[Defect]: Variant pattern for PBES2 must have {prfFunction} instead of {kdf}

[meghsaha-ibm]

Describe the defect

As per RFC8018 PBES2 combines a password-based key derivation function, which shall be PBKDF2 for this version of PKCS #5, with an underlying encryption scheme. Therefore, the variable {prfFunction} which is one of the parameters for the underlying PBKDF2 must be an element of the variant pattern instead of {kdf}.

Refer https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html#cipher-algorithms for example of PBES2 usage.

Additional context

The issue is data-quality / naming defect in the Cryptography Registry and can be fixed without changing schema behavior or introducing new algorithms.