The ASN.1 definition of PBKDF2 params omits the optional KeyLength field; if the encoding actually contains the (redundant) KeyLength (redundant because the derived length can be determined from the symmetric algorithm) the Unmarshal step will be wrong.
Current definition:
// kdf_pbkdf2.go
type pbkdf2Params struct {
Salt []byte
IterationCount int
PRF pkix.AlgorithmIdentifier `asn1:"optional"`
}
Should be:
type pbkdf2Params struct {
Salt []byte
IterationCount int
KeyLength int `asn1:"optional"`
PRF pkix.AlgorithmIdentifier `asn1:"optional"`
}
See the correct definition as used by go-pkcs12:
https://github.com/SSLMate/go-pkcs12/blob/fa70679f0f1622a2705336a97225ee8d6c555f96/crypto.go#L200
type pbkdf2Params struct {
Salt asn1.RawValue
Iterations int
KeyLength int `asn1:"optional"`
Prf pkix.AlgorithmIdentifier `asn1:"optional"`
}
The ASN.1 definition of PBKDF2 params omits the optional
KeyLengthfield; if the encoding actually contains the (redundant)KeyLength(redundant because the derived length can be determined from the symmetric algorithm) theUnmarshalstep will be wrong.Current definition:
Should be:
See the correct definition as used by go-pkcs12:
https://github.com/SSLMate/go-pkcs12/blob/fa70679f0f1622a2705336a97225ee8d6c555f96/crypto.go#L200