Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method org.apache.http.impl.auth.NTLMEngineImpl.lmResponse() calling method javax.crypto.Cipher.getInstance()


    private static byte[] lmResponse(byte[] p6, byte[] p7)
    {
        try {
            String v0_1 = new byte[21];
            System.arraycopy(p6, 0, v0_1, 0, 16);
            Exception v6_3 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 0);
            byte[] v3_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 7);
            String v0_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 14);
            int v4_2 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v4_2.init(1, v6_3);
            Exception v6_1 = v4_2.doFinal(p7);
            v4_2.init(1, v3_2);
            byte[] v3_0 = v4_2.doFinal(p7);
            v4_2.init(1, v0_2);
            org.apache.http.impl.auth.NTLMEngineException v7_1 = v4_2.doFinal(p7);
            String v0_4 = new byte[24];
            System.arraycopy(v6_1, 0, v0_4, 0, 8);
            System.arraycopy(v3_0, 0, v0_4, 8, 8);
            System.arraycopy(v7_1, 0, v0_4, 16, 8);
            return v0_4;
        } catch (Exception v6_2) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v6_2.getMessage(), v6_2);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.lmHash() calling method javax.crypto.Cipher.getInstance()


    private static byte[] lmHash(String p5)
    {
        try {
            Exception v5_5 = p5.toUpperCase(java.util.Locale.US).getBytes("US-ASCII");
            int v2_0 = new byte[14];
            System.arraycopy(v5_5, 0, v2_0, 0, Math.min(v5_5.length, 14));
            Exception v5_1 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v2_0, 0);
            String v1_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v2_0, 7);
            org.apache.http.impl.auth.NTLMEngineException v0_1 = "KGS!@#$%".getBytes("US-ASCII");
            int v2_3 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v2_3.init(1, v5_1);
            Exception v5_2 = v2_3.doFinal(v0_1);
            v2_3.init(1, v1_2);
            org.apache.http.impl.auth.NTLMEngineException v0_2 = v2_3.doFinal(v0_1);
            String v1_4 = new byte[16];
            System.arraycopy(v5_2, 0, v1_4, 0, 8);
            System.arraycopy(v0_2, 0, v1_4, 8, 8);
            return v1_4;
        } catch (Exception v5_4) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v5_4.getMessage(), v5_4);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.b() calling method javax.crypto.Cipher.getInstance()


    static byte[] b(byte[] p4, byte[] p5)
    {
        try {
            javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance("RC4");
            v1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "RC4"));
            return v1.doFinal(p4);
        } catch (Exception v4_1) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v4_1.getMessage(), v4_1);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey() calling method javax.crypto.Cipher.getInstance()


    public byte[] getLanManagerSessionKey()
    {
        if (this.z == null) {
            org.apache.http.impl.auth.NTLMEngineException v1_4 = this.getLMHash();
            String v2_6 = this.getLMResponse();
            try {
                int v3_4 = new byte[14];
                System.arraycopy(v1_4, 0, v3_4, 0, 8);
                java.util.Arrays.fill(v3_4, 8, v3_4.length, -67);
                org.apache.http.impl.auth.NTLMEngineException v1_2 = org.apache.http.impl.auth.NTLMEngineImpl.a(v3_4, 0);
                int v3_0 = org.apache.http.impl.auth.NTLMEngineImpl.a(v3_4, 7);
                byte[] v4_0 = new byte[8];
                System.arraycopy(v2_6, 0, v4_0, 0, v4_0.length);
                String v2_0 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v2_0.init(1, v1_2);
                org.apache.http.impl.auth.NTLMEngineException v1_3 = v2_0.doFinal(v4_0);
                Exception v0_1 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v0_1.init(1, v3_0);
                Exception v0_2 = v0_1.doFinal(v4_0);
                String v2_2 = new byte[16];
                this.z = v2_2;
                System.arraycopy(v1_3, 0, this.z, 0, v1_3.length);
                System.arraycopy(v0_2, 0, this.z, v1_3.length, v0_2.length);
            } catch (Exception v0_3) {
                throw new org.apache.http.impl.auth.NTLMEngineException(v0_3.getMessage(), v0_3);
            }
        }
        return this.z;
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.lmResponse() calling method javax.crypto.Cipher.doFinal()


    private static byte[] lmResponse(byte[] p6, byte[] p7)
    {
        try {
            String v0_1 = new byte[21];
            System.arraycopy(p6, 0, v0_1, 0, 16);
            Exception v6_3 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 0);
            byte[] v3_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 7);
            String v0_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v0_1, 14);
            int v4_2 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v4_2.init(1, v6_3);
            Exception v6_1 = v4_2.doFinal(p7);
            v4_2.init(1, v3_2);
            byte[] v3_0 = v4_2.doFinal(p7);
            v4_2.init(1, v0_2);
            org.apache.http.impl.auth.NTLMEngineException v7_1 = v4_2.doFinal(p7);
            String v0_4 = new byte[24];
            System.arraycopy(v6_1, 0, v0_4, 0, 8);
            System.arraycopy(v3_0, 0, v0_4, 8, 8);
            System.arraycopy(v7_1, 0, v0_4, 16, 8);
            return v0_4;
        } catch (Exception v6_2) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v6_2.getMessage(), v6_2);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.lmHash() calling method javax.crypto.Cipher.doFinal()


