES 38 | generatedSSLParameters[this]; 39 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SecretKey.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.SecretKey 2 | 3 | OBJECTS 4 | byte[] keyMaterial; 5 | 6 | EVENTS 7 | ge1: keyMaterial = getEncoded(); 8 | GetEnc := ge1; 9 | 10 | d1: destroy(); 11 | Destroy := d1; 12 | 13 | ORDER 14 | GetEnc*, Destroy? 15 | 16 | REQUIRES 17 | generatedKey[this, _]; 18 | 19 | ENSURES 20 | preparedKeyMaterial[keyMaterial] after GetEnc; 21 | 22 | NEGATES 23 | generatedKey[this, _] after Destroy; 24 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SecretKeyFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.SecretKeyFactory 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | javax.crypto.SecretKey key; 6 | javax.crypto.SecretKey otherKey; 7 | java.security.spec.KeySpec keySpec; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | gS: key = generateSecret(keySpec); 15 | tK: key = translateKey(otherKey); 16 | Gen := gS | tK; 17 | 18 | ORDER 19 | Get, Gen 20 | 21 | CONSTRAINTS 22 | algorithm in {"PBKDF2WithHmacSHA512", "PBKDF2WithHmacSHA384", "PBKDF2WithHmacSHA256", "PBKDF2WithHmacSHA224", 23 | "PBEWithHmacSHA512AndAES_128","PBEWithHmacSHA384AndAES_128", "PBEWithHmacSHA384AndAES_128", 24 | "PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128","PBEWithHmacSHA224AndAES_256", 25 | "PBEWithHmacSHA256AndAES_256", "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256"}; 26 | 27 | REQUIRES 28 | speccedKey[keySpec, _]; 29 | 30 | ENSURES 31 | generatedKey[key, algorithm]; 32 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SecretKeySpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.crypto.spec.SecretKeySpec 2 | 3 | OBJECTS 4 | java.lang.String keyAlgorithm; 5 | byte[] keyMaterial; 6 | int len; 7 | int offset; 8 | 9 | EVENTS 10 | c1: SecretKeySpec(keyMaterial, keyAlgorithm); 11 | c2: SecretKeySpec(keyMaterial, offset, len, keyAlgorithm); 12 | Con := c1 | c2; 13 | 14 | ORDER 15 | Con 16 | 17 | CONSTRAINTS 18 | keyAlgorithm in {"AES", "HmacSHA256", "HmacSHA384", "HmacSHA512"}; 19 | length[keyMaterial] >= offset + len; 20 | neverTypeOf[keyMaterial, java.lang.String]; 21 | 22 | REQUIRES 23 | preparedKeyMaterial[keyMaterial]; 24 | 25 | ENSURES 26 | speccedKey[this, _]; 27 | generatedKey[this, keyAlgorithm]; 28 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/SecureRandom.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.SecureRandom 2 | 3 | OBJECTS 4 | byte[] seed; 5 | byte[] genSeed; 6 | java.lang.String algorithm; 7 | long lSeed; 8 | byte[] bytes; 9 | int randInt; 10 | int randIntInRange; 11 | int range; 12 | 13 | EVENTS 14 | c1: SecureRandom(); 15 | c2: SecureRandom(seed); 16 | Con := c1 | c2; 17 | 18 | g1: getInstance(algorithm); 19 | g2: getInstance(algorithm, _); 20 | gI: getInstanceStrong(); 21 | Get := g1 | g2 | gI; 22 | 23 | Ins := Get | Con; 24 | 25 | s1: setSeed(seed); 26 | s2: setSeed(lSeed); 27 | Seed := s1 | s2; 28 | 29 | gS: genSeed = generateSeed(_); 30 | 31 | nB: nextBytes(bytes); 32 | nI: randInt = nextInt(); 33 | nIR: randIntInRange = nextInt(range); 34 | Next := nB | nI | nIR; 35 | 36 | End := gS | Next; 37 | 38 | ORDER 39 | Ins, (Seed?, End*)* 40 | 41 | CONSTRAINTS 42 | algorithm in {"SHA1PRNG", "Windows-PRNG", "NativePRNG", "NativePRNGBlocking", "NativePRNGNonBlocking", "PKCS11"}; 43 | 44 | REQUIRES 45 | randomized[seed]; 46 | randomized[lSeed]; 47 | 48 | ENSURES 49 | randomized[this] after Ins; 50 | randomized[genSeed] after gS; 51 | randomized[bytes] after nB; 52 | randomized[randInt] after nI; 53 | randomized[randIntInRange] after nIR; 54 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/Signature.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.Signature 2 | 3 | OBJECTS 4 | byte[] sign; 5 | byte inputByte; 6 | byte[] input; 7 | byte[] output; 8 | java.nio.ByteBuffer inputByteBuffer; 9 | java.lang.String algorithm; 10 | java.security.PrivateKey privateKey; 11 | java.security.PublicKey publicKey; 12 | java.security.cert.Certificate cert; 13 | java.security.spec.AlgorithmParameterSpec params; 14 | boolean verified; 15 | int offset; 16 | int len; 17 | 18 | EVENTS 19 | g1: getInstance(algorithm); 20 | g2: getInstance(algorithm, _); 21 | Get := g1 | g2; 22 | 23 | i1: initSign(privateKey); 24 | i2: initSign(privateKey, _); 25 | i3: initVerify(cert); 26 | i4: initVerify(publicKey); 27 | InitSign := i1 | i2; 28 | InitVerify := i3 | i4; 29 | 30 | u1: update(input); 31 | u2: update(inputByte); 32 | u3: update(input, offset, len); 