MASTG-TEST-0307: References to Asymmetric Key Pairs Used For Multiple Purposes

Overview¶

According to section "5.2 Key Usage" ofNIST SP 800-57 part 1 revision 5, cryptographic keys should be assigned a specific purpose and used only for that purpose (e.g., encryption, integrity authentication, key wrapping, random bit generation, or digital signatures). For example, a key intended for encryption should not be used for signing.

On Android, asymmetric keys are commonly generated withjava.security.KeyPairGenerator configured throughandroid.security.keystore.KeyGenParameterSpec.

TheKeyGenParameterSpec.Builder constructor has two arguments: thekeystoreAlias andpurposes, a bitmask of allowed operations documented inandroid.security.keystore.KeyProperties.

• KeyProperties.PURPOSE_SIGN
• KeyProperties.PURPOSE_VERIFY
• KeyProperties.PURPOSE_ENCRYPT
• KeyProperties.PURPOSE_DECRYPT
• KeyProperties.PURPOSE_WRAP_KEY

Steps¶

1. Run static analysis ( Static Analysis on Android) on the app and look for key generation code for asymmetric keys.

Observation¶

The output should contain a list of locations where asymmetric keys are created usingKeyGenParameterSpec.Builder and the associated purposes.

Evaluation¶

The test case fails if you find any keys used for multiple roles (groups of purposes).

Using the output, ensure that each key pair is restricted to exactlyone of the following roles:

• Encryption/Decryption (PURPOSE_ENCRYPT /PURPOSE_DECRYPT)
• Signing/Verification (PURPOSE_SIGN /PURPOSE_VERIFY)
• Key Wrapping (PURPOSE_WRAP_KEY)

When reverse engineering the app, you will find the previously mentioned purpose constants combined into a single integer value. For example, a purpose value of15 combines all four purposes, which is not acceptable:

(PURPOSE_ENCRYPT = 1) | (PURPOSE_DECRYPT = 2) | (PURPOSE_SIGN = 4) | (PURPOSE_VERIFY = 8) = 15

Acceptable purpose combinations are:

• (PURPOSE_ENCRYPT = 1) = 1
• (PURPOSE_DECRYPT = 2) = 2
• (PURPOSE_SIGN = 4) = 4
• (PURPOSE_VERIFY = 8) = 8
• PURPOSE_WRAP_KEY = 32
• (PURPOSE_ENCRYPT = 1) | (PURPOSE_DECRYPT = 2) = 3
• (PURPOSE_SIGN = 4) | (PURPOSE_VERIFY = 8) = 12

Demos¶

MASTG-DEMO-0071: References to Asymmetric Key Pairs Used For Multiple Purposes with Semgrep