search

oblador / react-native-keychain

:key: Keychain Access for React Native
MIT License
3.17k stars 520 forks source link

Retrieving password on android fails with Caused by: android.security.KeyStoreException: Unsupported key size #372

Open mihaelaLo opened 4 years ago

mihaelaLo commented 4 years ago

I am storing the accessToken and refreshToken information. Retrieving them fails on android with the below problem. All works ok on iOS. Also downgrading to version ^4.0.5 solves the problem on Android also.

2020-07-16 18:21:09.746 594-594/? E//vendor/bin/hw/android.hardware.keymaster@4.0-service.citadel: GenerateKey : device response error code: UNSUPPORTED_KEY_SIZE
2020-07-16 18:21:09.748 954-2883/? D/DropBoxManager: About to call service->add()
2020-07-16 18:21:09.749 2785-2864/com.app.myapp E/KeyStore: generateKeyInternal failed on response -6
2020-07-16 18:21:09.749 954-954/? I/keystore: del USRPKEY_warmingUp 10519
2020-07-16 18:21:09.749 954-954/? I/keystore: del USRSKEY_warmingUp 10519
2020-07-16 18:21:09.749 954-954/? I/keystore: del USRCERT_warmingUp 10519
2020-07-16 18:21:09.750 954-954/? I/keystore: del CACERT_warmingUp 10519
2020-07-16 18:21:09.751 2785-2864/com.app.myapp W/CipherStorageBase: StrongBox security storage is not available.
    java.security.ProviderException: Failed to generate key pair
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:514)
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470)
        at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
        at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:256)
        at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:444)
        at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:391)
        at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:173)
        at com.oblador.keychain.KeychainModule.lambda$NuQDyTTfZc67dTNiVeEDbYNRCJw(Unknown Source:0)
        at com.oblador.keychain.-$$Lambda$KeychainModule$NuQDyTTfZc67dTNiVeEDbYNRCJw.run(Unknown Source:2)
        at java.lang.Thread.run(Thread.java:919)
     Caused by: android.security.KeyStoreException: Unsupported key size
        at android.security.KeyStore.getKeyStoreException(KeyStore.java:1303)
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:514) 
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470) 
        at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727) 
        at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:256) 
        at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:444) 
        at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:391) 
        at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:173) 
        at com.oblador.keychain.KeychainModule.lambda$NuQDyTTfZc67dTNiVeEDbYNRCJw(Unknown Source:0) 
        at com.oblador.keychain.-$$Lambda$KeychainModule$NuQDyTTfZc67dTNiVeEDbYNRCJw.run(Unknown Source:2) 
        at java.lang.Thread.run(Thread.java:919) 
2020-07-16 18:21:09.754 954-954/? I/keystore: del USRPKEY_warmingUp 10519
2020-07-16 18:21:09.754 954-954/? I/keystore: del USRSKEY_warmingUp 10519
2020-07-16 18:21:09.755 954-954/? I/keystore: del USRCERT_warmingUp 10519
2020-07-16 18:21:09.755 954-954/? I/keystore: del CACERT_warmingUp 10519

This happens only on some devices, but I am able to constantly reproduce it on Pixel 4.

mihaelaLo commented 4 years ago

Something is weird, I keep getting the same error from CipherStorageKeystoreRsaEcb even if I select AES specifically

resetGenericPassword({ service: key, storage: 'AES' })
setGenericPassword('user', value, { service: key, storage: 'AES' })
getGenericPassword({service: key, storage: 'AES' })

and it seems also selected at one point in logs:

2020-07-16 18:42:37.530 9258-9331/com.app.myapp D/RNKeychainManager: Selected storage: CipherStorageKeystoreRsaEcb
2020-07-16 18:42:37.533 954-954/? I/keystore: del USRPKEY_warmingUp 10520
2020-07-16 18:42:37.533 954-954/? I/keystore: del USRCERT_warmingUp 10520
2020-07-16 18:42:37.534 954-954/? I/keystore: del CACERT_warmingUp 10520
2020-07-16 18:42:37.581 9258-9331/com.app.myapp E/KeyStore: generateKeyInternal failed on response -6
2020-07-16 18:42:37.582 954-954/? I/keystore: del USRPKEY_warmingUp 10520
2020-07-16 18:42:37.582 954-954/? I/keystore: del USRSKEY_warmingUp 10520
2020-07-16 18:42:37.582 954-954/? I/keystore: del USRCERT_warmingUp 10520
2020-07-16 18:42:37.582 954-954/? I/keystore: del CACERT_warmingUp 10520
2020-07-16 18:42:37.583 9258-9331/com.app.myapp W/CipherStorageBase: StrongBox security storage is not available.
    java.security.ProviderException: Failed to generate key pair
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:514)
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470)
        at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
        at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:256)
        at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:444)
        at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:391)
        at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:173)
        at com.oblador.keychain.KeychainModule.lambda$NuQDyTTfZc67dTNiVeEDbYNRCJw(Unknown Source:0)
        at com.oblador.keychain.-$$Lambda$KeychainModule$NuQDyTTfZc67dTNiVeEDbYNRCJw.run(Unknown Source:2)
        at java.lang.Thread.run(Thread.java:919)
     Caused by: android.security.KeyStoreException: Unsupported key size
        at android.security.KeyStore.getKeyStoreException(KeyStore.java:1303)
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:514) 
        at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470) 
        at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727) 
        at com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb.generateKey(CipherStorageKeystoreRsaEcb.java:256) 
        at com.oblador.keychain.cipherStorage.CipherStorageBase.tryGenerateStrongBoxSecurityKey(CipherStorageBase.java:444) 
        at com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(CipherStorageBase.java:391) 
        at com.oblador.keychain.KeychainModule.internalWarmingBestCipher(KeychainModule.java:173) 
        at com.oblador.keychain.KeychainModule.lambda$NuQDyTTfZc67dTNiVeEDbYNRCJw(Unknown Source:0) 
        at com.oblador.keychain.-$$Lambda$KeychainModule$NuQDyTTfZc67dTNiVeEDbYNRCJw.run(Unknown Source:2) 
        at java.lang.Thread.run(Thread.java:919) 
2020-07-16 18:42:37.585 954-954/? I/keystore: del USRPKEY_warmingUp 10520
2020-07-16 18:42:37.585 954-954/? I/keystore: del USRSKEY_warmingUp 10520
2020-07-16 18:42:37.586 954-954/? I/keystore: del USRCERT_warmingUp 10520
2020-07-16 18:42:37.586 954-954/? I/keystore: del CACERT_warmingUp 10520
2020-07-16 18:42:37.680 9258-9334/com.app.myapp D/RNKeychainManager: Probe cipher storage: CipherStorageFacebookConceal
2020-07-16 18:42:37.680 9258-9334/com.app.myapp D/RNKeychainManager: Probe cipher storage: CipherStorageKeystoreAesCbc
2020-07-16 18:42:37.680 9258-9334/com.app.myapp D/RNKeychainManager: Probe cipher storage: CipherStorageKeystoreRsaEcb
2020-07-16 18:42:37.680 9258-9334/com.app.myapp D/RNKeychainManager: Selected storage: CipherStorageKeystoreAesCbc
yuyanghh commented 4 years ago

Hi, I've played around with the example file on Pixel 4 and the following setting works for me.

 await Keychain.setGenericPassword(email, accessToken, {
          accessControl: null,
          securityLevel: Keychain.SECURITY_LEVEL.ANY,
          storage: Keychain.STORAGE_TYPE.FB,
        });