33 | u4: update(inputByteBuffer); 34 | Update := u1 | u2 | u3 | u4; 35 | 36 | s1: output = sign(); 37 | s2: sign(output, offset, len); 38 | Sign := s1 | s2; 39 | 40 | v1: verified = verify(sign); 41 | v2: verified = verify(sign, offset, len); 42 | Verify := v1 | v2; 43 | 44 | ORDER 45 | Get, ((InitSign+, (Update+, Sign+)+ )+ | (InitVerify+, (Update*, Verify+)+ )+ ) 46 | 47 | CONSTRAINTS 48 | algorithm in {"SHA256withRSA", "SHA256withECDSA", "SHA256withDSA", "SHA384withRSA", "SHA512withRSA", "SHA384withECDSA", "SHA512withECDSA"}; 49 | length[input] >= offset + len; 50 | offset >= 0; 51 | len > 0; 52 | 53 | REQUIRES 54 | generatedPrivkey[privateKey]; 55 | generatedPubkey[publicKey]; 56 | 57 | ENSURES 58 | signed[output, inputByte] after Sign; 59 | signed[output, input] after Sign; 60 | signed[output, inputByteBuffer] after Sign; 61 | verified[verified, sign] after Verify; 62 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/TrustAnchor.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.cert.TrustAnchor 2 | 3 | OBJECTS 4 | java.security.PublicKey publicKey; 5 | java.security.cert.X509Certificate trustedCert; 6 | javax.security.auth.x500.X500Principal caPrincipal; 7 | 8 | EVENTS 9 | c1: TrustAnchor(_, publicKey, _); 10 | c2: TrustAnchor(trustedCert, _); 11 | c3: TrustAnchor(caPrincipal, publicKey, _); 12 | Con := c1 | c2 | c3; 13 | 14 | ORDER 15 | Con 16 | 17 | REQUIRES 18 | generatedPubkey[publicKey]; 19 | 20 | ENSURES 21 | generatedTrustAnchor[this]; 22 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/TrustManagerFactory.crysl: -------------------------------------------------------------------------------- 1 | SPEC javax.net.ssl.TrustManagerFactory 2 | 3 | OBJECTS 4 | java.lang.String algorithm; 5 | java.security.KeyStore keyStore; 6 | javax.net.ssl.ManagerFactoryParameters params; 7 | javax.net.ssl.TrustManager[] trustManager; 8 | 9 | EVENTS 10 | g1: getInstance(algorithm); 11 | g2: getInstance(algorithm, _); 12 | Get := g1 | g2; 13 | 14 | i1: init(keyStore); 15 | i2: init(params); 16 | Init := i1 | i2; 17 | 18 | gtm1: trustManager = getTrustManagers(); 19 | GetTrustMng := gtm1; 20 | 21 | ORDER 22 | Get, Init, GetTrustMng? 23 | 24 | CONSTRAINTS 25 | algorithm in {"PKIX", "SunX509"}; 26 | 27 | REQUIRES 28 | generatedKeyStore[keyStore]; 29 | generatedManagerFactoryParameters[params]; 30 | 31 | ENSURES 32 | generatedTrustManager[this] after Init; 33 | generatedTrustManagers[trustManager] after GetTrustMng; 34 | -------------------------------------------------------------------------------- /JavaCryptographicArchitecture/src/X509EncodedKeySpec.crysl: -------------------------------------------------------------------------------- 1 | SPEC java.security.spec.X509EncodedKeySpec 2 | 3 | OBJECTS 4 | byte[] encodedKey; 5 | 6 | EVENTS 7 | c1: X509EncodedKeySpec(encodedKey); 8 | Con := c1; 9 | 10 | ORDER 11 | Con 12 | 13 | REQUIRES 14 | preparedKeyMaterial[encodedKey]; 15 | 16 | ENSURES 17 | speccedKey[this, _] after Con; 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Crypto-API-Rules 2 | This repository contains all [CrySL](https://github.com/CROSSINGTUD/CryptSL) rules currently used in the crypto assistant CogniCrypt. 3 | 4 | How to write new rules: 5 | 6 | 1. Install [Eclipse CogniCrypt](https://www.eclipse.org/cognicrypt/) 7 | 2. If you want to create a new ruleset (other than JCA, BC or Tink) copy one of the folders and adjust artifactId, groupId and version in the pom.xml 8 | 3. Import respective project into Eclipse 9 | 4. Write a new CrySL rule, file with extension .crysl. 10 | 5. After saving the rule, a file with .crystlbin is generated within the target/classes folder 11 | 6. Run `mvn install` from the command line from within the project folder. The latter command packages the .cryptslbin files within target/classes and installs the artifact to the local repository. 12 | 7. Reference the installed artifact within [CryptoAnalysis](https://github.com/CROSSINGTUD/CryptoAnalysis) / or the [CogniCrypt Plugin](https://github.com/eclipse-cognicrypt/CogniCrypt). See respective pom.xml. 13 | 14 | To contribute a new version of the rule set or a new rule set, open a pull request. 