| // Copyright 2015 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package pkcs12 |
| |
| import ( |
| "crypto/hmac" |
| "crypto/sha1" |
| "crypto/x509/pkix" |
| "encoding/asn1" |
| ) |
| |
| type macData struct { |
| Mac digestInfo |
| MacSalt []byte |
| Iterations int `asn1:"optional,default:1"` |
| } |
| |
| // from PKCS#7: |
| type digestInfo struct { |
| Algorithm pkix.AlgorithmIdentifier |
| Digest []byte |
| } |
| |
| var ( |
| oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26}) |
| ) |
| |
| func verifyMac(macData *macData, message, password []byte) error { |
| if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) { |
| return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String()) |
| } |
| |
| key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20) |
| |
| mac := hmac.New(sha1.New, key) |
| mac.Write(message) |
| expectedMAC := mac.Sum(nil) |
| |
| if !hmac.Equal(macData.Mac.Digest, expectedMAC) { |
| return ErrIncorrectPassword |
| } |
| return nil |
| } |
