[BUG] PKCS12 do Mac valid failed with other algorithm

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[BUG] PKCS12 do Mac valid failed with other algorithm


Hello, there:

The isMacValid() method in org.bouncycastle.pkcs.PKCS12PfxPdu has something wrong,

When I use sm3 do mac, make a p12 file.

There is generate code :

pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(new SM3Digest(),new AlgorithmIdentifier(GMObjectIdentifiers.sm3)), passwd);


When I do mac verify, the pfxmdata (mine) parameters’s value is null. But mData (BC generate) parameters’s value is DERNull.

Other values are the same.

When compare two byte[] , there are make a mistake.

The constantTimeAreEqual() return false, because pfxmdata was not equals mData.

Can we Just compare diginfo ? or change code in JcePKCS12MacCalculatorBuilderProvider ?

return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);