Port MASTG-TEST-0014: Testing the Configuration of Cryptographic Standard Algorithms (android) (by @guardsquare) #3064
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
hey @nmsa, any news on this draft? |
|
I am working on it, but as we talked the last time, the scope is a bit large so it will originate many atomic tests. |
|
Sounds great, thank you @nmsa! |
cpholguera
changed the title
The test was called "Testing the Configuration of Cryptographic Standard Algorithms", which has a very broad scope. It is being decompoed into atomic tests, which are in different phases of preparation, as follows: Weak Hashing Algorithms -- to be reviewed Hardcoded Initialization Vectors -- to be reviewed Reused Initialization Vectors -- to be reviewed Predictable Initialization Vectors -- to be reviewed Weak Padding -- to be reviewed Weak Message Authentication Codes (MAC) Algorithms -- initial version, needs work Weak Signature Algorithms -- only placeholder Improper Verification of Cryptographic Signature -- only placeholder
|
Hi @nmsa should we take this out of draft? Is it ready for review? |
cpholguera
reviewed
Apr 1, 2025
|
|
||
| The test case fails if you can find [insecure or deprecated](../../../Document/0x04g-Testing-Cryptography.md#Identifying-Insecure-and/or-Deprecated-Cryptographic-Algorithms) hashing algorithms being used in a security sensitive scenario. | ||
|
|
||
| ## References |
There was a problem hiding this comment.
Please remove these "References" sections from all files and ensure the links are inlined in the text.
There was a problem hiding this comment.
If necessary, the automation will create the references sections automatically
The test was called "Testing the Configuration of Cryptographic Standard Algorithms", which has a very broad scope. It was decompoed into atomic tests, which are in different phases of preparation, as follows: - [X] Weak Hashing Algorithms `MASTG-TEST-0x14-1` - [X] Hardcoded Initialization Vectors `MASTG-TEST-0x14-22-1` - [X] Reused Initialization Vectors `MASTG-TEST-0x14-22-2` - [X] Predictable Initialization Vectors `MASTG-TEST-0x14-22-3` - [X] Weak Padding `MASTG-TEST-0x14-23` - [X] Weak Message Authentication Codes (MAC) Algorithms `MASTG-TEST-0x14-24` - [X] Weak Signature Algorithms `MASTG-TEST-0x14-25` - [X] Improper Verification of Cryptographic Signature `MASTG-TEST-0x14-26`
|
@cpholguera available for your review. |
cpholguera
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR closes #2949