Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.b() calling method javax.crypto.spec.IvParameterSpec.<init>()


    public byte[] b(byte[] p5)
    {
        javax.crypto.SecretKey v0 = this.d();
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING");
        v1_1.init(2, v0, new javax.crypto.spec.IvParameterSpec(this.a));
        return v1_1.doFinal(p5);
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.a() calling method javax.crypto.spec.IvParameterSpec.<init>()


    public byte[] a(byte[] p5)
    {
        this.a("aeskey");
        javax.crypto.SecretKey v0_2 = this.b("aeskey");
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING");
        v1_1.init(1, v0_2, new javax.crypto.spec.IvParameterSpec(this.a));
        return v1_1.doFinal(p5);
    }

Method com.flurry.sdk.kb.a() calling method javax.crypto.spec.IvParameterSpec.<init>()


    private byte[] a(java.security.Key p7)
    {
        byte[] v0 = 0;
        try {
            com.flurry.sdk.ko$a v1_5 = ((com.flurry.sdk.ka) this.f.a());
        } catch (java.io.IOException) {
            com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.kbark>.a, "Error while reading Android Install Id. Deleting file.");
            return v0;
        }
        if (v1_5 == null) {
            return v0;
        } else {
            byte[] v7_2;
            if (!v1_5.a) {
                v7_2 = v1_5.c;
            } else {
                byte[] v2_2 = v1_5.b;
                byte[] v3 = v1_5.c;
                com.flurry.sdk.ko$a v1_2 = com.flurry.sdk.ko$a.a(v1_5.d);
                if ((v2_2 == null) || (v3 == null)) {
                    return v0;
                } else {
                    v7_2 = ((byte[]) this.e.a(v3, p7, new javax.crypto.spec.IvParameterSpec(v2_2), v1_2));
                }
            }
            v0 = v7_2;
            return v0;
        }
    }

Method com.flurry.sdk.kb.a() calling method javax.crypto.spec.IvParameterSpec.<init>()


    private boolean a(byte[] p7, com.flurry.sdk.ko$a p8)
    {
        int v0_0 = 1;
        try {
            com.flurry.sdk.ka v7_1;
            com.flurry.sdk.mh.b(ark>com.flurry.sdk.kbark>.b());
            com.flurry.sdk.ka v2_6 = ark>com.flurry.sdk.kbark>.d();
            byte[] v3_0 = this.e.a(p7, this.e(), new javax.crypto.spec.IvParameterSpec(v2_6), p8);
        } catch (com.flurry.sdk.ka v7_3) {
            com.flurry.sdk.ka v2_4 = new StringBuilder("Error while generating UUID");
            v2_4.append(v7_3.getMessage());
            com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.kbark>.a, v2_4.toString(), v7_3);
            v0_0 = 0;
            return v0_0;
        }
        if (v3_0 == null) {
            byte[] v3_1 = new byte[0];
            v7_1 = new com.flurry.sdk.ka(p7, v3_1, 0, p8.ordinal());
        } else {
            v7_1 = new com.flurry.sdk.ka(v3_0, v2_6, 1, p8.ordinal());
        }
        this.f.a(v7_1);
        return v0_0;
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.a() calling method javax.crypto.KeyGenerator.getInstance()


    private void a(String p7)
    {
        try {
            if (!this.b.containsAlias(p7)) {
                javax.crypto.KeyGenerator v0_4 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                java.security.KeyStore v1_0 = new android.security.keystore.KeyGenParameterSpec$Builder(p7, 3);
                String v3_0 = new String[1];
                v3_0[0] = "CBC";
                java.security.KeyStore v1_3 = v1_0.setBlockModes(v3_0).setRandomizedEncryptionRequired(0).setKeySize(128);
                String[] v2_1 = new String[1];
                v2_1[0] = "PKCS7Padding";
                v0_4.init(v1_3.setEncryptionPaddings(v2_1).build());
                v0_4.generateKey();
            }
        } catch (javax.crypto.KeyGenerator v0_2) {
            try {
                if (this.b != null) {
                    this.b.deleteEntry(p7);
                }
            } catch (Throwable) {
                throw new com.coupa.android.coupamobile.security.crypto.CoupaKeyStoreException(v0_2);
            }
            throw new com.coupa.android.coupamobile.security.crypto.CoupaKeyStoreException(v0_2);
        }
        return;
    }