    private static byte[] lmHash(String p5)
    {
        try {
            Exception v5_5 = p5.toUpperCase(java.util.Locale.US).getBytes("US-ASCII");
            int v2_0 = new byte[14];
            System.arraycopy(v5_5, 0, v2_0, 0, Math.min(v5_5.length, 14));
            Exception v5_1 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v2_0, 0);
            String v1_2 = org.apache.http.impl.auth.NTLMEngineImpl.createDESKey(v2_0, 7);
            org.apache.http.impl.auth.NTLMEngineException v0_1 = "KGS!@#$%".getBytes("US-ASCII");
            int v2_3 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
            v2_3.init(1, v5_1);
            Exception v5_2 = v2_3.doFinal(v0_1);
            v2_3.init(1, v1_2);
            org.apache.http.impl.auth.NTLMEngineException v0_2 = v2_3.doFinal(v0_1);
            String v1_4 = new byte[16];
            System.arraycopy(v5_2, 0, v1_4, 0, 8);
            System.arraycopy(v0_2, 0, v1_4, 8, 8);
            return v1_4;
        } catch (Exception v5_4) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v5_4.getMessage(), v5_4);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.b() calling method javax.crypto.Cipher.doFinal()


    static byte[] b(byte[] p4, byte[] p5)
    {
        try {
            javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance("RC4");
            v1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "RC4"));
            return v1.doFinal(p4);
        } catch (Exception v4_1) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v4_1.getMessage(), v4_1);
        }
    }

Method org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey() calling method javax.crypto.Cipher.doFinal()


    public byte[] getLanManagerSessionKey()
    {
        if (this.z == null) {
            org.apache.http.impl.auth.NTLMEngineException v1_4 = this.getLMHash();
            String v2_6 = this.getLMResponse();
            try {
                int v3_4 = new byte[14];
                System.arraycopy(v1_4, 0, v3_4, 0, 8);
                java.util.Arrays.fill(v3_4, 8, v3_4.length, -67);
                org.apache.http.impl.auth.NTLMEngineException v1_2 = org.apache.http.impl.auth.NTLMEngineImpl.a(v3_4, 0);
                int v3_0 = org.apache.http.impl.auth.NTLMEngineImpl.a(v3_4, 7);
                byte[] v4_0 = new byte[8];
                System.arraycopy(v2_6, 0, v4_0, 0, v4_0.length);
                String v2_0 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v2_0.init(1, v1_2);
                org.apache.http.impl.auth.NTLMEngineException v1_3 = v2_0.doFinal(v4_0);
                Exception v0_1 = javax.crypto.Cipher.getInstance("DES/ECB/NoPadding");
                v0_1.init(1, v3_0);
                Exception v0_2 = v0_1.doFinal(v4_0);
                String v2_2 = new byte[16];
                this.z = v2_2;
                System.arraycopy(v1_3, 0, this.z, 0, v1_3.length);
                System.arraycopy(v0_2, 0, this.z, v1_3.length, v0_2.length);
            } catch (Exception v0_3) {
                throw new org.apache.http.impl.auth.NTLMEngineException(v0_3.getMessage(), v0_3);
            }
        }
        return this.z;
    }

Method okio.HashingSource.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSource(okio.Source p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.HashingSink.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSink(okio.Sink p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.Buffer.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p5, okio.ByteString p6)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p5);
            v0.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p5));
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (okio.Segment v5_5) {
            throw new IllegalArgumentException(v5_5);
        }
        if (this.a != null) {
            v0.update(this.a.a, this.a.b, (this.a.c - this.a.b));
            okio.Segment v5_2 = this.a;
            while(true) {
                v5_2 = v5_2.f;
                if (v5_2 == this.a) {
                    break;
                }
                v0.update(v5_2.a, v5_2.b, (v5_2.c - v5_2.b));
            }
        }
        return okio.ByteString.of(v0.doFinal());
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.createDESKey() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private static java.security.Key createDESKey(byte[] p9, int p10)
    {
        byte[] v1 = new byte[7];
        int v2_1 = 0;
        System.arraycopy(p9, p10, v1, 0, 7);
        byte[] v9_2 = new byte[8];
        v9_2[v2_1] = v1[v2_1];
        v9_2[1] = ((byte) ((v1[0] << 7) | ((v1[1] & 255) >> 1)));
        v9_2[2] = ((byte) ((v1[1] << 6) | ((v1[2] & 255) >> 2)));
        v9_2[3] = ((byte) ((v1[2] << 5) | ((v1[3] & 255) >> 3)));
        v9_2[4] = ((byte) ((v1[3] << 4) | ((v1[int v7_3] & 255) >> 4)));
        v9_2[5] = ((byte) ((v1[4] << 3) | ((v1[int v5_3] & 255) >> 5)));
        v9_2[6] = ((byte) ((v1[5] << 2) | ((v1[int v3_3] & 255) >> 6)));
        v9_2[7] = ((byte) (v1[6] << 1));
        org.apache.http.impl.auth.NTLMEngineImpl.oddParity(v9_2);
        return new javax.crypto.spec.SecretKeySpec(v9_2, "DES");
    }

