authpass / biometric_storage

Flutter plugin to store data behind biometric authentication (ie. fingerprint)
https://pub.dev/packages/biometric_storage
MIT License
183 stars 107 forks source link

[Android] Unknown AuthException on Android 13 #82

Closed hm122 closed 1 year ago

hm122 commented 2 years ago

On Android 13, when using BiometricStorage with authenticationRequired: true, an exception is thrown:

AuthException{code: AuthExceptionCode.unknown, message: Unexpected authentication error. null}

No issues on Android 11 and 12 with the same code. Storage with authenticationRequired: false works on 11,12 and 13 without issues.

All tested on emulators.

hm122 commented 2 years ago

This is the exception that is thrown:

V/d.c.b.BiometricStoragePlugin( 7284): [main                ] onMethodCall(write)
V/d.c.b.BiometricStoragePlugin( 7284): [main                ] authenticate()
V/d.c.b.BiometricStoragePlugin( 7284): [pool-2-thread-1     ] onAuthenticationSucceeded(androidx.biometric.BiometricPrompt$AuthenticationResult@293722b)
E/d.c.b.BiometricStoragePlugin( 7284): [pool-2-thread-1     ] Error while calling worker callback. This must not happen.javax.crypto.IllegalBlockSizeException: null
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:613)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:629)
E/d.c.b.BiometricStoragePlugin( 7284):  at javax.crypto.Cipher.doFinal(Cipher.java:2268)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.CryptographyManagerImpl.encryptData(CryptographyManager.kt:120)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStorageFile.writeFile(BiometricStorageFile.kt:98)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$5$1.invoke(BiometricStoragePlugin.kt:265)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$5$1.invoke(BiometricStoragePlugin.kt:264)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$withAuth$2.invoke(BiometricStoragePlugin.kt:203)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$withAuth$2.invoke(BiometricStoragePlugin.kt:202)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$authenticate$prompt$1$onAuthenticationSucceeded$$inlined$worker$1.run(BiometricStoragePlugin.kt:443)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:463)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.FutureTask.run(FutureTask.java:264)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.lang.Thread.run(Thread.java:1012)
E/d.c.b.BiometricStoragePlugin( 7284): Caused by: android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: In KeystoreOperation::update
E/d.c.b.BiometricStoragePlugin( 7284): 
E/d.c.b.BiometricStoragePlugin( 7284): Caused by:
E/d.c.b.BiometricStoragePlugin( 7284):     0: In update: KeyMint::update failed.
E/d.c.b.BiometricStoragePlugin( 7284):     1: Error::Km(ErrorCode(-26)))
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:369)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:78)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.KeyStoreOperation.update(KeyStoreOperation.java:115)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:603)
E/d.c.b.BiometricStoragePlugin( 7284):  ... 14 common frames omitted
E/d.c.b.BiometricStoragePlugin( 7284): [main                ] AuthError: AuthenticationErrorInfo(error=Unknown, message=Unexpected authentication error. null, errorDetails=javax.crypto.IllegalBlockSizeException
E/d.c.b.BiometricStoragePlugin( 7284): javax.crypto.IllegalBlockSizeException
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:613)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:629)
E/d.c.b.BiometricStoragePlugin( 7284):  at javax.crypto.Cipher.doFinal(Cipher.java:2268)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.CryptographyManagerImpl.encryptData(CryptographyManager.kt:120)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStorageFile.writeFile(BiometricStorageFile.kt:98)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$5$1.invoke(BiometricStoragePlugin.kt:265)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$5$1.invoke(BiometricStoragePlugin.kt:264)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$withAuth$2.invoke(BiometricStoragePlugin.kt:203)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$withAuth$2.invoke(BiometricStoragePlugin.kt:202)
E/d.c.b.BiometricStoragePlugin( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$authenticate$prompt$1$onAuthenticationSucceeded$$inlined$worker$1.run(BiometricStoragePlugin.kt:443)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:463)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.FutureTask.run(FutureTask.java:264)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
E/d.c.b.BiometricStoragePlugin( 7284):  at java.lang.Thread.run(Thread.java:1012)
E/d.c.b.BiometricStoragePlugin( 7284): Caused by: android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: In KeystoreOperation::update
E/d.c.b.BiometricStoragePlugin( 7284): 
E/d.c.b.BiometricStoragePlugin( 7284): Caused by:
E/d.c.b.BiometricStoragePlugin( 7284):     0: In update: KeyMint::update failed.
E/d.c.b.BiometricStoragePlugin( 7284):     1: Error::Km(ErrorCode(-26))) (public error code: 2 internal Keystore code: -26)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:369)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:78)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.KeyStoreOperation.update(KeyStoreOperation.java:115)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
E/d.c.b.BiometricStoragePlugin( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:603)
E/d.c.b.BiometricStoragePlugin( 7284):  ... 14 more
E/d.c.b.BiometricStoragePlugin( 7284): )
I/flutter ( 7284): 2022-09-05 09:21:37.060672 FINEST biometric_storage - Error during plugin operation (details: javax.crypto.IllegalBlockSizeException
I/flutter ( 7284): javax.crypto.IllegalBlockSizeException
I/flutter ( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:613)
I/flutter ( 7284):  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:629)
I/flutter ( 7284):  at javax.crypto.Cipher.doFinal(Cipher.java:2268)
I/flutter ( 7284):  at design.codeux.biometric_storage.CryptographyManagerImpl.encryptData(CryptographyManager.kt:120)
I/flutter ( 7284):  at design.codeux.biometric_storage.BiometricStorageFile.writeFile(BiometricStorageFile.kt:98)
I/flutter ( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$5$1.invoke(BiometricStoragePlugin.kt:265)
I/flutter ( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$5$1.invoke(BiometricStoragePlugin.kt:264)
I/flutter ( 7284):  at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$withAuth$2.invoke(BiometricStoragePlugin.kt:203)
I/flutter ( 7284):  at design.codeux.biometric_sto
E/flutter ( 7284): [ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: AuthException{code: AuthExceptionCode.unknown, message: Unexpected authentication error. null}
E/flutter ( 7284): #0      StandardMethodCodec.decodeEnvelope (package:flutter/src/services/message_codecs.dart:653:7)
E/flutter ( 7284): #1      MethodChannel._invokeMethod (package:flutter/src/services/platform_channel.dart:296:18)
E/flutter ( 7284): <asynchronous suspension>
E/flutter ( 7284): #2      StorageActions.build.<anonymous closure> (package:biometric_storage_example/main.dart:266:15)
E/flutter ( 7284): <asynchronous suspension>
E/flutter ( 7284): 

Looks like the issue is https://developer.android.com/reference/android/security/KeyStoreException#ERROR_USER_AUTHENTICATION_REQUIRED

Anyone else facing the same issue?

flumm commented 2 years ago

also ran into that problem, and AFAICS it's the same stacktrace

hm122 commented 2 years ago

I also tried with the referenced app https://authpass.app/. Same issue on Android 13.

hm122 commented 2 years ago

There is a new version of the androidx.biometric library available, but the issue still exists also after an upgrade to alpha05. https://developer.android.com/jetpack/androidx/releases/biometric#1.2.0-alpha05

filipljusic commented 1 year ago

Any news on this?

hm122 commented 1 year ago

This seemed to be an emulator issue. Works on real Android 13 devices and in the meanwhile also on emulators.

drkhannah commented 5 months ago

this happens for me on a real android 13 device 11 device