Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.razorpay.O__Y_.R$$r_() calling method javax.crypto.spec.IvParameterSpec.<init>()


    private String R$$r_(String p7, String p8, com.razorpay.O__Y_$d__1_ p9, String p10)
    {
        com.razorpay.O__Y_$d__1_ v1_0 = p8.getBytes("UTF-8").length;
        int v3_4 = this.a_$P$;
        if (p8.getBytes("UTF-8").length > v3_4.length) {
            v1_0 = v3_4.length;
        }
        int v2_1 = p10.getBytes("UTF-8").length;
        int v4_0 = this.Q_$2$;
        if (p10.getBytes("UTF-8").length > v4_0.length) {
            v2_1 = v4_0.length;
        }
        String v0_1;
        System.arraycopy(p8.getBytes("UTF-8"), 0, this.a_$P$, 0, v1_0);
        System.arraycopy(p10.getBytes("UTF-8"), 0, this.Q_$2$, 0, v2_1);
        javax.crypto.Cipher v8_4 = new javax.crypto.spec.SecretKeySpec(this.a_$P$, "AES");
        javax.crypto.spec.IvParameterSpec v10_4 = new javax.crypto.spec.IvParameterSpec(this.Q_$2$);
        if (!p9.equals(com.razorpay.O__Y_$d__1_.d__1_)) {
            v0_1 = "";
        } else {
            this.d__1_.init(1, v8_4, v10_4);
            v0_1 = android.util.Base64.encodeToString(this.d__1_.doFinal(p7.getBytes("UTF-8")), 2);
        }
        if (p9.equals(com.razorpay.O__Y_$d__1_.Q_$2$)) {
            this.d__1_.init(2, v8_4, v10_4);
            v0_1 = new String(this.d__1_.doFinal(android.util.Base64.decode(p7.getBytes(), 2)));
        }
        return v0_1;
    }

Method com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity.L() calling method javax.crypto.KeyGenerator.getInstance()


    public final void L()
    {
        try {
            this.f = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.g = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.f.load(0);
            java.io.IOException v0_1 = this.g;
            com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity$a v1_1 = new android.security.keystore.KeyGenParameterSpec$Builder("madhuvan", 3);
            String v3_1 = new String[1];
            v3_1[0] = "CBC";
            com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity$a v1_4 = v1_1.setBlockModes(v3_1).setUserAuthenticationRequired(1);
            String[] v2_2 = new String[1];
            v2_2[0] = "PKCS7Padding";
            v0_1.init(v1_4.setEncryptionPaddings(v2_2).build());
            this.g.generateKey();
            return;
        } catch (java.io.IOException v0_3) {
            v0_3.printStackTrace();
            throw new com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity$a(this, v0_3);
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        }
    }

Method com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity.L() calling method javax.crypto.KeyGenerator.generateKey()


    public final void L()
    {
        try {
            this.f = java.security.KeyStore.getInstance("AndroidKeyStore");
            this.g = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
            this.f.load(0);
            java.io.IOException v0_1 = this.g;
            com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity$a v1_1 = new android.security.keystore.KeyGenParameterSpec$Builder("madhuvan", 3);
            String v3_1 = new String[1];
            v3_1[0] = "CBC";
            com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity$a v1_4 = v1_1.setBlockModes(v3_1).setUserAuthenticationRequired(1);
            String[] v2_2 = new String[1];
            v2_2[0] = "PKCS7Padding";
            v0_1.init(v1_4.setEncryptionPaddings(v2_2).build());
            this.g.generateKey();
            return;
        } catch (java.io.IOException v0_3) {
            v0_3.printStackTrace();
            throw new com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity$a(this, v0_3);
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        } catch (java.io.IOException v0_3) {
        }
    }

Method com.sharadtechnologies.madhuvan.common.activities.LoginWithFingerprintActivity.M() calling method javax.crypto.Cipher.getInstance()


    public boolean M()
    {
        try {
            this.e = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
            try {
                this.f.load(0);
                this.e.init(1, ((javax.crypto.SecretKey) this.f.getKey("madhuvan", 0)));
                return 1;
            } catch (android.security.keystore.KeyPermanentlyInvalidatedException) {
                return 0;
            } catch (java.security.InvalidKeyException v0_6) {
                throw new RuntimeException("Failed to init Cipher", v0_6);
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            }
        } catch (java.security.InvalidKeyException v0_8) {
            throw new RuntimeException("Failed to get Cipher", v0_8);
        } catch (java.security.InvalidKeyException v0_8) {
        }
        this.f.load(0);
        this.e.init(1, ((javax.crypto.SecretKey) this.f.getKey("madhuvan", 0)));
        return 1;
    }