15 | -------------------------------------------------------------------------------- /RuleCorrectnessTests/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | pom.xml.tag 3 | pom.xml.releaseBackup 4 | pom.xml.versionsBackup 5 | pom.xml.next 6 | release.properties 7 | dependency-reduced-pom.xml 8 | buildNumber.properties 9 | .mvn/timing.properties 10 | .mvn/wrapper/maven-wrapper.jar 11 | .project 12 | .classpath 13 | -------------------------------------------------------------------------------- /RuleCorrectnessTests/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | 8 | de.darmstadt.tu.crossing.CrySL 9 | de.darmstadt.tu.crossing.CrySL.parent 10 | 4.0.2 11 | 12 | 13 | de.cognicrypt.crysl 14 | RuleCorrectnessTests 15 | 1.0.0 16 | jar 17 | 18 | RuleCorrectnessTests 19 | CrySL Rule Correctness Tests 20 | https://github.com/CROSSINGTUD/CryptSL 21 | 22 | 23 | UTF-8 24 | 25 | 26 | 27 | 28 | de.darmstadt.tu.crossing.CrySL 29 | CrySLParser 30 | 4.0.2 31 | 32 | 33 | org.bouncycastle 34 | bcprov-jdk18on 35 | 1.80 36 | 37 | 38 | com.google.crypto.tink 39 | tink 40 | 1.17.0 41 | 42 | 43 | junit 44 | junit 45 | 4.13.2 46 | test 47 | 48 | 49 | 50 | 51 | 52 | org.apache.maven.plugins 53 | maven-surefire-plugin 54 | 3.0.0 55 | 56 | 57 | org.apache.maven.plugins 58 | maven-compiler-plugin 59 | 3.14.0 60 | 61 | 11 62 | 11 63 | 64 | 65 | 66 | org.apache.maven.plugins 67 | maven-source-plugin 68 | 3.3.1 69 | 70 | 71 | attach-sources 72 | 73 | jar 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /RuleCorrectnessTests/src/main/java/de/cognicrypt/crysl/Main.java: -------------------------------------------------------------------------------- 1 | package de.cognicrypt.crysl; 2 | 3 | public class Main { 4 | public static void main(String[] args) { 5 | System.out.println("Hello world!"); 6 | } 7 | } -------------------------------------------------------------------------------- /RuleCorrectnessTests/src/test/java/de/rulecorrectness/tests/RuleCorrectnessTest.java: -------------------------------------------------------------------------------- 1 | package de.rulecorrectness.tests; 2 | 3 | 4 | import crysl.CrySLParser; 5 | import crysl.rule.CrySLRule; 6 | import org.junit.Test; 7 | import org.junit.Assert; 8 | 9 | import java.io.IOException; 10 | import java.util.Collection; 11 | import java.io.File; 12 | 13 | 14 | public class RuleCorrectnessTest { 15 | 16 | /** 17 | * Counts the total number of CrySL files in a given directory path 18 | * 19 | * @param directoryPath The path to the directory containing CrySL rules 20 | * @return The number of .crysl files found 21 | */ 22 | private int countCrySLFiles(String directoryPath) { 23 | File directory = new File(directoryPath); 24 | if (!directory.exists()) { 25 | throw new RuntimeException("Directory does not exist: " + directoryPath); 26 | } 27 | 28 | int count = 0; 29 | File[] allFiles = directory.listFiles(); 30 | 31 | if (allFiles != null) { 32 | for (File file : allFiles) { 33 | if (file.isFile() && file.getName().endsWith(".crysl")) { 34 | count++; 35 | } else if (file.isDirectory()) { 36 | count += countCrySLFiles(file.getAbsolutePath()); 37 | } 38 | } 39 | } 40 | 41 | return count; 42 | } 43 | @Test 44 | public void jcaCorrectnessTest() throws IOException { 45 | CrySLParser parser = new CrySLParser(); 46 | String jcaRulesPath = "./../JavaCryptographicArchitecture/src"; 47 | Collection jcaRules = parser.parseRulesFromPath(jcaRulesPath); 48 | int ExpectedCount = countCrySLFiles(jcaRulesPath); 49 | 50 | Assert.assertEquals(ExpectedCount, jcaRules.size()); 51 | } 52 | 53 | @Test 54 | public void BouncyCastleCorrectnessTest() throws IOException { 55 | CrySLParser parser = new CrySLParser(); 56 | String bouncyCastlePath = "./../BouncyCastle/src"; 57 | Collection bouncyCastleRules = parser.parseRulesFromPath(bouncyCastlePath); 58 | int ExpectedCount = countCrySLFiles(bouncyCastlePath); 59 | 60 | Assert.assertEquals(ExpectedCount, bouncyCastleRules.size()); 61 | } 62 | 63 | @Test 64 | public void BouncyCastleJCACorrectnessTest() throws IOException { 65 | CrySLParser parser = new CrySLParser(); 66 | String bouncyCastleJCAPath = "./../BouncyCastle-JCA/src"; 67 | Collection bouncyCastleJCARules = parser.parseRulesFromPath(bouncyCastleJCAPath); 68 | int ExpectedCount = countCrySLFiles(bouncyCastleJCAPath); 69 | 70 | Assert.assertEquals(ExpectedCount, bouncyCastleJCARules.size()); 71 | } 72 | 73 | @Test 74 | public void TinkCorrectnessTest() throws IOException { 75 | CrySLParser parser = new CrySLParser(); 76 | String tinkPath = "./../Tink/src"; 77 | Collection tinkRules = parser.parseRulesFromPath(tinkPath); 78 | int ExpectedCount = countCrySLFiles(tinkPath); 79 | 80 | Assert.assertEquals(ExpectedCount, tinkRules.size()); 81 | } 82 | 83 | } -------------------------------------------------------------------------------- /Tink/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | .settings/ 3 | .classpath 4 | .project 5 | .DS_Store 6 | -------------------------------------------------------------------------------- /Tink/assembly/rules.