Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method okio.HashingSource.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSource(okio.Source p4, okio.ByteString p5, String p6)
    {
        super(p4);
        try {
            super.mac = javax.crypto.Mac.getInstance(p6);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p5.toByteArray(), p6));
            super.messageDigest = 0;
            return;
        } catch (java.security.InvalidKeyException v0) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v0_1) {
            throw new IllegalArgumentException(v0_1);
        }
    }

Method okio.HashingSink.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSink(okio.Sink p4, okio.ByteString p5, String p6)
    {
        super(p4);
        try {
            super.mac = javax.crypto.Mac.getInstance(p6);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p5.toByteArray(), p6));
            super.messageDigest = 0;
            return;
        } catch (java.security.InvalidKeyException v0) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v0_1) {
            throw new IllegalArgumentException(v0_1);
        }
    }

Method okio.Buffer.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p7, okio.ByteString p8)
    {
        try {
            java.security.InvalidKeyException v0_0 = javax.crypto.Mac.getInstance(p7);
            v0_0.init(new javax.crypto.spec.SecretKeySpec(p8.toByteArray(), p7));
        } catch (java.security.InvalidKeyException v0) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v0_1) {
            throw new IllegalArgumentException(v0_1);
        }
        if (this.head != null) {
            v0_0.update(this.head.data, this.head.pos, (this.head.limit - this.head.pos));
            okio.Segment v1_3 = this.head.next;
            while (v1_3 != this.head) {
                v0_0.update(v1_3.data, v1_3.pos, (v1_3.limit - v1_3.pos));
                v1_3 = v1_3.next;
            }
        }
        return okio.ByteString.of(v0_0.doFinal());
    }

Method okio.ByteString.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p4, okio.ByteString p5)
    {
        try {
            java.security.InvalidKeyException v0_0 = javax.crypto.Mac.getInstance(p4);
            v0_0.init(new javax.crypto.spec.SecretKeySpec(p5.toByteArray(), p4));
            return okio.ByteString.of(v0_0.doFinal(this.data));
        } catch (java.security.InvalidKeyException v0_2) {
            throw new AssertionError(v0_2);
        } catch (java.security.InvalidKeyException v0_1) {
            throw new IllegalArgumentException(v0_1);
        }
    }