Merge pull request #710 from mzcu/add-gcm-siv

Add GCM-SIV to authenticated cipher mode list

findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/crypto/CipherWithNoIntegrityDetector.java

@@ -62,7 +62,7 @@ public class CipherWithNoIntegrityDetector extends OpcodeStackDetector {
     private static final String PADDING_ORACLE_TYPE = "PADDING_ORACLE";
     private static final String CIPHER_INTEGRITY_TYPE = "CIPHER_INTEGRITY";
 
-    private static final Pattern AUTHENTICATED_CIPHER_MODES = Pattern.compile(".*/(CCM|CWC|OCB|EAX|GCM)/.*");
+    private static final Pattern AUTHENTICATED_CIPHER_MODES = Pattern.compile(".*/(CCM|CWC|OCB|EAX|GCM(-SIV)?)/.*");
     private static final Pattern INSECURE_ECB_MODES = Pattern.compile("(AES|DES(ede)?)(/ECB/.*)?");
 
     private final BugReporter bugReporter;

findsecbugs-plugin/src/test/java/com/h3xstream/findsecbugs/crypto/CipherWithNoIntegrityDetectorTest.java

@@ -61,7 +61,7 @@ public void detectNoIntegrity() throws Exception {
                 .build()
         );
 
-        List<Integer> linesNoIntegrity = Arrays.asList(9, 10, 11, 12, 21);
+        List<Integer> linesNoIntegrity = Arrays.asList(9, 10, 11, 12, 22);
         for (Integer line : linesNoIntegrity) {
             verify(reporter).doReportBug(
                     bugDefinition()

findsecbugs-samples-java/src/test/java/testcode/crypto/CipherNoIntegrity.java

@@ -14,6 +14,7 @@ public static void main(String[] args) throws Exception {
         Cipher.getInstance("RSA/ECB/PKCS1Padding"); // ok
         Cipher.getInstance(args[0]); // ok
         Cipher.getInstance("ECIES"); // ok this is elliptic curve
+        Cipher.getInstance("AES/GCM-SIV/NoPadding"); // ok
     }
 
     private Cipher cipher;