Skip to content

Crypto: Adding bad decrypt then mac order query. #20696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 24, 2025
Merged

Crypto: Adding bad decrypt then mac order query. #20696

merged 4 commits into from
Oct 24, 2025

Conversation

@bdrodes
Copy link
Contributor

@bdrodes bdrodes commented Oct 24, 2025

Adds capability to detect decrypt THEN mac. Also fixes to improve reuse of plaintext for mac and encryption.

@bdrodes bdrodes requested review from a team as code owners October 24, 2025 16:47
Copilot AI review requested due to automatic review settings October 24, 2025 16:47
@github-actions github-actions bot added the Java label Oct 24, 2025
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds detection capability for the "decrypt-then-MAC" vulnerability pattern, where decryption occurs before MAC verification. The changes introduce a new query to identify this security issue and refactor existing code to improve reuse of plaintext tracking for both MAC and encryption operations.

Key changes:

  • Adds new query BadMacOrderDecryptThenMac.ql to detect unsafe decrypt-then-MAC ordering
  • Refactors wrapper argument tracking logic with new predicates (encryptWrapperArg, decryptWrapperArg, macWrapperArg)
  • Renames InterimArg to EncryptOrMacCallArg and TargetArg to improve code clarity

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
BadMacUse.java Adds test case decryptThenMac() demonstrating the unsafe decrypt-then-MAC pattern
BadMacOrderMacOnEncryptPlaintext.expected Updates test expectations for plaintext reuse detection with new flow paths
BadMacOrderDecryptToMac.expected Adds test failure expectation for missing source annotation
BadMacOrderDecryptThenMac.qlref Creates query reference file for the new decrypt-then-MAC detection query
BadMacOrderDecryptThenMac.expected Defines expected test results for the new decrypt-then-MAC query
BadMacOrderMacOnEncryptPlaintext.ql Updates variable name from InterimArg to EncryptOrMacCallArg
BadMacOrderDecryptThenMac.ql Implements new query to detect decrypt-then-MAC vulnerability pattern
BadMacOrder.qll Refactors core logic with new wrapper predicates and flow configurations
not_included_in_qls.expected Registers the new query in the excluded queries list

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptThenMac.ql Outdated
@@ -0,0 +1,19 @@
/**
* @name Bad MAC order: decrypt then mac
* @description Decryption on cipher text, then MAC on ciopher text, is incorrect order
Copy link

Copilot AI Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Corrected spelling of 'ciopher' to 'cipher'.

Suggested change
* @description Decryption on cipher text, then MAC on ciopher text, is incorrect order
* @description Decryption on cipher text, then MAC on cipher text, is incorrect order

Copilot uses AI. Check for mistakes.
java/ql/src/experimental/quantum/Examples/BadMacOrder.qll Outdated
Comment on lines 223 to 234
// /**
// * An argument of a target sink or a parent call whose parameter flows to a target sink
// */
// class EncryptOrMacPartialFlowArg extends DataFlow::Node {
// DataFlow::Node targetSink;
// EncryptOrMacPartialFlowArg() {
// encryptWrapperArg(this, targetSink)
// or
// macWrapperArg(this, targetSink)
// }
// DataFlow::Node getTargetSink() { result = targetSink }
// }
Copy link

Copilot AI Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commented-out class EncryptOrMacPartialFlowArg should be removed if it's no longer needed. Leaving dead code in the codebase reduces maintainability and can cause confusion.

Suggested change
// /**
// * An argument of a target sink or a parent call whose parameter flows to a target sink
// */
// class EncryptOrMacPartialFlowArg extends DataFlow::Node {
// DataFlow::Node targetSink;
// EncryptOrMacPartialFlowArg() {
// encryptWrapperArg(this, targetSink)
// or
// macWrapperArg(this, targetSink)
// }
// DataFlow::Node getTargetSink() { result = targetSink }
// }

Copilot uses AI. Check for mistakes.
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 24, 2025
View reviewed changes
@nicolaswill nicolaswill merged commit e7bd435 into github:main Oct 24, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nicolaswill nicolaswill nicolaswill approved these changes

Assignees

No one assigned

Labels

Java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bdrodes @nicolaswill