Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.microsoft.appcenter.utils.crypto.CryptoAesHandler.decrypt() calling method javax.crypto.spec.IvParameterSpec.<init>()


    public byte[] decrypt(com.microsoft.appcenter.utils.crypto.CryptoUtils$ICryptoFactory p6, int p7, java.security.KeyStore$Entry p8, byte[] p9)
    {
        com.microsoft.appcenter.utils.crypto.CryptoUtils$ICipher v1 = p6.getCipher("AES/CBC/PKCS7Padding", "AndroidKeyStoreBCWorkaround");
        int v0 = v1.getBlockSize();
        v1.init(2, ((java.security.KeyStore$SecretKeyEntry) p8).getSecretKey(), new javax.crypto.spec.IvParameterSpec(p9, 0, v0));
        return v1.doFinal(p9, v0, (p9.length - v0));
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1.getKeyGenerator() calling method javax.crypto.KeyGenerator.getInstance()


    public com.microsoft.appcenter.utils.crypto.CryptoUtils$IKeyGenerator getKeyGenerator(String p3, String p4)
    {
        return new com.microsoft.appcenter.utils.crypto.CryptoUtils$1$1(this, javax.crypto.KeyGenerator.getInstance(p3, p4));
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$1.generateKey() calling method javax.crypto.KeyGenerator.generateKey()


    public void generateKey()
    {
        this.val$keyGenerator.generateKey();
        return;
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1.getCipher() calling method javax.crypto.Cipher.getInstance()


    public com.microsoft.appcenter.utils.crypto.CryptoUtils$ICipher getCipher(String p3, String p4)
    {
        return new com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2(this, javax.crypto.Cipher.getInstance(p3, p4));
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2.getIV() calling method javax.crypto.Cipher.getIV()


    public byte[] getIV()
    {
        return this.val$cipher.getIV();
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2.doFinal() calling method javax.crypto.Cipher.doFinal()


    public byte[] doFinal(byte[] p2, int p3, int p4)
    {
        return this.val$cipher.doFinal(p2, p3, p4);
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2.doFinal() calling method javax.crypto.Cipher.doFinal()


    public byte[] doFinal(byte[] p2)
    {
        return this.val$cipher.doFinal(p2);
    }

Method okio.HashingSource.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSource(okio.Source p5, okio.ByteString p6, String p7)
    {
        super(p5);
        try {
            super.mac = javax.crypto.Mac.getInstance(p7);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p7));
            super.messageDigest = 0;
            return;
        } catch (java.security.InvalidKeyException v0) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v0) {
            throw new IllegalArgumentException(v0);
        }
    }

Method okio.HashingSink.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSink(okio.Sink p5, okio.ByteString p6, String p7)
    {
        super(p5);
        try {
            super.mac = javax.crypto.Mac.getInstance(p7);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p7));
            super.messageDigest = 0;
            return;
        } catch (java.security.InvalidKeyException v0) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v0) {
            throw new IllegalArgumentException(v0);
        }
    }

Method okio.ByteString.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p5, okio.ByteString p6)
    {
        try {
            javax.crypto.Mac v1 = javax.crypto.Mac.getInstance(p5);
            v1.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p5));
            return okio.ByteString.of(v1.doFinal(this.data));
        } catch (java.security.InvalidKeyException v0_1) {
            throw new AssertionError(v0_1);
        } catch (java.security.InvalidKeyException v0_0) {
            throw new IllegalArgumentException(v0_0);
        }
    }

Method okio.Buffer.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p8, okio.ByteString p9)
    {
        try {
            javax.crypto.Mac v1 = javax.crypto.Mac.getInstance(p8);
            v1.init(new javax.crypto.spec.SecretKeySpec(p9.toByteArray(), p8));
        } catch (java.security.InvalidKeyException v0) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v0) {
            throw new IllegalArgumentException(v0);
        }
        if (this.head != null) {
            v1.update(this.head.data, this.head.pos, (this.head.limit - this.head.pos));
            okio.Segment v2 = this.head.next;
            while (v2 != this.head) {
                v1.update(v2.data, v2.pos, (v2.limit - v2.pos));
                v2 = v2.next;
            }
        }
        return okio.ByteString.of(v1.doFinal());
    }