CryptoDataHub 0.12.6__py3-none-any.whl

cryptodatahub/common/algorithm.py

@@ -0,0 +1,164 @@
+# -*- coding: utf-8 -*-
+
+import enum
+import six
+
+import attr
+
+from cryptodatahub.common.grade import (
+    AttackType,
+    Grade,
+    GradeableComplex,
+    GradeableVulnerabilities,
+    Vulnerability,
+)
+from cryptodatahub.common.types import (
+    CryptoDataEnumBase,
+    CryptoDataEnumOIDBase,
+    CryptoDataParamsEnumString,
+    CryptoDataParamsNamed,
+    CryptoDataParamsOIDOptional,
+    convert_enum,
+)
+
+
+@attr.s(frozen=True)
+class AuthenticationParams(CryptoDataParamsOIDOptional, GradeableVulnerabilities):
+    anonymous = attr.ib(validator=attr.validators.instance_of(bool))
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'authentication'
+
+
+@attr.s(frozen=True)
+class BlockCipherParams(CryptoDataParamsNamed, GradeableVulnerabilities):
+    key_size = attr.ib(validator=attr.validators.instance_of(int))
+    block_size = attr.ib(validator=attr.validators.optional(attr.validators.instance_of(int)))
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'block cipher'
+
+
+@attr.s(frozen=True)
+class BlockCipherModeParams(CryptoDataParamsNamed, GradeableVulnerabilities):
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'block cipher mode'
+
+
+@attr.s(frozen=True)
+class HashParams(CryptoDataParamsOIDOptional, GradeableVulnerabilities):
+    digest_size = attr.ib(validator=attr.validators.instance_of(int))
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'hash'
+
+
+@attr.s(frozen=True)
+class KeyExchangeParams(CryptoDataParamsNamed, GradeableVulnerabilities):
+    forward_secret = attr.ib(validator=attr.validators.instance_of(bool))
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'key exchange'
+
+
+NamedGroupType = enum.Enum('NamedGroupType', 'ELLIPTIC_CURVE FINITE_FIELD HYBRID_PQS')
+
+
+@attr.s(frozen=True)
+class NamedGroupParams(CryptoDataParamsOIDOptional, GradeableVulnerabilities):
+    size = attr.ib(validator=attr.validators.instance_of(int))
+    group_type = attr.ib(
+        converter=convert_enum(NamedGroupType),
+        validator=attr.validators.instance_of(NamedGroupType),
+    )
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'named group'
+
+
+Authentication = CryptoDataEnumOIDBase('Authentication', CryptoDataEnumOIDBase.get_json_records(AuthenticationParams))
+BlockCipher = CryptoDataEnumBase('BlockCipher', CryptoDataEnumBase.get_json_records(BlockCipherParams))
+BlockCipherMode = CryptoDataEnumBase('BlockCipherMode', CryptoDataEnumBase.get_json_records(BlockCipherModeParams))
+Hash = CryptoDataEnumOIDBase('Hash', CryptoDataEnumOIDBase.get_json_records(HashParams))
+KeyExchange = CryptoDataEnumBase('KeyExchange', CryptoDataEnumBase.get_json_records(KeyExchangeParams))
+NamedGroup = CryptoDataEnumOIDBase('NamedGroup', CryptoDataEnumOIDBase.get_json_records(NamedGroupParams))
+
+
+@attr.s(frozen=True)
+class MACParams(CryptoDataParamsOIDOptional, GradeableVulnerabilities):
+    digest_size = attr.ib(validator=attr.validators.optional(attr.validators.instance_of(int)))
+    hash_algorithm = attr.ib(validator=attr.validators.optional(attr.validators.instance_of((Hash, six.string_types))))
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'MAC'
+
+    def __attrs_post_init__(self):
+        if (self.digest_size is None) == (self.hash_algorithm is None):
+            raise ValueError()
+
+        if isinstance(self.hash_algorithm, six.string_types):
+            object.__setattr__(self, 'hash_algorithm', Hash[self.hash_algorithm])
+
+        if self.digest_size is None:
+            object.__setattr__(self, 'digest_size', self.hash_algorithm.value.digest_size)
+
+        attr.validate(self)
+
+
+MAC = CryptoDataEnumOIDBase('MAC', CryptoDataEnumOIDBase.get_json_records(MACParams))
+
+
+@attr.s(frozen=True)
+class MACModeParams(CryptoDataParamsEnumString, GradeableVulnerabilities):
+    name = attr.ib(validator=attr.validators.instance_of(six.string_types))
+
+    @classmethod
+    def get_gradeable_name(cls):
+        return 'MAC mode'
+
+
+class MACMode(enum.Enum):
+    ENCRYPT_THEN_MAC = MACModeParams(
+        code='encrypt_then_mac',
+        name='encrypt then MAC',
+        vulnerabilities=[],
+    )
+    ENCRYPT_AND_MAC = MACModeParams(
+        code='encrypt_and_mac',
+        name='encrypt and MAC',
+        vulnerabilities=[
+            Vulnerability(attack_type=AttackType.FORGERY_ATTACK, grade=Grade.WEAK, named=None),
+        ],
+    )
+    MAC_THEN_ENCRYP = MACModeParams(
+        code='mac_then_encrypt',
+        name='MAC then encrypt',
+        vulnerabilities=[],
+    )
+
+
+@attr.s(frozen=True)
+class SignatureParams(CryptoDataParamsOIDOptional, GradeableComplex):
+    key_type = attr.ib(
+        converter=convert_enum(Authentication),
+        validator=attr.validators.instance_of(Authentication),
+    )
+    hash_algorithm = attr.ib(
+        converter=convert_enum(Hash),
+        validator=attr.validators.optional(attr.validators.instance_of(Hash)),
+    )
+
+    def __attrs_post_init__(self):
+        object.__setattr__(self, 'gradeables', [self.hash_algorithm.value])
+
+        attr.validate(self)
+
+
+Signature = CryptoDataEnumOIDBase('Signature', CryptoDataEnumOIDBase.get_json_records(SignatureParams))

