Assigned
Status Update
No update yet.
Comments
ra...@google.com
Information redacted by Android Beta Feedback.
ra...@google.com
Thank you for reporting this issue. For us to further investigate this issue, please provide the following additional information:
Complete steps to reproduce
What steps do others need to take in order to reproduce the issue themselves?
Current output (Error message if any)
What do you see instead?
Screen Record of the Issue
Please capture screen record or video of the issue using following steps:
adb shell screenrecord /sdcard/video.mp4
Subsequently use following command to pull the recorded file:
adb pull /sdcard/video.mp4
Attach the file to this issue
Note: Please upload the files to google drive and share the folder to android-bugreport@google.com, then share the link here.
Complete steps to reproduce
What steps do others need to take in order to reproduce the issue themselves?
Current output (Error message if any)
What do you see instead?
Screen Record of the Issue
Please capture screen record or video of the issue using following steps:
adb shell screenrecord /sdcard/video.mp4
Subsequently use following command to pull the recorded file:
adb pull /sdcard/video.mp4
Attach the file to this issue
Note: Please upload the files to google drive and share the folder to android-bugreport@google.com, then share the link here.
me...@amd.com
HI,
Attached is a screenshot of the error message.
I get this message everytime I try to tap and pay.
I am guessing that it's because you have released the stable Android 15
QPR2 and I am stuck on the beta verson.
On Thu, 6 Mar 2025 at 09:22, <buganizer-system@google.com> wrote:
Attached is a screenshot of the error message.
I get this message everytime I try to tap and pay.
I am guessing that it's because you have released the stable Android 15
QPR2 and I am stuck on the beta verson.
On Thu, 6 Mar 2025 at 09:22, <buganizer-system@google.com> wrote:
ny...@google.com
I have had this error on the beta since December, updated to the stable now and it still like this.
me...@amd.com
But ideally for android 15, signing using ed25519 key (i.e , ed25519 signature algorithm) needs to be supported right?
Conscrypt internally uses boringssl/openssl which already supports it, so why aosp does not support and reports error?
Also, how VTS related test pass in this?
Conscrypt internally uses boringssl/openssl which already supports it, so why aosp does not support and reports error?
Also, how VTS related test pass in this?
me...@amd.com
Will it be supported in future?
ny...@google.com
@pr...@google.com - This looks like depending on Conscrypt support for Curve 25519
Could you please take a look at this.
Description
2. Steps to reproduce the problem:
Run cts test "testCurve25519Attestation" test case in CtsKeystoreTestCases
command:
run cts -m CtsKeystoreTestCases -t android.keystore.cts.KeyAttestationTest#testCurve25519Attestation
3. What happened:
testCurve25519Attestation always fails with the error : java.security.NoSuchAlgorithmException: 1.3.101.112 Signature not available
The x509 certificate is signed with ed25519 root key and ed25519 signature algorithm looks like not supported yet.
2-28 15:25:27 I/ModuleListener: [1/1]
Failed to verify certificate Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ED25519
Issuer: CN=Android Keystore Key
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: CN=Android Keystore Key
Subject Public Key Info:
Public Key Algorithm: ED25519
Public Key algorithm unsupported
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
1.3.6.1.4.1.11129.2.1.17:
0..Q...,
.....,
......0U..=.....N<BQ..EE.C0A1.0...android.keystore.cts..#1". ...&e/..-1..vs<.h[......,W...s..0....1....................1...........w.....>......@,0*.....
... p..YZv.l....=\.h.j...8%...NO.o....A....I...B........F...celadon_x86_64..G...celadon_x86_64..H...celadon_x86_64..L...AMD..M...celadon Android-x86_64..N....4.m..O....4.`
Signature Algorithm: ED25519
78:e1:23:c9:08:95:4b:95:8a:8d:8b:34:83:e7:10:a5:04:53:
b1:2c:e1:af:a9:ba:f1:3e:06:4e:71:6c:b4:97:40:3d:30:c8:
6f:c1:b7:c8:ab:07:b8:1f:ed:27:96:75:4d:9b:13:95:25:48:
95:da:dd:85:58:9e:74:1d:7b:0a
with public key X509PublicKey [algorithm=1.3.101.112, encoded=[48, 42, 48, 5, 6, 3, 43, 101, 112, 3, 33, 0, -17, -69, 1, -13, -5, 116, -38, 67, -81, 67, -39, -40, -96, -58, 92, -12, 124, 87, -20, 102, 13, 43, 62, -88, 16, 105, -19, -29, 4, -12, 86, -111]]
at android.keystore.cts.KeyAttestationTest.verifyCertificateChain(KeyAttestationTest.java:1954)
at android.keystore.cts.KeyAttestationTest.testCurve25519Attestations(KeyAttestationTest.java:1105)
at android.keystore.cts.KeyAttestationTest.testCurve25519Attestation(KeyAttestationTest.java:1072)
... 8 trimmed
Caused by: java.security.NoSuchAlgorithmException: 1.3.101.112 Signature not available
at java.security.Signature.getInstance(Signature.java:367)
at com.android.org.conscrypt.OpenSSLX509Certificate.verifyInternal(OpenSSLX509Certificate.java:398)
at com.android.org.conscrypt.OpenSSLX509Certificate.verify(OpenSSLX509Certificate.java:419)
at android.keystore.cts.KeyAttestationTest.verifyCertificateChain(KeyAttestationTest.java:1922)
... 11 more
4. What you think the correct behaviour should be:
x509 certificate signed with ed25519 signature algorithm should be successfully verified.
As per the documentation in "libcore/ojluni/src/main/java/java/security/Signature.java", ed25519 signature shall be supported for API level > = 33, but still for android 15, it is not supported yet.
* <td>Ed25519</td>
* <td>33+</td>
* </tr>
5. Bug report: attached in the drive