@elizaos/skills 2.0.0-alpha.3

package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs

@@ -0,0 +1,174 @@
+/**
+ * Vulnerable C# code sample for constant-time analysis testing.
+ *
+ * This file demonstrates common timing side-channel vulnerabilities in C#:
+ * - Variable-time division operations
+ * - Timing-unsafe comparisons
+ * - Variable-latency math operations
+ * - Predictable randomness
+ *
+ * DO NOT USE THIS CODE IN PRODUCTION - it is intentionally vulnerable.
+ */
+
+using System;
+using System.Linq;
+
+public class Vulnerable
+{
+    /// <summary>
+    /// Vulnerable modular reduction using division.
+    /// Division has data-dependent timing on most platforms.
+    /// </summary>
+    public static int VulnerableModReduce(int value, int modulus)
+    {
+        // VULNERABLE: Division has variable-time execution (div opcode)
+        int quotient = value / modulus;
+        // VULNERABLE: Modulo has variable-time execution (rem opcode)
+        int remainder = value % modulus;
+
+        // Use quotient to prevent dead code elimination
+        if (quotient < 0)
+        {
+            throw new ArgumentException("Unexpected negative quotient");
+        }
+
+        return remainder;
+    }
+
+    /// <summary>
+    /// Vulnerable long division.
+    /// Long division also has timing side-channels.
+    /// </summary>
+    public static long VulnerableLongDivide(long value, long divisor)
+    {
+        // VULNERABLE: Long division has variable-time execution
+        return value / divisor;
+    }
+
+    /// <summary>
+    /// Vulnerable floating-point division.
+    /// </summary>
+    public static double VulnerableFloatDivide(double a, double b)
+    {
+        // VULNERABLE: Float division has variable latency
+        return a / b;
+    }
+
+    /// <summary>
+    /// Vulnerable token comparison using SequenceEqual().
+    /// This leaks timing information about how many bytes match.
+    /// </summary>
+    public static bool VulnerableTokenCompare(byte[] provided, byte[] expected)
+    {
+        // VULNERABLE: SequenceEqual() may early-exit on mismatch
+        return provided.SequenceEqual(expected);
+    }
+
+    /// <summary>
+    /// Vulnerable string comparison using Equals().
+    /// String.Equals() has early-exit behavior.
+    /// </summary>
+    public static bool VulnerableStringCompare(string provided, string expected)
+    {
+        // VULNERABLE: String.Equals() may early-exit
+        return provided.Equals(expected);
+    }
+
+    /// <summary>
+    /// Vulnerable square root calculation.
+    /// Math.Sqrt() has variable latency based on operand values.
+    /// </summary>
+    public static double VulnerableSqrt(double value)
+    {
+        // VULNERABLE: Math.Sqrt has variable latency
+        return Math.Sqrt(value);
+    }
+
+    /// <summary>
+    /// Vulnerable power calculation.
+    /// Math.Pow() has variable latency based on operand values.
+    /// </summary>
+    public static double VulnerablePow(double baseVal, double exponent)
+    {
+        // VULNERABLE: Math.Pow has variable latency
+        return Math.Pow(baseVal, exponent);
+    }
+
+    /// <summary>
+    /// Vulnerable random number generation.
+    /// System.Random is predictable and not cryptographically secure.
+    /// </summary>
+    public static int VulnerableRandomInt(int maxValue)
+    {
+        // VULNERABLE: System.Random is predictable
+        Random rand = new Random();
+        return rand.Next(maxValue);
+    }
+
+    /// <summary>
+    /// Vulnerable decompose function similar to ML-DSA.
+    /// Demonstrates the KyberSlash-style vulnerability.
+    /// </summary>
+    public static (int r1, int r0) VulnerableDecompose(int r, int gamma2)
+    {
+        // VULNERABLE: Division has variable-time execution
+        int r1 = (r + 127) / (2 * gamma2);
+
+        // VULNERABLE: Modulo has variable-time execution
+        int r0 = r % (2 * gamma2);
+
+        // Centering
+        if (r0 > gamma2)
+        {
+            r0 -= 2 * gamma2;
+            r1 += 1;
+        }
+
+        return (r1, r0);
+    }
+
+    /// <summary>
+    /// Vulnerable table lookup using secret as index.
+    /// This leaks timing through cache behavior.
