Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.google.common.hash.Hashing.hmacToString() calling method java.security.Key.getAlgorithm()


    private static String hmacToString(String p2, java.security.Key p3)
    {
        Object[] v0_1 = new Object[3];
        v0_1[0] = p2;
        v0_1[1] = p3.getAlgorithm();
        v0_1[2] = p3.getFormat();
        return String.format("Hashing.%s(Key[algorithm=%s, format=%s])", v0_1);
    }

Method okio.HashingSource.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSource(okio.Source p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.HashingSink.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSink(okio.Sink p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.Buffer.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p5, okio.ByteString p6)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p5);
            v0.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p5));
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (okio.Segment v5_5) {
            throw new IllegalArgumentException(v5_5);
        }
        if (this.head != null) {
            v0.update(this.head.data, this.head.pos, (this.head.limit - this.head.pos));
            okio.Segment v5_2 = this.head;
            while(true) {
                v5_2 = v5_2.next;
                if (v5_2 == this.head) {
                    break;
                }
                v0.update(v5_2.data, v5_2.pos, (v5_2.limit - v5_2.pos));
            }
        }
        return okio.ByteString.of(v0.doFinal());
    }

Method okio.ByteString.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p3, okio.ByteString p4)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p3);
            v0.init(new javax.crypto.spec.SecretKeySpec(p4.toByteArray(), p3));
            return okio.ByteString.of(v0.doFinal(this.data));
        } catch (java.security.InvalidKeyException v3_3) {
            throw new AssertionError(v3_3);
        } catch (java.security.InvalidKeyException v3_2) {
            throw new IllegalArgumentException(v3_2);
        }
    }

Method com.google.common.hash.Hashing.hmacSha512() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public static com.google.common.hash.HashFunction hmacSha512(byte[] p2)
    {
        return com.google.common.hash.Hashing.hmacSha512(new javax.crypto.spec.SecretKeySpec(((byte[]) com.google.common.base.Preconditions.checkNotNull(p2)), "HmacSHA512"));
    }

Method com.google.common.hash.Hashing.hmacSha256() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public static com.google.common.hash.HashFunction hmacSha256(byte[] p2)
    {
        return com.google.common.hash.Hashing.hmacSha256(new javax.crypto.spec.SecretKeySpec(((byte[]) com.google.common.base.Preconditions.checkNotNull(p2)), "HmacSHA256"));
    }

Method com.google.common.hash.Hashing.hmacSha1() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public static com.google.common.hash.HashFunction hmacSha1(byte[] p2)
    {
        return com.google.common.hash.Hashing.hmacSha1(new javax.crypto.spec.SecretKeySpec(((byte[]) com.google.common.base.Preconditions.checkNotNull(p2)), "HmacSHA1"));
    }

Method com.google.common.hash.Hashing.hmacMd5() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public static com.google.common.hash.HashFunction hmacMd5(byte[] p2)
    {
        return com.google.common.hash.Hashing.hmacMd5(new javax.crypto.spec.SecretKeySpec(((byte[]) com.google.common.base.Preconditions.checkNotNull(p2)), "HmacMD5"));
    }