From 8815a974e71f6015e80bd1358599f0cf7fd4952f Mon Sep 17 00:00:00 2001 From: Nuno Antunes Date: Tue, 5 Nov 2024 14:28:24 +0000 Subject: [PATCH 1/5] (DRAFT) Port MASTG-TEST-0015 to v2 Most likely needs to be broken down in some atomic tests, according to what is being checked now: 1. For asymmetric keys is the key pair being used for mutiple activities (e.g. signatures vs encryption) 2. For symmetric keys, are those being used for multiple business purposes? (hard to automate) Case (1.) is easy to automate, (2.) is not so much Then, there are some other checks to be discussed: - are all keys used according to the purpose defined during its creation? (it is relevant to KeyStore keys, which can have KeyProperties defined) <-- the APIs ensure that this is done properly, maybe can be removed - is cryptography used according to its business purpose? <-- To be discussed if it is really different from the remaining --- .../android/MASVS-CRYPTO/MASTG-TEST-0x15.md | 59 +++++++++++++++++++ tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md | 3 + 2 files changed, 62 insertions(+) create mode 100644 tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md diff --git a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md new file mode 100644 index 0000000000..f1d9319e80 --- /dev/null +++ b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md @@ -0,0 +1,59 @@ +--- +platform: android +title: Testing the Purposes of Keys +id: MASTG-TEST-0x15 +type: [static, dynamic] +weakness: MASWE-0012 +--- + +## Overview + +In general, ["a single key or key pair shall be used for only one purpose (e.g., encryption, integrity +authentication, key wrapping, random bit generation, or digital signatures)"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf). +Reusing the same key or key pair for mutiple purposes may weaken its security or increase the impact of one key being compromised. + +This does not apply to the cases where the same process can provide +multiple services e.g., when a single digital signature provides integrity +authentication and source authentication. +Check ["NIST.SP.800-57pt1r5"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) for details. + +## Steps + +1. Use either @MASTG-TECH-0014 or @MASTG-TECH-0033 to identify all the where cryptography is used. +You can look for uses of: + - classes `Cipher`, `Mac`, `MessageDigest`, `Signature` + - interfaces `Key`, `PrivateKey`, `PublicKey`, `SecretKey` + - functions `getInstance`, `generateKey` + - exceptions `KeyStoreException`, `CertificateException`, `NoSuchAlgorithmException` + - classes importing `java.security.*`, `javax.crypto.*`, `android.security.*`, `android.security.keystore.*` + +2. For each identified instance, identify its purpose and its type. It can be used: + - for encryption/decryption - to ensure data confidentiality + - for signing/verifying - to ensure integrity of data (as well as accountability in some cases) + - for maintenance - to protect keys during certain sensitive operations (such as being imported to the KeyStore) + +3. Identify the business logic which uses identified instances of cryptography. + +4. During verification the following checks should be performed: + - are all keys used according to the purpose defined during its creation? (it is relevant to KeyStore keys, which can have KeyProperties defined) + - for asymmetric keys, is the private key being exclusively used for signing and the public key encryption? + - are symmetric keys used for multiple purposes? A new symmetric key should be generated if it's used in a different context. + - is cryptography used according to its business purpose? + +## Observation + +The output should contain a list of location groups where a key or key pair is being used for multiple cryptographic purposes. +The output should contain a list of location groups where a key or key pair is being used for multiple business purposes. + +- are all keys used according to the purpose defined during its creation? (it is relevant to KeyStore keys, which can have KeyProperties defined) +- for asymmetric keys, is the private key being exclusively used for signing and the public key encryption? +- are symmetric keys used for multiple purposes? A new symmetric key should be generated if it's used in a different context. +- is cryptography used according to its business purpose? + +## Evaluation + +The test case fails if (lists before are not empty. TBC after discussion). + +## References + +- [NIST.SP.800 - Recommendation for Key Management (part 1)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) diff --git a/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md b/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md index ec3d5658bb..98882487cd 100644 --- a/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md +++ b/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md @@ -8,6 +8,9 @@ title: Testing the Purposes of Keys masvs_v1_levels: - L1 - L2 +status: deprecated +covered_by: ['MASTG-TEST-0204', 'MASTG-TEST-0205'] +deprecation_reason: New version available in MASTG V2 --- ## Overview From 8c2f738d79659a3e0dde8cfb431e4a80a3114f10 Mon Sep 17 00:00:00 2001 From: Nuno Antunes Date: Tue, 5 Nov 2024 14:51:17 +0000 Subject: [PATCH 2/5] Linter --- tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md index f1d9319e80..96fb429520 100644 --- a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md +++ b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md @@ -8,22 +8,22 @@ weakness: MASWE-0012 ## Overview -In general, ["a single key or key pair shall be used for only one purpose (e.g., encryption, integrity +In general, ["a single key shall be used for only one purpose (e.g., encryption, integrity authentication, key wrapping, random bit generation, or digital signatures)"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf). -Reusing the same key or key pair for mutiple purposes may weaken its security or increase the impact of one key being compromised. +Reusing the same key or key pair for multiple purposes may weaken its security or increase the impact of one key being compromised. This does not apply to the cases where the same process can provide -multiple services e.g., when a single digital signature provides integrity +multiple services, e.g., when a single digital signature provides integrity authentication and source authentication. Check ["NIST.SP.800-57pt1r5"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) for details. ## Steps -1. Use either @MASTG-TECH-0014 or @MASTG-TECH-0033 to identify all the where cryptography is used. +1. Use either @MASTG-TECH-0014 or @MASTG-TECH-0033 to identify all the where cryptography is used. You can look for uses of: - - classes `Cipher`, `Mac`, `MessageDigest`, `Signature` + - classes `Cipher`, `Mac`, `MessageDigest`, `Signature`, `KeyPair` - interfaces `Key`, `PrivateKey`, `PublicKey`, `SecretKey` - - functions `getInstance`, `generateKey` + - functions `getInstance`, `generateKey`, `generateKeyPair` - exceptions `KeyStoreException`, `CertificateException`, `NoSuchAlgorithmException` - classes importing `java.security.*`, `javax.crypto.*`, `android.security.*`, `android.security.keystore.*` From 87e8c89385fa57fa16c65abb1545b562b7f6123a Mon Sep 17 00:00:00 2001 From: Nuno Antunes Date: Tue, 5 Nov 2024 15:00:18 +0000 Subject: [PATCH 3/5] Fix covered_by --- tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md b/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md index 98882487cd..3f536319fc 100644 --- a/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md +++ b/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md @@ -9,7 +9,7 @@ masvs_v1_levels: - L1 - L2 status: deprecated -covered_by: ['MASTG-TEST-0204', 'MASTG-TEST-0205'] +covered_by: ['MASTG-TEST-0x15'] deprecation_reason: New version available in MASTG V2 --- From 0e1869f7e434fec077fe84afd76b4e5e6c8a4e6a Mon Sep 17 00:00:00 2001 From: Nuno Antunes Date: Wed, 6 Nov 2024 15:02:24 +0000 Subject: [PATCH 4/5] Test properly split in two new tests --- .../android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md | 46 +++++++++++++++ .../android/MASVS-CRYPTO/MASTG-TEST-0x15-2.md | 45 ++++++++++++++ .../android/MASVS-CRYPTO/MASTG-TEST-0x15.md | 59 ------------------- tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md | 2 +- 4 files changed, 92 insertions(+), 60 deletions(-) create mode 100644 tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md create mode 100644 tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-2.md delete mode 100644 tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md diff --git a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md new file mode 100644 index 0000000000..da7d12e4cb --- /dev/null +++ b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md @@ -0,0 +1,46 @@ +--- +platform: android +title: Asymmetric key pair used for multiple purposes +id: MASTG-TEST-0x15-1 +type: [static, dynamic] +weakness: MASWE-0012 +--- + +## Overview + +In general, ["a single key shall be used for only one purpose (e.g., encryption, integrity +authentication, key wrapping, random bit generation, or digital signatures)"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf). +In the case of asymmetric encryption, reusing the same key pair for multiple different cryptographic processes (e.g. signatures vs encryption) may weaken the security provided by those processes. + +This does not apply to the cases where the same process can provide multiple services, e.g., when a single digital signature provides integrity authentication and source authentication. +Check ["NIST.SP.800-57pt1r5"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) for details. + +## Steps + +1. Use either @MASTG-TECH-0014 or @MASTG-TECH-0033 to identify all the instance where asymmetric cryptography is used. +You can look for uses of: + - classes `Cipher`, `MessageDigest`, `Signature`, `KeyPair`, `KeyGenParameterSpec` + - interfaces `PrivateKey`, `PublicKey` + - functions `getInstance`, `generateKeyPair` + - exceptions `KeyStoreException`, `CertificateException`, `NoSuchAlgorithmException` + - classes importing `java.security.