KeyStoreException: Unsupported purpose

[esclear]

Today, I tried to set up Seedvault backup on a BQ Aquaris X (bardock) device with a fresh install of LineageOS 20, namely the lineage-20.0-20230404-nightly build.

Seedvault provided me with a BIP39 mnemonic phrase, which I noted down and then confirmed successfully.

When I tried to activate app backups, Seedvault asked for the BIP phrase again and the app crashed reproducibly, after entering it / confirming the phrase.

Relevant ADB log

04-10 18:29:47.847   731   813 W TransactionTracing: Could not find layer handle 0x722643cad0
04-10 18:29:48.365   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.366   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.367   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.368   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.369   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.369   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.371   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.373   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.548   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.550   731   813 W TransactionTracing: Could not find layer id -1
04-10 18:29:48.828   494   494 W [email protected]: Not performing software digesting for symmetric cipher keys
04-10 18:29:48.828   494   494 W [email protected]: Not performing software digesting for symmetric cipher keys
04-10 18:29:48.839   494   494 E keymaster1_device: Import key send cmd failed
04-10 18:29:48.839   494   494 E keymaster1_device: ret: 0
04-10 18:29:48.840   494   494 E keymaster1_device: resp->status: -2
04-10 18:29:48.840   492  4490 E keystore2: keystore2::error: In import_key: Trying to call importKey
04-10 18:29:48.840   492  4490 E keystore2:
04-10 18:29:48.840   492  4490 E keystore2: Caused by:
04-10 18:29:48.840   492  4490 E keystore2:     Error::Km(ErrorCode(-2))
04-10 18:29:48.842  3865  3865 D AndroidRuntime: Shutting down VM
--------- beginning of crash
04-10 18:29:48.901  3865  3865 E AndroidRuntime: FATAL EXCEPTION: main
04-10 18:29:48.901  3865  3865 E AndroidRuntime: Process: com.stevesoltys.seedvault, PID: 3865
04-10 18:29:48.901  3865  3865 E AndroidRuntime: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:558)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: Caused by: java.lang.reflect.InvocationTargetException
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	... 1 more
04-10 18:29:48.901  3865  3865 E AndroidRuntime: Caused by: java.security.KeyStoreException: Failed to import secret key.
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.security.keystore2.AndroidKeyStoreSpi.setSecretKeyEntry(AndroidKeyStoreSpi.java:807)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.security.keystore2.AndroidKeyStoreSpi.engineSetEntry(AndroidKeyStoreSpi.java:1177)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at java.security.KeyStore.setEntry(KeyStore.java:1617)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.stevesoltys.seedvault.crypto.KeyManagerImpl.storeMainKey(KeyManager.kt:80)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.stevesoltys.seedvault.ui.recoverycode.RecoveryCodeViewModel.verifyExistingCode(RecoveryCodeViewModel.kt:78)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.stevesoltys.seedvault.ui.recoverycode.RecoveryCodeInputFragment.done(RecoveryCodeInputFragment.kt:159)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.stevesoltys.seedvault.ui.recoverycode.RecoveryCodeInputFragment.access$done(RecoveryCodeInputFragment.kt:41)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at com.stevesoltys.seedvault.ui.recoverycode.RecoveryCodeInputFragment$onViewCreated$2.onClick(RecoveryCodeInputFragment.kt:122)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.view.View.performClick(View.java:7506)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.view.View.performClickInternal(View.java:7483)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.view.View.-$$Nest$mperformClickInternal(Unknown Source:0)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.view.View$PerformClick.run(View.java:29357)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.os.Handler.handleCallback(Handler.java:942)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:99)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.os.Looper.loopOnce(Looper.java:201)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:288)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:7884)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	... 3 more
04-10 18:29:48.901  3865  3865 E AndroidRuntime: Caused by: android.security.KeyStoreException: Unsupported purpose (internal Keystore code: -2 message: In import_key: Trying to call importKey
04-10 18:29:48.901  3865  3865 E AndroidRuntime:
04-10 18:29:48.901  3865  3865 E AndroidRuntime: Caused by:
04-10 18:29:48.901  3865  3865 E AndroidRuntime:     Error::Km(ErrorCode(-2))) (public error code: 13 internal Keystore code: -2)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:369)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:57)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.security.KeyStoreSecurityLevel.importKey(KeyStoreSecurityLevel.java:166)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	at android.security.keystore2.AndroidKeyStoreSpi.setSecretKeyEntry(AndroidKeyStoreSpi.java:804)
04-10 18:29:48.901  3865  3865 E AndroidRuntime: 	... 19 more
04-10 18:29:48.908  1573  4899 I DropBoxManagerService: add tag=system_app_crash isTagEnabled=true flags=0x2
04-10 18:29:48.910  1573  2995 W ActivityTaskManager:   Force finishing activity com.stevesoltys.seedvault/.settings.SettingsActivity

This seems similar to https://github.com/seedvault-app/seedvault/issues/375, which was closed (seemingly because it was stale), but not resolved.

[grote]

#375 was closed, because it happened on a device LineageOS does not officially support. The custom port did something wrong with the KeyStore.

bardock is on 18.1 (Android 11) which we don't support anymore. Not sure of LineageOS is still supportin 18.1

[esclear]

As far as the LOS device wiki is concerned, the current version for bardock is 20, so Android 13.

18.1 was the last (stable, I think) release after which support was dropped (afaict for lack of maintainers), but it is supported and maintained again as of LOS 20.

[grote]

Pinging @mikeNG for Lineage.

[grote]

closing, because Lineage issue.

[esclear]

closing, because Lineage issue.

Do you have any additional info on this? Is this caused by LineageOS?

[chirayudesai]

Yes, it's a device-specific issue.

Keystore is not working properly, you should file an issue with LineageOS / your device maintainer about it.

Once that's fixed, SeedVault should start working.