AEADBadTagException when getting a secure setting

[johnnyasantoss]

Description

The error occurs when trying to get a secure setting.
I don't have exactly a reproducible environment, but what happen to me is that I was a few day without build this app that I'm developing and now It throws AEADBadTagException (I'm developing it solo, so there where no modifications between this two builds - from the same branch, same rev)

Basic Information

• Version with issue: 0.8.0-preview
• IDE: Visual Studio 15.7.5 & Rider 2018.1.3
• Platform Target Frameworks:
  • Android: 7.1 API 25
• Android Support Library Version: 27.0.2.1

Stacktrace:

 Javax.Crypto.AEADBadTagException: Exception of type 'Javax.Crypto.AEADBadTagException' was thrown. ---> Java.Lang.Exception: Signature/MAC verification failed
   --- End of inner exception stack trace ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <f32579baafc1404fa37ba3ec1abdc0bd>:0 
  at Java.Interop.JniEnvironment+InstanceMethods.CallNonvirtualObjectMethod (Java.Interop.JniObjectReference instance, Java.Interop.JniObjectReference type, Java.Interop.JniMethodInfo method, Java.Interop.JniArgumentValue* args) [0x00089] in <7802aa64ad574c33adca332a3fa9706a>:0 
  at Java.Interop.JniPeerMembers+JniInstanceMethods.InvokeNonvirtualObjectMethod (System.String encodedMember, Java.Interop.IJavaPeerable self, Java.Interop.JniArgumentValue* parameters) [0x0001f] in <7802aa64ad574c33adca332a3fa9706a>:0 
  at Javax.Crypto.Cipher.DoFinal (System.Byte[] input, System.Int32 inputOffset, System.Int32 inputLen) [0x00052] in <263adecfa58f4c449f1ff56156d886fd>:0 
  at Xamarin.Essentials.AndroidKeyStore.Decrypt (System.Byte[] data) [0x0005f] in <39c36f0831c64fc491c61f5f8d5bbdb5>:0 
  at Xamarin.Essentials.SecureStorage.PlatformGetAsync (System.String key) [0x0004f] in <39c36f0831c64fc491c61f5f8d5bbdb5>:0 
  at Xamarin.Essentials.SecureStorage.GetAsync (System.String key) [0x00013] in <39c36f0831c64fc491c61f5f8d5bbdb5>:0 
...
javax.crypto.AEADBadTagException
	at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
	at javax.crypto.Cipher.doFinal(Cipher.java:2114)
	at md51558244f76c53b6aeda52c8a337f2c37.GenericMenuClickListener.n_onMenuItemClick(Native Method)
	at md51558244f76c53b6aeda52c8a337f2c37.GenericMenuClickListener.onMenuItemClick(GenericMenuClickListener.java:30)
	at android.support.v7.view.menu.MenuItemImpl.invoke(MenuItemImpl.java:167)
	at android.support.v7.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:973)
	at android.support.v7.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:963)
	at android.support.v7.widget.ActionMenuView.invokeItem(ActionMenuView.java:624)
	at android.support.v7.view.menu.ActionMenuItemView.onClick(ActionMenuItemView.java:150)
	at android.view.View.performClick(View.java:5640)
	at android.view.View$PerformClick.run(View.java:22455)
	at android.os.Handler.handleCallback(Handler.java:751)
	at android.os.Handler.dispatchMessage(Handler.java:95)
	at android.os.Looper.loop(Looper.java:154)
	at android.app.ActivityThread.main(ActivityThread.java:6165)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:888)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:778)
Caused by: android.security.KeyStoreException: Signature/MAC verification failed
	at android.security.KeyStore.getKeyStoreException(KeyStore.java:666)
	at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
	at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
	at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
	... 17 more

...
 at OnAppearing in MainPage

[jamesmontemagno]

Have you updated to the latest version 0.9.1?

[jamesmontemagno]

Does this key exist?

[johnnyasantoss]

Have you updated to the latest version 0.9.1?

Yes, wrapped the code that gets the setting in a try and it is "working".

string secureValue;
try
{
    secureValue = await SecureStorage.GetAsync(key);
}
catch (Exception e)
{
    Debug.WriteLine(e);
    secureValue = null;
}

I still got an exception, and given that SecureStorage doesn't have a ExistsAsync I assumed that it would return null when the setting isn't set.

Does this key exist?

No.

This API should throw this error when there isn't a setting with the given key?

[jamesmontemagno]

Ah, if it doesn't exist it should return null @Redth

[jamesmontemagno]

I just tested this locally and if the key doesn't exist it returns null for me. I believe we changed this in 0.9.1-preview.

I can not reproduce this as it will return null and will never try to get it.

[johnnyasantoss]

Well, as it is working in the 0.9.1 and we don't have the steps to reproduce, I think we can close this.

[jgiacomini]

I have the same error on 0.10 version.
We test it on 3 different devices : I have this error only on Nokia 8.

[jamesmontemagno]

Where and how are you running the code? Can you also provide a full stack trace.

Additionally full information on the device and OS.

[JamesSinclairBiomni]

I am getting the same error on version 0.10, only on android device (samsung s8 in this case)

We're using appcenter.ms to deploy internal builds for testing and the problem seems to be occuring if you've uninstalled the app and then re-install it again. Installing over the top of an existing install seems to work.

I've attached the full output from appcenter crash reporting
AEADBadTagExceptionError.txt

Had a brief look at the source and is it something to do with the KeyStore getting cleared on uninstall but the preferences not getting removed, so we end up trying to decrypt with a new key

[jamesmontemagno]

Hmmm interesting maybe that is the repo to do stuff, uninstall and reinstall?

[jamesmontemagno]

I think maybe we can catch this and then remove the key perhaps... makes some sense as it gets backed up.. hmmm

[jamesmontemagno]

So for a short work around you can turn off auto backup if your app doesn't need any of these features:
https://developer.android.com/guide/topics/data/autobackup

<application android:allowBackup="false" ... >