+    /// </summary>
+    public static int VulnerableTableLookup(int secretIndex, int[] table)
+    {
+        // VULNERABLE: Array access indexed by secret leaks cache timing
+        return table[secretIndex];
+    }
+
+    /// <summary>
+    /// Test harness to prevent dead code elimination.
+    /// </summary>
+    public static void Main(string[] args)
+    {
+        Console.WriteLine("Running vulnerable operations for testing...");
+
+        int result1 = VulnerableModReduce(12345, 97);
+        Console.WriteLine($"Mod reduce: {result1}");
+
+        long result2 = VulnerableLongDivide(1234567890L, 12345L);
+        Console.WriteLine($"Long divide: {result2}");
+
+        double result3 = VulnerableFloatDivide(10.0, 3.0);
+        Console.WriteLine($"Float divide: {result3}");
+
+        byte[] a = { 1, 2, 3 };
+        byte[] b = { 1, 2, 3 };
+        bool result4 = VulnerableTokenCompare(a, b);
+        Console.WriteLine($"Token compare: {result4}");
+
+        double result5 = VulnerableSqrt(144);
+        Console.WriteLine($"Sqrt: {result5}");
+
+        int result6 = VulnerableRandomInt(100);
+        Console.WriteLine($"Random: {result6}");
+
+        var result7 = VulnerableDecompose(1000, 261888);
+        Console.WriteLine($"Decompose: r1={result7.r1}, r0={result7.r0}");
+
+        int[] table = { 1, 2, 3, 4, 5, 6, 7, 8 };
+        int result8 = VulnerableTableLookup(5, table);
+        Console.WriteLine($"Table lookup: {result8}");
+    }
+}

package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java

@@ -0,0 +1,161 @@
+/**
+ * Vulnerable Java code sample for constant-time analysis testing.
+ *
+ * This file demonstrates common timing side-channel vulnerabilities in Java:
+ * - Variable-time division operations
+ * - Timing-unsafe comparisons
+ * - Variable-latency math operations
+ * - Predictable randomness
+ *
+ * DO NOT USE THIS CODE IN PRODUCTION - it is intentionally vulnerable.
+ */
+
+import java.util.Arrays;
+import java.util.Random;
+
+public class vulnerable {
+
+    /**
+     * Vulnerable modular reduction using division.
+     * Division has data-dependent timing on most platforms.
+     */
+    public static int vulnerableModReduce(int value, int modulus) {
+        // VULNERABLE: Division has variable-time execution (idiv bytecode)
+        int quotient = value / modulus;
+        // VULNERABLE: Modulo has variable-time execution (irem bytecode)
+        int remainder = value % modulus;
+
+        // Use quotient to prevent dead code elimination
+        if (quotient < 0) {
+            throw new IllegalArgumentException("Unexpected negative quotient");
+        }
+
+        return remainder;
+    }
+
+    /**
+     * Vulnerable long division.
+     * Long division (ldiv) also has timing side-channels.
+     */
+    public static long vulnerableLongDivide(long value, long divisor) {
+        // VULNERABLE: Long division has variable-time execution (ldiv bytecode)
+        return value / divisor;
+    }
+
+    /**
+     * Vulnerable floating-point division.
+     */
+    public static double vulnerableFloatDivide(double a, double b) {
+        // VULNERABLE: Float division has variable latency (ddiv bytecode)
+        return a / b;
+    }
+
+    /**
+     * Vulnerable token comparison using Arrays.equals().
+     * This leaks timing information about how many bytes match.
+     */
+    public static boolean vulnerableTokenCompare(byte[] provided, byte[] expected) {
+        // VULNERABLE: Arrays.equals() may early-exit on mismatch
+        return Arrays.equals(provided, expected);
+    }
+
+    /**
+     * Vulnerable string comparison using equals().
+     * String.equals() has early-exit behavior.
+     */
+    public static boolean vulnerableStringCompare(String provided, String expected) {
+        // VULNERABLE: String.equals() may early-exit
+        return provided.equals(expected);
+    }
+
+    /**
+     * Vulnerable square root calculation.
+     * Math.sqrt() has variable latency based on operand values.
+     */
+    public static double vulnerableSqrt(double value) {
+        // VULNERABLE: Math.sqrt has variable latency
+        return Math.sqrt(value);
+    }
+
+    /**
+     * Vulnerable power calculation.
+     * Math.pow() has variable latency based on operand values.
