codyze icon indicating copy to clipboard operation
codyze copied to clipboard

Published 20 hours ago verified publisher icon Fraunhofer-AISEC

Duplicate conditions in MARK rules

Open shahrzadav opened this issue 3 years ago • 0 comments

In the following rule from the Bouncy Castle ruleset, the _is(m.key, kg.key) is mentioned as precondition and condition both. Based on MARK, the condition statement will be examined if a precondition is met. Therefore, it does not make sense to have this condition in both places. Am I missing something here, or is this just a mistake?

rule ID_5_3_02_CMAC_Keygen {
    using
        Mac as m,
        KeyGenerator as kg
    when
        m.algorithm in ["AESCMAC"]
        && _is(m.key, kg.key)
    ensure
        // find a keygenerator of sufficient size
        _is(m.key, kg.key)
        && kg.keysize >= 128
    onfail
        InsufficientCMACKeyLength
}

shahrzadav avatar Dec 29 '21 14:12 shahrzadav