mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
26 lines
1 KiB
Java
26 lines
1 KiB
Java
// Phase 11 (Track J.9) — Java CRYPTO vuln fixture.
|
|
//
|
|
// Models a config-driven crypto endpoint that picks the RNG based on
|
|
// the request payload — `*_WEAK` routes through `java.util.Random`
|
|
// (a non-CSPRNG, seeded from the payload hash, returning a 16-bit
|
|
// key) and `*_STRONG` routes through `java.security.SecureRandom`
|
|
// (a CSPRNG, returning 32 bytes). This shape is needed by the
|
|
// differential runner: the vuln-payload attempt and the benign-
|
|
// control attempt both load the same fixture, and only the payload-
|
|
// routed weak branch trips the `WeakKeyEntropy` predicate.
|
|
import java.util.Random;
|
|
import java.security.SecureRandom;
|
|
|
|
public class Vuln {
|
|
public static byte[] run(String value) {
|
|
if (value != null && value.contains("STRONG")) {
|
|
byte[] key = new byte[32];
|
|
new SecureRandom().nextBytes(key);
|
|
return key;
|
|
}
|
|
Random r = new Random(value == null ? 0L : (long) value.hashCode());
|
|
byte[] key = new byte[2];
|
|
r.nextBytes(key);
|
|
return key;
|
|
}
|
|
}
|