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | ruleset 9 | 10 | zip 11 | 12 | ${artifactId} 13 | 14 | 15 | / 16 | src 17 | 18 | *.crysl 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /Tink/pom.xml: -------------------------------------------------------------------------------- 1 | 4 | 4.0.0 5 | de.darmstadt.tu.crossing 6 | Tink 7 | 3.1.2 8 | CrySL Rules Bundle 9 | 10 | 11 | 12 | Eclipse Public License - v2.0 13 | https://www.eclipse.org/legal/epl-2.0/ 14 | 15 | 16 | 17 | 18 | CogniCrypt 19 | CogniCrypt 20 | cognicrypt@eim.upb.de 21 | 22 | 23 | 24 | scm:git:git@github.com:CROSSINGTUD/Crypto-API-Rules.git 25 | scm:git:ssh://github.com:CROSSINGTUD/Crypto-API-Rules.git 26 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/Tink 27 | 28 | 29 | Tink CrySL ruleset 30 | https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/master/Tink 31 | 32 | 33 | 34 | deployment 35 | 36 | 37 | 38 | org.apache.maven.plugins 39 | maven-source-plugin 40 | 3.3.1 41 | 42 | 43 | attach-source 44 | 45 | jar 46 | 47 | 48 | 49 | 50 | 51 | org.apache.maven.plugins 52 | maven-gpg-plugin 53 | 3.2.7 54 | 55 | 56 | sign-artifacts 57 | verify 58 | 59 | sign 60 | 61 | 62 | 63 | --pinentry-mode 64 | loopback 65 | 66 | 67 | 68 | 69 | 70 | 71 | maven-release-plugin 72 | 3.1.1 73 | 74 | @{project.version} 75 | 76 | 77 | 78 | org.sonatype.plugins 79 | nexus-staging-maven-plugin 80 | 1.7.0 81 | true 82 | 83 | ossrh 84 | https://s01.oss.sonatype.org 85 | true 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | src 95 | 96 | 97 | org.apache.maven.plugins 98 | maven-assembly-plugin 99 | 100 | 101 | create-distribution 102 | package 103 | 104 | single 105 | 106 | 107 | 108 | assembly/rules.xml 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | com.google.crypto.tink 120 | tink 121 | 1.17.0 122 | 123 | 124 | 125 | 126 | 127 | ossrh 128 | https://s01.oss.sonatype.org/content/repositories/snapshots/ 129 | 130 | 131 | ossrh 132 | https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ 133 | 134 | 135 | -------------------------------------------------------------------------------- /Tink/src/AeadFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the AEAD Factory 3 | * of the Google Google library. 4 | */ 5 | SPEC com.google.crypto.tink.aead.AeadFactory 6 | 7 | OBJECTS 8 | com.google.crypto.tink.KeysetHandle ksh; 9 | com.google.crypto.tink.Aead aead; 10 | 11 | EVENTS 12 | gp : aead = getPrimitive(ksh); 13 | 14 | ORDER 15 | gp 16 | 17 | REQUIRES 18 | generatedKeySet[ksh]; 19 | 20 | ENSURES 21 | aeadPrimitive[aead]; -------------------------------------------------------------------------------- /Tink/src/AeadKeyTemplates.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a CrySL specification for the Google Tink implementation of 3 | * the class AeadKeyTemplates. 4 | * 5 | * Note: in this case, we are not specifying the correct usage of the 6 | * API, but actually guaranteeing that the Google Tink API implementation 7 | * actually exposes some key templates as static attributes. This 8 | * information simplifies the specification of other properties for 9 | * correctly using the API. 10 | * 11 | * 12 | * It constraints the use of the API to the following key templates: 13 | * 14 | * - aes128_gcm 15 | * - aes256_gcm 16 | * - aes128_eax 17 | * - aes256_eax 18 | * - aes128_ctr_hmac_sha256 19 | * - aes256_ctr_hmac_sha256 20 | * 21 | */ 22 | 23 | SPEC com.google.crypto.tink.aead.AeadKeyTemplates 24 | 25 | OBJECTS 26 | com.google.crypto.tink.proto.KeyTemplate kt; 27 | 28 | int key; 29 | int iv; 30 | 31 | com.google.crypto.tink.proto.HashType hashType; // HashType enum: (1) - SHA1, (3) - SHA256, and (4) - SHA 512. 32 | 33 | EVENTS 34 | aes_gcm_evt : kt = createAesGcmKeyTemplate(key); 35 | aes_eax_evt : kt = createAesEaxKeyTemplate(key, iv); 36 | 37 | // aes128_ctr_hmac_sha256_evt : aes128_ctr_hmac_sha256 = createAesCtrHmacAeadKeyTemplate(k16, iv16, hmk32, tag16, hashType); 38 | // aes256_ctr_hmac_sha256_evt : aes256_ctr_hmac_sha256 = createAesCtrHmacAeadKeyTemplate(k16, iv16, hmk32, tag32, hashType); 39 | 40 | CreateKeyTemplates := aes_gcm_evt | aes_eax_evt;// | aes128_ctr_hmac_sha256_evt | aes256_ctr_hmac_sha256_evt ; 41 | 42 | ORDER 43 | (CreateKeyTemplates)+ 44 | 45 | CONSTRAINTS 46 | key in {16, 32}; 47 | iv in {16}; 48 | 49 | //hashType == com.google.crypto.tink.proto.HashType.HashTyp.SHA256; 50 | 51 | ENSURES 52 | keyTemplate[kt]; 53 | 54 | // keyTemplate[aes128_ctr_hmac_sha256] after aes128_ctr_hmac_sha256_evt; 55 | // keyTemplate[aes256_ctr_hmac_sha256] after aes256_ctr_hmac_sha256_evt; -------------------------------------------------------------------------------- /Tink/src/AeadPrimitive.