*`, `javax.crypto.*`, `android.security.*`, `android.security.keystore.*` + +## Observation + +The observation contains all the uses of each public and private keys with backtraces to know the locations of the `KeyPair` object. + +## Evaluation + +Reverse engineer the observed backtraces and try to determine the processes and purposes for which each `KeyPair` object is being used: + +1. For each identified instance, identify the `KeyPair` objects used and how they are created or generated. + +1. For each `PrivateKey` and `PublicKey` identify for which processes it is being used: signing/verification and encryption/decription. + 1. If a `KeyStore` is being used, you should check the [`KeyProperties`](https://developer.android.com/reference/android/security/keystore/KeyProperties) that are being defined in the `KeyPair` generation. + 1. Otherwise, you need to search where the `PrivateKey` and `PublicKey` of each `KeyPair` are being used, and check if they are being used in `Cipher` or `Signature` objects. + +The test case fails if the keys of a `KeyPair` is found being used for two distinct processes (i.e., signatures AND encryption). + +## References + +- [NIST.SP.800 - Recommendation for Key Management (part 1)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) diff --git a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-2.md b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-2.md new file mode 100644 index 0000000000..5d3a19bce8 --- /dev/null +++ b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-2.md @@ -0,0 +1,45 @@ +--- +platform: android +title: Symmetric key used for multiple purposes +id: MASTG-TEST-0x15-2 +type: [static, dynamic] +weakness: MASWE-0012 +--- + +## Overview + +In general, ["a single key shall be used for only one purpose (e.g., encryption, integrity +authentication, key wrapping, random bit generation, or digital signatures)"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf). +Reusing the same key multiple purposes may weaken its security or increase the impact of one key being compromised. + +This does not apply to the cases where the same process can provide multiple services, e.g., a single symmetric key can be used to encrypt and authenticate data in a single operation (one authenticated-encryption operation instead of separate encryption and authentication operations). +Check ["NIST.SP.800-57pt1r5"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) for details. + +## Steps + +1. Use either @MASTG-TECH-0014 or @MASTG-TECH-0033 to identify all the where symmetric cryptography is used. +You can look for uses of: + - classes `Cipher`, `Mac`, + - interfaces `Key`, `SecretKey` + - functions `getInstance`, `generateKey`, `generateKeyPair` + - exceptions `KeyStoreException`, `CertificateException`, `NoSuchAlgorithmException` + - classes importing `java.security.*`, `javax.crypto.*`, `android.security.*`, `android.security.keystore.*` + +## Observation + +The observation contains all the uses of each `Key` object with backtraces to know the locations. + +## Evaluation + +Reverse engineer the observed backtraces and try to determine the "business purpose" for which each `Key` object is being used: + +1. For each identified instance, identify the process for which cryptography is being used: + - for encryption/decryption - to ensure data confidentiality + - for maintenance - to protect keys during certain sensitive operations (such as being imported to the `KeyStore`) +1. Identify the business logic which uses identified instances of cryptography. + +The test case fails if there is a `Key` object that is being used for multiple business purposes. + +## References + +- [NIST.SP.800 - Recommendation for Key Management (part 1)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) diff --git a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md deleted file mode 100644 index 96fb429520..0000000000 --- a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -platform: android -title: Testing the Purposes of Keys -id: MASTG-TEST-0x15 -type: [static, dynamic] -weakness: MASWE-0012 ---- - -## Overview - -In general, ["a single key shall be used for