Open jenskuhrjorgensen opened 4 years ago
giregk
commented
3 years ago @SudoPlz I think you should read the native code. I promise it will help you.
It's the whole logic. But .setUserAuthenticationRequired(true) is the line that creates the secure-hardware requirement to use biometrics or device password. It won't be enough to change juste this line though.
SudoPlz
commented
3 years ago I don't know if I did anything wrong with my tests, but selecting AES with my current config which now looks like this:
public static RAW_CREDS_CONFIG: Keychain.Options = {
accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
authenticationPrompt: {
title: 'Unlock to log in',
},
storage: Keychain.STORAGE_TYPE.AES
};seems to have worked without any hustle. Saving the credentials went down from 1 second to 0.1 second and I can use biometrics just fine.
giregk
commented
3 years ago @SudoPlz Excellent !! I don't think you did anything wrong, it just means I was wrong when I said it would not work !
abramovks
commented
3 years ago Same problem. Samsung M31
example with RAW_CREDS_CONFIG not work
Manual link and build with .withoutWarmUp() not work. packages.add(new KeychainPackage(new KeychainModuleBuilder().withoutWarmUp()));
logcat loop:
11-18 14:23:17.266 4462 9364 D keystore: [BEGIN::end] 11-18 14:23:17.269 4462 9365 D keystore: [UPDATE::end] 11-18 14:23:17.273 4462 9366 D keystore: [FINISH::end] 11-18 14:23:17.279 4285 4285 W keymaster_tee: [WRN]begin req PARAMS: A32 B2 P64
11-18 14:23:17.282 4462 9368 D keystore: [BEGIN::end] 11-18 14:23:17.285 4462 9369 D keystore: [UPDATE::end] 11-18 14:23:17.289 4462 9370 D keystore: [FINISH::end] 11-18 14:23:17.294 4462 9372 D keystore: [getKeyCharacteristics::end] 11-18 14:23:17.304 4462 9373 D keystore: [getKeyCharacteristics::end]
11-18 14:23:17.310 4285 4285 W keymaster_tee: [WRN]begin req PARAMS: A32 B2 P64 11-18 14:23:17.314 4462 9374 D keystore: [BEGIN::end] 11-18 14:23:17.318 4462 9375 D keystore: [UPDATE::end] 11-18 14:23:17.328 4462 9376 D keystore: [FINISH::end]
11-18 14:23:17.334 4285 4285 W keymaster_tee: [WRN]begin req PARAMS: A32 B2 P64 11-18 14:23:17.338 4462 9377 D keystore: [BEGIN::end] 11-18 14:23:17.341 4462 9379 D keystore: [UPDATE::end] 11-18 14:23:17.345 4462 9380 D keystore: [FINISH::end] 11-18 14:23:17.350 4462 9382 D keystore: [getKeyCharacteristics::end] 11-18 14:23:17.359 4462 9383 D keystore: [getKeyCharacteristics::end]
11-18 14:23:17.364 4285 4285 W keymaster_tee: [WRN]begin req PARAMS: A32 B2 P64
WilliamAlexander
commented
3 years ago Still on 6.1.1 here and was also experiencing UI freeze on devices. It was locking the whole phone up. I found the culprit. It was related to the RSA cipher. It was taking a long time to load on devices especially ones with biometrics. As I was not using biometrics part of the keychain package and supporting API 23+, I decided to patch the build. The patch commented out the facebook (yuck) and RSA option. I now only work with the AES cipher and it super fast again. (Phew. I was blaming the size of the android bundle and thought Android was slow at parsing the bundle on load).
NB: This was a solution for my app as I'm only concerned about AES cipher. It will not work for everyone The patch package. https://www.npmjs.com/package/patch-package
The patch code:
diff --git a/node_modules/react-native-keychain/...
/** Default constructor. */
public KeychainModule(@NonNull final ReactApplicationContext reactContext) {
super(reactContext);
prefsStorage = new PrefsStorage(reactContext);
-- addCipherStorageToMap(new CipherStorageFacebookConceal(reactContext));
addCipherStorageToMap(new CipherStorageKeystoreAesCbc());
// we have a references to newer api that will fail load of app classes in old androids OS
-- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-- addCipherStorageToMap(new CipherStorageKeystoreRsaEcb());
-- }
}The technical part: pre-warming the RSA cipher (calculating that vast 2048 bit prime number) plus when the exception handler took an eternity to roll up the stack and then the next step was to re-run the pre-warming with the biometrics enabled.
xesf
commented
3 years ago Still on 6.1.1 here and was also experiencing UI freeze on devices. It was locking the whole phone up. I found the culprit. It was related to the RSA cipher. It was taking a long time to load on devices especially ones with biometrics. As I was not using biometrics part of the keychain package and supporting API 23+, I decided to patch the build. The patch commented out the facebook (yuck) and RSA option. I now only work with the AES cipher and it super fast again. (Phew. I was blaming the size of the android bundle and thought Android was slow at parsing the bundle on load).