+     */
+    public static double vulnerablePow(double base, double exponent) {
+        // VULNERABLE: Math.pow has variable latency
+        return Math.pow(base, exponent);
+    }
+
+    /**
+     * Vulnerable random number generation.
+     * java.util.Random is predictable and not cryptographically secure.
+     */
+    public static int vulnerableRandomInt(int bound) {
+        // VULNERABLE: java.util.Random is predictable
+        Random rand = new Random();
+        return rand.nextInt(bound);
+    }
+
+    /**
+     * Vulnerable decompose function similar to ML-DSA.
+     * Demonstrates the KyberSlash-style vulnerability.
+     */
+    public static int[] vulnerableDecompose(int r, int gamma2) {
+        // VULNERABLE: Division has variable-time execution
+        int r1 = (r + 127) / (2 * gamma2);
+
+        // VULNERABLE: Modulo has variable-time execution
+        int r0 = r % (2 * gamma2);
+
+        // Centering
+        if (r0 > gamma2) {
+            r0 -= 2 * gamma2;
+            r1 += 1;
+        }
+
+        return new int[]{r1, r0};
+    }
+
+    /**
+     * Vulnerable table lookup using secret as index.
+     * This leaks timing through cache behavior.
+     */
+    public static int vulnerableTableLookup(int secretIndex, int[] table) {
+        // VULNERABLE: Array access indexed by secret leaks cache timing
+        return table[secretIndex];
+    }
+
+    /**
+     * Test harness to prevent dead code elimination.
+     */
+    public static void main(String[] args) {
+        System.out.println("Running vulnerable operations for testing...");
+
+        int result1 = vulnerableModReduce(12345, 97);
+        System.out.println("Mod reduce: " + result1);
+
+        long result2 = vulnerableLongDivide(1234567890L, 12345L);
+        System.out.println("Long divide: " + result2);
+
+        double result3 = vulnerableFloatDivide(10.0, 3.0);
+        System.out.println("Float divide: " + result3);
+
+        byte[] a = {1, 2, 3};
+        byte[] b = {1, 2, 3};
+        boolean result4 = vulnerableTokenCompare(a, b);
+        System.out.println("Token compare: " + result4);
+
+        double result5 = vulnerableSqrt(144);
+        System.out.println("Sqrt: " + result5);
+
+        int result6 = vulnerableRandomInt(100);
+        System.out.println("Random: " + result6);
+
+        int[] result7 = vulnerableDecompose(1000, 261888);
+        System.out.println("Decompose: r1=" + result7[0] + ", r0=" + result7[1]);
+
+        int[] table = {1, 2, 3, 4, 5, 6, 7, 8};
+        int result8 = vulnerableTableLookup(5, table);
+        System.out.println("Table lookup: " + result8);
+    }
+}

package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt

@@ -0,0 +1,181 @@
+/**
+ * Vulnerable Kotlin code sample for constant-time analysis testing.
+ *
+ * This file demonstrates common timing side-channel vulnerabilities in Kotlin:
+ * - Variable-time division operations
+ * - Timing-unsafe comparisons
+ * - Variable-latency math operations
+ * - Predictable randomness
+ *
+ * DO NOT USE THIS CODE IN PRODUCTION - it is intentionally vulnerable.
+ */
+
+import kotlin.random.Random
+import kotlin.math.sqrt
+import kotlin.math.pow
+
+/**
+ * Vulnerable modular reduction using division.
+ * Division has data-dependent timing on most platforms.
+ */
+fun vulnerableModReduce(value: Int, modulus: Int): Int {
+    // VULNERABLE: Division has variable-time execution (idiv bytecode)
+    val quotient = value / modulus
+    // VULNERABLE: Modulo has variable-time execution (irem bytecode)
+    val remainder = value % modulus
+
+    // Use quotient to prevent dead code elimination
+    require(quotient >= 0) { "Unexpected negative quotient" }
+
+    return remainder
+}
+
+/**
+ * Vulnerable long division.
+ * Long division (ldiv) also has timing side-channels.
+ */
+fun vulnerableLongDivide(value: Long, divisor: Long): Long {
+    // VULNERABLE: Long division has variable-time execution (ldiv bytecode)
+    return value / divisor
+}
+
+/**
+ * Vulnerable floating-point division.
+ */
+fun vulnerableFloatDivide(a: Double, b: Double): Double {
+    // VULNERABLE: Float division has variable latency (ddiv bytecode)
+    return a / b
+}
+
+/**
+ * Vulnerable token comparison using contentEquals().