cryptodatahub/common/attack-named.json

@@ -0,0 +1,74 @@
+{
+    "CRIME": {
+        "name": "CRIME",
+        "long_name": "Compression Ratio Info-leak Made Easy",
+        "grade": "WEAK",
+        "attack_type": "COMPRESSION_ORACLE"
+    },
+    "DHEAT_ATTACK": {
+        "name": "D(HE)at attack",
+        "long_name": null,
+        "grade": "WEAK",
+        "attack_type": "DOS_ATTACK"
+    },
+    "DROWN_ATTACK": {
+        "name": "DROWN",
+        "long_name": "Decrypting RSA with Obsolete and Weakened eNcryption",
+        "grade": "INSECURE",
+        "attack_type": "MITM"
+    },
+    "EXPORT_GRADE": {
+        "name": "export-grade",
+        "long_name": null,
+        "grade": "INSECURE",
+        "attack_type": "MITM"
+    },
+    "FREAK": {
+        "name": "FREAK",
+        "long_name": "Factoring RSA Export Keys",
+        "grade": "INSECURE",
+        "attack_type": "MITM"
+    },
+    "LUCKY13": {
+        "name": "Lucky Thirteen attack",
+        "long_name": null,
+        "grade": "DEPRECATED",
+        "attack_type": "TIMING"
+    },
+    "NOFS": {
+        "name": "non-forward secret",
+        "long_name": null,
+        "grade": "DEPRECATED",
+        "attack_type": "MITM"
+    },
+    "NOMORE": {
+        "name": "NOMORE attack",
+        "long_name": "Numerous Occurrence MOnitoring & Recovery Exploit",
+        "grade": "INSECURE",
+        "attack_type": null
+    },
+    "POODLE": {
+        "name": "POODLE",
+        "long_name": "Padding Oracle On Downgraded Legacy Encryption",
+        "grade": "INSECURE",
+        "attack_type": "PADDING_ORACLE"
+    },
+    "SWEET32": {
+        "name": "Sweet32",
+        "long_name": null,
+        "grade": "INSECURE",
+        "attack_type": "BIRTHDAY"
+    },
+    "SHATTERED": {
+        "name": "SHAttered attack",
+        "long_name": null,
+        "grade": "INSECURE",
+        "attack_type": "COLLISION"
+    },
+    "WEAK_DH": {
+        "name": "weak DH",
+        "long_name": "weak Diffie-Hellman",
+        "grade": "INSECURE",
+        "attack_type": "INTEGER_FACTORIZATION"
+    }
+}

cryptodatahub/common/attack-type.json

@@ -0,0 +1,58 @@
+{
+    "BIRTHDAY": {
+        "name": "birthday attack",
+        "long_name": null
+    },
+    "BRUTE_FORCE": {
+        "name": "brute-force attack",
+        "long_name": null
+    },
+    "CHOSEN_PLAINTEXT_ATTACK": {
+        "name": "chosen-plaintext attack",
+        "long_name": null
+    },
+    "COLLISION": {
+        "name": "collision attack",
+        "long_name": null
+    },
+    "COMPRESSION_ORACLE": {
+        "name": "compression oracle attack",
+        "long_name": null
+    },
+    "DOS_ATTACK": {
+        "name": "(D)DoS attack",
+        "long_name": "(distributed) denial-of-service attack"
+    },
+    "DISCRETE_LOGARITHM": {
+        "name": "discrete logarithm",
+        "long_name": null
+    },
+    "FORGERY_ATTACK": {
+        "name": "forgery attack",
+        "long_name": null
+    },
+    "INTEGER_FACTORIZATION": {
+        "name": "integer factorization",
+        "long_name": null
+    },
+    "MITM": {
+        "name": "MITM attack",
+        "long_name": "man-in-the-middle attack"
+    },
+    "PADDING_ORACLE": {
+        "name": "padding oracle attack",
+        "long_name": null
+    },
+    "REUSED_KEY_ATTACK": {
+        "name": "reused key attack",
+        "long_name": null
+    },
+    "SNIFFING": {
+        "name": "sniffing attack",
+        "long_name": null
+    },
+    "TIMING": {
+        "name": "timing attack",
+        "long_name": null
+    }
+}