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the AEAD Ciphers (Authenticated 3 | * Encryption with Associated Data) of the Google Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.Aead 6 | 7 | OBJECTS 8 | byte[] plainText; 9 | byte[] cipherText; 10 | byte[] aad; 11 | 12 | EVENTS 13 | enc : cipherText = encrypt(plainText, aad); 14 | dec : plainText = decrypt(cipherText, aad); 15 | 16 | Mode := enc | dec; 17 | 18 | ORDER 19 | (Mode)* 20 | 21 | REQUIRES 22 | aeadPrimitive[this]; 23 | 24 | ENSURES 25 | encrypted[cipherText, plainText]; -------------------------------------------------------------------------------- /Tink/src/DeterministicAead.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Deterministic AEAD Ciphers (Authenticated 3 | * Encryption with Associated Data) of the Google Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.DeterministicAead 6 | 7 | OBJECTS 8 | byte[] plainText; 9 | byte[] cipherText; 10 | byte[] aad; 11 | 12 | EVENTS 13 | enc : cipherText = encryptDeterministically(plainText, aad); 14 | dec : plainText = decryptDeterministically(cipherText, aad); 15 | 16 | Mode := enc | dec; 17 | 18 | ORDER 19 | (Mode)* 20 | 21 | REQUIRES 22 | daeadPrimitive[this]; 23 | 24 | ENSURES 25 | encrypted[cipherText, plainText]; 26 | -------------------------------------------------------------------------------- /Tink/src/DeterministicAeadFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Deterministic AEAD Factory 3 | * of the Google Google library. 4 | */ 5 | SPEC com.google.crypto.tink.daead.DeterministicAeadFactory 6 | 7 | OBJECTS 8 | com.google.crypto.tink.KeysetHandle ksh; 9 | com.google.crypto.tink.DeterministicAead daead; 10 | 11 | EVENTS 12 | gp : daead = getPrimitive(ksh); 13 | 14 | ORDER 15 | gp 16 | 17 | REQUIRES 18 | generatedKeySet[ksh]; 19 | 20 | ENSURES 21 | daeadPrimitive[daead]; -------------------------------------------------------------------------------- /Tink/src/DeterministicAeadKeyTemplates.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a CrySL specification for the Google Tink implementation of 3 | * the class DeterministicAeadKeyTemplates. 4 | * 5 | * Note: in this case, we are not specifying the correct usage of the 6 | * API, but actually guaranteeing that the Google Tink API implementation 7 | * actually exposes some key templates as static attributes. This 8 | * information simplifies the specification of other properties for 9 | * correctly using the API. 10 | * 11 | * 12 | * It constraints the use of the API to the following key templates: 13 | * 14 | * - aes256_siv 15 | */ 16 | 17 | 18 | SPEC com.google.crypto.tink.daead.DeterministicAeadKeyTemplates 19 | 20 | OBJECTS 21 | com.google.crypto.tink.proto.KeyTemplate aes256_siv; 22 | 23 | int k64; 24 | 25 | EVENTS 26 | aes256_siv_evt : aes256_siv = createAesSivKeyTemplate(k64); 27 | 28 | ORDER 29 | aes256_siv_evt* 30 | 31 | CONSTRAINTS 32 | k64 in {64}; 33 | 34 | ENSURES 35 | keyTemplate[aes256_siv]; 36 | -------------------------------------------------------------------------------- /Tink/src/HybridDecrypt.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Hybrid Encryption modes 3 | * of the Google Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.HybridDecrypt 6 | 7 | OBJECTS 8 | byte[] plainText; 9 | byte[] cipherText; 10 | byte[] context; 11 | 12 | EVENTS 13 | dec : plainText = decrypt(cipherText, context); 14 | 15 | ORDER 16 | dec* 17 | 18 | REQUIRES 19 | hybridDecryptPrimitive[this]; -------------------------------------------------------------------------------- /Tink/src/HybridDecryptFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Deterministic AEAD Factory 3 | * of the Google Google library. 4 | */ 5 | 6 | SPEC com.google.crypto.tink.hybrid.HybridDecryptFactory 7 | 8 | OBJECTS 9 | com.google.crypto.tink.KeysetHandle ksh; 10 | com.google.crypto.tink.HybridDecrypt hybridAlgorithm; 11 | 12 | EVENTS 13 | gp : hybridAlgorithm = getPrimitive(ksh); 14 | 15 | ORDER 16 | gp 17 | 18 | REQUIRES 19 | generatedKeySet[ksh]; 20 | 21 | ENSURES 22 | hybridDecryptPrimitive[hybridAlgorithm]; -------------------------------------------------------------------------------- /Tink/src/HybridEncrypt.