4 Replies Latest reply on May 20, 2009 11:05 AM by 843811

    getKey throws an exception on multi-thread env even if it is synchronized

    843811
      Hello,

      I got the following exception when I used KeyStore#getKey method on multi-thread environment.

      java.security.UnrecoverableKeyException: Given final block not properly padded
      at com.sun.crypto.provider.SunJCE_z.a(DashoA13*..)
      at com.sun.crypto.provider.JceKeyStore.engineGetKey(DashoA13*..)
      at java.security.KeyStore.getKey(KeyStore.java:763)
      at KeyStoreTest.run(KeyStoreTest.java:43)
      at java.lang.Thread.run(Thread.java:619)

      This is similar to the topic "Is KeyStore thread safe?"(Jan 29, 2008 8:40 PM), I suppose.
      In the topic, KeyStore#getKey should be synchronized because it isn't thread safe.
      Therefore I synchronized it, but this problem still occurred.


      I used the following program for a duration test.
      About in 1 hour, the exception always occurs.

      import java.io.FileInputStream;
      import java.io.IOException;
      import java.io.InputStream;
      import java.security.Key;
      import java.security.KeyStore;

      public class KeyStoreTest implements Runnable {

      public final static String KSFILE = ".\\.jcekeystore"; // Please change here. Your "JCEKS" file name.
      public static String sLock = "lock";

      public static void main(String[] args) {
      Thread[] threads;
      int count = 20;
      while (true) {
      threads = new Thread[count];
      for (int i = 0; i < count; i++) {
      threads[i] = new Thread(new KeyStoreTest());
      threads.start();
      }
      for (int i = 0; i < count; i++) {
      if (threads[i].isAlive()) {
      try {
      threads[i].join();
      } catch (InterruptedException e) {}
      }
      }
      }
      }

      public void run() {
      InputStream is = null;
      try {
      is = new FileInputStream(KSFILE);
      Key key;
      synchronized (sLock) {
      //System.out.print("start - ");
      KeyStore store = KeyStore.getInstance("jceks");
      store.load(is, "12345678".toCharArray());     // Please change here. PIN code.
      String alias = "alias"; // Please change here. Alias.
      String keypassed = "keypasswd"; // Please change here. Key Password.
      key = store.getKey(alias, keypassed.toCharArray());
      //System.out.println("end");
      }
      System.out.println(key.getAlgorithm());
      } catch (Exception e) {
      e.printStackTrace(System.err);
      System.exit(0);
      } finally {
      if (is != null) {
      try {
      is.close();
      } catch (IOException e) {}
      is = null;
      }
      }
      }
      }

      I think there's no problem in my test program.
      Do you have any information about the problem?

      My test environment is below:
      Java : jre1.6.0 update 13
      OS : Windows XP


      I tested this code with jre1.5.0 update 18, too.
      But I didn't get the exception.

      Thanks,
      Masanori Hayashi
        • 1. Re: getKey throws an exception on multi-thread env even if it is synchronized
          EJP
          You're using different KeyStore objects in every thread, so there is no apparent need for synchronization at all here.
          • 2. Re: getKey throws an exception on multi-thread env even if it is synchronized
            843811
            Hello, ejp.

            Thank you for your advice.
            I tried the duration test without synchronization.
            But the problem still occurs.
            Therefore it seems that there would be some problem at Java side.

            Do you have any other informaiton?

            Thanks.
            • 3. xcon2009 is coming and calling for paper
              843811
              XCon 2009 XFocus Information Security Conference Call for Paper
              August, 18th - 19th, 2009, Beijing, China (http://xcon.xfocus.net)
              Upholding rigorous work style , Xcon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.

              Attenders
              Anyone who loves information security, including information security experts and fans, network administrators, network security consultants, CIO, hacker technique fans.

              Location : Beijing kaiyuan Hotel ( http://www.kaiyuanhotels.com/jiudian/beijing_index.asp )


              Topics Range (but unlimited):

              --- Security in new fields
              - Vista
              - Web 2.0
              - 3G/4G network
              - Mobile Handset (Symbian / IPhone / Android / Windows Mobile )
              - Banks & financial institutes
              - Business Information System
              - Virtualzation
              - New vulnerability discovering

              --- Application security
              - Web application vulnerability research
              - Application reverse engineering and related automated tools
              - Database security & attacks
              - Protocol security & exploitation
              - Advanced Trojans, worms and backdoor technique
              - Encryption & decryption technique
              - Routing device

              --- Intrusion detection/forensics analysis
              - File system analysis & recovery
              - Real-time data structure recovery
              - Reverse engineering (malicious code analysis technique, vulnerability research)
              - Intrusion detection and anti-detection technique
              - Traffic analysis

              --- Wireless & VoIP security
              - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
              - PDA & mobile protocol analysis
              - Palm, Pocket Pc
              - Wireless gateway
              - VoIP security & vulnerability analysis
              - WLANs hardening & vulnerability analysis

              ---P2P technique
              - Instant messenger (MSN, Skype, ICQ, etc.)
              - P2P application (BT, Emule, Thunder, online multi-media, etc.)

              Paper Submission:
              The papers need include informations as follow:
              1) Brief introduction to the topic and whether the topic had been publicized, and if so, the publized range.
              2) Introduction to yourself .
              3) Contact information: full name, alias, nationality, network nickname, e-mail, tel, fax, current working place and company, IM (MSN, ICQ,YM, AIM or others).
              4) Presentation details:
              - how long is the presentation
              - if any new tool/vulnerability/exploit will be released
              5) The paper need include both PPT (for presentation) and WORD (for detailed description) in MS Office or OpenOffice format.

              All the papers will be submitted to cfp@xfocus.org for preliminary selection. The deadline for submission is July,10th, 2009, and confirmed by the deadline July, 18th, 2009. No matter if the paper is accepted, we will officially inform you within 5 work days.

              Important dates
              * Deadline for submission : July,10th, 2009
              * Deadline for confirmation : July, 18th, 2009

              Speakers' privilege
              If your paper is accepted by XCon, you will be invited to give an individual lecture in XCon. The speakers will be provided with :
              - Round-trip plane ticket (Economy class, one person only, Foreign speakers up to $1,200 .)
              - Two days' food and accommodation
              - Invitation to celebration party
              - Sightseeing some famous places of interest in Beijing, tasting Chinese flavored food
              - Luck draw
              PS:
              - Speakers must provide corresponding invoice or credential.
              - XCon owns the right of final explanation about the conference.

              For more information about the conference, please contact xcon@xfocus.org or professional XCon2009 organizer. MSN: xfocusxcon@hotmail.com; tel : 086-010-62029792

              Application for Attending:
              In order to attend the conference, please register at XCon website (http://xcon.xfocus.net) or directly contact the organizer mentioned above. We will offer different discounts according to the time of application.
              Attenders' food and accommodation will be covered by themselves, and XCon will provide restaurant reservation and other service.

              Other information :
              All the information about XCon will be released on XCon and Xfocus website. Please visit http://xcon.xfocus.org/ for more information about speakers, agenda and previous XCon documents.


              Thank you for your support to XCon.
              • 4. Re: getKey throws an exception on multi-thread env even if it is synchronized
                843811
                Hi All,

                I reported this problem to the Bug Database.
                And, it was registered as a bug.

                If you got interested in this problem,
                please see
                http://bugs.sun.com/view_bug.do?bug_id=6842552

                Thanks.