Skip to content
This repository has been archived by the owner on Oct 10, 2019. It is now read-only.

Seen "android.security.KeyStoreException: Invalid user authentication validity duration" during testing on Nexus 6p #5

Closed
sohamtriveous opened this issue Feb 1, 2016 · 6 comments
Closed

Seen "android.security.KeyStoreException: Invalid user authentication validity duration" during testing on Nexus 6p #5

sohamtriveous opened this issue Feb 1, 2016 · 6 comments

Comments

@sohamtriveous
Copy link

When we change the AUTHENTICATION_DURATION_SECONDS variable (which represents the user authentication validity duration - in seconds) in MainActivity.java to a low value like 5 and keep calling TryEncrypt repeatedly by exiting the app and coming back to it repeatedly on a nexus 6p, the following Runtime Exception is seen intermittently:

Process: com.example.android.confirmcredential, PID: 2530
java.lang.RuntimeException: java.security.InvalidKeyException: Keystore operation failed
    at com.example.android.confirmcredential.MainActivity.tryEncrypt(MainActivity.java:129)
    at com.example.android.confirmcredential.MainActivity.access$000(MainActivity.java:53)
    at com.example.android.confirmcredential.MainActivity$1.onClick(MainActivity.java:89)
    at android.view.View.performClick(View.java:5204)
    at android.view.View$PerformClick.run(View.java:21153)
    at android.os.Handler.handleCallback(Handler.java:739)
    at android.os.Handler.dispatchMessage(Handler.java:95)
    at android.os.Looper.loop(Looper.java:148)
    at android.app.ActivityThread.main(ActivityThread.java:5417)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
 Caused by: java.security.InvalidKeyException: Keystore operation failed
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:692)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:712)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108)
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612)
    at javax.crypto.Cipher.tryCombinations(Cipher.java:532)
    at javax.crypto.Cipher.getSpi(Cipher.java:437)
    at javax.crypto.Cipher.init(Cipher.java:815)
    at javax.crypto.Cipher.init(Cipher.java:774)
    at com.example.android.confirmcredential.MainActivity.tryEncrypt(MainActivity.java:109)
    at com.example.android.confirmcredential.MainActivity.access$000(MainActivity.java:53) 
    at com.example.android.confirmcredential.MainActivity$1.onClick(MainActivity.java:89) 
    at android.view.View.performClick(View.java:5204) 
    at android.view.View$PerformClick.run(View.java:21153) 
    at android.os.Handler.handleCallback(Handler.java:739) 
    at android.os.Handler.dispatchMessage(Handler.java:95) 
    at android.os.Looper.loop(Looper.java:148) 
    at android.app.ActivityThread.main(ActivityThread.java:5417) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 
 Caused by: android.security.KeyStoreException: Invalid user authentication validity duration
    at android.security.KeyStore.getKeyStoreException(KeyStore.java:629)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:712) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108) 
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612) 
    at javax.crypto.Cipher.tryCombinations(Cipher.java:532) 
    at javax.crypto.Cipher.getSpi(Cipher.java:437) 
    at javax.crypto.Cipher.init(Cipher.java:815) 
    at javax.crypto.Cipher.init(Cipher.java:774) 
    at com.example.android.confirmcredential.MainActivity.tryEncrypt(MainActivity.java:109) 
    at com.example.android.confirmcredential.MainActivity.access$000(MainActivity.java:53) 
    at com.example.android.confirmcredential.MainActivity$1.onClick(MainActivity.java:89) 
    at android.view.View.performClick(View.java:5204) 
    at android.view.View$PerformClick.run(View.java:21153) 
    at android.os.Handler.handleCallback(Handler.java:739) 
    at android.os.Handler.dispatchMessage(Handler.java:95) 
    at android.os.Looper.loop(Looper.java:148) 
    at android.app.ActivityThread.main(ActivityThread.java:5417) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 

Steps to reproduce:

  1. Change AUTHENTICATION_DURATION_SECONDS to a low value like 5 and launch the app
  2. Click on Purchase
  3. Exit the app by clicking back
  4. Come back to the app
  5. Repeat steps 2-4, till the app crashes

Other notes

  • my fork of the repo can be used to reproduce the issue (just that one parameter changed)
  • seen on the nexus 6p with the demo app as well as my app (I'm trying to integrate Confirm Credentials into the same)
  • this happens with other values of AUTHENTICATION_DURATION_SECONDS as well, like 0 or 10
@sohamtriveous
Copy link
Author

Couldn't reproduce this on the nexus 5 on Android 6.0 with pin based authentication (unlike the fingerprint based auth I was trying on the nexus 6p.

@flschweiger
Copy link

This is still reproducible on a Nexus 6P running Android 7.0. The crash happens in all my apps which use the KeyStore provider 😞

@Gopinathp
Copy link

On MiA1 running Android O, the request key guard action, runs in a loop and is not able to confirm credential. tryEncrypt() always fails with UserNotAuthenticatedException.

@yashasvigirdhar
Copy link

Hey @Gopinathp ,

I am facing the same issue. Were you able to fix it somehow?

@patrickfav
Copy link

Unfortunately the Android Keystore System API is not well specified on what parameters are valid an what not, so you are at the mercy of the KeyMaster HAL implementation (See this similar issue where setting a high value crashes: https://issuetracker.google.com/issues/73483926). Setting a value of 5 sec probably won't make much practical sense, since 5 seconds is a extremely short amount of time and any delay will break the process.

Nevertheless, there is not much you can do, it is, with many things Android, trail&error because of the high fragmentation. As a side node: AFAIK Google Pay uses a delay of 20 minutes, so I guess this should work on most devices.

@codingjeremy
Copy link
Contributor

This sample has been deprecated/archived (check README for more information on newer samples related to this technology).

As recommended by GitHub, we are closing all issues and pull requests.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Gopinathp @sohamtriveous @yashasvigirdhar @patrickfav @codingjeremy @flschweiger