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Hybrid Decryption modes 3 | * of the Google Tink library. 4 | */ 5 | 6 | SPEC com.google.crypto.tink.HybridEncrypt 7 | 8 | OBJECTS 9 | byte[] plainText; 10 | byte[] cipherText; 11 | byte[] context; 12 | 13 | EVENTS 14 | enc : cipherText = encrypt(plainText, context); 15 | 16 | ORDER 17 | enc* 18 | 19 | REQUIRES 20 | hybridEncriptPrimitive[this]; 21 | 22 | ENSURES 23 | encrypted[cipherText, plainText]; 24 | -------------------------------------------------------------------------------- /Tink/src/HybridEncryptFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Deterministic AEAD Factory 3 | * of the Google Google library. 4 | */ 5 | 6 | SPEC com.google.crypto.tink.hybrid.HybridEncryptFactory 7 | 8 | OBJECTS 9 | com.google.crypto.tink.KeysetHandle ksh; 10 | com.google.crypto.tink.HybridEncrypt hybridAlgorithm; 11 | 12 | EVENTS 13 | gp : hybridAlgorithm = getPrimitive(ksh); 14 | 15 | ORDER 16 | gp 17 | 18 | REQUIRES 19 | generatedPublicKeySet[ksh]; 20 | 21 | ENSURES 22 | hybridEncriptPrimitive[hybridAlgorithm]; -------------------------------------------------------------------------------- /Tink/src/HybridKeyTemplates.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a CrySL specification for the Google Tink implementation of 3 | * the class HybridKeyTemplates. 4 | * 5 | * Note: in this case, we are not specifying the correct usage of the 6 | * API, but actually guaranteeing that the Google Tink API implementation 7 | * actually exposes some key templates as static attributes. This 8 | * information simplifies the specification of other properties for 9 | * correctly using the API. 10 | * 11 | * 12 | * It constraints the use of the API to the following key templates: 13 | * 14 | * - ecies_aes128_gcm 15 | * - ecies_aes128_ctr_hmac 16 | */ 17 | 18 | SPEC com.google.crypto.tink.hybrid.HybridKeyTemplates 19 | 20 | OBJECTS 21 | com.google.crypto.tink.proto.KeyTemplate ecies_aes128_gcm; 22 | com.google.crypto.tink.proto.KeyTemplate ecies_aes128_ctr_hmac; 23 | 24 | EVENTS 25 | ecies_aes128_gcm_evt: ecies_aes128_gcm = createEciesAeadHkdfKeyTemplate(_, _, _, _, _, _); 26 | ecies_aes128_ctr_hmac_evt: ecies_aes128_ctr_hmac = createEciesAeadHkdfKeyTemplate(_, _, _, _, _, _); 27 | 28 | CreateKeyTemplates := ecies_aes128_gcm_evt | ecies_aes128_ctr_hmac_evt; 29 | 30 | ORDER 31 | (CreateKeyTemplates)* 32 | 33 | 34 | ENSURES 35 | keyTemplate[ecies_aes128_gcm]; 36 | keyTemplate[ecies_aes128_ctr_hmac]; 37 | -------------------------------------------------------------------------------- /Tink/src/KeyTemplate.crysl: -------------------------------------------------------------------------------- 1 | SPEC com.google.crypto.tink.KeyTemplate 2 | 3 | OBJECTS 4 | com.google.crypto.tink.KeyTemplate template; 5 | com.google.crypto.tink.Parameters params; 6 | 7 | EVENTS 8 | cre: template = createFrom(params); 9 | 10 | ORDER 11 | cre+ 12 | 13 | ENSURES 14 | genKeyTemplate[template]; 15 | -------------------------------------------------------------------------------- /Tink/src/KeyTemplateOld.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the AEAD Factory 3 | * of the Google Google library. 4 | */ 5 | SPEC com.google.crypto.tink.proto.KeyTemplate 6 | 7 | OBJECTS 8 | int x; 9 | 10 | EVENTS 11 | evt : newBuilder(); 12 | ORDER 13 | evt* 14 | ENSURES 15 | readyForInstantiating[this]; -------------------------------------------------------------------------------- /Tink/src/KeysetHandle.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL rule that specifies the process for generating 3 | * and exporting KeysetHandles using the Google Tink API. 4 | * 5 | * Ensures that a KeysetHandle must be available before 6 | * using a Tink primitive. 