Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-26158

[CLUSTERING] Intermittent javax.crypto.BadPaddingException in sym/asym encrypt test

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 8.0.0.GA-CR2, 8.1.0.Beta
    • Clustering
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Scenario: we have a 4 nodes cluster where each node is configured to use Asymmetric encryption for clustered traffic:

      embed-server --server-config=standalone-ha.xml
/subsystem=infinispan/cache-container=web/distributed-cache=testDist:add()
/subsystem=infinispan/cache-container=web/distributed-cache=testDist/component=locking:write-attribute(name=isolation, value=REPEATABLE_READ)
/subsystem=infinispan/cache-container=web/distributed-cache=testDist/component=transaction:write-attribute(name=mode, value=BATCH)
/subsystem=infinispan/cache-container=web:write-attribute(name=default-cache, value=testDist)
# ASYM_ENCRYPT: Configured with algorithms and key sizes: secret key is generated and distributed by coordinator
batch
/subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8)
/subsystem=jgroups/stack=udp/protocol=AUTH/token=digest:add(algorithm=SHA-512, shared-secret-reference={clear-text=123PIPPOBAUDO})
/subsystem=jgroups/stack=tcp/protocol=AUTH:add(add-index=8)
/subsystem=jgroups/stack=tcp/protocol=AUTH/token=digest:add(algorithm=SHA-512, shared-secret-reference={clear-text=123PIPPOBAUDO})
run-batch
/subsystem=jgroups/stack=udp/protocol=ASYM_ENCRYPT:add(add-index=5,properties={sym_keylength=128,sym_algorithm=AES/ECB/PKCS5Padding,asym_keylength=512,asym_algorithm=RSA})
/subsystem=jgroups/stack=tcp/protocol=ASYM_ENCRYPT:add(add-index=5,properties={sym_keylength=128,sym_algorithm=AES/ECB/PKCS5Padding,asym_keylength=512,asym_algorithm=RSA})
# we had an error with UDP on PSI
if (outcome != success) of /subsystem=jgroups:read-attribute(name=default-stack)
/subsystem=jgroups/channel=ee:write-attribute(name=stack,value=tcp)
else
/subsystem=jgroups:write-attribute(name=default-stack,value=tcp)
/subsystem=jgroups/channel=ee:write-attribute(name=stack,value=tcp)
end-if

      At the end of the test, when a node is stopped, sometimes we observe this exception on another node:

      2023-11-30 09:41:37,762 INFO  [org.infinispan.LIFECYCLE] (non-blocking-thread--p2-t1) [Context=org.infinispan.ROLES] ISPN100010: Finished rebalance with members [wildfly2, wildfly3, wildfly4], topology id 55
2023-11-30 09:41:37,773 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-53,ejb,wildfly4) wildfly4: failed decrypting message from wildfly3 (offset=0, length=16, buf.length=16): javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption., headers are RequestCorrelator: corr_id=0, type=RSP, req_id=77, rsp_expected=true, FORK: ejb:web, UNICAST3: DATA, seqno=34805, conn_id=3, ASYM_ENCRYPT: EncryptHeader [version=45F291A4F968613D593E8AD0506E4AB0]
2023-11-30 09:41:37,877 INFO  [org.infinispan.CLUSTER] (thread-47,ejb,wildfly4) ISPN100001: Node wildfly1 left the cluster

      The issue is intermittent;

      Complete logs in eap-8.x-clustering-http-session-encrypt-asym#155.zip

        1. eap-8.x-clustering-http-session-encrypt-asym#155.zip
          190 kB

              Unassigned Unassigned
              tborgato@redhat.com Tommaso Borgato
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: