- changed status to open
Truncation issue in SecretKeyDerivation
Issue #412
resolved
It seems to me that the SecretKeyDerivation#deriveSecretKey
method is incorrectly truncating a 128 or 192-bit SHA-256 hash. That is, it is ‘right-truncating’ it, and not ‘left-truncating’ it.
The spec has been updated to make this clearer (which I admit confused me entirely the first time): https://openid.net/specs/openid-connect-core-1_0-25.html#Encryption
Comments (4)
-
-
Found the spec change re secret key derivation:
https://bitbucket.org/openid/connect/commits/15668505dbe66b290c7e84ecc2e7bff70d942012
And the original ticket:
https://bitbucket.org/openid/connect/issues/1005/clarify-left-truncated-sha-2-hash-in
-
- changed status to resolved
Fixed: c96b8d9f
-
reporter Thanks!
- Log in to comment
Ouch. Thanks for reporting this. We'll check what's going on. This AES key derivation code had been around for almost 10 years now and is based on the very first OIDC drafts.