Skip to content

Keep PBMAC1s PBKDF2 PRF when initializing from protectionAlgorithm. #2070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mt-johan wants to merge 1 commit into from
Closed

Keep PBMAC1s PBKDF2 PRF when initializing from protectionAlgorithm. #2070

mt-johan wants to merge 1 commit into from
+26 −0

Conversation

@mt-johan
Copy link
Contributor

@mt-johan mt-johan commented May 1, 2025

(Contributed under the Bouncy Caste License.)

Even though HMAC with SHA3-512 is requested for both PRF and MAC using JcePBMac1CalculatorProviderBuilder, the default PRF is used.

ASN.1 example dump:

 0 128: SEQUENCE {
  3   9:   OBJECT IDENTIFIER pkcs5PBMAC1 (1 2 840 113549 1 5 14)
 14 115:   SEQUENCE {
 16 100:     SEQUENCE {
 18   9:       OBJECT IDENTIFIER pkcs5PBES2 (1 2 840 113549 1 5 13)
 29  87:       SEQUENCE {
 31  64:         OCTET STRING
       :           61 20 73 61 6C 74 20 73 61 6C 74 79 20 73 61 6C
       :           74 79 20 73 61 6C 74 79 20 73 61 6C 74 79 20 73
       :           61 6C 74 79 20 73 61 6C 74 79 20 73 61 6C 74 79
       :           20 73 61 6C 74 79 20 73 61 6C 74 2D 73 61 6C 74
 97   2:         INTEGER 1024
101   1:         INTEGER 64
104  12:         SEQUENCE {
106   8:           OBJECT IDENTIFIER hmacWithSHA256 (1 2 840 113549 2 9)
116   0:           NULL
       :           }
       :         }
       :       }
118  11:     SEQUENCE {
120   9:       OBJECT IDENTIFIER '2 16 840 1 101 3 4 2 16'
       :       }
       :     }
       :   }

This also breaks for example PBMAC1 validation of CMP in EJBCA for any other alg than hmacWithSHA256.

@mt-johan mt-johan mentioned this pull request May 1, 2025
Merged
3 tasks
@dghgit
Copy link
Contributor

dghgit commented Jun 3, 2025

Thanks for the patch. Merged!

@dghgit dghgit closed this Jun 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mt-johan @dghgit