Authentication error: Failed to decrypt data
Options
KevinB
✭
Hi,
when I am stress testing my server with a bunch of clients, I consistently seeing error message like this:
2012-12-13 19:02:53,482 [129] WARN Photon.SocketServer.PeerBase [(null)] - Disconnecting peer 3280: Unexpected data received
and looks like this happens during the authentication phase, it complains something about
Failed to decrypt data: msg=Padding is invalid and cannot be removed
here's the full log of the error:
[code2=xml]2012-12-13 19:02:50,783 [16] DEBUG OperationData [(null)] - OnReceive - ConnID=3280, data=(106 bytes) F3-06-00-00-01-01-78-00-00-00-5F-8E-39-29-AF-CC-C5-F8-3B-FB-20-54-F3-69-2B-BA-6B-CD-2F-45-CF-B4-62-04-C2-1D-6B-DD-BC-7F-3A-45-21-76-39-DF-7C-1B-82-23-9A-74-3C-E8-09-E2-66-76-51-3A-14-6C-9A-04-08-B8-F1-3D-9F-26-A3-7F-2A-F5-09-2A-10-A1-D5-CD-EB-C4-9E-65-3B-C5-F9-96-C0-6F-73-C7-6D-83-8D-32-6C-99-8B-5F-CE-26-6E-5D-01-81
2012-12-13 19:02:51,158 [124] DEBUG Photon.SocketServer.PeerBase [(null)] - InitializeEncryption: conId=3280, HashMode=SHA256, Paddin=PKCS7
2012-12-13 19:02:51,158 [124] DEBUG OperationData [(null)] - SentOpResponse: ConnID=3280, opCode=0, return=0, ChannelId=0, result=Ok, data=(110 bytes) F3-07-00-00-00-2A-00-01-01-78-00-00-00-60-3E-7B-29-84-A6-67-3F-8E-2F-39-5F-0C-FF-DA-E2-C8-6D-D8-F2-C8-91-82-B9-B2-10-DD-F9-A0-1D-42-80-2C-C0-7A-FC-B0-00-CD-01-F9-E3-02-0B-22-16-C8-E0-86-D9-36-A8-8F-7D-9E-27-2F-AA-E3-B9-07-63-40-CC-25-1A-7D-B3-60-C6-72-7D-CE-25-9E-C5-4F-A3-E7-68-54-57-B4-9B-29-81-53-72-36-94-0B-FD-B6-55-9A-79-A8
2012-12-13 19:02:52,281 [4] DEBUG OperationData [(null)] - OnReceive - ConnID=3280, data=(50 bytes) F3-82-4A-43-0D-54-E4-78-25-E7-09-47-B7-39-6E-39-4B-71-D1-F5-77-D3-35-3A-4B-76-20-13-92-B1-47-FB-C7-8C-F1-A3-31-E8-3B-64-17-F4-0E-D4-CF-43-2C-29-63-CD
2012-12-13 19:02:53,482 [129] DEBUG Photon.SocketServer.Security.RijndaelCryptoProvider [(null)] - Failed to decrypt data: msg=Padding is invalid and cannot be removed., offset=2, count=48, padding=PKCS7, key=A6-08-8F-8F-07-E8-13-DF-87-73-8E-56-E7-6E-CF-76-CE-15-B4-70-1C-7A-5F-6D-8E-35-41-E3-C5-9C-F2-15, data=F3-82-4A-43-0D-54-E4-78-25-E7-09-47-B7-39-6E-39-4B-71-D1-F5-77-D3-35-3A-4B-76-20-13-92-B1-47-FB-C7-8C-F1-A3-31-E8-3B-64-17-F4-0E-D4-CF-43-2C-29-63-CD
2012-12-13 19:02:53,482 [129] DEBUG Photon.SocketServer.PeerBase [(null)] - Failed to parse operation request for peer with connection id 3280.
2012-12-13 19:02:53,482 [129] WARN Photon.SocketServer.PeerBase [(null)] - Disconnecting peer 3280: Unexpected data received[/code2]
any ideas? Thanks.
