Partial reads of HMAC bytes with libnss and AES/CBC throws java.security.ProviderException

[tjcelaya]

As noted in #250 there are cases where MantaEncryptedObjectInputStream will fail to read all the bytes requested. This is possible since java.io.InputStream.read(byte[], int, int) warns that:

An attempt is made to read as many as len bytes, but a smaller number may be read.

Unfortunately the test cases created for partial reads in #251 fail on CBC ciphers if libnss is installed. It may be possible to add configuration values to nss.cfg which resolve this issue or there may be a deeper problem that requires a bug to be filed with libnss or the JDK.

Pasted below is the exception thrown:

java.security.ProviderException: doFinal() failed
  at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:776)
  at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:543)
  at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:526)
  at javax.crypto.Cipher.doFinal(Cipher.java:2048)
  at org.bouncycastle.jcajce.io.CipherInputStream.finaliseCipher(Unknown Source)
  at org.bouncycastle.jcajce.io.CipherInputStream.close(Unknown Source)
  at org.apache.commons.io.IOUtils.closeQuietly(IOUtils.java:339)
  at org.apache.commons.io.IOUtils.closeQuietly(IOUtils.java:270)
  at com.joyent.manta.client.crypto.MantaEncryptedObjectInputStream.close(MantaEncryptedObjectInputStream.java:711)
  ... test case frames omitted
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_ACTIVE
  at sun.security.pkcs11.wrapper.PKCS11.C_DecryptInit(Native Method)
  at sun.security.pkcs11.P11Cipher.initialize(P11Cipher.java:445)
  at sun.security.pkcs11.P11Cipher.ensureInitialized(P11Cipher.java:429)
  at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:744)
  ... common frames omitted

[indianwhocodes]

#545 is related to the problem observed here.