Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method org.apache.http.impl.auth.NTLMEngineImpl.lmResponse() calling method javax.crypto.Cipher.getInstance()


    private static byte[] lmResponse(byte[] p6, byte[] p7)
    {
        try {
            String v0_1 = new byte[21];
            System.arraycopy(p6, 0, v0_1, 0, 16);
            Exception v6_3 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 0);
            byte[] v3_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 7);
            String v0_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 14);
            int v4_2 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v4_2.init(1, v6_3);
            Exception v6_1 = v4_2.doFinal(p7);
            v4_2.init(1, v3_2);
            byte[] v3_0 = v4_2.doFinal(p7);
            v4_2.init(1, v0_2);
            org.apache.http.impl.auth.NTLMEngineException v7_1 = v4_2.doFinal(p7);
            String v0_4 = new byte[24];
            System.arraycopy(v6_1, 0, v0_4, 0, 8);
            System.arraycopy(v3_0, 0, v0_4, 8, 8);
            System.arraycopy(v7_1, 0, v0_4, 16, 8);
            return v0_4;
        } catch (Exception v6_2) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v6_2.getMessage(), v6_2);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.lmHash() calling method javax.crypto.Cipher.getInstance()


    private static byte[] lmHash(String p5)
    {
        try {
            Exception v5_5 = p5.toUpperCase(java.util.Locale.ENGLISH).getBytes("US-ASCII");
            String v1_0 = new byte[14];
            System.arraycopy(v5_5, 0, v1_0, 0, Math.min(v5_5.length, 14));
            Exception v5_1 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v1_0, 0);
            org.apache.http.impl.auth.NTLMEngineException v0_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v1_0, 7);
            String v1_2 = "KGS!@#$%".getBytes("US-ASCII");
            int v3_2 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v3_2.init(1, v5_1);
            Exception v5_3 = v3_2.doFinal(v1_2);
            v3_2.init(1, v0_2);
            org.apache.http.impl.auth.NTLMEngineException v0_4 = v3_2.doFinal(v1_2);
            String v1_4 = new byte[16];
            System.arraycopy(v5_3, 0, v1_4, 0, 8);
            System.arraycopy(v0_4, 0, v1_4, 8, 8);
            return v1_4;
        } catch (Exception v5_4) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v5_4.getMessage(), v5_4);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.RC4() calling method javax.crypto.Cipher.getInstance()


    static byte[] RC4(byte[] p4, byte[] p5)
    {
        try {
            String v0_2 = javax.crypto.Cipher.getInstance("RC4");
            v0_2.init(1, new javax.crypto.spec.SecretKeySpec(p5, "RC4"));
            return v0_2.doFinal(p4);
        } catch (Exception v4_1) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v4_1.getMessage(), v4_1);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey() calling method javax.crypto.Cipher.getInstance()


    public byte[] getLanManagerSessionKey()
    {
        if (this.lanManagerSessionKey == null) {
            try {
                Exception v0_3 = new byte[14];
                System.arraycopy(this.getLMHash(), 0, v0_3, 0, 8);
                java.util.Arrays.fill(v0_3, 8, v0_3.length, -67);
                org.apache.http.impl.auth.NTLMEngineException v1_0 = org.apache.http.impl.auth.NTLMEngineImpl.access$900(v0_3, 0);
                Exception v0_1 = org.apache.http.impl.auth.NTLMEngineImpl.access$900(v0_3, 7);
                String v2_0 = new byte[8];
                System.arraycopy(this.getLMResponse(), 0, v2_0, 0, v2_0.length);
                int v4_4 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v4_4.init(1, v1_0);
                org.apache.http.impl.auth.NTLMEngineException v1_1 = v4_4.doFinal(v2_0);
                int v4_6 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v4_6.init(1, v0_1);
                Exception v0_4 = v4_6.doFinal(v2_0);
                String v2_2 = new byte[16];
                this.lanManagerSessionKey = v2_2;
                System.arraycopy(v1_1, 0, this.lanManagerSessionKey, 0, v1_1.length);
                System.arraycopy(v0_4, 0, this.lanManagerSessionKey, v1_1.length, v0_4.length);
            } catch (Exception v0_5) {
                throw new org.apache.http.impl.auth.NTLMEngineException(v0_5.getMessage(), v0_5);
            }
        }
        return this.lanManagerSessionKey;
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.lmResponse() calling method javax.crypto.Cipher.doFinal()


