Encrypt and decrypt failing on latest Samsung OS

[joarkosberg]

This might not be related to this library, but I am opening a issue to discuss, in case it is or others are facing the same problem.

Description

From the latest OS update on Samsung phones (October 2023), a lot of devices has started failing encrypting and decrypting with the library. It is only Samsung phones on the newest OS, and it fails every time.

Versions

RN: 0.72.5 React-native-keychain: 8.1.2

Error

Could not decrypt data with alias: and Could not encrypt data with alias:

[lucasftcruz]

Related issues:

• https://github.com/oblador/react-native-keychain/issues/458
• https://github.com/oblador/react-native-keychain/issues/567

[joarkosberg]

@lucasftcruz Thanks!

[alexandrius]

@lucasftcruz Just want to note that those 2 issues are different from newer Samsung issues

[Turtus]

traced to cipher.init(Cipher.DECRYPT_MODE, key, iv); java.security.InvalidKeyException: Keystore operation failed seems all stored data in Samsung is broken now

[androideveloper]

Full stacktrace is this:

com.oblador.keychain.exceptions.CryptoFailedException: Could not encrypt data with alias: 
    at com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesCbc.encrypt(CipherStorageKeystoreAesCbc.java:122)
    at com.oblador.keychain.KeychainModule.setGenericPassword(KeychainModule.java:224)
    at com.oblador.keychain.KeychainModule.setGenericPasswordForOptions(KeychainModule.java:253)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.facebook.react.bridge.JavaMethodWrapper.invoke(JavaMethodWrapper.java:372)
    at com.facebook.react.bridge.JavaModuleWrapper.invoke(JavaModuleWrapper.java:188)
    at com.facebook.jni.NativeRunnable.run(Native Method)
    at android.os.Handler.handleCallback(Handler.java:942)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at com.facebook.react.bridge.queue.MessageQueueThreadHandler.dispatchMessage(MessageQueueThreadHandler.java:27)
    at android.os.Looper.loopOnce(Looper.java:226)
    at android.os.Looper.loop(Looper.java:313)
    at com.facebook.react.bridge.queue.MessageQueueThreadImpl$4.run(MessageQueueThreadImpl.java:228)
    at java.lang.Thread.run(Thread.java:1012)
Caused by: java.security.InvalidKeyException: Keystore operation failed
    at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException(KeyStoreCryptoOperationUtils.java:130)
    at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:154)
    at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:345)
    at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:177)
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2985)
    at javax.crypto.Cipher.tryCombinations(Cipher.java:2892)
    at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2797)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:774)
    at javax.crypto.Cipher.init(Cipher.java:1144)
    at javax.crypto.Cipher.init(Cipher.java:1085)
    at com.oblador.keychain.cipherStorage.CipherStorageBase$IV.lambda$static$0(CipherStorageBase.java:544)
    at com.oblador.keychain.cipherStorage.CipherStorageBase$IV$$ExternalSyntheticLambda0.initialize(Unknown Source:0)
    at com.oblador.keychain.cipherStorage.CipherStorageBase.encryptString(CipherStorageBase.java:353)
    at com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesCbc.encryptString(CipherStorageKeystoreAesCbc.java:263)
    at com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesCbc.encrypt(CipherStorageKeystoreAesCbc.java:118)
    ... 13 more
Caused by: android.security.KeyStoreException: Invalid key blob (internal Keystore code: -33 message: In create_operation: Failed to begin operation. 10032

Caused by:
    0: In KeystoreSecurityLevel::upgrade_keyblob_if_required_with.
    1: In utils::upgrade_keyblob_if_required_with: Calling km_op.
    2: Error::Km(ErrorCode(-33))) (public error code: 10 internal Keystore code: -33)
    at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:418)
    at android.security.KeyStoreSecurityLevel.createOperation(KeyStoreSecurityLevel.java:123)
    at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:340)
    ... 25 more

[ViktorOsadchyi]

Hi, any updates ?

In our application, this issue also began to arise frequently. At Sentry, we see that most often this problem occurs among Samsung users, but there are also cases with Honor, Huawei and ZTE. The most common version of Android is 13, and 10 is also present.

Also I found one interesting thing in docs https://github.com/oblador/react-native-keychain#configuring-the-android-specific-behavior. Maybe it helps.

Versions

RN: 0.72.5 react-native-keychain: 8.1.1

Error

[joarkosberg]

For me the error went died down after the update from Samsung. So seems to be fixed at their side.

@ViktorOsadchyi Have you seen a increase in the error, or is it going down?

[ViktorOsadchyi]

@joarkosberg the number of users with this issue is not increasing. But new events are appearing. I'll probably have to wait until they update the version.

[androideveloper]

New patch from Samsung automatically fixed it for us.

[yberstad]

We have started to see this issue again with Samsung Galaxy S24 Ultra devices. Are others experiencing the same problem?

Suspect that this is the reason: https://www.sammobile.com/news/galaxy-s24-june-2024-security-update-europe

[kevinranks]

Just got this on my S24 as well, shortly after installing the June security update. Tested on my S21 after installing the June security update and was not able to reproduce it.