Android cryptography crash when using KeyStore key

[borrrden]

Description

I apologize ahead of time for the lack of concrete details here, but I'm hoping that someone more familiar with this area than me can make sense of what is happening. I am getting a JNI crash originating from the libSystem.Security.Cryptography.Native.Android.so native library and I suspect it is because of the hideous and hard to understand hierarchy of crypto objects in the Android ecosystem.

There appears to be an invariant inside of the PAL here that the private key always be of type RSAPrivateCrtKey but I find this is not the case when using KeyStore keys. The type that ends up being used is android.security.keystore.AndroidKeyStoreRSAPrivateKey which I do not think implements the above interface. The stack trace only goes back as far as that so I cannot determine what exactly in my code is causing it. I have a test that will reproduce this 100% but it's far from minimal. It sets up a TLS authenticated server and tries to communicate with it in various good and bad ways. All of them I am pretty sure use RSA.Create() to generate their key material.

This is running on Android API 24, which is shortly after a large TLS change in Android that got everybody confused and upset:

09-20 12:03:35.240 F/libc    ( 5098): Fatal signal 6 (SIGABRT), code -6 in tid 5145 (.NET Long Runni)
09-20 12:03:35.240 W/        (  877): debuggerd: handling request: pid=5098 uid=10062 gid=10062 tid=5145
09-20 12:03:35.300 F/DEBUG   ( 5160): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-20 12:03:35.300 F/DEBUG   ( 5160): Build fingerprint: 'Android/sdk_phone_arm64/generic_arm64:7.0/NYC/8695085:userdebug/test-keys'
09-20 12:03:35.300 F/DEBUG   ( 5160): Revision: '0'
09-20 12:03:35.300 F/DEBUG   ( 5160): ABI: 'arm64'
09-20 12:03:35.300 F/DEBUG   ( 5160): pid: 5098, tid: 5145, name: .NET Long Runni  >>> couchbase.lite.tests.maui <<<
09-20 12:03:35.300 F/DEBUG   ( 5160): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
09-20 12:03:35.300 F/DEBUG   ( 5160): Abort message: 'art/runtime/java_vm_ext.cc:470] JNI DETECTED ERROR IN APPLICATION: can't call java.math.BigInteger java.security.interfaces.RSAPrivateCrtKey.getPublicExponent() on instance of android.security.keystore.AndroidKeyStoreRSAPrivateKey'
09-20 12:03:35.300 F/DEBUG   ( 5160):     x0   0000000000000000  x1   0000000000001419  x2   0000000000000006  x3   0000000000000008
09-20 12:03:35.300 F/DEBUG   ( 5160):     x4   0000000000000198  x5   0000007cee2d56ac  x6   70552dee7c000000  x7   0000007cee2d5570
09-20 12:03:35.300 F/DEBUG   ( 5160):     x8   0000000000000083  x9   ffffffffffffffdf  x10  0000000000000000  x11  0000000000000001
09-20 12:03:35.300 F/DEBUG   ( 5160):     x12  ffffffffffffffff  x13  0000000000000001  x14  00000000000055f7  x15  0000000000001fe3
09-20 12:03:35.300 F/DEBUG   ( 5160):     x16  0000007cee317ed0  x17  0000007cee2c1264  x18  0000000000000000  x19  0000007cc26b24f8
09-20 12:03:35.300 F/DEBUG   ( 5160):     x20  0000000000000006  x21  0000007cc26b2450  x22  000000000000000b  x23  0000000000000871
09-20 12:03:35.300 F/DEBUG   ( 5160):     x24  ffffffffffffffff  x25  0000007ced1fc730  x26  0000007ced1866f0  x27  0000007cc26ad4b1
09-20 12:03:35.300 F/DEBUG   ( 5160):     x28  0000007ced14c96b  x29  0000007cc26ad3e0  x30  0000007cee2be70c
09-20 12:03:35.300 F/DEBUG   ( 5160):     sp   0000007cc26ad3c0  pc   0000007cee2c126c  pstate 0000000060000000
09-20 12:03:35.301 F/DEBUG   ( 5160): 
09-20 12:03:35.301 F/DEBUG   ( 5160): backtrace:
09-20 12:03:35.301 F/DEBUG   ( 5160):     #00 pc 000000000006b26c  /system/lib64/libc.so (tgkill+8)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #01 pc 0000000000068708  /system/lib64/libc.so (pthread_kill+64)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #02 pc 0000000000023c68  /system/lib64/libc.so (raise+24)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #03 pc 000000000001c6ec  /system/lib64/libc.so (abort+52)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #04 pc 000000000042c380  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+352)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #05 pc 00000000000e4c24  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+1204)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #06 pc 00000000002ec030  /system/lib64/libart.so (_ZN3art9JavaVMExt8JniAbortEPKcS2_+2172)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #07 pc 00000000002ec304  /system/lib64/libart.so (_ZN3art9JavaVMExt9JniAbortVEPKcS2_St9__va_list+120)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #08 pc 0000000000101880  /system/lib64/libart.so (_ZN3art11ScopedCheck6AbortFEPKcz+156)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #09 pc 0000000000104ec4  /system/lib64/libart.so (_ZN3art11ScopedCheck17CheckMethodAndSigERNS_18ScopedObjectAccessEP8_jobjectP7_jclassP10_jmethodIDNS_9Primitive4TypeENS_10InvokeTypeE+1880)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #10 pc 00000000001039c0  /system/lib64/libart.so (_ZN3art8CheckJNI11CallMethodVEPKcP7_JNIEnvP8_jobjectP7_jclassP10_jmethodIDSt9__va_listNS_9Primitive4TypeENS_10InvokeTypeE+740)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #11 pc 00000000000f5890  /system/lib64/libart.so (_ZN3art8CheckJNI16CallObjectMethodEP7_JNIEnvP8_jobjectP10_jmethodIDz+160)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #12 pc 000000000001e1c4  /data/app/couchbase.lite.tests.maui-1/lib/arm64/libSystem.Security.Cryptography.Native.Android.so (AndroidCryptoNative_GetRsaParameters+152)
09-20 12:03:35.301 F/DEBUG   ( 5160):     #13 pc 0000000000006398  <anonymous:0000007ce4002000>

Reproduction Steps

Unfortunately I don't have one of these. Perhaps someone could figure out how the invariant got violated here?

Expected behavior

Lack of JNI crash

Actual behavior

See above trace.

Regression?

This is a test that used to pass. However, I upgraded both .NET and Android API minimum so it's unclear which one is ultimately responsible here.

Known Workarounds

No response

Configuration

No response

Other information

No response

[borrrden]

I created an API 35 emulator and this crash still happens there too.

[borrrden]

I went back to the previous version of our project released a year or so ago. It happens there too (using .NET 8 instead of .NET 9) so it seems like this is not a recent thing. The Android crypto change in M is probably the culprit but I think .NET needs to be able to handle this situation. I'm still not sure exactly what the circumstances are of this being called.

[borrrden]

Adding a bit more specificity, it seems this happens when I stop and start my server side logic. It's strange because presumably the key being used is exactly the same as the previous server. This aligns with the usage as when the server starts it will attempt to get the public key data so that it can verify that the cert and key match (this is c++ logic). That means calling RSA.ExportParameters(false) which will lead down this path, but just calling that method is not enough. There is some other condition that is causing this that I cannot track down yet.

[dotnet-policy-service]

Tagging subscribers to 'arch-android': @vitek-karas, @simonrozsival, @steveisok, @akoeplinger
See info in area-owners.md if you want to be subscribed.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.