naveridlogin-sdk-android icon indicating copy to clipboard operation
naveridlogin-sdk-android copied to clipboard

Published 20 hours ago verified publisher icon naver

[Bug Report] com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal

Open Hooooong opened this issue 8 months ago • 0 comments

Bug Report

재현 환경

사용중인 네아로 SDK 버전

4.2.6 -> 5.9.1

Android 버전

Android 14, 13, 12, 11, 10

재현되는 기기 모델명

여러 기기들

이슈

이슈 명세

Naver Login SDK 를 4.2.6 에서 5.9.1 로 업데이트 진행하고, androidx.startup 의 Initializer 를 통해 NaverIdLoginSDK.initialize 를 호출할 때 exception 발생

기대한 결과

실제 결과

재현 시나리오

Stack trace

Exception java.lang.RuntimeException: Unable to get provider androidx.startup.InitializationProvider: androidx.startup.StartupException: javax.crypto.AEADBadTagException
  at android.app.ActivityThread.installProvider (ActivityThread.java:8333)
  at android.app.ActivityThread.installContentProviders (ActivityThread.java:7833)
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:7582)
  at android.app.ActivityThread.-$$Nest$mhandleBindApplication
  at android.app.ActivityThread$H.handleMessage (ActivityThread.java:2400)
  at android.os.Handler.dispatchMessage (Handler.java:106)
  at android.os.Looper.loopOnce (Looper.java:226)
  at android.os.Looper.loop (Looper.java:313)
  at android.app.ActivityThread.main (ActivityThread.java:8762)
  at java.lang.reflect.Method.invoke
  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:604)
  at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1067)
Caused by androidx.startup.StartupException: javax.crypto.AEADBadTagException
  at androidx.startup.AppInitializer.doInitialize (AppInitializer.java:187)
  at androidx.startup.AppInitializer.discoverAndInitialize (AppInitializer.java:238)
  at androidx.startup.AppInitializer.discoverAndInitialize (AppInitializer.java:206)
  at androidx.startup.InitializationProvider.onCreate (InitializationProvider.java:45)
  at android.content.ContentProvider.attachInfo (ContentProvider.java:2522)
  at android.content.ContentProvider.attachInfo (ContentProvider.java:2492)
  at android.app.ActivityThread.installProvider (ActivityThread.java:8328)
Caused by javax.crypto.AEADBadTagException:
  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal (AndroidKeyStoreCipherSpiBase.java:617)
  at javax.crypto.Cipher.doFinal (Cipher.java:2114)
  at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal (AndroidKeystoreAesGcm.java:118)
  at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt (AndroidKeystoreAesGcm.java:101)
  at com.google.crypto.tink.KeysetHandle.decrypt (KeysetHandle.java:919)
  at com.google.crypto.tink.KeysetHandle.readWithAssociatedData (KeysetHandle.java:804)
  at com.google.crypto.tink.KeysetHandle.read (KeysetHandle.java:785)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readMasterkeyDecryptAndParseKeyset (AndroidKeysetManager.java:381)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:297)
  at androidx.security.crypto.EncryptedSharedPreferences.create (EncryptedSharedPreferences.java:169)
  at androidx.security.crypto.EncryptedSharedPreferences.create (EncryptedSharedPreferences.java:130)
  at com.navercorp.nid.preference.EncryptedPreferences.migration (EncryptedPreferences.kt:157)
  at com.navercorp.nid.preference.EncryptedPreferences.setContext (EncryptedPreferences.kt:73)
  at com.navercorp.nid.NaverIdLoginSDK.initialize (NaverIdLoginSDK.kt:86)
  at com.#.#.#.util.initializer.NaverSDKInitializer.create (NaverSDKInitializer.kt:14)
  at  com.#.#.#.util.initializer.NaverSDKInitializer.create (NaverSDKInitializer.kt:9)
  at androidx.startup.AppInitializer.doInitialize (AppInitializer.java:180)
Caused by android.security.KeyStoreException: Signature/MAC verification failed (internal Keystore code: -30 message: In KeystoreOperation::finish

Caused by:
    0: In finish: KeyMint::finish failed.
    1: Error::Km(ErrorCode(-30))) (public error code: 10 internal Keystore code: -30)
  at android.security.KeyStore2.getKeyStoreException (KeyStore2.java:418)
  at android.security.KeyStoreOperation.handleExceptions (KeyStoreOperation.java:78)
  at android.security.KeyStoreOperation.finish (KeyStoreOperation.java:128)
  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.finish (KeyStoreCryptoOperationChunkedStreamer.java:228)
  at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal (KeyStoreCryptoOperationChunkedStreamer.java:181)
  at android.security.keystore2.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal (AndroidKeyStoreAuthenticatedAESCipherSpi.java:396)
  at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal (AndroidKeyStoreCipherSpiBase.java:609)

Reference

Hooooong avatar Jun 27 '24 03:06 Hooooong