only one purpose (e.g., encryption, integrity -authentication, key wrapping, random bit generation, or digital signatures)"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf). -Reusing the same key or key pair for multiple purposes may weaken its security or increase the impact of one key being compromised. - -This does not apply to the cases where the same process can provide -multiple services, e.g., when a single digital signature provides integrity -authentication and source authentication. -Check ["NIST.SP.800-57pt1r5"](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) for details. - -## Steps - -1. Use either @MASTG-TECH-0014 or @MASTG-TECH-0033 to identify all the where cryptography is used. -You can look for uses of: - - classes `Cipher`, `Mac`, `MessageDigest`, `Signature`, `KeyPair` - - interfaces `Key`, `PrivateKey`, `PublicKey`, `SecretKey` - - functions `getInstance`, `generateKey`, `generateKeyPair` - - exceptions `KeyStoreException`, `CertificateException`, `NoSuchAlgorithmException` - - classes importing `java.security.*`, `javax.crypto.*`, `android.security.*`, `android.security.keystore.*` - -2. For each identified instance, identify its purpose and its type. It can be used: - - for encryption/decryption - to ensure data confidentiality - - for signing/verifying - to ensure integrity of data (as well as accountability in some cases) - - for maintenance - to protect keys during certain sensitive operations (such as being imported to the KeyStore) - -3. Identify the business logic which uses identified instances of cryptography. - -4. During verification the following checks should be performed: - - are all keys used according to the purpose defined during its creation? (it is relevant to KeyStore keys, which can have KeyProperties defined) - - for asymmetric keys, is the private key being exclusively used for signing and the public key encryption? - - are symmetric keys used for multiple purposes? A new symmetric key should be generated if it's used in a different context. - - is cryptography used according to its business purpose? - -## Observation - -The output should contain a list of location groups where a key or key pair is being used for multiple cryptographic purposes. -The output should contain a list of location groups where a key or key pair is being used for multiple business purposes. - -- are all keys used according to the purpose defined during its creation? (it is relevant to KeyStore keys, which can have KeyProperties defined) -- for asymmetric keys, is the private key being exclusively used for signing and the public key encryption? -- are symmetric keys used for multiple purposes? A new symmetric key should be generated if it's used in a different context. -- is cryptography used according to its business purpose? - -## Evaluation - -The test case fails if (lists before are not empty. TBC after discussion). - -## References - -- [NIST.SP.800 - Recommendation for Key Management (part 1)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) diff --git a/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md b/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md index 3f536319fc..189801aad6 100644 --- a/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md +++ b/tests/android/MASVS-CRYPTO/MASTG-TEST-0015.md @@ -9,7 +9,7 @@ masvs_v1_levels: - L1 - L2 status: deprecated -covered_by: ['MASTG-TEST-0x15'] +covered_by: ['MASTG-TEST-0x15-1','MASTG-TEST-0x15-2'] deprecation_reason: New version available in MASTG V2 --- From 742d6d61a42210ad992f3959c59600301f0c0e03 Mon Sep 17 00:00:00 2001 From: Nuno Antunes Date: Wed, 6 Nov 2024 15:13:40 +0000 Subject: [PATCH 5/5] Fix typo --- tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md index da7d12e4cb..1728ddf153 100644 --- a/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md +++ b/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0x15-1.md @@ -35,7 +35,7 @@ Reverse engineer the observed backtraces and try to determine the processes and 1. For each identified instance, identify the `KeyPair` objects used and how they are created or generated. -1. For each `PrivateKey` and `PublicKey` identify for which processes it is being used: signing/verification and encryption/decription. +1. For each `PrivateKey` and `PublicKey` identify for which processes it is being used: signing/verification and encryption/decryption. 1. If a `KeyStore` is being used, you should check the [`KeyProperties`](https://developer.android.com/reference/android/security/keystore/KeyProperties) that are being defined in the `KeyPair` generation. 1. Otherwise, you need to search where the `PrivateKey` and `PublicKey` of each `KeyPair` are being used, and check if they are being used in `Cipher` or `Signature` objects.