Google appear to be in no rush to fix a bug that's causing exceptions like this:
FATAL EXCEPTION: DefaultDispatcher-worker-4
Process: tech.relaycorp.letro, PID: 32490
javax.crypto.AEADBadTagException
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:611)
at javax.crypto.Cipher.doFinal(Cipher.java:2113)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:118)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:101)
at com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:919)
at com.google.crypto.tink.KeysetHandle.readWithAssociatedData(KeysetHandle.java:804)
at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:785)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readMasterkeyDecryptAndParseKeyset(AndroidKeysetManager.java:381)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:297)
at androidx.security.crypto.EncryptedFile$Builder.build(EncryptedFile.java:233)
at tech.relaycorp.awaladroid.AndroidPrivateKeyStore.buildEncryptedFile(AndroidPrivateKeyStore.kt:24)
at tech.relaycorp.awaladroid.AndroidPrivateKeyStore.makeEncryptedInputStream(AndroidPrivateKeyStore.kt:14)
at tech.relaycorp.awaladroid.AndroidPrivateKeyStore.makeEncryptedInputStream(AndroidPrivateKeyStore.kt:10)
at tech.relaycorp.awala.keystores.file.FilePrivateKeyStore.retrieveKeyData(FilePrivateKeyStore.kt:73)
at tech.relaycorp.awala.keystores.file.FilePrivateKeyStore.retrieveAllIdentityKeyData$suspendImpl(FilePrivateKeyStore.kt:31)
at tech.relaycorp.awala.keystores.file.FilePrivateKeyStore.retrieveAllIdentityKeyData(Unknown Source:0)
at tech.relaycorp.relaynet.keystores.PrivateKeyStore.retrieveAllIdentityKeys(PrivateKeyStore.kt:38)
at tech.relaycorp.awaladroid.endpoint.RenewExpiringCertificates.invoke(RenewExpiringCertificates.kt:15)
at tech.relaycorp.awaladroid.Awala$setUp$4$1.invokeSuspend(Awala.kt:59)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)
Suppressed: kotlinx.coroutines.internal.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@ca9c6ff, Dispatchers.IO]
Caused by: android.security.KeyStoreException: Signature/MAC verification failed
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:356)
at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:78)
at android.security.KeyStoreOperation.finish(KeyStoreOperation.java:127)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.finish(KeyStoreCryptoOperationChunkedStreamer.java:228)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:181)
at android.security.keystore2.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:396)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:603)
... 26 more
So I think we should catch AEADBadTagException and wrap it around another exception.
Google appear to be in no rush to fix a bug that's causing exceptions like this:
So I think we should catch
AEADBadTagException
and wrap it around another exception.