eclipse-cognicrypt / cognicrypt Goto Github PK

Prerequisites

• Eclipse Version: Neon.3 Release (4.6.3)`
• Operating system: Linux Mint 18.1
• Java runtime used to run eclipse: 1.8.0_131
• Git branch/Commit-ID: master/96111043bb7a87018ecf80053cf7f46a76a4f34c

Issue description

On invoking the wizard a blank window is displayed in the background. Appears to be unintended.

Closing the wizard does not terminate said window.

When choosing to implement a client, and giving hostname and port for the server to connect to, one should be able to make a test connection to that server under the default configuration.
If the test connection can be established successfully, the "We have compiled a default configuration ..." screen should be displayed. Otherwise, show an error message and show the "Select cipher suites" screen."

The integration of new primitives should be supported by CogniCrypt by means of a guided dialogue system. Steps should at least include:
"What kind of algorithm do you want to integrate?" - Cipher, MAC, MessageDigest, ...
"Which CSP provides the implementation?" - SUNJCE, Bouncycastle, Mine, ...
If 'Mine' was selected: "Please provide the provider's name and its jar file."
"Please provide Clafer model for the algorithm" (Show respective snippet of existing algorithms in the same algorithm class)"

Linked to #14

Edit: The expert probably does not provide a CSP, but rather a Java project with the implementation. Scratch the part about "which CSP provides the implementation" and assume you need to do the CSP part for them.

Displaying AES AES(2) etc. is very counter-intuitive for the end user. Can we come up with a better representation?

Originally created by: @snadi

Some(tm) cryptographers prefer to implement cryptographic schemes in C(++). Extend the integration interface of #13 such that algorithms implemented in C(++) can be integrated as well. In particular, add a question about the respective programming language. If C(++) is selected, generate stubs for an JNI after the algorithm type is selected. Depending on the algorithm type, different methods need to be generated (e.g. ciphers need at least the methods encrypt, decrypt, generateKey). Finally, ask the primitive developer to connect methods in the JNI with the ones in their C(++) implementation.

After few minutes of running the error occurs. It is caused by an exception in SAX parser and it was detected during refactoring XMLParser class.

Most likely it's caused by wrong usage of plugin e.g. adding same task twice, which causes error. A usability improvement can be restricting such usage of plugin or warning the user."

The tool CDRep (https://soarsmu.github.io/papers/CDRep.pdf) automatically detects and patches misuses of Crypto APIs. When we decide to build some sort of quick fix generation engine for CogniCrypt, we should look into this in a bit more detail to check if we can adopt ideas & concepts from there.

Add a drop-down menu to the first screen in the wizard with all Java projects in the workspace. Depending on the situation when the user clicks the button a different project is auto-selected in the drop-down menu. When a Java file is opened in the editor auto-select its project. When a Java project had been selected that project is auto selected. If neither of the two is true don't auto select anything and leave it to the user to select one. The next button only becomes clickable once the user has selected both a project and a task.

Collect as many Android apps as you can find that use cryptographic APIs.
The collection process should entail three steps:

1. Find repositories of Android apps (e.g. f-droid, droidbench, Google Play Store using https://github.com/onyxbits/Raccoon etc.)
2. Write an analysis on top of Soot that analyzes an Android app for usages of the classes that are part of the JCA (see: http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Concepts) and stores apps that do use at least one of them and a small description about which classes it uses as a separate in a designated folder.
   a) Implement an option to only look for a set of specific classes (e.g.Cipher, KeyGenerator, KeyPairGenerator, Mac, MessageDigest, and Signature)
   b) Differentiate between app and library code. If an app uses a library that uses such an API, record the library as its own application. If multiple apps use the same library, only record it once.

You can find a similar analysis here: https://code.crossing.tu-darmstadt.de/projects/E1/repos/code_cryptominer/browse/code/grouminer/PackageFilterer/src/PackageFilterer.java
It has the same base functionality)

3. Apply the analysis on the apps found in the repos.

If you have questions concerning question 2, get in touch with @johspaeth or @nguyenLisa.