7 | */ 8 | 9 | SPEC com.google.crypto.tink.KeysetHandle 10 | 11 | OBJECTS 12 | com.google.crypto.tink.KeyTemplate kt; 13 | com.google.crypto.tink.KeysetHandle publicKeysetHandle; 14 | com.google.crypto.tink.Parameters params; 15 | 16 | 17 | EVENTS 18 | gen_evt : generateNew(kt); 19 | gen_hmac_evt : generateNew(params); 20 | gen_public_evt : publicKeysetHandle = getPublicKeysetHandle(); 21 | read_evt : read(_, _); 22 | export_evt : write(_, _); 23 | get_prim : getPrimitive(_); 24 | 25 | ORDER 26 | (gen_evt | read_evt), gen_public_evt?, export_evt?, get_prim* 27 | 28 | 29 | REQUIRES 30 | genKeyTemplate[kt]; 31 | genParams[params]; 32 | 33 | 34 | ENSURES 35 | generatedKeySet[this]; 36 | generatedPublicKeySet[publicKeysetHandle]; -------------------------------------------------------------------------------- /Tink/src/MacFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the MacFactory class 3 | * of the Google Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.mac.MacFactory 6 | 7 | OBJECTS 8 | com.google.crypto.tink.KeysetHandle ksh; 9 | com.google.crypto.tink.Mac mac; 10 | 11 | EVENTS 12 | gp : mac = getPrimitive(ksh); 13 | 14 | ORDER 15 | gp 16 | 17 | REQUIRES 18 | generatedKeySet[ksh]; 19 | 20 | ENSURES 21 | macPrimitive[mac]; -------------------------------------------------------------------------------- /Tink/src/MacKeyTemplates.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a CrySL specification for the Google Tink implementation of 3 | * the class MacKeyTemplates. 4 | * 5 | * Note: in this case, we are not specifying the correct usage of the 6 | * API, but actually guaranteeing that the Google Tink API implementation 7 | * actually exposes some key templates as static attributes. This 8 | * information simplifies the specification of other properties for 9 | * correctly using the API. 10 | * 11 | * It constraints the use of the API to the following keys: 12 | * 13 | * - hmac_sha256_128bittag 14 | * - hmac_sha256_256bittag 15 | */ 16 | 17 | SPEC com.google.crypto.tink.mac.MacKeyTemplates 18 | 19 | OBJECTS 20 | com.google.crypto.tink.proto.KeyTemplate hmac_sha256; 21 | 22 | int key; 23 | int tag; 24 | 25 | int hashType; // HashType enum: (1) - SHA1, (3) - SHA256, and (4) - SHA 512. 26 | 27 | EVENTS 28 | hmac_sha256_evt : hmac_sha256 = createHmacKeyTemplate(key, tag, _); 29 | 30 | ORDER 31 | (hmac_sha256_evt) 32 | 33 | CONSTRAINTS 34 | key == 32; 35 | tag in {16, 32}; 36 | 37 | //hashType == 3; 38 | 39 | ENSURES 40 | keyTemplate[hmac_sha256]; -------------------------------------------------------------------------------- /Tink/src/MacPrimitive.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the MAC algorithms of the Google 3 | * Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.Mac 6 | 7 | OBJECTS 8 | byte[] data; 9 | byte[] tag; 10 | 11 | EVENTS 12 | mac_evt : tag = computeMac(data); 13 | verify_evt : verifyMac(tag, data); 14 | 15 | Mode := mac_evt | verify_evt; 16 | 17 | ORDER 18 | (Mode)* 19 | 20 | REQUIRES 21 | macPrimitive[this]; 22 | 23 | ENSURES 24 | generateMacFromData[tag, data]; -------------------------------------------------------------------------------- /Tink/src/PublicKeySign.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Public Signature algorithms of the Google 3 | * Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.PublicKeySign 6 | 7 | OBJECTS 8 | byte[] data; 9 | byte[] signature; 10 | 11 | EVENTS 12 | sign_evt : signature = sign(data); 13 | 14 | ORDER 15 | sign_evt+ 16 | 17 | REQUIRES 18 | publicKeySignaturePrimitive[this]; -------------------------------------------------------------------------------- /Tink/src/PublicKeySignFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Public Key Signature Factory 3 | * of the Google Google library. 4 | */ 5 | 6 | SPEC com.google.crypto.tink.signature.PublicKeySignFactory 7 | 8 | OBJECTS 9 | com.google.crypto.tink.KeysetHandle ksh; 10 | com.google.crypto.tink.PublicKeySign pks; 11 | 12 | EVENTS 13 | gp : pks = getPrimitive(ksh); 14 | 15 | ORDER 16 | gp+ 17 | 18 | REQUIRES 19 | generatedKeySet[ksh]; 20 | 21 | ENSURES 22 | publicKeySignaturePrimitive[pks]; 23 | -------------------------------------------------------------------------------- /Tink/src/PublicKeyVerify.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Public Signature Verification algorithms of the Google 3 | * Tink library. 4 | */ 5 | SPEC com.google.crypto.tink.PublicKeyVerify 6 | 7 | OBJECTS 8 | byte[] data; 9 | byte[] signature; 10 | 11 | EVENTS 12 | verify_evt : verify(signature, data); 13 | 14 | ORDER 15 | verify_evt+ 16 | 17 | REQUIRES 18 | publicKeyVerifyPrimitive[this]; -------------------------------------------------------------------------------- /Tink/src/PublicKeyVerifyFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Public Key Signature Factory 3 | * of the Google Google library. 4 | */ 5 | 6 | SPEC com.google.crypto.tink.signature.PublicKeyVerifyFactory 7 | 8 | OBJECTS 9 | com.google.crypto.tink.KeysetHandle ksh; 10 | com.google.crypto.tink.PublicKeyVerify pkv; 11 | 12 | EVENTS 13 | gp : pkv = getPrimitive(ksh); 14 | 15 | ORDER 16 | gp+ 17 | 18 | REQUIRES 19 | generatedPublicKeySet[ksh]; 20 | 21 | ENSURES 22 | publicKeyVerifyPrimitive[pkv]; 23 | -------------------------------------------------------------------------------- /Tink/src/SignatureKeyTemplates.