stripe-terminal-android icon indicating copy to clipboard operation
stripe-terminal-android copied to clipboard

Published 20 hours ago verified publisher icon stripe

StrongBoxUnavailableException/ProviderException: Failed to generate key error when connecting Tap to Pay reader

Open wkol opened this issue 8 months ago • 4 comments

Summary

This issue follows the problem encountered in this issue, where an attempt to connect to the Tap to Pay reader resulted in a crash of the Stripe AIDL process. After upgrading the SDK to version 3.6.0, the crashes mentioned in the original issue indeed disappeared. However, some new crashes have appeared in the same place (connection process). The stack traces (so far, we have encountered two variants of this crash) are a bit different, but it seems that the problem is during the generation of the hardware backed key:

  1. Variant:
Caused by android.security.keystore.StrongBoxUnavailableException/
Failed to generate key
keyboard_arrow_up
android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey (AndroidKeyStoreKeyGeneratorSpi.java:411)
javax.crypto.KeyGenerator.generateKey (KeyGenerator.java:612)
java.lang.reflect.Method.invoke (Method.java)
com.s.s.As$14140.Dashboard (Unknown Source:142)
Caused by android.security.KeyStoreException
No StrongBox available
  1. Variant
Caused by java.security.ProviderException
Keystore key generation failed
keyboard_arrow_up
android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey (AndroidKeyStoreKeyGeneratorSpi.java:413)
javax.crypto.KeyGenerator.generateKey (KeyGenerator.java:612)
java.lang.reflect.Method.invoke (Method.java)
com.s.s.As$14140.Dashboard (Unknown Source:142)
Caused by android.security.KeyStoreException
System error (internal Keystore code: 4 message: system/security/keystore2/src/security_level.rs:693: In generate_key. 10351, Some("asp_key") Caused by: 0: system/security/keystore2/src/security_level.rs:691: While generating Key without explicit attestation key. 1: Binder exception code TRANSACTION_FAILED, 0)

Again, the crashes occur on Samsung devices, so there is probably an issue with their software, but maybe you could figure out some workaround. Also, since the exception says that the StrongBox is not available, I wonder if you could add a StrongBox check to the method supportsReaderOfType() or return TerminalErrorCode.LOCAL_MOBILE_UNSUPPORTED_DEVICE in case of connection on a device where the StrongBox is not available.

Code to reproduce

Well so far I couldn't reproduce this, but if I succeed i will provide the code.

Android version

Mostly 14

Impacted devices (Android devices or readers)

Samsung devices/Tap to Pay reader

SDK version

3.6.0

wkol avatar Jun 07 '24 14:06 wkol