csharp.dotnet.security.use_weak_rsa_encryption_padding.use_weak_rsa_encryption_padding

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

You are using the outdated PKCS#1 v1.5 encryption padding for your RSA key. Use the OAEP padding instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: use_weak_rsa_encryption_padding
    message: You are using the outdated PKCS#1 v1.5 encryption padding for your RSA
      key. Use the OAEP padding instead.
    severity: WARNING
    metadata:
      likelihood: HIGH
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe:
        - "CWE-780: Use of RSA Algorithm without OAEP"
      owasp:
        - A02:2021 - Cryptographic Failures
      references:
        - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.rsapkcs1keyexchangeformatter
        - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.rsaoaepkeyexchangeformatter
        - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.rsapkcs1keyexchangedeformatter
        - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.rsaoaepkeyexchangedeformatter
      subcategory:
        - vuln
      technology:
        - .net
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Cryptographic Issues
    languages:
      - csharp
    pattern-either:
      - pattern: (RSAPKCS1KeyExchangeFormatter $FORMATER).CreateKeyExchange(...);
      - pattern: (RSAPKCS1KeyExchangeDeformatter $DEFORMATER).DecryptKeyExchange(...);

Examples

use_weak_rsa_encryption_padding.cs

using System;
using System.Security.Cryptography;
					
public class RSAEncryption
{
	public static void EncryptWithBadPadding1()
	{
		RSA key = RSA.Create();
		byte[] msg = new byte[16];
		Type t = typeof(byte[]);
		RSAPKCS1KeyExchangeFormatter formatter = new RSAPKCS1KeyExchangeFormatter(key);
		//ruleid: use_weak_rsa_encryption_padding
		byte[] cipherText = formatter.CreateKeyExchange(msg, t);
	}
	
	public static void DecryptWithBadPadding()
	{
		RSA key = RSA.Create();
		byte[] ciphertext = new byte[16];
		var deformatter = new RSAPKCS1KeyExchangeDeformatter(key);
		//ruleid: use_weak_rsa_encryption_padding
		var plaintext = deformatter.DecryptKeyExchange(ciphertext);
	}

	public static void EncryptWithBadPadding2()
	{
		RSA key = RSA.Create();
		byte[] msg = new byte[16];
		var formatter = new RSAPKCS1KeyExchangeFormatter(key);
		//ruleid: use_weak_rsa_encryption_padding
		byte[] cipherText = formatter.CreateKeyExchange(msg);
	}

	public static void EncryptWithGoodPadding1()
	{
		RSA key = RSA.Create();
		byte[] msg = new byte[16];
		Type t = typeof(byte[]);
		AsymmetricKeyExchangeFormatter formatter = new RSAOAEPKeyExchangeFormatter(key);
		//ok: use_weak_rsa_encryption_padding
		byte[] cipherText = formatter.CreateKeyExchange(msg, t);
	}
	
	public static void EncryptWithGoodPadding2()
	{
		RSA key = RSA.Create();
		byte[] msg = new byte[16];
		AsymmetricKeyExchangeFormatter formatter = new RSAOAEPKeyExchangeFormatter(key);
		//ok: use_weak_rsa_encryption_padding
		byte[] cipherText = formatter.CreateKeyExchange(msg);
	}

	public static void DecryptWithGoodPadding()
	{
		RSA key = RSA.Create();
		byte[] ciphertext = new byte[16];
		var deformatter = new RSAOAEPKeyExchangeDeformatter(key);
		//ok: use_weak_rsa_encryption_padding
		var plaintext = deformatter.DecryptKeyExchange(ciphertext);
	}

	
	public static void Main(string[] args){
	}
}