Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TTP - Failed to generate key pair [Android13] #465

Open
raymiec opened this issue May 27, 2024 · 2 comments
Open

TTP - Failed to generate key pair [Android13] #465

raymiec opened this issue May 27, 2024 · 2 comments

Comments

@raymiec
Copy link

raymiec commented May 27, 2024

On Android 13, Using a Sunmi p3 Device, I'm getting the following error, "Failed to generate key pair"

implementation("com.stripe:stripeterminal-localmobile:3.5.0")
implementation("com.stripe:stripeterminal-core:3.5.0")

class=TerminalSession
com.stripe.stripeterminal.external.models.TerminalException: Failed to generate key pair.
	at com.stripe.stripeterminal.internal.common.adapter.CotsAdapter.checkAndThrowCotsError(CotsAdapter.kt:462)
	at com.stripe.stripeterminal.internal.common.adapter.CotsAdapter.onReaderActivated(CotsAdapter.kt:310)
	at com.stripe.stripeterminal.internal.common.adapter.ProxyAdapter.onReaderActivated(ProxyAdapter.kt:99)
	at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession.activateReader$terminalsession_release(TerminalSession.kt:575)
	at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession$ConnectReaderOperation.execute(TerminalSession.kt:1845)
	at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession$ExternalOperation.run$terminalsession_release(TerminalSession.kt:1130)
	at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession.enqueueOperation$lambda$6(TerminalSession.kt:979)
	at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession.$r8$lambda$9_FdDGpM1BaifeFRjKBBfCCLP6o(Unknown Source:0)
	at com.stripe.stripeterminal.internal.common.terminalsession.TerminalSession$$ExternalSyntheticLambda0.run(D8$$SyntheticClass:0)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:463)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
	at java.lang.Thread.run(Thread.java:1012)

i wrote some code to test if i could generate RSA and AES on the device using the hardware backed key store. This is the output.

2024-05-27 14:19:05.693  7255-7255  private       dk....nerationtest  E  android.security.keystore2.AndroidKeyStoreRSAPrivateKey@f401adac
2024-05-27 14:19:05.695  7255-7255  public        dk....nerationtest  E  OpenSSLRSAPublicKey{modulus=9fc17fdb41027c564252aa9c9bded9a5aae082a331fe966a02eecad4de9dedd4d994a81d8c1019373fb680ea414b673f04ea46bd60b157c112b4e6d939ac393251f572e506c07702ff128bc67a9262ba179c5e6af08a2d4555b3e749ce714b8fa4f292c76c564e12e4e1fd8b53d926fead9807132b72a76503c77279d484b327fe12c5b16b64aa9cb11d09ae956b7e66bf13d55a0793803ff7c495704224f18a2fac04dc0ad5eb621b1540779c15d3b0028dc5d4e818a12af02679c77fc6be6f6e45db656ccaf9c879c77a1630409e5d2ce1ee33c36d0fd35d18bdf60bfe60d9e52d2bb2c04d8e1db7f5f87cc60cfcbf2d5d60c55573d71573b218fc44351a51,publicExponent=10001}
2024-05-27 14:19:05.708  7255-7255  KEY           dk....nerationtest  E  sc: android.security.keystore2.AndroidKeyStoreSecretKey@ce006d23
2024-05-27 14:19:05.712  7255-7255  AES           dk....nerationtest  E  AES KEY: android.security.keystore2.AndroidKeyStoreSecretKey@ce006d23
2024-05-27 14:19:05.963  7255-7255  KeyStore      dk....nerationtest  D  RSA Key is hardware-backed: true
2024-05-27 14:19:05.979  7255-7255  KeyStore      dk....nerationtest  D  AES Key is hardware-backed: true

Indicates that it was successful and we do indeed have a hardware backed keystore.

This also returns true Terminal.getInstance().supportsReadersOfType(readers.get(0).getDeviceType(),config).isSupported()

and this is the relevant error from the OS

keystore2::remote_provisioning: In get_remote_provisioning_key_and_certs: Error occurred: In get_rem_prov_attest_key: Failed to get a key
                                                                         
                                                                         Caused by:
                                                                             0: In get_rem_prov_attest_key_helper: Failed to assign a key
                                                                             1: In assign_attestation_key: 
                                                                             2: In with_transaction.
                                                                             3: Out of keys.
                                                                             4: Error::Rc(ResponseCode(22))
2024-05-27 14:24:41.805   707-707   Keyma...Utils and...-service-qti  E  rsp_header->status: -74
2024-05-27 14:24:41.805   707-707   KeyMa...evice and...-service-qti  E  keymint_generate_key
2024-05-27 14:24:41.805   707-707   KeyMa...evice and...-service-qti  E  ret: -74
2024-05-27 14:24:41.805   741-761   keystore2     keystore2           E  keystore2::error: In generate_key.
                                                                         
                                                                         Caused by:
                                                                             0: While generating Key without explicit attestation key.
                                                                             1: Error::Km(ErrorCode(-74))
@raymiec
Copy link
Author

raymiec commented May 29, 2024
edited
Loading

Further inspection, seems like it might be using google services for generating the keys, These devices ain't google play certified. Could the certification be the issue? will google restrict things if not certified?

Edit.. yeah i don't think it's that, i see its already been tested on the sunmi v2s.

@1970578978
Copy link

Hello, I also encountered the same problem.But because I cannot access the Google network, the device has been certified by GMS. When my device can access Google, everything works fine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raymiec @1970578978