RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Reported (1)

RFC 9579, "Use of Password-Based Message Authentication Code 1 (PBMAC1) in PKCS #12 Syntax", May 2024

Source of RFC: lamps (sec)

Errata ID: 7974
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML

Reported By: Hubert Kario
Date Reported: 2024-06-07

Section 6 says:

   As documented in Appendix B.1 of [RFC7292], the handling of password
   encoding in the underlying standards is underspecified.  However,
   just as with PBES1 and PBES2 when used in the context of PKCS #12
   objects, all passwords used with PBMAC1 MUST be created from
   BMPStrings with a NULL terminator.

It should say:

   As documented in Appendix B.1 of [RFC7292], the handling of password
   encoding in the underlying standards is underspecified.  However,
   unlike with PBES1 and PBES2 when used in the context of PKCS #12
   objects, all passwords used with PBMAC1 MUST be created from
   UTF-8 encoding without a NULL terminator or Byte Order Mark (BOM).

Notes:

Turns out that in the implementation we used for creating the test vectors, the conversion between the user-provided password and the BMPStrings used for encryption happened in a different place in the call stack than we expected, and the way we generated them, the passwords stayed in UTF-8 format instead of being converted to big-endian UTF-16.

Given that we already have the UTF-8 code implemented in GnuTLS (https://gitlab.com/gnutls/gnutls/-/merge_requests/1833), NSS (https://phabricator.services.mozilla.com/D201833), and that the test-vectors are self-consistent otherwise, I think it will be easier to just redefine how the passwords are passed in to the KDF in the PBMAC1 than to change all the implementations and test vectors.

Thanks space88man on github for noticing this: https://github.com/openssl/openssl/issues/24546#issuecomment-2154729339

Report New Errata



Advanced Search