Method com.razorpay.O__Y_.<init>() calling method javax.crypto.Cipher.getInstance()


    public O__Y_()
    {
        this.d__1_ = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        byte[] v0_3 = new byte[32];
        this.a_$P$ = v0_3;
        byte[] v0_5 = new byte[16];
        this.Q_$2$ = v0_5;
        return;
    }

Method com.razorpay.O__Y_.R$$r_() calling method javax.crypto.Cipher.doFinal()


    private String R$$r_(String p7, String p8, com.razorpay.O__Y_$d__1_ p9, String p10)
    {
        com.razorpay.O__Y_$d__1_ v1_0 = p8.getBytes("UTF-8").length;
        int v3_4 = this.a_$P$;
        if (p8.getBytes("UTF-8").length > v3_4.length) {
            v1_0 = v3_4.length;
        }
        int v2_1 = p10.getBytes("UTF-8").length;
        int v4_0 = this.Q_$2$;
        if (p10.getBytes("UTF-8").length > v4_0.length) {
            v2_1 = v4_0.length;
        }
        String v0_1;
        System.arraycopy(p8.getBytes("UTF-8"), 0, this.a_$P$, 0, v1_0);
        System.arraycopy(p10.getBytes("UTF-8"), 0, this.Q_$2$, 0, v2_1);
        javax.crypto.Cipher v8_4 = new javax.crypto.spec.SecretKeySpec(this.a_$P$, "AES");
        javax.crypto.spec.IvParameterSpec v10_4 = new javax.crypto.spec.IvParameterSpec(this.Q_$2$);
        if (!p9.equals(com.razorpay.O__Y_$d__1_.d__1_)) {
            v0_1 = "";
        } else {
            this.d__1_.init(1, v8_4, v10_4);
            v0_1 = android.util.Base64.encodeToString(this.d__1_.doFinal(p7.getBytes("UTF-8")), 2);
        }
        if (p9.equals(com.razorpay.O__Y_$d__1_.Q_$2$)) {
            this.d__1_.init(2, v8_4, v10_4);
            v0_1 = new String(this.d__1_.doFinal(android.util.Base64.decode(p7.getBytes(), 2)));
        }
        return v0_1;
    }

Method com.razorpay.O__Y_.R$$r_() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private String R$$r_(String p7, String p8, com.razorpay.O__Y_$d__1_ p9, String p10)
    {
        com.razorpay.O__Y_$d__1_ v1_0 = p8.getBytes("UTF-8").length;
        int v3_4 = this.a_$P$;
        if (p8.getBytes("UTF-8").length > v3_4.length) {
            v1_0 = v3_4.length;
        }
        int v2_1 = p10.getBytes("UTF-8").length;
        int v4_0 = this.Q_$2$;
        if (p10.getBytes("UTF-8").length > v4_0.length) {
            v2_1 = v4_0.length;
        }
        String v0_1;
        System.arraycopy(p8.getBytes("UTF-8"), 0, this.a_$P$, 0, v1_0);
        System.arraycopy(p10.getBytes("UTF-8"), 0, this.Q_$2$, 0, v2_1);
        javax.crypto.Cipher v8_4 = new javax.crypto.spec.SecretKeySpec(this.a_$P$, "AES");
        javax.crypto.spec.IvParameterSpec v10_4 = new javax.crypto.spec.IvParameterSpec(this.Q_$2$);
        if (!p9.equals(com.razorpay.O__Y_$d__1_.d__1_)) {
            v0_1 = "";
        } else {
            this.d__1_.init(1, v8_4, v10_4);
            v0_1 = android.util.Base64.encodeToString(this.d__1_.doFinal(p7.getBytes("UTF-8")), 2);
        }
        if (p9.equals(com.razorpay.O__Y_$d__1_.Q_$2$)) {
            this.d__1_.init(2, v8_4, v10_4);
            v0_1 = new String(this.d__1_.doFinal(android.util.Base64.decode(p7.getBytes(), 2)));
        }
        return v0_1;
    }