+ * This leaks timing information about how many bytes match.
+ */
+fun vulnerableTokenCompare(provided: ByteArray, expected: ByteArray): Boolean {
+    // VULNERABLE: contentEquals() may early-exit on mismatch
+    return provided.contentEquals(expected)
+}
+
+/**
+ * Vulnerable string comparison using equals().
+ * String.equals() has early-exit behavior.
+ */
+fun vulnerableStringCompare(provided: String, expected: String): Boolean {
+    // VULNERABLE: String == comparison may early-exit
+    return provided == expected
+}
+
+/**
+ * Vulnerable square root calculation.
+ * sqrt() has variable latency based on operand values.
+ */
+fun vulnerableSqrt(value: Double): Double {
+    // VULNERABLE: sqrt has variable latency
+    return sqrt(value)
+}
+
+/**
+ * Vulnerable power calculation.
+ * pow() has variable latency based on operand values.
+ */
+fun vulnerablePow(base: Double, exponent: Double): Double {
+    // VULNERABLE: pow has variable latency
+    return base.pow(exponent)
+}
+
+/**
+ * Vulnerable random number generation.
+ * kotlin.random.Random is predictable and not cryptographically secure.
+ */
+fun vulnerableRandomInt(bound: Int): Int {
+    // VULNERABLE: kotlin.random.Random is predictable
+    return Random.nextInt(bound)
+}
+
+/**
+ * Vulnerable random using Random.Default singleton.
+ */
+fun vulnerableRandomDefault(): Int {
+    // VULNERABLE: Random.Default is predictable
+    return Random.Default.nextInt()
+}
+
+/**
+ * Vulnerable decompose function similar to ML-DSA.
+ * Demonstrates the KyberSlash-style vulnerability.
+ */
+fun vulnerableDecompose(r: Int, gamma2: Int): Pair<Int, Int> {
+    // VULNERABLE: Division has variable-time execution
+    var r1 = (r + 127) / (2 * gamma2)
+
+    // VULNERABLE: Modulo has variable-time execution
+    var r0 = r % (2 * gamma2)
+
+    // Centering
+    if (r0 > gamma2) {
+        r0 -= 2 * gamma2
+        r1 += 1
+    }
+
+    return Pair(r1, r0)
+}
+
+/**
+ * Vulnerable table lookup using secret as index.
+ * This leaks timing through cache behavior.
+ */
+fun vulnerableTableLookup(secretIndex: Int, table: IntArray): Int {
+    // VULNERABLE: Array access indexed by secret leaks cache timing
+    return table[secretIndex]
+}
+
+/**
+ * Vulnerable when expression on secret value.
+ * Switch/when statements may leak timing based on case.
+ */
+fun vulnerableWhenExpression(secretValue: Int): String {
+    // VULNERABLE: when compiles to tableswitch/lookupswitch
+    return when (secretValue) {
+        0 -> "zero"
+        1 -> "one"
+        2 -> "two"
+        else -> "other"
+    }
+}
+
+/**
+ * Test harness to prevent dead code elimination.
+ */
+fun main() {
+    println("Running vulnerable operations for testing...")
+
+    val result1 = vulnerableModReduce(12345, 97)
+    println("Mod reduce: $result1")
+
+    val result2 = vulnerableLongDivide(1234567890L, 12345L)
+    println("Long divide: $result2")
+
+    val result3 = vulnerableFloatDivide(10.0, 3.0)
+    println("Float divide: $result3")
+
+    val a = byteArrayOf(1, 2, 3)
+    val b = byteArrayOf(1, 2, 3)
+    val result4 = vulnerableTokenCompare(a, b)
+    println("Token compare: $result4")
+
+    val result5 = vulnerableSqrt(144.0)
+    println("Sqrt: $result5")
+
+    val result6 = vulnerableRandomInt(100)
+    println("Random: $result6")
+
+    val (r1, r0) = vulnerableDecompose(1000, 261888)
+    println("Decompose: r1=$r1, r0=$r0")
+
+    val table = intArrayOf(1, 2, 3, 4, 5, 6, 7, 8)
+    val result8 = vulnerableTableLookup(5, table)
+    println("Table lookup: $result8")
+
+    val result9 = vulnerableWhenExpression(1)
+    println("When result: $result9")
+}

package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php

@@ -0,0 +1,140 @@
+<?php
+/**
+ * Vulnerable PHP code sample for constant-time analysis testing.
