Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.korvac.liquid.other.a.b() calling method javax.crypto.spec.IvParameterSpec.<init>()


    private static byte[] b(javax.crypto.spec.SecretKeySpec p3, byte[] p4, byte[] p5)
    {
        byte[] v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        v0_1.init(2, p3, new javax.crypto.spec.IvParameterSpec(p4));
        byte[] v0_2 = v0_1.doFinal(p5);
        com.korvac.liquid.other.a.a("decryptedBytes", v0_2);
        return v0_2;
    }

Method com.korvac.liquid.other.a.a() calling method javax.crypto.spec.IvParameterSpec.<init>()


    private static byte[] a(javax.crypto.spec.SecretKeySpec p3, byte[] p4, byte[] p5)
    {
        byte[] v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        v0_1.init(1, p3, new javax.crypto.spec.IvParameterSpec(p4));
        byte[] v0_2 = v0_1.doFinal(p5);
        ark>com.korvac.liquid.other.aark>.a("cipherText", v0_2);
        return v0_2;
    }

Method com.korvac.liquid.common.a.a() calling method javax.crypto.KeyGenerator.getInstance()


    public static void a()
    {
        com.korvac.liquid.util.e.b(com.korvac.liquid.presentation.login.view.LoginFragmentV3, "generateKey");
        try {
            ark>com.korvac.liquid.common.aark>.b = java.security.KeyStore.getInstance("AndroidKeyStore");
            try {
                java.io.IOException v0_1 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                try {
                    ark>com.korvac.liquid.common.aark>.b.load(0);
                    RuntimeException v1_6 = new android.security.keystore.KeyGenParameterSpec$Builder("LiquidPay_KEY", 3);
                    String v2_4 = new String[1];
                    v2_4[0] = "CBC";
                    RuntimeException v1_8 = v1_6.setBlockModes(v2_4).setUserAuthenticationRequired(1);
                    String v2_7 = new String[1];
                    v2_7[0] = "PKCS7Padding";
                    v0_1.init(v1_8.setEncryptionPaddings(v2_7).build());
                    v0_1.generateKey();
                    return;
                } catch (java.io.IOException v0_4) {
                    throw new RuntimeException(v0_4);
                } catch (java.io.IOException v0_4) {
                } catch (java.io.IOException v0_4) {
                } catch (java.io.IOException v0_4) {
                }
            } catch (java.io.IOException v0_2) {
                throw new RuntimeException("Failed to get KeyGenerator instance", v0_2);
            } catch (java.io.IOException v0_2) {
            }
            ark>com.korvac.liquid.common.aark>.b.load(0);
            v1_6 = new android.security.keystore.KeyGenParameterSpec$Builder("LiquidPay_KEY", 3);
            v2_4 = new String[1];
            v2_4[0] = "CBC";
            v1_8 = v1_6.setBlockModes(v2_4).setUserAuthenticationRequired(1);
            v2_7 = new String[1];
            v2_7[0] = "PKCS7Padding";
            v0_1.init(v1_8.setEncryptionPaddings(v2_7).build());
            v0_1.generateKey();
            return;
        } catch (java.io.IOException v0_6) {
            v0_6.printStackTrace();
        }
    }

Method com.korvac.liquid.common.a.a() calling method javax.crypto.KeyGenerator.generateKey()


    public static void a()
    {
        com.korvac.liquid.util.e.b(com.korvac.liquid.presentation.login.view.LoginFragmentV3, "generateKey");
        try {
            ark>com.korvac.liquid.common.aark>.b = java.security.KeyStore.getInstance("AndroidKeyStore");
            try {
                java.io.IOException v0_1 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                try {
                    ark>com.korvac.liquid.common.aark>.b.load(0);
                    RuntimeException v1_6 = new android.security.keystore.KeyGenParameterSpec$Builder("LiquidPay_KEY", 3);
                    String v2_4 = new String[1];
                    v2_4[0] = "CBC";
                    RuntimeException v1_8 = v1_6.setBlockModes(v2_4).setUserAuthenticationRequired(1);
                    String v2_7 = new String[1];
                    v2_7[0] = "PKCS7Padding";
                    v0_1.init(v1_8.setEncryptionPaddings(v2_7).build());
                    v0_1.generateKey();
                    return;
                } catch (java.io.IOException v0_4) {
                    throw new RuntimeException(v0_4);
                } catch (java.io.IOException v0_4) {
                } catch (java.io.IOException v0_4) {
                } catch (java.io.IOException v0_4) {
                }
            } catch (java.io.IOException v0_2) {
                throw new RuntimeException("Failed to get KeyGenerator instance", v0_2);
            } catch (java.io.IOException v0_2) {
            }
            ark>com.korvac.liquid.common.aark>.b.load(0);
            v1_6 = new android.security.keystore.KeyGenParameterSpec$Builder("LiquidPay_KEY", 3);
            v2_4 = new String[1];
            v2_4[0] = "CBC";
            v1_8 = v1_6.setBlockModes(v2_4).setUserAuthenticationRequired(1);
            v2_7 = new String[1];
            v2_7[0] = "PKCS7Padding";
            v0_1.init(v1_8.setEncryptionPaddings(v2_7).build());
            v0_1.generateKey();
            return;
        } catch (java.io.IOException v0_6) {
            v0_6.printStackTrace();
        }
    }

