x/crypto/pkcs12: Add computeMac function

mac.go

@@ -43,3 +43,17 @@ func verifyMac(macData *macData, message, password []byte) error {
 	}
 	return nil
 }
+
+func computeMac(macData *macData, message, password []byte) error {
+	if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) {
+		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
+	}
+
+	key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20)
+
+	mac := hmac.New(sha1.New, key)
+	mac.Write(message)
+	macData.Mac.Digest = mac.Sum(nil)
+
+	return nil
+}

mac_test.go

@@ -5,6 +5,7 @@
 package pkcs12
 
 import (
+	"bytes"
 	"encoding/asn1"
 	"testing"
 )
@@ -40,3 +41,32 @@ func TestVerifyMac(t *testing.T) {
 	}
 
 }
+
+func TestComputeMac(t *testing.T) {
+	td := macData{
+		MacSalt:    []byte{1, 2, 3, 4, 5, 6, 7, 8},
+		Iterations: 2048,
+	}
+
+	message := []byte{11, 12, 13, 14, 15}
+	password, _ := bmpString("Sesame open")
+
+	td.Mac.Algorithm.Algorithm = asn1.ObjectIdentifier([]int{1, 2, 3})
+	err := computeMac(&td, message, password)
+	if _, ok := err.(NotImplementedError); !ok {
+		t.Errorf("err: %v", err)
+	}
+
+	td.Mac.Algorithm.Algorithm = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26})
+	err = computeMac(&td, message, password)
+	if err != nil {
+		t.Errorf("err: %v", err)
+	}
+
+	expectedDigest := []byte{0x18, 0x20, 0x3d, 0xff, 0x1e, 0x16, 0xf4, 0x92, 0xf2, 0xaf, 0xc8, 0x91, 0xa9, 0xba, 0xd6, 0xca, 0x9d, 0xee, 0x51, 0x93}
+
+	if bytes.Compare(td.Mac.Digest, expectedDigest) != 0 {
+		t.Errorf("Computed incorrect MAC; expected MAC to be '%d' but got '%d'", expectedDigest, td.Mac.Digest)
+	}
+
+}