github.com/hxx258456/ccgo@v0.0.5-0.20230213014102-48b35f46f66f/xcrypto/pkcs12/mac.go

github.com/hxx258456/ccgo@v0.0.5-0.20230213014102-48b35f46f66f/xcrypto/pkcs12/mac.go (about)

     1  // Copyright 2015 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package pkcs12
     6  
     7  import (
     8  	"crypto/hmac"
     9  	"crypto/sha1"
    10  	"crypto/x509/pkix"
    11  	"encoding/asn1"
    12  )
    13  
    14  type macData struct {
    15  	Mac        digestInfo
    16  	MacSalt    []byte
    17  	Iterations int `asn1:"optional,default:1"`
    18  }
    19  
    20  // from PKCS#7:
    21  type digestInfo struct {
    22  	Algorithm pkix.AlgorithmIdentifier
    23  	Digest    []byte
    24  }
    25  
    26  var (
    27  	oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26})
    28  )
    29  
    30  func verifyMac(macData *macData, message, password []byte) error {
    31  	if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) {
    32  		return NotImplementedError("unsupport digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
    33  	}
    34  
    35  	key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20)
    36  
    37  	mac := hmac.New(sha1.New, key)
    38  	mac.Write(message)
    39  	expectedMAC := mac.Sum(nil)
    40  
    41  	if !hmac.Equal(macData.Mac.Digest, expectedMAC) {
    42  		return ErrIncorrectPassword
    43  	}
    44  	return nil
    45  }