Method com.korvac.liquid.other.a.b() calling method javax.crypto.Cipher.getInstance()


    private static byte[] b(javax.crypto.spec.SecretKeySpec p3, byte[] p4, byte[] p5)
    {
        byte[] v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        v0_1.init(2, p3, new javax.crypto.spec.IvParameterSpec(p4));
        byte[] v0_2 = v0_1.doFinal(p5);
        com.korvac.liquid.other.a.a("decryptedBytes", v0_2);
        return v0_2;
    }

Method com.korvac.liquid.other.a.a() calling method javax.crypto.Cipher.getInstance()


    private static byte[] a(javax.crypto.spec.SecretKeySpec p3, byte[] p4, byte[] p5)
    {
        byte[] v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        v0_1.init(1, p3, new javax.crypto.spec.IvParameterSpec(p4));
        byte[] v0_2 = v0_1.doFinal(p5);
        ark>com.korvac.liquid.other.aark>.a("cipherText", v0_2);
        return v0_2;
    }

Method com.korvac.liquid.common.a.b() calling method javax.crypto.Cipher.getInstance()


    public static boolean b()
    {
        com.korvac.liquid.util.e.b(com.korvac.liquid.presentation.login.view.LoginFragmentV3, "cipherInit");
        try {
            com.korvac.liquid.common.a.a = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
            try {
                com.korvac.liquid.common.a.b.load(0);
                com.korvac.liquid.common.a.a.init(1, ((javax.crypto.SecretKey) com.korvac.liquid.common.a.b.getKey("LiquidPay_KEY", 0)));
                java.security.NoSuchAlgorithmException v0_5 = 1;
            } catch (java.security.NoSuchAlgorithmException v0) {
                v0_5 = 0;
            } catch (java.security.NoSuchAlgorithmException v0_6) {
                throw new RuntimeException("Failed to init Cipher", v0_6);
            } catch (java.security.NoSuchAlgorithmException v0_6) {
            } catch (java.security.NoSuchAlgorithmException v0_6) {
            } catch (java.security.NoSuchAlgorithmException v0_6) {
            } catch (java.security.NoSuchAlgorithmException v0_6) {
            }
            return v0_5;
        } catch (java.security.NoSuchAlgorithmException v0_9) {
            throw new RuntimeException("Failed to get Cipher", v0_9);
        } catch (java.security.NoSuchAlgorithmException v0_9) {
        }
    }

Method com.korvac.liquid.other.a.b() calling method javax.crypto.Cipher.doFinal()


    private static byte[] b(javax.crypto.spec.SecretKeySpec p3, byte[] p4, byte[] p5)
    {
        byte[] v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        v0_1.init(2, p3, new javax.crypto.spec.IvParameterSpec(p4));
        byte[] v0_2 = v0_1.doFinal(p5);
        com.korvac.liquid.other.a.a("decryptedBytes", v0_2);
        return v0_2;
    }

Method com.korvac.liquid.other.a.a() calling method javax.crypto.Cipher.doFinal()


    private static byte[] a(javax.crypto.spec.SecretKeySpec p3, byte[] p4, byte[] p5)
    {
        byte[] v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
        v0_1.init(1, p3, new javax.crypto.spec.IvParameterSpec(p4));
        byte[] v0_2 = v0_1.doFinal(p5);
        ark>com.korvac.liquid.other.aark>.a("cipherText", v0_2);
        return v0_2;
    }

Method com.korvac.liquid.other.a.c() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private static javax.crypto.spec.SecretKeySpec c(String p4)
    {
        byte[] v0_2 = java.security.MessageDigest.getInstance("SHA-256");
        javax.crypto.spec.SecretKeySpec v1_4 = p4.getBytes("UTF-8");
        v0_2.update(v1_4, 0, v1_4.length);
        byte[] v0_1 = v0_2.digest();
        com.korvac.liquid.other.a.a("SHA-256 key ", v0_1);
        return new javax.crypto.spec.SecretKeySpec(v0_1, "AES");
    }