The input of the doFinal and update method in Cipher is the plaintext as a byte array. Usually, a tool is supposed to actually encrypt a file or a message. During the conversion from, say, strings to byte arrays the user may still make mistakes that weaken the encryption. Extend the symmetric-encryption task by adding a new question that allows the user to select the original source of the byte arrays and add conversions for each supported answer to the xsl stylesheet.
Question could be something like "What type of data do you wish to encrypt?" -> Messages (String), Files (File), Byte Array ...

Prerequisitives

• Git branch/Commit-ID: 01cf4d9

Issue description

At present CC displays the instance details list by auto selecting the best possible instance according to
the user requirements.
Introduce a new wizard page after user is done giving answers to the mandatory high level questions for the selected task.
This page should give user the following two options-
Option 1: Keep the default configuration of Instance which fulfills the user needs
Option 2: Change the auto compile configuration
When user selects option 1 CogniCrypt should directly introduce the code into the selected project, no need to show the Instance Details of the auto compile version.
When user selects option 2 then the user should see the instance details page and allow user to select algorithm of their choice.

When the user ever has CogniCrypt re-generate the code for their application, but has changed the code CogniCrypt has generated for them the first time, CogniCrypt as of now overrides everything. KaleidoCrypt adds tool support for this use case in that it allows to merge the existing code in the project with the one that CogniCrypt attempts to generate in the second run. Integrate the two.

This will be more than one issue, presumably, this issue should help to keep track of the integration process. Please reference this issues in all (future) issues that work towards this goal.

Can we use better separators for improving the readability of the instance details?

We should try to think of some meaningful questions for the tasks that make use of the properties in the variability model

Originally created by: @snadi

A hybrid encryption comprises a public key and a symmetric encryption. The actual data is encrypted using a symmetric encryption. Then, the symmetric key is encrypted using a public key encryption.
This has already been done:

1. Implementation already provided for main task - #15
2. Clafer model already created
3. Specify correct usage in CrySL - Ask me for rules.

This still needs to be done:

4. Develop questions for configurator wizard and consequences of responses

   • should include "Do you want the encryption to be post-quantum secure?" to make LP and other (post-quantum) lattice-based encryption schemes stand out

5. Write XSL Stylesheet for Code - This has been done partly. Reuse old stylesheet for symmetric encryption.

If there are functionalities needed for the integration of this task, open another issue and implement them."

Since we will likely replace Clafer later design configurator to have the least possible dependencies on it.. This is bigger than a single issue but just opening it up so we don't forget.

Originally created by: @snadi

Resources should probably work through before tackling this issue:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html
https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html
And this is the problem: https://www.google.de/search?q=call+so+file+from+within+jar+file

Currently, these two tasks are separated.

1. Merge them by adding a question about having the encryption key derived from a password to the "Symmetric Encryption" task.
2. Compare the two Clafer models to figure out which constraints need to be added in case the user answers 'yes' to a password-based key. (e.g. output of key derivation has to have an acceptable length for the cipher)"

• Git branch/Commit-ID: Master/f09eef918b21b70b0e96efb7c7e728d4f61321e3

Issue description

Task Name: Encrypt Data Using a Secret Key
When choosing "yes" as an option to derive key from user specific password, the output class doesn't implement the correct method.

Actual Output:

public class Output {
public byte[] templateUsage(byte[] data) throws GeneralSecurityException {
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey key = kg.generateKey();

	Enc enc = new Enc();
	return enc.encrypt(data, key);
}

}

Expected Output:

public class Output {
public byte[] templateUsage(byte[] data, char[] pwd) throws GeneralSecurityException {
KeyDeriv kd = new KeyDeriv();
SecretKey key = kd.getKey(pwd);
Enc enc = new Enc();
return enc.encrypt(data, key);
}
}

Cognicrypt automatically selects the first configuration in the instance-selection screen. Since all configurations that are shown in that screen comply with specified requirements, it doesn't make sense to not auto-select the one with the highest security level. Hence, Cognicrypt should sort the configurations based on security level in descending order.

One way to do that may be to tell Clafer's instance generator to sort the instances, but as far as I know, there is no such mechanism. Another way would be to post-process the generated instances, retrieve their security level and then order them in the Java code."

