tags:

views:

248

answers:

3
+3  Q: 

IBM WEME J9 Invalid Padding Exception

I am using the IBM Websphere Everyplace Micro Environment JVM on a Windows Mobile 6 device. My application uses HTTPS connections and I have everything set up appropriately to use the J9JSSE package for SSL/TLS. Some messages that are being transmitted on the HTTPS connection are getting through just fine, but others are causing an exception on the client:

java.io.IOException: invalid padding
    at com.ibm.oti.crypto.Util.unpadTLS10(Unknown Source)
    at com.ibm.oti.crypto.CL3BasedProvider.decryptImpl(Unknown Source)
    at com.ibm.oti.crypto.CL3BasedProvider.cryptUpdate(Unknown Source)
    at com.ibm.oti.crypto.Key.cryptFinish(Unknown Source)
    at com.ibm.j9.ssl.CipherAlgorithm.decipher(Unknown Source)
    at com.ibm.j9.jsse.SSLSocketImpl.readData(Unknown Source)
    at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source)
    at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fillbuf(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readln(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readServerResponse(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.sendRequest(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.doRequest(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.getInputStream(Unknown Source)

I have tried playing around with the Apache Tomcat server to confgure the cipher suite that is being used and the only one that will work is:

SSL_RSA_WITH_NULL_SHA

but this doesn't actually do any encryption (specified here by the null) so it is of no use to me. The default cipher suite that is used is:

SSL_RSA_WITH_3DES_EDE_CBC_SHA

And this along with all others that I have tried have this padding problem. Does anyone know what might be causing the problem and how I might solve it?

I found a single forum post where someone suggested that there was a bug in the J9 CBC implementation, but it seems strange that there is no other information on this anywhere online. Any help with this issue would be greatly appreciated.

A: 

Which JDK provider are you using for running Apache Tomcat server? If you are not using IBM JDK then you may want to try using that. This will ensure that cipher suite provider on both client and server is same (IBM).

http://www.ibm.com/developerworks/java/jdk/

Update: Can you use same JVM provider as Tomcat Server, for Windows Mobile 6? Which JDK provider are you using for running Apache Tomcat server?

Gladwin Burboz  2010-02-08 23:35:53
Unfortunately running our Tomcat server on another JVM is not an option.
DaveJohnston  2010-02-09 14:36:30
The tomcat server is running using the standard sun JVM, which doesn't work with the IBM J9 JVM. We tried another JVM in the past and we were able to use the standard Sun JSSE and JCE files, but this JVM doesn't let us do that.
DaveJohnston  2010-02-12 16:09:40
+1  A: 

The following Cipher Suites are supported by the J9 JSSE implementation: J9 JSSE and Provider Details

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_NULL_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • TLS_RSA_WITH_AES_128_CBC_SHA

.

User thirdparty Open SSL on tomcat

SSL or TLS cipher suites names from the relevant specification and their OpenSSL equivalents

SSL v3.0 cipher suites.

 SSL_RSA_WITH_3DES_EDE_CBC_SHA ----> DES-CBC3-SHA
 SSL_RSA_WITH_DES_CBC_SHA ---------> DES-CBC-SHA
 SSL_RSA_WITH_NULL_SHA ------------> NULL-SHA
 SSL_RSA_WITH_NULL_MD5 ------------> NULL-MD5
 SSL_RSA_WITH_RC4_128_SHA ---------> RC4-SHA
 SSL_RSA_WITH_RC4_128_MD5 ---------> RC4-MD5

AES ciphersuites from RFC3268, extending TLS v1.0

 TLS_RSA_WITH_AES_128_CBC_SHA -----> AES128-SHA

.

If possible, see if you can use Open SSL on IBM Websphere Everyplace Micro Environment JVM as well. If not then try using J9 JSSE on Tomcat.

Point here being to have server and client using same cipher suites.

Gladwin Burboz  2010-02-09 21:03:17
A: 

So the ultimate answer I came to was to switch to a different JVM. Very little support available from IBM and just trying to get someone to sell us licences for their JVM was proving very difficult. I guess they only like to deal with huge organisations.

Now using CEE-J from Skelmir and so far it is a lot more promising.

DaveJohnston  2010-04-08 09:27:20

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java