This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions

View file

@ -0,0 +1,12 @@
// Phase 11 (Track J.9) — Go CRYPTO benign control fixture.
//
// Uses crypto/rand.Read (a CSPRNG) for key derivation.
package benign
import "crypto/rand"
func Run(_ string) []byte {
buf := make([]byte, 32)
_, _ = rand.Read(buf)
return buf
}

View file

@ -0,0 +1,27 @@
// Phase 11 (Track J.9) — Go CRYPTO vuln fixture.
//
// Models a config-driven crypto endpoint that picks the RNG based on
// the request payload — `*_WEAK` routes through math/rand.Intn (a
// non-CSPRNG, returning a 16-bit key) and `*_STRONG` routes through
// crypto/rand.Read (a CSPRNG, returning the leading 63 bits of an 8-
// byte read). This shape is needed by the differential runner: the
// vuln-payload attempt and the benign-control attempt both load the
// same fixture, and only the payload-routed weak branch trips the
// `WeakKeyEntropy` predicate.
package vuln
import (
crand "crypto/rand"
"encoding/binary"
mrand "math/rand"
"strings"
)
func Run(value string) int {
if strings.Contains(value, "STRONG") {
var buf [8]byte
_, _ = crand.Read(buf[:])
return int(binary.BigEndian.Uint64(buf[:]) >> 1)
}
return mrand.Intn(0x10000)
}

View file

@ -0,0 +1,14 @@
// Phase 11 (Track J.9) Java CRYPTO benign control fixture.
//
// Uses java.security.SecureRandom (a CSPRNG) for key derivation, so
// the produced 256-bit key trivially exceeds the 16-bit weak budget.
import java.security.SecureRandom;
public class Benign {
public static byte[] run(String _unused) {
SecureRandom r = new SecureRandom();
byte[] key = new byte[32];
r.nextBytes(key);
return key;
}
}

View file

@ -0,0 +1,26 @@
// Phase 11 (Track J.9) Java CRYPTO vuln fixture.
//
// Models a config-driven crypto endpoint that picks the RNG based on
// the request payload `*_WEAK` routes through `java.util.Random`
// (a non-CSPRNG, seeded from the payload hash, returning a 16-bit
// key) and `*_STRONG` routes through `java.security.SecureRandom`
// (a CSPRNG, returning 32 bytes). This shape is needed by the
// differential runner: the vuln-payload attempt and the benign-
// control attempt both load the same fixture, and only the payload-
// routed weak branch trips the `WeakKeyEntropy` predicate.
import java.util.Random;
import java.security.SecureRandom;
public class Vuln {
public static byte[] run(String value) {
if (value != null && value.contains("STRONG")) {
byte[] key = new byte[32];
new SecureRandom().nextBytes(key);
return key;
}
Random r = new Random(value == null ? 0L : (long) value.hashCode());
byte[] key = new byte[2];
r.nextBytes(key);
return key;
}
}

View file

@ -0,0 +1,7 @@
<?php
// Phase 11 (Track J.9) — PHP CRYPTO benign control fixture.
//
// Uses `random_bytes(32)` (a CSPRNG) for key derivation.
function run($_value) {
return random_bytes(32);
}

View file

@ -0,0 +1,17 @@
<?php
// Phase 11 (Track J.9) — PHP CRYPTO vuln fixture.
//
// Models a config-driven crypto endpoint that picks the RNG based on
// the request payload — `*_WEAK` routes through `mt_rand(0, 0xFFFF)`
// (a non-CSPRNG) and `*_STRONG` routes through `random_bytes(32)`
// (a CSPRNG). This shape is needed by the differential runner: the
// vuln-payload attempt and the benign-control attempt both load the
// same fixture, and only the payload-routed weak branch trips the
// `WeakKeyEntropy` predicate.
function run($value) {
$s = is_string($value) ? $value : strval($value);
if (strpos($s, "STRONG") !== false) {
return random_bytes(32);
}
return mt_rand(0, 0xFFFF);
}

View file

@ -0,0 +1,9 @@
# Phase 11 (Track J.9) — Python CRYPTO benign control fixture.
#
# Uses `secrets.token_bytes(32)` (a CSPRNG) so the produced key
# trivially exceeds the weak budget.
import secrets
def run(_value):
return secrets.token_bytes(32)

View file

@ -0,0 +1,23 @@
# Phase 11 (Track J.9) — Python CRYPTO vuln fixture.
#
# Models a config-driven crypto endpoint that picks the RNG based on
# the request payload — `*_WEAK` routes through `random.randint(0, 0xFFFF)`
# (a non-CSPRNG) and `*_STRONG` routes through `secrets.token_bytes(32)`
# (a CSPRNG). This shape is needed by the differential runner: the
# vuln-payload attempt and the benign-control attempt both load the same
# fixture, and only the payload-routed weak branch trips the
# `WeakKeyEntropy` predicate. Real-world analogue: a JWT-signing or
# session-token endpoint that exposes an `algorithm`/`key_strength`
# knob whose weak setting falls back to a non-CSPRNG seed.
import random
import secrets
def run(value):
if isinstance(value, (bytes, bytearray)):
value = value.decode("utf-8", "replace")
elif not isinstance(value, str):
value = str(value)
if "STRONG" in value:
return secrets.token_bytes(32)
return random.randint(0, 0xFFFF)

View file

@ -0,0 +1,11 @@
// Phase 11 (Track J.9) — Rust CRYPTO benign control fixture.
//
// Uses `rand::rngs::OsRng` (a CSPRNG) for key derivation.
use rand::rngs::OsRng;
use rand::RngCore;
pub fn run(_value: &str) -> [u8; 32] {
let mut key = [0u8; 32];
OsRng.fill_bytes(&mut key);
key
}

View file

@ -0,0 +1,27 @@
// Phase 11 (Track J.9) — Rust CRYPTO vuln fixture.
//
// Models a config-driven crypto endpoint that picks the RNG based on
// the request payload — `*_WEAK` routes through `rand::thread_rng`
// truncated to 16 bits (a non-CSPRNG configuration) and `*_STRONG`
// routes through `rand::rngs::OsRng` (a CSPRNG). Both branches return
// `[u8; 8]` so the harness's `NyxKeyToInt` reducer treats them
// uniformly. The weak branch zero-pads the 16-bit value into the low
// two bytes, leaving `nyx_bytes_to_key_int` to read it back as a small
// big-endian `u64` that trips the `WeakKeyEntropy` predicate; the
// strong branch fills all eight bytes from the CSPRNG so the reduced
// `u64` overshoots the 16-bit budget.
use rand::Rng;
use rand::RngCore;
use rand::rngs::OsRng;
pub fn run(value: &str) -> [u8; 8] {
let mut key = [0u8; 8];
if value.contains("STRONG") {
OsRng.fill_bytes(&mut key);
} else {
let weak = rand::thread_rng().gen_range(0..=0xFFFFu16);
key[6] = (weak >> 8) as u8;
key[7] = (weak & 0xFF) as u8;
}
key
}