User authentication is one of the most common use cases application developers wish to implement. Integrate multiple solutions for that use case.
This integration includes

1. Providing an implementation,
2. Creating CrySL rules,
3. Developing questions for configurator wizard and consequences of responses, and
4. Writing CogniCrypt_GEN template

If there are functionalities needed for the integration of this use case, open another issue and implement them.

Implementation provided as jar. Usage example in the CogniCrypt.pdf.
Remaining steps:

0. Read all documentation files.
1. Develop configuation questions based on documentation.
2. Define a Clafer model.
3. Encode questions as json file.
4. Put implementation in "additional resources" folder for that respectiv task.
5. Encode usage example as XSL Stylesheet."

One goal of CogniCrypt is to simplify developers' usage of cryptographic APIs. A vital aspect to realize this goal is a usable UI. The current UI as it is falls short of that in a number of ways. Address and correct these issues.

This issue is a an umbrella issue in which sub-tasks for individual flaws should be created as sub-tasks of this issue. This should make it easier to keep track of all UI-related issues.

Sub-issues: #2, #3, #4, #5, #7, #9

Prerequisitives

• Eclipse Version: Neon.2 Release (4.6.2)
• Operating system: Windows 10
• Java runtime used to run eclipse: 1.8.0_102
• Git branch/Commit-ID: master/f09eef918b21b70b0e96efb7c7e728d4f61321e3

Issue description

1. Launch CogniCrypt
2. Choose the task "Communicate over a secure channel"
3. Key in some values for the text-fields
4. Click Next, by choosing default answers
5. Notice a "S" in the last page(Instance Selection Page) of the wizard
   

When someone selects an algorithm provided by one of "our" JCA providers (or BouncyCastle once we support it), the respective jar file must be added to the user's project. This most likely also requires a change in the Clafer model to mark where the algorithms belong to.

For keysize properties, it doesn't make sense to have a spinner with increments of 1

Similarly, for security, performance etc., the integer values will mean nothing to the user

Originally created by: @snadi

In /src/test/java/crossing/e1/configurator/test/ui, there are five UI tests, created with the UI-testing plugin RCPTT. Right now, they work for my machine. Integrate them into the nightly build.
This might help: https://www.eclipse.org/rcptt/documentation/userguide/maven/"

It seems that in the advanced mode, all "enums" are displayed as global properties for the user. This shouldn't be the case as the user shouldn't set a global security or performance level, but should only set those specific to the task. It might just be the display wording, but this needs to be investigated to see where these constraints are exactly displayed from (maybe global as in parent cipher?)"

Originally created by: @snadi

The code that is generated is generated into some project. Currently, we have some heuristics to figure out which project it needs to be generated into. These heuristics might not always be intuitive to the user as they may right-click on the project they need the code in and expect a context-menu entry to start the code-generation wizard.

Add this entry to the context-menu when someone right clicks anything in the package explorer and take the project that was right-clicked (or if a file was clicked its project) as the developr project for the code generation."

This project is being developed by Prof. Blömer's group at Uni Paderborn. For more information, ask me for a project description. The implementation, packed as a jar file, can be found here: https://www.dropbox.com/s/moz5q27e86usmtx/craco4openCCE1.zip?dl=0

This integration includes:

1. Get familiar with the implementation
2. Create appropriate CrySL rules
3. Develop questions for configurator wizard and consequences of responses
4. Devise the code template.

If there are functionalities needed for the integration of this task, open another issue and implement them.

Go through all tasks and check which questions require an answer from the user and which would work just fine with our default answer. Path to a keystore in TLS task is not optional, for instance. Neither is the questions in ABY about which scenario the code should be generated for. If a clear majority of/more than two questions for a task is optional, reorder them such that the mandatory ones come first and the optional ones come last, and add another question in-between to ask the user if they want to skip the optional ones.

http://cryptoexamples.com/java_landing_page.html# lists a bunch of examples showcasing how to use the Java crypto APIs. Check them out to find bugs in our xsl templates and/or ideas for new tasks. Also document mistakes in their examples (e.g. password not cleared after use of PBEKeyspec).

We should eventually integrate the S6 archiving dialog

Originally created by: @snadi

What exactly are global constraints ? The current display of properties is not intuitive for the user.

