github.phpd.cn/hashicorp/packer@v1.3.2/builder/azure/pkcs12/mac.go

github.phpd.cn/hashicorp/packer@v1.3.2/builder/azure/pkcs12/mac.go (about)

     1  // Copyright 2015 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package pkcs12
     6  
     7  import (
     8  	"crypto/hmac"
     9  	"crypto/sha1"
    10  	"crypto/x509/pkix"
    11  	"encoding/asn1"
    12  )
    13  
    14  type macData struct {
    15  	Mac        digestInfo
    16  	MacSalt    []byte
    17  	Iterations int `asn1:"optional,default:1"`
    18  }
    19  
    20  // from PKCS#7:
    21  type digestInfo struct {
    22  	Algorithm pkix.AlgorithmIdentifier
    23  	Digest    []byte
    24  }
    25  
    26  var (
    27  	oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26})
    28  )
    29  
    30  func verifyMac(macData *macData, message, password []byte) error {
    31  	if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) {
    32  		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
    33  	}
    34  
    35  	expectedMAC := computeMac(message, macData.Iterations, macData.MacSalt, password)
    36  
    37  	if !hmac.Equal(macData.Mac.Digest, expectedMAC) {
    38  		return ErrIncorrectPassword
    39  	}
    40  	return nil
    41  }
    42  
    43  func computeMac(message []byte, iterations int, salt, password []byte) []byte {
    44  	key := pbkdf(sha1Sum, 20, 64, salt, password, iterations, 3, 20)
    45  
    46  	mac := hmac.New(sha1.New, key)
    47  	mac.Write(message)
    48  
    49  	return mac.Sum(nil)
    50  }