K
when I am stress testing my server with a bunch of clients, I consistently seeing error message like this:
2012-12-13 19:02:53,482 [129] WARN Photon.SocketServer.PeerBase [(null)] - Disconnecting peer 3280: Unexpected data received
and looks like this happens during the authentication phase, it complains something about
Failed to decrypt data: msg=Padding is invalid and cannot be removed
here's the full log of the error:
[code2=xml]2012-12-13 19:02:50,783 [16] DEBUG OperationData [(null)] - OnReceive - ConnID=3280, data=(106 bytes) F3-06-00-00-01-01-78-00-00-00-5F-8E-39-29-AF-CC-C5-F8-3B-FB-20-54-F3-69-2B-BA-6B-CD-2F-45-CF-B4-62-04-C2-1D-6B-DD-BC-7F-3A-45-21-76-39-DF-7C-1B-82-23-9A-74-3C-E8-09-E2-66-76-51-3A-14-6C-9A-04-08-B8-F1-3D-9F-26-A3-7F-2A-F5-09-2A-10-A1-D5-CD-EB-C4-9E-65-3B-C5-F9-96-C0-6F-73-C7-6D-83-8D-32-6C-99-8B-5F-CE-26-6E-5D-01-81
2012-12-13 19:02:51,158 [124] DEBUG Photon.SocketServer.PeerBase [(null)] - InitializeEncryption: conId=3280, HashMode=SHA256, Paddin=PKCS7
2012-12-13 19:02:51,158 [124] DEBUG OperationData [(null)] - SentOpResponse: ConnID=3280, opCode=0, return=0, ChannelId=0, result=Ok, data=(110 bytes) F3-07-00-00-00-2A-00-01-01-78-00-00-00-60-3E-7B-29-84-A6-67-3F-8E-2F-39-5F-0C-FF-DA-E2-C8-6D-D8-F2-C8-91-82-B9-B2-10-DD-F9-A0-1D-42-80-2C-C0-7A-FC-B0-00-CD-01-F9-E3-02-0B-22-16-C8-E0-86-D9-36-A8-8F-7D-9E-27-2F-AA-E3-B9-07-63-40-CC-25-1A-7D-B3-60-C6-72-7D-CE-25-9E-C5-4F-A3-E7-68-54-57-B4-9B-29-81-53-72-36-94-0B-FD-B6-55-9A-79-A8
2012-12-13 19:02:52,281 [4] DEBUG OperationData [(null)] - OnReceive - ConnID=3280, data=(50 bytes) F3-82-4A-43-0D-54-E4-78-25-E7-09-47-B7-39-6E-39-4B-71-D1-F5-77-D3-35-3A-4B-76-20-13-92-B1-47-FB-C7-8C-F1-A3-31-E8-3B-64-17-F4-0E-D4-CF-43-2C-29-63-CD
2012-12-13 19:02:53,482 [129] DEBUG Photon.SocketServer.Security.RijndaelCryptoProvider [(null)] - Failed to decrypt data: msg=Padding is invalid and cannot be removed., offset=2, count=48, padding=PKCS7, key=A6-08-8F-8F-07-E8-13-DF-87-73-8E-56-E7-6E-CF-76-CE-15-B4-70-1C-7A-5F-6D-8E-35-41-E3-C5-9C-F2-15, data=F3-82-4A-43-0D-54-E4-78-25-E7-09-47-B7-39-6E-39-4B-71-D1-F5-77-D3-35-3A-4B-76-20-13-92-B1-47-FB-C7-8C-F1-A3-31-E8-3B-64-17-F4-0E-D4-CF-43-2C-29-63-CD
2012-12-13 19:02:53,482 [129] DEBUG Photon.SocketServer.PeerBase [(null)] - Failed to parse operation request for peer with connection id 3280.
2012-12-13 19:02:53,482 [129] WARN Photon.SocketServer.PeerBase [(null)] - Disconnecting peer 3280: Unexpected data received[/code2]
any ideas? Thanks.
K
0
Comments
-
This problem is related to encryption. In this context it's important we know which server and client SDKs you use (platform and version, as much detail as possible).
We recently fixed an issue in this area but I'm not sure if this led to this log output.
Please provide the info and if you're ok with it, a reproduction client would be a great help. The faster we can reproduce, the better it's fixable.
If you send a client, mail to: developer@exitgames.com (with a reference to this post please).0 -
client sdk: c++ Photon_v3.0.4.0
server sdk: 3.0.37.3631
The client is pretty simple. I am just using the c++ LoadBalancing example, and simply call mLoadBalancingClient.connect. I have roughly 400 clients connecting to a small Amazon EC2 box within a 15s windows.
during connection phase, I am calling mLoadBalancingClient.service() 100 times a second, that's 10ms between each call.
corresponding client output:
2012-12-17 15:50:20,460421 INFO LoadBalancingClient.cpp onStatusChanged() line: 534 - connected to masterserver
2012-12-17 15:50:20,508101 INFO LoadBalancingPeer.cpp opAuthenticate() line: 90 - OperationRequest - operationCode: 230 {224="MyApplication", 220="1.0.0.0"}
2012-12-17 15:50:20,540913 ERROR NetworkLogic.cpp connectionErrorReturn() line: 281 - code: 1043 connection failed with error 10430 -
Thanks for the data.
We did some tests already but our C++ developer is on vacation and we need him for further checks. It's some kind of misunderstanding between client and server while calculating the same secret key.
Please bear with us. We'll back back in full strength in January.0 -
Thanks Tobias,
will check back with u guys in Jan.
meanwhile can u guys reproduce the problem?
K0 -
Hi Kevin.
We have been able to reproduce the issue and are working on a fix right now.
In the meantime as a workaround you could simply set the SEND_AUTHENTICATE_ENCRYPTED constant in LoadBalancingClient.cpp to false and recompile the LoadBalancing lib.0 -
Keep in mind that your game no longer sends the appID (or anything else) as encrypted. While this is not the biggest secret of all, you should just remember to switch back when a fix is available.as a workaround you could simply set the SEND_AUTHENTICATE_ENCRYPTED constant in LoadBalancingClient.cpp to false0 -
Thanks. Would like to understand under what circumstances this issue will occur, trying to see if there's workaround other than turning off encryption.
Also, is there a ETA on this? Thanks.
K0 -
Sorry, but we don't know yet, when it's occuring, just that it has happend in less then 0,5% of the cases for us over a sample size of about 100.000 authentication operations.
This issue has top priority for us right now and we hope, that we can deliver a fix next week.0 -
Update:
We have fixed this issue and will probably release the fix tomorrow.0 -
Thanks a lot!
so do i have to download the latest client sdk or the server one?
K0 -
The client one. It will be version 3.0.4.20
-
The new client SDKs are available in the download area, now.0
