search

stripe / stripe-terminal-android

Stripe Terminal Android SDK
https://stripe.dev/stripe-terminal-android/
Other
93 stars 45 forks source link

TTP - Failed to generate key pair [Android13] #465

Open raymiec opened 5 months ago

raymiec commented 5 months ago

On Android 13, Using a Sunmi p3 Device, I'm getting the following error, "Failed to generate key pair"

implementation("com.stripe:stripeterminal-localmobile:3.5.0")
implementation("com.stripe:stripeterminal-core:3.5.0")
class=TerminalSession
com.stripe.stripeterminal.external.models.TerminalException: Failed to generate key pair.
    at com.stripe.stripeterminal.internal.common.adapter.CotsAdapter.checkAndThrowCotsError(CotsAdapter.kt:462)
    at com.stripe.stripeterminal.internal.common.adapter.CotsAdapter.onReaderActivated(CotsAdapter.kt:310)
    at com.stripe.stripeterminal.internal.common.adapter.ProxyAdapter.onReaderActivated(ProxyAdapter.kt:99)
    at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession.activateReader$terminalsession_release(TerminalSession.kt:575)
    at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession$ConnectReaderOperation.execute(TerminalSession.kt:1845)
    at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession$ExternalOperation.run$terminalsession_release(TerminalSession.kt:1130)
    at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession.enqueueOperation$lambda$6(TerminalSession.kt:979)
    at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession.$r8$lambda$9_FdDGpM1BaifeFRjKBBfCCLP6o(Unknown Source:0)
    at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession$$ExternalSyntheticLambda0.run(D8$$SyntheticClass:0)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:463)
    at java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
    at java.lang.Thread.run(Thread.java:1012)

i wrote some code to test if i could generate RSA and AES on the device using the hardware backed key store. This is the output.

2024-05-27 14:19:05.693  7255-7255  private       dk....nerationtest  E  android.security.keystore2.AndroidKeyStoreRSAPrivateKey@f401adac
2024-05-27 14:19:05.695  7255-7255  public        dk....nerationtest  E  OpenSSLRSAPublicKey{modulus=9fc17fdb41027c564252aa9c9bded9a5aae082a331fe966a02eecad4de9dedd4d994a81d8c1019373fb680ea414b673f04ea46bd60b157c112b4e6d939ac393251f572e506c07702ff128bc67a9262ba179c5e6af08a2d4555b3e749ce714b8fa4f292c76c564e12e4e1fd8b53d926fead9807132b72a76503c77279d484b327fe12c5b16b64aa9cb11d09ae956b7e66bf13d55a0793803ff7c495704224f18a2fac04dc0ad5eb621b1540779c15d3b0028dc5d4e818a12af02679c77fc6be6f6e45db656ccaf9c879c77a1630409e5d2ce1ee33c36d0fd35d18bdf60bfe60d9e52d2bb2c04d8e1db7f5f87cc60cfcbf2d5d60c55573d71573b218fc44351a51,publicExponent=10001}
2024-05-27 14:19:05.708  7255-7255  KEY           dk....nerationtest  E  sc: android.security.keystore2.AndroidKeyStoreSecretKey@ce006d23
2024-05-27 14:19:05.712  7255-7255  AES           dk....nerationtest  E  AES KEY: android.security.keystore2.AndroidKeyStoreSecretKey@ce006d23
2024-05-27 14:19:05.963  7255-7255  KeyStore      dk....nerationtest  D  RSA Key is hardware-backed: true
2024-05-27 14:19:05.979  7255-7255  KeyStore      dk....nerationtest  D  AES Key is hardware-backed: true

Indicates that it was successful and we do indeed have a hardware backed keystore.

This also returns true Terminal.getInstance().supportsReadersOfType(readers.get(0).getDeviceType(),config).isSupported()

and this is the relevant error from the OS 

keystore2::remote_provisioning: In get_remote_provisioning_key_and_certs: Error occurred: In get_rem_prov_attest_key: Failed to get a key

                                                                         Caused by:
                                                                             0: In get_rem_prov_attest_key_helper: Failed to assign a key
                                                                             1: In assign_attestation_key: 
                                                                             2: In with_transaction.
                                                                             3: Out of keys.
                                                                             4: Error::Rc(ResponseCode(22))
2024-05-27 14:24:41.805   707-707   Keyma...Utils and...-service-qti  E  rsp_header->status: -74
2024-05-27 14:24:41.805   707-707   KeyMa...evice and...-service-qti  E  keymint_generate_key
2024-05-27 14:24:41.805   707-707   KeyMa...evice and...-service-qti  E  ret: -74
2024-05-27 14:24:41.805   741-761   keystore2     keystore2           E  keystore2::error: In generate_key.

                                                                         Caused by:
                                                                             0: While generating Key without explicit attestation key.
                                                                             1: Error::Km(ErrorCode(-74))
raymiec commented 5 months ago

Further inspection, seems like it might be using google services for generating the keys, These devices ain't google play certified. Could the certification be the issue? will google restrict things if not certified?

Edit.. yeah i don't think it's that, i see its already been tested on the sunmi v2s.

1970578978 commented 5 months ago

Hello, I also encountered the same problem.But because I cannot access the Google network, the device has been certified by GMS. When my device can access Google, everything works fine