NB: This was a solution for my app as I'm only concerned about AES cipher. It will not work for everyone The patch package. https://www.npmjs.com/package/patch-package
The patch code:
diff --git a/node_modules/react-native-keychain/... /** Default constructor. */ public KeychainModule(@NonNull final ReactApplicationContext reactContext) { super(reactContext); prefsStorage = new PrefsStorage(reactContext); -- addCipherStorageToMap(new CipherStorageFacebookConceal(reactContext)); addCipherStorageToMap(new CipherStorageKeystoreAesCbc()); // we have a references to newer api that will fail load of app classes in old androids OS -- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) { -- addCipherStorageToMap(new CipherStorageKeystoreRsaEcb()); -- } }The technical part: pre-warming the RSA cipher (calculating that vast 2048 bit prime number) plus when the exception handler took an eternity to roll up the stack and then the next step was to re-run the pre-warming with the biometrics enabled.
Yep, patching this fixed the issue I was having with the device being frozen for few seconds. Thanks for posting.
SudoPlz
commented
3 years ago @oblador Are there any plans for an official fix for this on the native side of this lib?
arpitgarg23
commented
3 years ago With RN 0.64 and keychain 7.0.0 The warning in log is still there for android
2021-05-21 14:28:04.820 24618-24697/com.xx.xx W/CipherStorageBase: StrongBox security storage is not available.
android.security.keystore.StrongBoxUnavailableException: Failed to generate key pair
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:511)
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:257)
at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:461)
at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:408)
at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:174)
at com.oblador.keychain.KeychainModule.lambda$DYujhqpjRgfFQ_gyuwMwyxxqDlk(Unknown Source:0)
at com.oblador.keychain.-$$Lambda$KeychainModule$DYujhqpjRgfFQ_gyuwMwyxxqDlk.run(Unknown Source:2)
at java.lang.Thread.run(Thread.java:764)
Caused by: android.security.KeyStoreException: No StrongBox available
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:511)
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:257)
at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:461)
at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:408)
at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:174)
at com.oblador.keychain.KeychainModule.lambda$DYujhqpjRgfFQ_gyuwMwyxxqDlk(Unknown Source:0)
at com.oblador.keychain.-$$Lambda$KeychainModule$DYujhqpjRgfFQ_gyuwMwyxxqDlk.run(Unknown Source:2)
at java.lang.Thread.run(Thread.java:764) 
leolusoli
commented
3 years ago 2/ on my project with a simplified a
Hi, can you send an example of the second case implementation? Thanks.
giregk
commented
3 years ago @leolusoli
2/ on my project with a simplified a
Hi, can you send an example of the second case implementation? Thanks.
Here you go: https://gist.github.com/giregk/4965b2007acbc60b5a39f4bcf4e2f7f6
oblador
commented
2 years ago Please try out 8.0.0 which has performance improvements
sijav
commented
2 years ago Version 8 has still the same problems
nhannah
commented
2 years ago I ran into this same issue on Android 12 with a Pixel 5. Android 11 was having no issue and after upgrading to 12 it would occur. I ended up with a hacky fix of waiting for the splash screen to dismiss before calling getGenericPassword as it does not seem 1:1 with the issues listed here as the solutions presented had 0 effect when done. I tracked the issue back to the UI blocking call, it seemed as though the keystore2 function call would silently fail and never unblock the UI thread. This was reproducible in versions 7.0.0 and 8.0.0.
Update: The fix did not work in a production build, running into this error:
01-06 09:56:37.474 586 586 E android.hardware.keymaster@4.1-service.citadel: GenerateKey : device response error code: UNSUPPORTED_KEY_SIZE
01-06 09:56:37.475 618 618 E keystore2: keystore2::error: In generate_key.
01-06 09:56:37.475 618 618 E keystore2:
01-06 09:56:37.475 618 618 E keystore2: Caused by:
01-06 09:56:37.475 618 618 E keystore2: 0: While generating Key without explicit attestation key.
01-06 09:56:37.475 618 618 E keystore2: 1: Error::Km(ErrorCode(-6))
01-06 09:56:37.483 14747 14807 W CipherStorageBase: StrongBox security storage is not available.
01-06 09:56:37.483 14747 14807 W CipherStorageBase: java.security.ProviderException: Failed to generate key pair.
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPairHelper(AndroidKeyStoreKeyPairGeneratorSpi.java:620)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:545)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:257)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:461)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:408)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:174)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at com.oblador.keychain.KeychainModule.lambda$DYujhqpjRgfFQ_gyuwMwyxxqDlk(Unknown Source:0)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at com.oblador.keychain.-$$Lambda$KeychainModule$DYujhqpjRgfFQ_gyuwMwyxxqDlk.run(Unknown Source:2)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at java.lang.Thread.run(Thread.java:920)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: Caused by: android.security.KeyStoreException: Unsupported key size
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:356)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:57)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at android.security.KeyStoreSecurityLevel.generateKey(KeyStoreSecurityLevel.java:145)
01-06 09:56:37.483 14747 14807 W CipherStorageBase: at android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPairHelper(AndroidKeyStoreKeyPairGeneratorSpi.java:587)```
Hi
I'm experiencing problems with react-native-keychain on Android which unfortunately forces me to disable the library for Android (on iOS it works flawlessly). Sometimes the UI freezes for several seconds shortly after launching the app. This happens when simply importing the library without even using it, as in the following code:
As you can see in the screen recording below, the UI freezes and ignores any input for several seconds shortly after reloading the app.
Logcat shows a couple of errors, but I don't know if they are related:
Tested on OnePlus 5T (A5010) running OxygenOS 9.0.10.
Let me know if you need any more information!
@OleksandrKucherenko I know you have put a lot of effort into this version of the library, especially the Android part. Maybe you have encountered similar issues?
Best regards Jens