    private static byte[] lmResponse(byte[] p6, byte[] p7)
    {
        try {
            String v0_1 = new byte[21];
            System.arraycopy(p6, 0, v0_1, 0, 16);
            Exception v6_3 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 0);
            byte[] v3_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 7);
            String v0_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 14);
            int v4_2 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v4_2.init(1, v6_3);
            Exception v6_1 = v4_2.doFinal(p7);
            v4_2.init(1, v3_2);
            byte[] v3_0 = v4_2.doFinal(p7);
            v4_2.init(1, v0_2);
            org.apache.http.impl.auth.NTLMEngineException v7_1 = v4_2.doFinal(p7);
            String v0_4 = new byte[24];
            System.arraycopy(v6_1, 0, v0_4, 0, 8);
            System.arraycopy(v3_0, 0, v0_4, 8, 8);
            System.arraycopy(v7_1, 0, v0_4, 16, 8);
            return v0_4;
        } catch (Exception v6_2) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v6_2.getMessage(), v6_2);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.lmHash() calling method javax.crypto.Cipher.doFinal()


    private static byte[] lmHash(String p5)
    {
        try {
            Exception v5_5 = p5.toUpperCase(java.util.Locale.ENGLISH).getBytes("US-ASCII");
            String v1_0 = new byte[14];
            System.arraycopy(v5_5, 0, v1_0, 0, Math.min(v5_5.length, 14));
            Exception v5_1 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v1_0, 0);
            org.apache.http.impl.auth.NTLMEngineException v0_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v1_0, 7);
            String v1_2 = "KGS!@#$%".getBytes("US-ASCII");
            int v3_2 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v3_2.init(1, v5_1);
            Exception v5_3 = v3_2.doFinal(v1_2);
            v3_2.init(1, v0_2);
            org.apache.http.impl.auth.NTLMEngineException v0_4 = v3_2.doFinal(v1_2);
            String v1_4 = new byte[16];
            System.arraycopy(v5_3, 0, v1_4, 0, 8);
            System.arraycopy(v0_4, 0, v1_4, 8, 8);
            return v1_4;
        } catch (Exception v5_4) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v5_4.getMessage(), v5_4);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.RC4() calling method javax.crypto.Cipher.doFinal()


    static byte[] RC4(byte[] p4, byte[] p5)
    {
        try {
            String v0_2 = javax.crypto.Cipher.getInstance("RC4");
            v0_2.init(1, new javax.crypto.spec.SecretKeySpec(p5, "RC4"));
            return v0_2.doFinal(p4);
        } catch (Exception v4_1) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v4_1.getMessage(), v4_1);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey() calling method javax.crypto.Cipher.doFinal()


    public byte[] getLanManagerSessionKey()
    {
        if (this.lanManagerSessionKey == null) {
            try {
                Exception v0_3 = new byte[14];
                System.arraycopy(this.getLMHash(), 0, v0_3, 0, 8);
                java.util.Arrays.fill(v0_3, 8, v0_3.length, -67);
                org.apache.http.impl.auth.NTLMEngineException v1_0 = org.apache.http.impl.auth.NTLMEngineImpl.access$900(v0_3, 0);
                Exception v0_1 = org.apache.http.impl.auth.NTLMEngineImpl.access$900(v0_3, 7);
                String v2_0 = new byte[8];
                System.arraycopy(this.getLMResponse(), 0, v2_0, 0, v2_0.length);
                int v4_4 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v4_4.init(1, v1_0);
                org.apache.http.impl.auth.NTLMEngineException v1_1 = v4_4.doFinal(v2_0);
                int v4_6 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v4_6.init(1, v0_1);
                Exception v0_4 = v4_6.doFinal(v2_0);
                String v2_2 = new byte[16];
                this.lanManagerSessionKey = v2_2;
                System.arraycopy(v1_1, 0, this.lanManagerSessionKey, 0, v1_1.length);
                System.arraycopy(v0_4, 0, this.lanManagerSessionKey, v1_1.length, v0_4.length);
            } catch (Exception v0_5) {
                throw new org.apache.http.impl.auth.NTLMEngineException(v0_5.getMessage(), v0_5);
            }
        }
        return this.lanManagerSessionKey;
    }