Method com.flurry.sdk.kc.<init>() calling method javax.crypto.KeyGenerator.getInstance()


    public kc()
    {
        if (android.os.Build$VERSION.SDK_INT >= 23) {
            try {
                this.b = java.security.KeyStore.getInstance("AndroidKeyStore");
                this.b.load(0);
            } catch (javax.crypto.KeyGenerator v0_6) {
                String[] v3_6 = new StringBuilder("Error while generating Key");
                v3_6.append(v0_6.getMessage());
                com.flurry.sdk.kx.a(5, com.flurry.sdk.kc.a, v3_6.toString(), v0_6);
                return;
            }
            if (!this.b.containsAlias("fl.install.id.sec.key")) {
                javax.crypto.KeyGenerator v0_4 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                android.security.keystore.KeyGenParameterSpec v1_4 = new android.security.keystore.KeyGenParameterSpec$Builder("fl.install.id.sec.key", 3);
                String[] v3_1 = new String[1];
                v3_1[0] = "CBC";
                android.security.keystore.KeyGenParameterSpec v1_5 = v1_4.setBlockModes(v3_1);
                String[] v3_2 = new String[1];
                v3_2[0] = "PKCS7Padding";
                android.security.keystore.KeyGenParameterSpec v1_7 = v1_5.setEncryptionPaddings(v3_2).setRandomizedEncryptionRequired(0);
                String[] v3_4 = new String[2];
                v3_4[0] = "SHA-256";
                v3_4[1] = "SHA-512";
                v0_4.init(v1_7.setDigests(v3_4).build());
                v0_4.generateKey();
            }
            return;
        } else {
            return;
        }
    }

Method com.coupa.android.coupamobile.core.MyCipher.getKey() calling method javax.crypto.KeyGenerator.getInstance()


    private byte[] getKey()
    {
        byte[] v0_4 = this.mySecret.getBytes("utf-8");
        javax.crypto.KeyGenerator v1_2 = javax.crypto.KeyGenerator.getInstance("AES");
        java.security.SecureRandom v2_0 = java.security.SecureRandom.getInstance("SHA1PRNG", "Crypto");
        v2_0.setSeed(v0_4);
        v1_2.init(128, v2_0);
        return v1_2.generateKey().getEncoded();
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.a() calling method javax.crypto.KeyGenerator.generateKey()


    private void a(String p7)
    {
        try {
            if (!this.b.containsAlias(p7)) {
                javax.crypto.KeyGenerator v0_4 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                java.security.KeyStore v1_0 = new android.security.keystore.KeyGenParameterSpec$Builder(p7, 3);
                String v3_0 = new String[1];
                v3_0[0] = "CBC";
                java.security.KeyStore v1_3 = v1_0.setBlockModes(v3_0).setRandomizedEncryptionRequired(0).setKeySize(128);
                String[] v2_1 = new String[1];
                v2_1[0] = "PKCS7Padding";
                v0_4.init(v1_3.setEncryptionPaddings(v2_1).build());
                v0_4.generateKey();
            }
        } catch (javax.crypto.KeyGenerator v0_2) {
            try {
                if (this.b != null) {
                    this.b.deleteEntry(p7);
                }
            } catch (Throwable) {
                throw new com.coupa.android.coupamobile.security.crypto.CoupaKeyStoreException(v0_2);
            }
            throw new com.coupa.android.coupamobile.security.crypto.CoupaKeyStoreException(v0_2);
        }
        return;
    }

Method com.flurry.sdk.kc.<init>() calling method javax.crypto.KeyGenerator.generateKey()


    public kc()
    {
        if (android.os.Build$VERSION.SDK_INT >= 23) {
            try {
                this.b = java.security.KeyStore.getInstance("AndroidKeyStore");
                this.b.load(0);
            } catch (javax.crypto.KeyGenerator v0_6) {
                String[] v3_6 = new StringBuilder("Error while generating Key");
                v3_6.append(v0_6.getMessage());
                com.flurry.sdk.kx.a(5, com.flurry.sdk.kc.a, v3_6.toString(), v0_6);
                return;
            }
            if (!this.b.containsAlias("fl.install.id.sec.key")) {
                javax.crypto.KeyGenerator v0_4 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                android.security.keystore.KeyGenParameterSpec v1_4 = new android.security.keystore.KeyGenParameterSpec$Builder("fl.install.id.sec.key", 3);
                String[] v3_1 = new String[1];
                v3_1[0] = "CBC";
                android.security.keystore.KeyGenParameterSpec v1_5 = v1_4.setBlockModes(v3_1);
                String[] v3_2 = new String[1];
                v3_2[0] = "PKCS7Padding";
                android.security.keystore.KeyGenParameterSpec v1_7 = v1_5.setEncryptionPaddings(v3_2).setRandomizedEncryptionRequired(0);
                String[] v3_4 = new String[2];
                v3_4[0] = "SHA-256";
                v3_4[1] = "SHA-512";
                v0_4.init(v1_7.setDigests(v3_4).build());
                v0_4.generateKey();
            }
            return;
        } else {
            return;
        }
    }