+ *
+ * This file demonstrates common timing side-channel vulnerabilities in PHP:
+ * - Variable-time division operations
+ * - Timing-unsafe string comparisons
+ * - Cache-timing side-channels via table lookups
+ * - Predictable randomness
+ *
+ * DO NOT USE THIS CODE IN PRODUCTION - it is intentionally vulnerable.
+ */
+
+/**
+ * Vulnerable modular reduction using division.
+ * The division and modulo operations have data-dependent timing.
+ */
+function vulnerable_mod_reduce(int $value, int $modulus): int
+{
+    // VULNERABLE: Division has data-dependent timing
+    $quotient = intdiv($value, $modulus);
+    // VULNERABLE: Modulo has data-dependent timing
+    $remainder = $value % $modulus;
+    return $remainder;
+}
+
+/**
+ * Vulnerable token comparison using early-exit comparison.
+ * This leaks timing information about how many characters match.
+ */
+function vulnerable_token_compare(string $provided, string $expected): bool
+{
+    // VULNERABLE: === on strings may early-exit
+    return $provided === $expected;
+}
+
+/**
+ * Vulnerable token comparison using strcmp.
+ * strcmp() has variable-time execution.
+ */
+function vulnerable_strcmp_compare(string $provided, string $expected): bool
+{
+    // VULNERABLE: strcmp has variable-time execution
+    return strcmp($provided, $expected) === 0;
+}
+
+/**
+ * Vulnerable hex encoding using chr().
+ * chr() uses table lookup indexed by secret data.
+ */
+function vulnerable_byte_to_hex(int $byte): string
+{
+    $hex_chars = '0123456789abcdef';
+    // VULNERABLE: chr() has cache-timing side-channel
+    $high = chr(ord($hex_chars[$byte >> 4]));
+    $low = chr(ord($hex_chars[$byte & 0x0f]));
+    return $high . $low;
+}
+
+/**
+ * Vulnerable encoding using bin2hex.
+ * bin2hex() uses table lookups on secret data.
+ */
+function vulnerable_encode_secret(string $secret): string
+{
+    // VULNERABLE: bin2hex uses table lookups
+    return bin2hex($secret);
+}
+
+/**
+ * Vulnerable base64 encoding.
+ * base64_encode() uses table lookups on secret data.
+ */
+function vulnerable_base64_secret(string $secret): string
+{
+    // VULNERABLE: base64_encode uses table lookups
+    return base64_encode($secret);
+}
+
+/**
+ * Vulnerable random token generation using mt_rand.
+ * mt_rand() is predictable and not cryptographically secure.
+ */
+function vulnerable_generate_token(int $length): string
+{
+    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+    $token = '';
+    for ($i = 0; $i < $length; $i++) {
+        // VULNERABLE: mt_rand is predictable
+        $token .= $chars[mt_rand(0, strlen($chars) - 1)];
+    }
+    return $token;
+}
+
+/**
+ * Vulnerable unique ID generation using uniqid.
+ * uniqid() is predictable.
+ */
+function vulnerable_generate_id(): string
+{
+    // VULNERABLE: uniqid is predictable
+    return uniqid('prefix_', true);
+}
+
+/**
+ * Vulnerable array shuffle using shuffle().
+ * shuffle() uses mt_rand internally.
+ */
+function vulnerable_shuffle_array(array $items): array
+{
+    // VULNERABLE: shuffle uses mt_rand internally
+    shuffle($items);
+    return $items;
+}
+
+// Test harness to prevent dead code elimination
+function run_tests(): void
+{
+    echo "Running vulnerable operations for testing...\n";
+
+    $result1 = vulnerable_mod_reduce(12345, 97);
+    echo "Mod reduce: $result1\n";
+
+    $result2 = vulnerable_token_compare("secret123", "secret123");
+    echo "Token compare: " . ($result2 ? "true" : "false") . "\n";
+
+    $result3 = vulnerable_byte_to_hex(0xAB);
+    echo "Byte to hex: $result3\n";
+
+    $result4 = vulnerable_encode_secret("secret");
+    echo "Encoded: $result4\n";
+
+    $result5 = vulnerable_generate_token(16);
+    echo "Token: $result5\n";
+}
+
+// Only run if executed directly
+if (basename(__FILE__) === basename($_SERVER['SCRIPT_FILENAME'] ?? '')) {
+    run_tests();
+}