whorlwind icon indicating copy to clipboard operation
whorlwind copied to clipboard

Published 20 hours ago verified publisher icon square

Crash when attempting to decrypt after adding new fingerprints

Open xxfast opened this issue 6 years ago • 2 comments

Steps to reproduce

  1. Open the sample app and register at least one value
  2. Close the app and head to settings to add additional fingerprints
  3. Reopen the sample app and try to read the previously stored value.. and it will crash

A few issues

  1. Upon reading the previously stored value, it returns a NEEDS_AUTH instead of an error state, (because new fingerprints was added)
  2. If you use any finger other than whats registered, its returns a RECOVERABLE_ERROR and asking users to retry - even though the number of fingerprints had changed
  3. And it crashes.. when you try to use any of the registered fingers

Crashlog

2018-10-30 13:24:11.113 26955-26955/com.squareup.whorlwind.sample I/Whorlwind: Failed to decrypt.
    javax.crypto.IllegalBlockSizeException
        at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:519)
        at javax.crypto.Cipher.doFinal(Cipher.java:1736)
        at com.squareup.whorlwind.FingerprintAuthOnSubscribe$2.onAuthenticationSucceeded(FingerprintAuthOnSubscribe.java:138)
        at android.hardware.fingerprint.FingerprintManager$MyHandler.sendAuthenticatedSucceeded(FingerprintManager.java:1314)
        at android.hardware.fingerprint.FingerprintManager$MyHandler.handleMessage(FingerprintManager.java:1224)
        at android.os.Handler.dispatchMessage(Handler.java:105)
        at android.os.Looper.loop(Looper.java:164)
        at android.app.ActivityThread.main(ActivityThread.java:6938)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:327)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1374)
     Caused by: android.security.KeyStoreException: Key user not authenticated
        at android.security.KeyStore.getKeyStoreException(KeyStore.java:1137)
        at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:132)
        at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:217)
        at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
        at javax.crypto.Cipher.doFinal(Cipher.java:1736) 
        at com.squareup.whorlwind.FingerprintAuthOnSubscribe$2.onAuthenticationSucceeded(FingerprintAuthOnSubscribe.java:138) 
        at android.hardware.fingerprint.FingerprintManager$MyHandler.sendAuthenticatedSucceeded(FingerprintManager.java:1314) 
        at android.hardware.fingerprint.FingerprintManager$MyHandler.handleMessage(FingerprintManager.java:1224) 
        at android.os.Handler.dispatchMessage(Handler.java:105) 
        at android.os.Looper.loop(Looper.java:164) 
        at android.app.ActivityThread.main(ActivityThread.java:6938) 
        at java.lang.reflect.Method.invoke(Native Method) 
        at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:327) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1374) 

EDIT: ITS A SAMSUNG!!!

xxfast avatar Oct 30 '18 02:10 xxfast

Thanks for reporting; I wasn't able to reproduce the bug. Could you tell me which version of Android you're running that on?

oldergod avatar Oct 30 '18 18:10 oldergod

This usually happens on Samsung, and sometimes LG phones. It's a bug in their operating system. I think the same thing happens if you remove a fingerprint after installing the app. Here are two models that crashes:

Android: 8.0.0 Manufacturer: samsung Model: SM-G950F

Android: 8.0.0 Manufacturer: samsung Model: SM-G930F

Rickard80 avatar Nov 21 '18 16:11 Rickard80