Skip to content

Keep PBMAC1s PBKDF2 PRF when initializing from protectionAlgorithm. #2070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Keep PBMAC1s PBKDF2 PRF when initializing from protectionAlgorithm. #2070

wants to merge 1 commit into from

Conversation

mt-johan
Copy link

@mt-johan mt-johan commented May 1, 2025

(Contributed under the Bouncy Caste License.)

Even though HMAC with SHA3-512 is requested for both PRF and MAC using JcePBMac1CalculatorProviderBuilder, the default PRF is used.

ASN.1 example dump:

 0 128: SEQUENCE {
  3   9:   OBJECT IDENTIFIER pkcs5PBMAC1 (1 2 840 113549 1 5 14)
 14 115:   SEQUENCE {
 16 100:     SEQUENCE {
 18   9:       OBJECT IDENTIFIER pkcs5PBES2 (1 2 840 113549 1 5 13)
 29  87:       SEQUENCE {
 31  64:         OCTET STRING
       :           61 20 73 61 6C 74 20 73 61 6C 74 79 20 73 61 6C
       :           74 79 20 73 61 6C 74 79 20 73 61 6C 74 79 20 73
       :           61 6C 74 79 20 73 61 6C 74 79 20 73 61 6C 74 79
       :           20 73 61 6C 74 79 20 73 61 6C 74 2D 73 61 6C 74
 97   2:         INTEGER 1024
101   1:         INTEGER 64
104  12:         SEQUENCE {
106   8:           OBJECT IDENTIFIER hmacWithSHA256 (1 2 840 113549 2 9)
116   0:           NULL
       :           }
       :         }
       :       }
118  11:     SEQUENCE {
120   9:       OBJECT IDENTIFIER '2 16 840 1 101 3 4 2 16'
       :       }
       :     }
       :   }

This also breaks for example PBMAC1 validation of CMP in EJBCA for any other alg than hmacWithSHA256.

@mt-johan mt-johan mentioned this pull request May 1, 2025
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mt-johan