Method com.coupa.android.coupamobile.core.MyCipher.getKey() calling method javax.crypto.KeyGenerator.generateKey()


    private byte[] getKey()
    {
        byte[] v0_4 = this.mySecret.getBytes("utf-8");
        javax.crypto.KeyGenerator v1_2 = javax.crypto.KeyGenerator.getInstance("AES");
        java.security.SecureRandom v2_0 = java.security.SecureRandom.getInstance("SHA1PRNG", "Crypto");
        v2_0.setSeed(v0_4);
        v1_2.init(128, v2_0);
        return v1_2.generateKey().getEncoded();
    }

Method com.coupa.android.coupamobile.security.crypto.RSAEnacryptionImpl.b() calling method javax.crypto.Cipher.getInstance()


    public byte[] b(byte[] p4)
    {
        this.a("rsakey");
        byte[] v0_8 = ((java.security.KeyStore$PrivateKeyEntry) this.b.getEntry("rsakey", 0));
        int v1_0 = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1Padding");
        v1_0.init(2, v0_8.getPrivateKey());
        byte[] v0_3 = new javax.crypto.CipherInputStream(new java.io.ByteArrayInputStream(p4), v1_0);
        java.util.ArrayList v4_2 = new java.util.ArrayList();
        while(true) {
            int v1_1 = v0_3.read();
            if (v1_1 == -1) {
                break;
            }
            v4_2.add(Byte.valueOf(((byte) v1_1)));
        }
        byte[] v0_6 = new byte[v4_2.size()];
        int v1_2 = 0;
        while (v1_2 < v0_6.length) {
            v0_6[v1_2] = ((Byte) v4_2.get(v1_2)).byteValue();
            v1_2++;
        }
        return v0_6;
    }

Method com.coupa.android.coupamobile.security.crypto.RSAEnacryptionImpl.a() calling method javax.crypto.Cipher.getInstance()


    public byte[] a(byte[] p4)
    {
        this.a("rsakey");
        this.b = java.security.KeyStore.getInstance("AndroidKeyStore");
        this.b.load(0);
        this.b.containsAlias("rsakey");
        java.io.ByteArrayOutputStream v0_2 = this.b.getEntry("rsakey", 0);
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1Padding");
        v1_1.init(1, ((java.security.KeyStore$PrivateKeyEntry) v0_2).getCertificate().getPublicKey());
        java.io.ByteArrayOutputStream v0_8 = new java.io.ByteArrayOutputStream();
        javax.crypto.CipherOutputStream v2_4 = new javax.crypto.CipherOutputStream(v0_8, v1_1);
        v2_4.write(p4);
        v2_4.close();
        return v0_8.toByteArray();
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.b() calling method javax.crypto.Cipher.getInstance()


    public byte[] b(byte[] p5)
    {
        javax.crypto.SecretKey v0 = this.d();
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING");
        v1_1.init(2, v0, new javax.crypto.spec.IvParameterSpec(this.a));
        return v1_1.doFinal(p5);
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.a() calling method javax.crypto.Cipher.getInstance()


    public byte[] a(byte[] p5)
    {
        this.a("aeskey");
        javax.crypto.SecretKey v0_2 = this.b("aeskey");
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING");
        v1_1.init(1, v0_2, new javax.crypto.spec.IvParameterSpec(this.a));
        return v1_1.doFinal(p5);
    }

