search

iamMehedi / Secured-Preference-Store

A cryptography library and a SharedPreferences wrapper for Android that encrypts the content with 256 bit AES encryption. The Encryption key is securely stored in device's KeyStore.
563 stars 97 forks source link

IllegalBlockSizeException on Samsung Galaxy S7 7.0 #17

Closed StuStirling closed 6 years ago

StuStirling commented 7 years ago

Hi,

When running my app on a Samsung Galaxy S7 running android version 7.0 I get the following exception:

javax.crypto.IllegalBlockSizeException
W:     at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:519)
W:     at javax.crypto.Cipher.doFinal(Cipher.java:2056)
W:     at devliving.online.securedpreferencestore.EncryptionManager.decryptAES(EncryptionManager.java:348)
W:     at devliving.online.securedpreferencestore.EncryptionManager.decrypt(EncryptionManager.java:192)
W:     at devliving.online.securedpreferencestore.EncryptionManager.decrypt(EncryptionManager.java:236)
W:     at devliving.online.securedpreferencestore.SecuredPreferenceStore.getString(SecuredPreferenceStore.java:89)
W:     at com.flipsidegroup.beegeeandroid.api.AuthInterceptor.intercept(AuthInterceptor.java:88)
W:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
W:     at com.flipsidegroup.beegeeandroid.dagger.ApiModule$1.intercept(ApiModule.java:103)
W:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
W:     at com.flipsidegroup.beegeeandroid.api.BaseUrlInterceptor.intercept(BaseUrlInterceptor.java:41)
W:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
W:     at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:179)
W:     at okhttp3.RealCall.execute(RealCall.java:63)
W:     at retrofit2.OkHttpCall.execute(OkHttpCall.java:174)
W:     at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:40)
W:     at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24)
W:     at retrofit2.adapter.rxjava.BodyOnSubscribe.call(BodyOnSubscribe.java:33)
W:     at retrofit2.adapter.rxjava.BodyOnSubscribe.call(BodyOnSubscribe.java:25)
W:     at rx.Observable.unsafeSubscribe(Observable.java:10142)
W:     at rx.internal.operators.OperatorSubscribeOn$1.call(OperatorSubscribeOn.java:94)
W:     at rx.internal.schedulers.CachedThreadScheduler$EventLoopWorker$1.call(CachedThreadScheduler.java:230)
W:     at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55)
W:     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:428)
W:     at java.util.concurrent.FutureTask.run(FutureTask.java:237)
W:     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:272)
W:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
W:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
W:     at java.lang.Thread.run(Thread.java:762)
W: Caused by: android.security.KeyStoreException: Invalid operation handle
W:     at android.security.KeyStore.getKeyStoreException(KeyStore.java:1097)
W:     at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:132)
W:     at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:217)
W:     at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
W:     at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
W:  ... 31 more

This happened multiple times but then all of a sudden it just started working successfully. I came across this question in StackOverflow that details the same scenario and a potential solution.

iamMehedi commented 7 years ago

All the practices mentioned in that StackOverflow answer is already followed in the library. @StuStirling

StuStirling commented 7 years ago

Ok. From using the library I found that quickly repeated calls to decrypt the same data made it more likely to receive this exception. A solution has been to cache this encrypted data wherever possible, reducing the amount of times its called.

iamMehedi commented 7 years ago

There actually are known issues of the Cipher class on Samsung devices when used Simultaneously or very frequently.

Unlimity commented 6 years ago

It's a little outdated, but I'll post an answer here just in case some good folk will be trying to solve that problem.
Samsung devices have different implementation of Cipher class running in their JVM and in my case I only had to make operations with it synchronized.
It solved issue for me, so I may take a guess that Samsung's Cipher is not thread safe. Cheers!