Update module software.sslmate.com/src/go-pkcs12 to v0.4.0

2024-06-04 20:15:24 +00:00
parent 7f03dbbc14
commit 0cab6ed1c7
9 changed files with 510 additions and 154 deletions
--- a/vendor/software.sslmate.com/src/go-pkcs12/mac.go
+++ b/vendor/software.sslmate.com/src/go-pkcs12/mac.go
@@ -31,7 +31,7 @@ var (
 	oidSHA256 = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 2, 1})
 )

-func verifyMac(macData *macData, message, password []byte) error {
+func doMac(macData *macData, message, password []byte) ([]byte, error) {
 	var hFn func() hash.Hash
 	var key []byte
 	switch {
@@ -42,13 +42,19 @@ func verifyMac(macData *macData, message, password []byte) error {
 		hFn = sha256.New
 		key = pbkdf(sha256Sum, 32, 64, macData.MacSalt, password, macData.Iterations, 3, 32)
 	default:
-		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
+		return nil, NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
 	}

 	mac := hmac.New(hFn, key)
 	mac.Write(message)
-	expectedMAC := mac.Sum(nil)
+	return mac.Sum(nil), nil
+}

+func verifyMac(macData *macData, message, password []byte) error {
+	expectedMAC, err := doMac(macData, message, password)
+	if err != nil {
+		return err
+	}
 	if !hmac.Equal(macData.Mac.Digest, expectedMAC) {
 		return ErrIncorrectPassword
 	}
@@ -56,15 +62,10 @@ func verifyMac(macData *macData, message, password []byte) error {
 }

 func computeMac(macData *macData, message, password []byte) error {
-	if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) {
-		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
+	digest, err := doMac(macData, message, password)
+	if err != nil {
+		return err
 	}
-
-	key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20)
-
-	mac := hmac.New(sha1.New, key)
-	mac.Write(message)
-	macData.Mac.Digest = mac.Sum(nil)
-
+	macData.Mac.Digest = digest
 	return nil
 }