1// Copyright 2015 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package pkcs12 6 7import ( 8 "crypto/hmac" 9 "crypto/sha1" 10 "crypto/x509/pkix" 11 "encoding/asn1" 12) 13 14type macData struct { 15 Mac digestInfo 16 MacSalt []byte 17 Iterations int `asn1:"optional,default:1"` 18} 19 20// from PKCS#7: 21type digestInfo struct { 22 Algorithm pkix.AlgorithmIdentifier 23 Digest []byte 24} 25 26var ( 27 oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26}) 28) 29 30func verifyMac(macData *macData, message, password []byte) error { 31 if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) { 32 return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String()) 33 } 34 35 key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20) 36 37 mac := hmac.New(sha1.New, key) 38 mac.Write(message) 39 expectedMAC := mac.Sum(nil) 40 41 if !hmac.Equal(macData.Mac.Digest, expectedMAC) { 42 return ErrIncorrectPassword 43 } 44 return nil 45} 46