Method com.flurry.sdk.ko.a() calling method javax.crypto.Cipher.getInstance()


    public final byte[] a(Object p5, java.security.Key p6, javax.crypto.spec.IvParameterSpec p7, ark>com.flurry.sdk.koark>$a p8)
    {
        if ((p5 != null) && ((p6 != null) && (p8 != null))) {
            int v2_2 = new java.io.ByteArrayOutputStream();
            this.b.a(v2_2, p5);
            String v5_1 = v2_2.toByteArray();
            try {
                String v8_2 = javax.crypto.Cipher.getInstance(p8.d);
                v8_2.init(1, p6, p7);
                return v8_2.doFinal(v5_1);
            } catch (String v5_3) {
                StringBuilder v7_2 = new StringBuilder("Error in encrypt ");
                v7_2.append(v5_3.getMessage());
                com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, v7_2.toString());
                return 0;
            }
        } else {
            com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, "Cannot encrypt, invalid params.");
            return 0;
        }
    }

Method com.flurry.sdk.ko.a() calling method javax.crypto.Cipher.getInstance()


    public final Object a(byte[] p4, java.security.Key p5, javax.crypto.spec.IvParameterSpec p6, ark>com.flurry.sdk.koark>$a p7)
    {
        if ((p4 != null) && ((p5 != null) && (p7 != null))) {
            try {
                String v7_3 = javax.crypto.Cipher.getInstance(p7.d);
                v7_3.init(2, p5, p6);
                return this.b.a(new java.io.ByteArrayInputStream(v7_3.doFinal(p4)));
            } catch (String v4_4) {
                StringBuilder v6_2 = new StringBuilder("Error in decrypt ");
                v6_2.append(v4_4.getMessage());
                com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, v6_2.toString());
                return 0;
            }
        } else {
            com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, "Cannot decrypt, invalid params.");
            return 0;
        }
    }

Method com.coupa.android.coupamobile.core.MyCipher.encrypt() calling method javax.crypto.Cipher.getInstance()


    private com.coupa.android.coupamobile.core.MyCipherData encrypt(byte[] p3, byte[] p4)
    {
        com.coupa.android.coupamobile.core.MyCipherData v0_4 = new javax.crypto.spec.SecretKeySpec(p3, "AES");
        byte[] v3_6 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v3_6.init(1, v0_4);
        return new com.coupa.android.coupamobile.core.MyCipherData(v3_6.doFinal(p4), ((javax.crypto.spec.IvParameterSpec) v3_6.getParameters().getParameterSpec(javax.crypto.spec.IvParameterSpec)).getIV());
    }

Method com.coupa.android.coupamobile.core.MyCipher.decrypt() calling method javax.crypto.Cipher.getInstance()


    private byte[] decrypt(byte[] p3, byte[] p4, javax.crypto.spec.IvParameterSpec p5)
    {
        javax.crypto.spec.SecretKeySpec v0_1 = new javax.crypto.spec.SecretKeySpec(p3, "AES");
        byte[] v3_2 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v3_2.init(2, v0_1, p5);
        return v3_2.doFinal(p4);
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.b() calling method javax.crypto.Cipher.doFinal()


    public byte[] b(byte[] p5)
    {
        javax.crypto.SecretKey v0 = this.d();
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING");
        v1_1.init(2, v0, new javax.crypto.spec.IvParameterSpec(this.a));
        return v1_1.doFinal(p5);
    }

Method com.coupa.android.coupamobile.security.crypto.AESEncryptionImpl.a() calling method javax.crypto.Cipher.doFinal()


    public byte[] a(byte[] p5)
    {
        this.a("aeskey");
        javax.crypto.SecretKey v0_2 = this.b("aeskey");
        javax.crypto.Cipher v1_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING");
        v1_1.init(1, v0_2, new javax.crypto.spec.IvParameterSpec(this.a));
        return v1_1.doFinal(p5);
    }

Method com.flurry.sdk.ko.a() calling method javax.crypto.Cipher.doFinal()


    public final byte[] a(Object p5, java.security.Key p6, javax.crypto.spec.IvParameterSpec p7, ark>com.flurry.sdk.koark>$a p8)
    {
        if ((p5 != null) && ((p6 != null) && (p8 != null))) {
            int v2_2 = new java.io.ByteArrayOutputStream();
            this.b.a(v2_2, p5);
            String v5_1 = v2_2.toByteArray();
            try {
                String v8_2 = javax.crypto.Cipher.getInstance(p8.d);
                v8_2.init(1, p6, p7);
                return v8_2.doFinal(v5_1);
            } catch (String v5_3) {
                StringBuilder v7_2 = new StringBuilder("Error in encrypt ");
                v7_2.append(v5_3.getMessage());
                com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, v7_2.toString());
                return 0;
            }
        } else {
            com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, "Cannot encrypt, invalid params.");
            return 0;
        }
    }

