CpabeCli.jar keygen causing javax.crypto.BadPaddingException in cpabe-server
overview
The failing job and commit linked bellow demonstrates that the custom randomly generated keys created with CpabeCli.jar are causing test_003_cpabe_server
to
fail on this test: test_003_download_and_decrypt_sse_keys
:
Job #9021 failed for 74a7d00b:
A hotfix has been implemented to re-implement fixtures, see this job and commit
Job #9023 passed for 0b7c79c4:
But it is obviously a security issue so should be addressed as soon as possible
more details
Inspecting the output of the cpabe-server (with docker logs cpabe-server
on the cloud node) revealed the following error :
javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
(full traceback attached here: cpabe-server.error.log)
tasks
-
determine source of padding error -
implement fix -
deploy and ensure e2e tests are passing