Potentially Cryptographic Vulnerability: Insecure Algorithm

Description

The mode of operation used to encrypt the data is vulnerable

Recommendation

We recommend AES for general-purpose use. If you're willing to go against the grain and are paranoid, you can use Serpent, which isn't quite as fast as AES but is believed to have a much higher security margin.

If you really feel that you need the fastest possible secure solution, consider the SNOW 2.0 stream cipher, which currently looks very good. It appears to have a much better security margin than the popular favorite, RC4, and is even faster. However, it is fairly new. If you're highly risk-adverse, we recommend AES or Serpent. Although popular, RC4 would never be the best available choice.

Technical details
[TAINT] String 'AES' ==>>> Sink '['Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;', '0', 'CRYPTO_SINK']' [[('LSubServiceProvider;', 'generateEncPid', '(Ldomain/authentication/subservice/Pid;)Ldomain/authentication/subservice/EncPidResult;'), ('Lutil/Auth/AuthUtilits;', 'createAuaAuthRequest', '(Ldomain/authentication/subservice/Pid; Ldomain/authentication/subservice/EncPidResult;)Lutil/Auth/AuthAUADataCreator;'), ('Lutil/Auth/AuthAUADataCreator;', '<init>', '(Ljava/lang/Object; Ldomain/authentication/subservice/EncPidResult;)V'), ('Ldomain/authentication/helper/Encrypter;', 'generateSessionKey', '()[B'), ('Ljavax/crypto/KeyGenerator;', 'getInstance', '(Ljava/lang/String; Ljava/lang/String;)Ljavax/crypto/KeyGenerator;')]]

The insecure algorithm AES is used.

Method SubServiceProvider.generateEncPid():


    public domain.authentication.subservice.EncPidResult generateEncPid(domain.authentication.subservice.Pid p3)
    {
        domain.authentication.subservice.EncPidResult v1_1 = new domain.authentication.subservice.EncPidResult();
        try {
            util.Auth.AuthUtilits.createAuaAuthRequest(p3, v1_1);
        } catch (Exception v0) {
            v0.printStackTrace();
        }
        return v1_1;
    }

Method util.Auth.AuthUtilits.createAuaAuthRequest():


    public static util.Auth.AuthAUADataCreator createAuaAuthRequest(domain.authentication.subservice.Pid p2, domain.authentication.subservice.EncPidResult p3)
    {
        return new util.Auth.AuthAUADataCreator(domain.authentication.helper.PidCreator.createXmlPid(p2), p3);
    }

Method util.Auth.AuthAUADataCreator.<init>():


    public AuthAUADataCreator(Object p17, domain.authentication.subservice.EncPidResult p18)
    {
        util.Auth.AuthAUADataCreator v16_1 = ;
v16_1.expiryTime = 600000;
        v16_1.useSSK = 0;
        byte[] v12 = 0;
        try {
            byte[] v13 = v16_1.createPidXML(((domain.authentication.requestData.Pid) p17)).getBytes("UTF-8");
            byte[] v4 = new domain.authentication.helper.Encrypter().generateSessionKey();
            String v15 = new java.text.SimpleDateFormat("yyyy-MM-dd\'T\'HH:mm:ss").format(((domain.authentication.requestData.Pid) p17).getTs().toGregorianCalendar().getTime());
            byte[] v10 = new domain.authentication.helper.Encrypter().encrypt(v13, v4, v15);
            byte[] v11 = new domain.authentication.helper.Encrypter().encryptDecryptUsingSessionKey(1, v4, new domain.authentication.helper.Encrypter().generateIv(v15), new domain.authentication.helper.Encrypter().generateAad(v15), new domain.authentication.helper.Encrypter().generateHash(v13));
            v12 = new domain.authentication.helper.Encrypter().encryptUsingPublicKey(v4);
            new domain.authentication.helper.Encrypter().getCertificateIdentifier();
            p18.setSkey(com.sun.org.apache.xerces.internal.impl.dv.util.Base64.encode(v12));
            p18.setEncPid(com.sun.org.apache.xerces.internal.impl.dv.util.Base64.encode(v10));
            p18.setEncHmac(com.sun.org.apache.xerces.internal.impl.dv.util.Base64.encode(v11));
        } catch (Exception v9) {
            v9.printStackTrace();
        }
        return;
    }

Method domain.authentication.helper.Encrypter.generateSessionKey():


    public byte[] generateSessionKey()
    {
        javax.crypto.KeyGenerator v1 = javax.crypto.KeyGenerator.getInstance("AES", "BC");
        v1.init(256);
        return v1.generateKey().getEncoded();
    }

Method javax.crypto.KeyGenerator.getInstance() not found.