Open rgreen33 opened 4 years ago
I just wanted to pass along some additional information on this issue (how to reproduce the issue). I am using the code found below. The string is a simple (but long) string...which is similar in length to the JSON.stringified token that I am actually attempting to store/retrieve from the Android Keystore. If you attempt to store/retrieve the below string, you will see the exact issue that I am facing. The returned value contains garbage in the middle of the string. I am sitting this same behavior when I attempt to store/retrieve my JSON.stringified token (of course, JSON.parse on retrieval). Has anyone found a workaround for this? Everything is working fine on iOS. This issue only occurs on Android.
let accessToken = 'abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-';
await Keychain.setGenericPassword( accessToken, refreshToken, { service: ‘myServiceName, accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED, accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_CURRENT_SET_OR_DEVICE_PASSCODE, rules: Platform.OS === 'android' ? Keychain.STORAGE_TYPE.NONE : null, storage: Platform.OS === 'android' ? Keychain.STORAGE_TYPE.AES : null, securityLevel: Platform.OS === 'android' ? Keychain.SECURITY_LEVEL.ANY : null, } );
@sebk: Thank you for the feedback. I was finally able to get this to work for me...but, not real happy with the solution. Essentially, I split the token into multiple parts (as you suggested on #262). In order to get the biometrics to work (only fire once), I stored the shortest part of the token in RSA, with all other parts stored in AES. Obviously, I had to rebuild the token upon retrieval. It is a bit of a pain and a little clunky, but it does work...just not as seamless on Android, as it is on iOS.
Unsure exactly what's going on but on my Huawei p8 Lite, the keychain 'saves'
but on retrieval it's literally empty...
unless I disable biometrics on my device, after which it works... sometimes
This library been driving me insane for about 3 months, on Android 7 specifically the 'retrievePassword' is never guaranteed to work, the keychain 'succeeds' with an empty result most of the time, sometimes fails silently, sometimes works(once) if I deactivate and reactivate Biometry (fingerprint) in device settings.
Effectively the only way to use this library seems to be to disable biometry completely for Android 7 / <API 25(api 25 is a guess here, because of the message about Strongbox Security)
This is the most painful bug I've ever encountered.
This is still happening for me, has anyone come up with a solution?
I am attempting to store/retrieve Azure AD Refresh Tokens. I would prefer to be able to use RSA with biometrics, however, I am running into Issue #262. So, I have attempted to use AES and FB. Unfortunately, on Android, I am getting the following errors with the various STORAGE_TYPE:
RSA (on setGenericPassword) -- [Error: I/O error: javax.crypto.IllegalBlockSizeException: input must be under 384 bytes]. (same as Issue #262)
AES (on getGenericPassword) -- [SyntaxError: JSON Parse error: Unterminated string]
FB (on getGenericPassword) -- [SyntaxError: JSON Parse error: Unterminated string]
Note: iOS works as expected. I can store/retrieve these same Azure AD Refresh Tokens on iOS without any issues.
Does anyone know of a workaround for this. As mentioned above, I ultimately need for this to work with RSA (and biometrics).
Thank you for your help and input, Ricky