Also, when property is mode for example, operators such as > and <= don't make sense. The operators should be dependent on the property."

Originally created by: @snadi

CogniCrypt should support a integration of new tasks. Starting point of the integration could be the task list page. Workflow should roughly be as follows:
"Name of your task" => "Description of your task" => "Clafer Model for the task" => "XSL Stylesheet for your task" => "High level questions for your task"

Properly align and display the properties (see attached snapshot)

Now even worse when added checkbox to enable/disable constraint (see second snapshot)

Originally created by: @snadi

Implementation as jar + usage example as java code and configuration question for the wizard are in preparation.
Remaining steps:

1. finalize questions
2. encode them as json file
3. put implementation in additional resources folder
4. encode usage example as xsl
5. What about Clafer model?"

Each provider supports a certain number of algorithms in different configurations. Take the Cipher class of the SunJCE Provider for instance (). If AES is taken as a cipher, only the padding schemes NoPadding, PKCS5Padding, ISO10126Padding are allowed. If the user types
cipher.getInstance("AES/CBC/
content proposal/code completion may (only) show the allowed padding schemes to support the developer.

Currently blocked by #191.

Right now, there is one question/UI widget per page, which gets tedious to the user pretty quickly. Extend the UI elements such that these can be grouped. Take into consideration that often the answer to one of the questions changes the value range for the answer of another one or even makes the wizard to skip a question.
A first solution may be to only group those that do not influence one another. In a second step, the UI widgets should be updated depending on the answer of the previous UI page.
Don't put more than three to five widgets on a page though.

For integration, the following things are still missing:

1. Implementation of the algorithm in a CSP
2. stylesheet (Editing the one for symmetric block ciphers should suffice)
3. Some simple task for the algorithm to be used in (Encryption with a public key algorithm?, post-quantum secure?)"

Prerequisites

• Eclipse Version: Neon.3 Release (4.6.3)
• Operating system: Debian GNU/Linux 8 (jessie)
• Desktop environment: GNOME 3.14.1
• Java runtime used to run eclipse: openjdk version "1.8.0_131"
• Git branch/Commit-ID: master/f09eef9

also reproducible on

• Eclipse Version: Neon.3 Release (4.6.3)
• Operating system: Linux Mint 18.1
• Java runtime used to run eclipse: 1.8.0_131
• Git branch/Commit-ID: master/f09eef9

Issue description

When GTK3 mode in eclipse is enabled (which it seems to be by default in recent Linux UIs), the CogniCrypt UI breaks when opened for the first time. An error is thrown from the C library libgdk-x11-2.0.so, memory is dumped and CogniCrypt does not show up.

Workaround

Set eclipse to GTK2 mode by starting it using

export SWT_GTK3=0; eclipse

References

• https://stackoverflow.com/questions/24872995/why-does-my-eclipse-luna-4-4-crash-on-debian-wheezy-7-4-with-oracle-jdk8-64bit
• guari/eclipse-ui-theme#73

When going back and forth in the wizard, the order of pages gets mixed up and pages that have been seen yet, are created anew.

The getNextPage and getPreviousPage methods have to be revised. They would either have to work on the set of all pages (that was created when creating the wizard) or re-check the path that the user took on every back/next click.

An example sequence that shows the problem:

Select Task: Communicate over a secure channel
Next >
Please specify the path to your keystore:
Next >
Please give the password for your keystore:
< Back
Next >

The input field is now empty as a new page has been created. The old (redundant) one still exists and can be accessed via the back button.

The last step in the Wizard has the "Finish" button active but while moving back to the previous steps using "Back" button, the "Finish" button is still active. Clicking on "Finish" in the intermediate steps does not perform anything.
Fix:
The "Finish" button should be activated only in the last step of the wizard."

Originally created by @Sneha1602

File should at least describe:

• functionality of CogniCrypt (tool paper)
• how to set it up in Eclipse
• how to contribute (CogniCrypt contributor documentation)
• latest build status

Take a look at the code accompanying that master thesis on crypto misuses and extract rules.

When the user selects an option on a wizard page, show them a preview of the consequences of their choice.

Also document the setup process of the nightly build.