github.com/mitchellh/packer@v1.3.2/builder/azure/pkcs12/mac.go (about) 1 // Copyright 2015 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package pkcs12 6 7 import ( 8 "crypto/hmac" 9 "crypto/sha1" 10 "crypto/x509/pkix" 11 "encoding/asn1" 12 ) 13 14 type macData struct { 15 Mac digestInfo 16 MacSalt []byte 17 Iterations int `asn1:"optional,default:1"` 18 } 19 20 // from PKCS#7: 21 type digestInfo struct { 22 Algorithm pkix.AlgorithmIdentifier 23 Digest []byte 24 } 25 26 var ( 27 oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26}) 28 ) 29 30 func verifyMac(macData *macData, message, password []byte) error { 31 if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) { 32 return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String()) 33 } 34 35 expectedMAC := computeMac(message, macData.Iterations, macData.MacSalt, password) 36 37 if !hmac.Equal(macData.Mac.Digest, expectedMAC) { 38 return ErrIncorrectPassword 39 } 40 return nil 41 } 42 43 func computeMac(message []byte, iterations int, salt, password []byte) []byte { 44 key := pbkdf(sha1Sum, 20, 64, salt, password, iterations, 3, 20) 45 46 mac := hmac.New(sha1.New, key) 47 mac.Write(message) 48 49 return mac.Sum(nil) 50 }