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a CrySL specification for the Google Tink implementation of 3 | * the class SignatureKeyTemplates. 4 | * 5 | * Note: in this case, we are not specifying the correct usage of the 6 | * API, but actually guaranteeing that the Google Tink API implementation 7 | * actually exposes some key templates as static attributes. This 8 | * information simplifies the specification of other properties for 9 | * correctly using the API. 10 | * 11 | */ 12 | 13 | SPEC com.google.crypto.tink.signature.SignatureKeyTemplates 14 | 15 | OBJECTS 16 | com.google.crypto.tink.proto.KeyTemplate ecdsa; 17 | 18 | com.google.crypto.tink.proto.HashType hashType; 19 | com.google.crypto.tink.proto.EllipticCurveType curveType; 20 | 21 | EVENTS 22 | ecdsa_evt : ecdsa = createEcdsaKeyTemplate(hashType, curveType, _, _); 23 | 24 | ORDER 25 | ecdsa_evt 26 | 27 | //CONSTRAINTS 28 | //hashType in {SHA256, SHA52} 29 | //curveType in {NIST_P384, NIST_P521, NIST_P256} 30 | //hashType == SHA256 => curveType == P256 31 | //hashType == SHA512 => curveType in {NIST_P384, NIST_P521} 32 | 33 | ENSURES 34 | keyTemplate[ecdsa]; 35 | -------------------------------------------------------------------------------- /Tink/src/StreamingAead.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Streaming AEAD Ciphers (Authenticated 3 | * Encryption with Associated Data) of the Google Tink library, together with a 4 | * ReadableByteChannel. 5 | */ 6 | SPEC com.google.crypto.tink.StreamingAead 7 | 8 | OBJECTS 9 | java.nio.channels.WritableByteChannel writer; 10 | java.nio.channels.ReadableByteChannel reader; 11 | 12 | EVENTS 13 | create_writable_channel_evt : writer = newEncryptingChannel(_, _); 14 | create_readable_channel_evt : reader = newDecryptingChannel(_, _); 15 | 16 | 17 | ORDER 18 | (create_writable_channel_evt | create_readable_channel_evt)+ 19 | 20 | REQUIRES 21 | streamingAeadPrimitive[this]; -------------------------------------------------------------------------------- /Tink/src/StreamingAeadFactory.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * A CrySL specification for using the Deterministic AEAD Factory 3 | * of the Google Google library. 4 | */ 5 | SPEC com.google.crypto.tink.streamingaead.StreamingAeadFactory 6 | 7 | OBJECTS 8 | com.google.crypto.tink.KeysetHandle ksh; 9 | com.google.crypto.tink.StreamingAead saead; 10 | 11 | EVENTS 12 | gp : saead = getPrimitive(ksh); 13 | 14 | ORDER 15 | gp 16 | 17 | REQUIRES 18 | generatedKeySet[ksh]; 19 | 20 | ENSURES 21 | streamingAeadPrimitive[saead]; -------------------------------------------------------------------------------- /Tink/src/StreamingAeadKeyTemplates.crysl: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a CrySL specification for the Google Tink implementation of 3 | * the class StreamingAeadKeyTemplates. 4 | * 5 | * Note: in this case, we are not specifying the correct usage of the 6 | * API, but actually guaranteeing that the Google Tink API implementation 7 | * actually exposes some key templates as static attributes. This 8 | * information simplifies the specification of other properties for 9 | * correctly using the API. 10 | * 11 | * 12 | * It constraints the use of the API to the following key templates: 13 | * 14 | * - aes_ctr_hmac_sha256_4kb 15 | * - aes_gcm_hkdf_4kb 16 | */ 17 | 18 | SPEC com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates 19 | 20 | OBJECTS 21 | com.google.crypto.tink.proto.KeyTemplate aes_ctr_hmac_sha256_4kb; 22 | com.google.crypto.tink.proto.KeyTemplate aes_gcm_hkdf_4kb; 23 | 24 | int key; 25 | int tag32; 26 | int segmentSize; 27 | 28 | 29 | EVENTS 30 | aes_ctr_hmac_sha256_4kb_evt: aes_ctr_hmac_sha256_4kb = createAesCtrHmacStreamingKeyTemplate(key, _, key, _, tag32, segmentSize); 31 | aes_gcm_hkdf_4kb_evt : aes_gcm_hkdf_4kb = createAesGcmHkdfStreamingKeyTemplate(key, _, key, segmentSize); 32 | 33 | CreateKeyTemplates := aes_ctr_hmac_sha256_4kb_evt | aes_gcm_hkdf_4kb_evt; 34 | 35 | ORDER 36 | (CreateKeyTemplates)* 37 | 38 | CONSTRAINTS 39 | key in {16, 32}; 40 | tag32 in {32}; 41 | segmentSize in {4096}; 42 | 43 | ENSURES 44 | keyTemplate[aes_ctr_hmac_sha256_4kb]; 45 | keyTemplate[aes_gcm_hkdf_4kb]; 46 | 47 | --------------------------------------------------------------------------------