[BUG] PKCS12 do Mac valid failed with other algorithm

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[BUG] PKCS12 do Mac valid failed with other algorithm

Gsealy

Hello, there:

The isMacValid() method in org.bouncycastle.pkcs.PKCS12PfxPdu has something wrong,

When I use sm3 do mac, make a p12 file.

There is generate code :

pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(new SM3Digest(),new AlgorithmIdentifier(GMObjectIdentifiers.sm3)), passwd);

 

When I do mac verify, the pfxmdata (mine) parameters’s value is null. But mData (BC generate) parameters’s value is DERNull.

Other values are the same.

When compare two byte[] , there are make a mistake.

The constantTimeAreEqual() return false, because pfxmdata was not equals mData.

Can we Just compare diginfo ? or change code in JcePKCS12MacCalculatorBuilderProvider ?

return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);

Thanks,

Gsealy