cryptodatahub/common/authentication.json

@@ -0,0 +1,113 @@
+{
+    "ANONYMOUS": {
+        "name": "anon",
+        "long_name": "anonymous",
+        "oid": null,
+        "vulnerabilities": [
+            {
+                "attack_type": "MITM",
+                "grade": "INSECURE",
+                "named": null
+            }
+        ],
+        "anonymous": true
+    },
+    "DSS": {
+        "name": "DSS",
+        "long_name": "Digital Signature Standard",
+        "oid": "1.2.840.10040.4.1",
+        "vulnerabilities": [],
+        "anonymous": false
+    },
+    "ECDSA": {
+        "name": "ECDSA",
+        "long_name": "Elliptic Curve Digital Signature Algorithm",
+        "oid": "1.2.840.10045.2.1",
+        "vulnerabilities": [],
+        "anonymous": false
+    },
+    "FORTEZZA": {
+        "name": "Fortezza",
+        "long_name": null,
+        "oid": null,
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "GOST2814789": {
+        "name": "GOST 28147-89",
+        "long_name": null,
+        "oid": "1.2.643.2.2.21",
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "GOST_R3410_01": {
+        "name": "GOST R 34.10-2001",
+        "long_name": null,
+        "oid": "1.2.643.2.2.19",
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "GOST_R3410_12_256": {
+        "name": "GOST R 34.10-2012 (256)",
+        "long_name": null,
+        "oid": "1.2.643.7.1.1.1.1",
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "GOST_R3410_12_512": {
+        "name": "GOST R 34.10-2012 (512)",
+        "long_name": null,
+        "oid": "1.2.643.7.1.1.1.2",
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "GOST_R3410_94": {
+        "name": "GOST R 34.10-94",
+        "long_name": null,
+        "oid": "1.2.643.2.2.20",
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "KRB5": {
+        "name": "KRB5",
+        "long_name": "Kerberos V5",
+        "oid": null,
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "PSK": {
+        "name": "PSK",
+        "long_name": "Pre-shared Key",
+        "oid": null,
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "RSA": {
+        "name": "RSA",
+        "long_name": "Rivest-Shamir-Adleman",
+        "oid": "1.2.840.113549.1.1.1",
+        "vulnerabilities": [],
+        "anonymous": false
+    },
+    "SRP": {
+        "name": "SRP",
+        "long_name": "Secure Remote Password",
+        "oid": null,
+        "vulnerabilities": null,
+        "anonymous": false
+    },
+    "EDDSA": {
+        "name": "EDDSA",
+        "long_name": "Edwards-curve Digital Signature Algorithm",
+        "oid": null,
+        "vulnerabilities": [],
+        "anonymous": false
+    },
+    "XMSS": {
+        "name": "XMSS",
+        "long_name": "eXtended Merkle Signature Scheme",
+        "oid": null,
+        "vulnerabilities": [],
+        "anonymous": false
+    }
+}

cryptodatahub/common/block-cipher-mode.json

@@ -0,0 +1,75 @@
+{
+    "CBC": {
+        "name": "CBC",
+        "long_name": "cipher block chaining",
+        "vulnerabilities": [
+            {
+                "attack_type": "PADDING_ORACLE",
+                "grade": "WEAK",
+                "named": "POODLE"
+            }
+        ]
+    },
+    "CCM": {
+        "name": "CCM",
+        "long_name": "counter with CBC-MAC",
+        "vulnerabilities": []
+    },
+    "CCM_8": {
+        "name": "CCM-8",
+        "long_name": "counter with CBC-MAC (8)",
+        "vulnerabilities": []
+    },
+    "CFB": {
+        "name": "CFB",
+        "long_name": "cipher feedback",
+        "vulnerabilities": null
+    },
+    "CNT": {
+        "name": "CNT",
+        "long_name": "GOST counter",
+        "vulnerabilities": null
+    },
+    "CTR": {
+        "name": "CTR",
+        "long_name": "counter",
+        "vulnerabilities": []
+    },
+    "ECB": {
+        "name": "ECB",
+        "long_name": "electronic codebook",
+        "vulnerabilities": [
+            {
+                "attack_type": "CHOSEN_PLAINTEXT_ATTACK",
+                "grade": "INSECURE",
+                "named": null
+            }
+        ]
+    },
+    "EAX": {
+        "name": "EAX",
+        "long_name": "encrypt-then-authenticate-then-translate",
+        "vulnerabilities": null
+    },
+    "GCM": {
+        "name": "GCM",
+        "long_name": "Galois/counter mode",
+        "vulnerabilities": []
+    },
+    "MGM": {
+        "name": "MGM",
+        "long_name": "GOST Magma",
+        "vulnerabilities": null
+    },
+    "OFB": {
+        "name": "OFB",
+        "long_name": "output feedback",
+        "vulnerabilities": [
+            {
+                "attack_type": "REUSED_KEY_ATTACK",
+                "grade": "WEAK",
+                "named": null
+            }
+        ]
+    }
+}