Method org.apache.http.impl.auth.NTLMEngineImpl.b() calling method javax.crypto.spec.SecretKeySpec.<init>()


    static byte[] b(byte[] p4, byte[] p5)
    {
        try {
            javax.crypto.Cipher v1 = javax.crypto.Cipher.getInstance("RC4");
            v1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "RC4"));
            return v1.doFinal(p4);
        } catch (Exception v4_1) {
            throw new org.apache.http.impl.auth.NTLMEngineException(v4_1.getMessage(), v4_1);
        }
    }

Method okio.ByteString.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p3, okio.ByteString p4)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p3);
            v0.init(new javax.crypto.spec.SecretKeySpec(p4.toByteArray(), p3));
            return okio.ByteString.of(v0.doFinal(this.data));
        } catch (java.security.InvalidKeyException v3_3) {
            throw new AssertionError(v3_3);
        } catch (java.security.InvalidKeyException v3_2) {
            throw new IllegalArgumentException(v3_2);
        }
    }

Method com.twitter.sdk.android.core.internal.oauth.OAuth1aParameters.a() calling method javax.crypto.spec.SecretKeySpec.<init>()


    String a(String p7)
    {
        try {
            javax.crypto.spec.SecretKeySpec v5_2 = this.getSigningKey();
            java.io.UnsupportedEncodingException v7_5 = p7.getBytes("UTF8");
            javax.crypto.spec.SecretKeySpec v5_1 = new javax.crypto.spec.SecretKeySpec(v5_2.getBytes("UTF8"), "HmacSHA1");
            com.twitter.sdk.android.core.Logger v0_1 = javax.crypto.Mac.getInstance("HmacSHA1");
            v0_1.init(v5_1);
            java.io.UnsupportedEncodingException v7_1 = v0_1.doFinal(v7_5);
            return okio.ByteString.of(v7_1, 0, v7_1.length).base64();
        } catch (java.io.UnsupportedEncodingException v7_4) {
            com.twitter.sdk.android.core.Twitter.getLogger().e("Twitter", "Failed to calculate signature", v7_4);
            return "";
        } catch (java.io.UnsupportedEncodingException v7_4) {
            com.twitter.sdk.android.core.Twitter.getLogger().e("Twitter", "Failed to calculate signature", v7_4);
            return "";
        } catch (java.io.UnsupportedEncodingException v7_4) {
            com.twitter.sdk.android.core.Twitter.getLogger().e("Twitter", "Failed to calculate signature", v7_4);
            return "";
        }
    }

Method com.google.gdata.client.authn.oauth.OAuthHmacSha1Signer.getSignature() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public String getSignature(String p4, com.google.gdata.client.authn.oauth.OAuthParameters p5)
    {
        if (p5 == null) {
            throw new com.google.gdata.client.authn.oauth.OAuthException("OAuth parameters cannot be null");
        } else {
            javax.crypto.spec.SecretKeySpec v2_0 = new javax.crypto.spec.SecretKeySpec(this.getKey(p5).getBytes("UTF-8"), "HmacSHA1");
            com.google.gdata.client.authn.oauth.OAuthException v5_2 = javax.crypto.Mac.getInstance("HmacSHA1");
            v5_2.init(v2_0);
            return com.google.gdata.util.common.util.Base64.encode(v5_2.doFinal(p4.getBytes("UTF-8")));
        }
    }

Method com.google.api.client.auth.oauth.OAuthHmacSigner.computeSignature() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public String computeSignature(String p4)
    {
        javax.crypto.Mac v0_1 = new StringBuilder();
        javax.crypto.spec.SecretKeySpec v1_2 = this.clientSharedSecret;
        if (v1_2 != null) {
            v0_1.append(com.google.api.client.auth.oauth.OAuthParameters.escape(v1_2));
        }
        v0_1.append(38);
        javax.crypto.spec.SecretKeySpec v1_6 = this.tokenSharedSecret;
        if (v1_6 != null) {
            v0_1.append(com.google.api.client.auth.oauth.OAuthParameters.escape(v1_6));
        }
        javax.crypto.spec.SecretKeySpec v1_3 = new javax.crypto.spec.SecretKeySpec(com.google.api.client.util.StringUtils.getBytesUtf8(v0_1.toString()), "HmacSHA1");
        javax.crypto.Mac v0_4 = javax.crypto.Mac.getInstance("HmacSHA1");
        v0_4.init(v1_3);
        return com.google.api.client.util.Base64.encodeBase64String(v0_4.doFinal(com.google.api.client.util.StringUtils.getBytesUtf8(p4)));
    }