CipherWithNoIntegrityDetector throws exception on algorithm-only cipher lookups

[ThrawnCA]

javax.crypto.Cipher.getInstance permits lookups using only the algorithm name; however, CipherWithNoIntegrityDetector expects a slash to be present in the argument, leading to an ArrayIndexOutOfBoundsException at line 94 when code like the following is used:

Cipher cipher = Cipher.getInstance("RSA");

 [java]   Exception analyzing TokenEncryptor using detector com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
 [java]     java.lang.ArrayIndexOutOfBoundsException: 1
 [java]       At com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector.sawOpcode(CipherWithNoIntegrityDetector.java:94)
 [java]       At edu.umd.cs.findbugs.visitclass.DismantleBytecode.visit(DismantleBytecode.java:883)
 [java]       At edu.umd.cs.findbugs.visitclass.BetterVisitor.visitCode(BetterVisitor.java:218)
 [java]       At edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitCode(PreorderVisitor.java:229)
 [java]       At edu.umd.cs.findbugs.bcel.OpcodeStackDetector.visitCode(OpcodeStackDetector.java:63)
 [java]       At org.apache.bcel.classfile.Code.accept(Code.java:135)
 [java]       At edu.umd.cs.findbugs.visitclass.PreorderVisitor.doVisitMethod(PreorderVisitor.java:301)
 [java]       At edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitJavaClass(PreorderVisitor.java:389)
 [java]       At org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:215)
 [java]       At edu.umd.cs.findbugs.BytecodeScanningDetector.visitClassContext(BytecodeScanningDetector.java:38)
 [java]       At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
 [java]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089)
 [java]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283)
 [java]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:402)
 [java]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1200)

[h3xstream]

It should be fix. You can test it with the latest version or wait a week or two for the new release.

[ThrawnCA]

New version fixes it, thanks.

According to the comments, though, RSA/ECB/* ciphers are OK, and yet this detector rejects them?

[h3xstream]

This means there is a bug and a test case is missing.
I'll look at it.

[ThrawnCA]

Our affected code is a Guice module that looks like this:

public class CryptographyModule implements Module {

    private static final String JCE_PROVIDER_BOUNCY_CASTLE = "BC";

    @Retention(RetentionPolicy.RUNTIME)
    @BindingAnnotation
    public @interface Rsa {
        String CIPHER = "RSA/NONE/OAEPWithSHA256AndMGF1Padding";
    }

    public void configure(Binder binder) {
        checkBouncyCastleIsInstalled(binder);

        binder.bind(EncryptionStrategy.class).annotatedWith(Rsa.class).to(RsaEncryptionStrategy.class)
                .in(Scopes.SINGLETON);
    }

    public void checkBouncyCastleIsInstalled(Binder binder) {
        try {
            Cipher.getInstance(Rsa.CIPHER, JCE_PROVIDER_BOUNCY_CASTLE);
        } catch (GeneralSecurityException e) {
            binder.addError("cannot find the required cryptography extensions, is bouncy castle installed?", e);
        }
    }
}

Changing the mode to ECB didn't help (and ECB isn't really a recommended mode anyway; what does the 'NONE' mode do?).

[ThrawnCA]

I would be happy to help with this, but I'm not entirely clear on which RSA ciphers are in fact safe.

I notice, however, that the 'no padding' bug description suggests that 'RSA/ECB/OAEPWithMD5AndMGF1Padding' is a good choice.

[h3xstream]

The detector that trigger ECB mode usage target Symetric cipher only. The RSA/ECB/* is a false positive for this detector.

The only weak RSA cipher that I am aware is the RSA/None/NoPadding which is cover by another detector.

The fix
The missing test case have proven once more that it is easy to do placebo fix.
I have create a test case with a sample identical to your code.

[ThrawnCA]

We're still seeing this bug detector fire on our code, along with the EcbModeDetector.