Method com.flurry.sdk.ko.a() calling method javax.crypto.Cipher.doFinal()


    public final Object a(byte[] p4, java.security.Key p5, javax.crypto.spec.IvParameterSpec p6, ark>com.flurry.sdk.koark>$a p7)
    {
        if ((p4 != null) && ((p5 != null) && (p7 != null))) {
            try {
                String v7_3 = javax.crypto.Cipher.getInstance(p7.d);
                v7_3.init(2, p5, p6);
                return this.b.a(new java.io.ByteArrayInputStream(v7_3.doFinal(p4)));
            } catch (String v4_4) {
                StringBuilder v6_2 = new StringBuilder("Error in decrypt ");
                v6_2.append(v4_4.getMessage());
                com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, v6_2.toString());
                return 0;
            }
        } else {
            com.flurry.sdk.kx.a(5, ark>com.flurry.sdk.koark>.a, "Cannot decrypt, invalid params.");
            return 0;
        }
    }

Method com.coupa.android.coupamobile.core.MyCipher.encrypt() calling method javax.crypto.Cipher.doFinal()


    private com.coupa.android.coupamobile.core.MyCipherData encrypt(byte[] p3, byte[] p4)
    {
        com.coupa.android.coupamobile.core.MyCipherData v0_4 = new javax.crypto.spec.SecretKeySpec(p3, "AES");
        byte[] v3_6 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v3_6.init(1, v0_4);
        return new com.coupa.android.coupamobile.core.MyCipherData(v3_6.doFinal(p4), ((javax.crypto.spec.IvParameterSpec) v3_6.getParameters().getParameterSpec(javax.crypto.spec.IvParameterSpec)).getIV());
    }

Method com.coupa.android.coupamobile.core.MyCipher.decrypt() calling method javax.crypto.Cipher.doFinal()


    private byte[] decrypt(byte[] p3, byte[] p4, javax.crypto.spec.IvParameterSpec p5)
    {
        javax.crypto.spec.SecretKeySpec v0_1 = new javax.crypto.spec.SecretKeySpec(p3, "AES");
        byte[] v3_2 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v3_2.init(2, v0_1, p5);
        return v3_2.doFinal(p4);
    }

Method com.flurry.sdk.kb.c() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private static javax.crypto.SecretKey c()
    {
        int v1_0;
        int v1_8 = com.flurry.sdk.mf.a(com.flurry.sdk.kh.a().a);
        if (android.text.TextUtils.isEmpty(v1_8)) {
            v1_0 = -0.0;
        } else {
            v1_0 = com.flurry.sdk.mi.i(v1_8);
        }
        try {
            return new javax.crypto.spec.SecretKeySpec(javax.crypto.SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC").generateSecret(new javax.crypto.spec.PBEKeySpec(com.flurry.sdk.kh.a().d.toCharArray(), java.nio.ByteBuffer.allocate(8).putLong(v1_0).array(), 1000, 256)).getEncoded(), "AES");
        } catch (int v0_7) {
            com.flurry.sdk.kx.a(4, com.flurry.sdk.kb.a, "Error in generate secret key", v0_7);
            return 0;
        }
    }

Method com.coupa.android.coupamobile.core.MyCipher.encrypt() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private com.coupa.android.coupamobile.core.MyCipherData encrypt(byte[] p3, byte[] p4)
    {
        com.coupa.android.coupamobile.core.MyCipherData v0_4 = new javax.crypto.spec.SecretKeySpec(p3, "AES");
        byte[] v3_6 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v3_6.init(1, v0_4);
        return new com.coupa.android.coupamobile.core.MyCipherData(v3_6.doFinal(p4), ((javax.crypto.spec.IvParameterSpec) v3_6.getParameters().getParameterSpec(javax.crypto.spec.IvParameterSpec)).getIV());
    }

Method com.coupa.android.coupamobile.core.MyCipher.decrypt() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private byte[] decrypt(byte[] p3, byte[] p4, javax.crypto.spec.IvParameterSpec p5)
    {
        javax.crypto.spec.SecretKeySpec v0_1 = new javax.crypto.spec.SecretKeySpec(p3, "AES");
        byte[] v3_2 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v3_2.init(2, v0_1, p5);
        return v3_2.doFinal(p4);
    }