File: mac.go

package info (click to toggle)
golang-github-azure-go-pkcs12 0.0~git20150623.0.a635c06-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster
  • size: 144 kB
  • sloc: makefile: 2
file content (53 lines) | stat: -rw-r--r-- 1,108 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
package pkcs12

import (
	"crypto/hmac"
	"crypto/sha1"
	"crypto/x509/pkix"
	"encoding/asn1"
	"hash"
)

type macData struct {
	Mac        digestInfo
	MacSalt    []byte
	Iterations int `asn1:"optional,default:1"`
}

// from PKCS#7:
type digestInfo struct {
	Algorithm pkix.AlgorithmIdentifier
	Digest    []byte
}

const (
	sha1Algorithm = "SHA-1"
)

var (
	oidSha1Algorithm = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	hashNameByID     = map[string]string{
		oidSha1Algorithm.String(): sha1Algorithm,
	}
	hashByName = map[string]func() hash.Hash{
		sha1Algorithm: sha1.New,
	}
)

func verifyMac(macData *macData, message, password []byte) error {
	name, ok := hashNameByID[macData.Mac.Algorithm.Algorithm.String()]
	if !ok {
		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
	}
	k := deriveMacKeyByAlg[name](macData.MacSalt, password, macData.Iterations)
	password = nil

	mac := hmac.New(hashByName[name], k)
	mac.Write(message)
	expectedMAC := mac.Sum(nil)

	if !hmac.Equal(macData.Mac.Digest, expectedMAC) {
		return ErrIncorrectPassword
	}
	return nil
}