Method okio.HashingSource.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSource(okio.Source p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.HashingSink.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSink(okio.Sink p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.Buffer.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p5, okio.ByteString p6)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p5);
            v0.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p5));
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (okio.Segment v5_5) {
            throw new IllegalArgumentException(v5_5);
        }
        if (this.head != null) {
            v0.update(this.head.data, this.head.pos, (this.head.limit - this.head.pos));
            okio.Segment v5_2 = this.head;
            while(true) {
                v5_2 = v5_2.next;
                if (v5_2 == this.head) {
                    break;
                }
                v0.update(v5_2.data, v5_2.pos, (v5_2.limit - v5_2.pos));
            }
        }
        return okio.ByteString.of(v0.doFinal());
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.createDESKey() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private static java.security.Key createDESKey(byte[] p9, int p10)
    {
        byte[] v1 = new byte[7];
        int v2_1 = 0;
        System.arraycopy(p9, p10, v1, 0, 7);
        byte[] v9_2 = new byte[8];
        v9_2[v2_1] = v1[v2_1];
        v9_2[1] = ((byte) ((v1[0] << 7) | ((v1[1] & 255) >> 1)));
        v9_2[2] = ((byte) ((v1[1] << 6) | ((v1[2] & 255) >> 2)));
        v9_2[3] = ((byte) ((v1[2] << 5) | ((v1[3] & 255) >> 3)));
        v9_2[4] = ((byte) ((v1[3] << 4) | ((v1[int v7_3] & 255) >> 4)));
        v9_2[5] = ((byte) ((v1[4] << 3) | ((v1[int v5_3] & 255) >> 5)));
        v9_2[6] = ((byte) ((v1[5] << 2) | ((v1[int v3_3] & 255) >> 6)));
        v9_2[7] = ((byte) (v1[6] << 1));
        org.apache.http.impl.auth.NTLMEngineImpl.oddParity(v9_2);
        return new javax.crypto.spec.SecretKeySpec(v9_2, "DES");
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.RC4() calling method javax.crypto.spec.SecretKeySpec.<init>()


    static byte[] RC4(byte[] p4, byte[] p5)
    {
        try {
            String v0_2 = javax.crypto.Cipher.getInstance("RC4");
            v0_2.init(1, new javax.crypto.spec.SecretKeySpec(p5, "RC4"));
            return v0_2.doFinal(p4);
        } catch (Exception v4_1) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v4_1.getMessage(), v4_1);
        }
    }

Method okio.ByteString.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p3, okio.ByteString p4)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p3);
            v0.init(new javax.crypto.spec.SecretKeySpec(p4.toByteArray(), p3));
            return okio.ByteString.of(v0.doFinal(this.data));
        } catch (java.security.InvalidKeyException v3_3) {
            throw new AssertionError(v3_3);
        } catch (java.security.InvalidKeyException v3_2) {
            throw new IllegalArgumentException(v3_2);
        }
    }

Method com.google.maps.internal.UrlSigner.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public UrlSigner(String p4)
    {
        IllegalArgumentException v4_1 = okio.ByteString.decodeBase64(p4.replace(45, 43).replace(95, 47));
        if (v4_1 == null) {
            throw new IllegalArgumentException("Private key is invalid.");
        } else {
            this.mac = javax.crypto.Mac.getInstance("HmacSHA1");
            this.mac.init(new javax.crypto.spec.SecretKeySpec(v4_1.toByteArray(), "HmacSHA1"));
            return;
        }
    }