diff options
Diffstat (limited to 'vendor/github.com/mitchellh/packer/builder/azure/pkcs12/mac.go')
-rw-r--r-- | vendor/github.com/mitchellh/packer/builder/azure/pkcs12/mac.go | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/vendor/github.com/mitchellh/packer/builder/azure/pkcs12/mac.go b/vendor/github.com/mitchellh/packer/builder/azure/pkcs12/mac.go index c7e42811..76ad0cdc 100644 --- a/vendor/github.com/mitchellh/packer/builder/azure/pkcs12/mac.go +++ b/vendor/github.com/mitchellh/packer/builder/azure/pkcs12/mac.go @@ -1,3 +1,7 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + package pkcs12 import ( @@ -7,10 +11,6 @@ import ( "encoding/asn1" ) -var ( - oidSha1Algorithm = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26} -) - type macData struct { Mac digestInfo MacSalt []byte @@ -23,6 +23,23 @@ type digestInfo struct { Digest []byte } +var ( + oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26}) +) + +func verifyMac(macData *macData, message, password []byte) error { + if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) { + return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String()) + } + + expectedMAC := computeMac(message, macData.Iterations, macData.MacSalt, password) + + if !hmac.Equal(macData.Mac.Digest, expectedMAC) { + return ErrIncorrectPassword + } + return nil +} + func computeMac(message []byte, iterations int, salt, password []byte) []byte { key := pbkdf(sha1Sum, 20, 64, salt, password, iterations, 3, 20) |