// GetKeyRSA returns the RSA private key of the record given the correct password.
func (pr PasswordRecord) GetKeyRSA(password string) (key rsa.PrivateKey, err error) {
if pr.Type != RSARecord {
return key, errors.New("Invalid function for record type")
}
err = pr.ValidatePassword(password)
if err != nil {
return
}
passKey, err := derivePasswordKey(password, pr.KeySalt)
if err != nil {
return
}
rsaExponentPadded, err := symcrypt.DecryptCBC(pr.RSAKey.RSAExp, pr.RSAKey.RSAExpIV, passKey)
if err != nil {
return
}
rsaExponent, err := padding.RemovePadding(rsaExponentPadded)
if err != nil {
return
}
rsaPrimePPadded, err := symcrypt.DecryptCBC(pr.RSAKey.RSAPrimeP, pr.RSAKey.RSAPrimePIV, passKey)
if err != nil {
return
}
rsaPrimeP, err := padding.RemovePadding(rsaPrimePPadded)
if err != nil {
return
}
rsaPrimeQPadded, err := symcrypt.DecryptCBC(pr.RSAKey.RSAPrimeQ, pr.RSAKey.RSAPrimeQIV, passKey)
if err != nil {
return
}
rsaPrimeQ, err := padding.RemovePadding(rsaPrimeQPadded)
if err != nil {
return
}
key.PublicKey = pr.RSAKey.RSAPublic
key.D = big.NewInt(0).SetBytes(rsaExponent)
key.Primes = []*big.Int{big.NewInt(0), big.NewInt(0)}
key.Primes[0].SetBytes(rsaPrimeP)
key.Primes[1].SetBytes(rsaPrimeQ)
err = key.Validate()
if err != nil {
return
}
return
}
// GetKeyECC returns the ECDSA private key of the record given the correct password.
func (pr PasswordRecord) GetKeyECC(password string) (key *ecdsa.PrivateKey, err error) {
if pr.Type != ECCRecord {
return key, errors.New("Invalid function for record type")
}
if err = pr.ValidatePassword(password); err != nil {
return
}
passKey, err := derivePasswordKey(password, pr.KeySalt)
if err != nil {
return
}
x509Padded, err := symcrypt.DecryptCBC(pr.ECKey.ECPriv, pr.ECKey.ECPrivIV, passKey)
if err != nil {
return
}
ecX509, err := padding.RemovePadding(x509Padded)
if err != nil {
return
}
return x509.ParseECPrivateKey(ecX509)
}
// Decrypt authentications and recovers the original message from
// its input using the private key and the ephemeral key included in
// the message.
func Decrypt(priv *ecdsa.PrivateKey, in []byte) (out []byte, err error) {
ephLen := int(in[0])
ephPub := in[1 : 1+ephLen]
ct := in[1+ephLen:]
if len(ct) < (sha1.Size + aes.BlockSize) {
return nil, errors.New("Invalid ciphertext")
}
x, y := elliptic.Unmarshal(Curve(), ephPub)
if x == nil {
return nil, errors.New("Invalid public key")
}
x, _ = priv.Curve.ScalarMult(x, y, priv.D.Bytes())
if x == nil {
return nil, errors.New("Failed to generate encryption key")
}
shared := sha256.Sum256(x.Bytes())
tagStart := len(ct) - sha1.Size
h := hmac.New(sha1.New, shared[16:])
h.Write(ct[:tagStart])
mac := h.Sum(nil)
if !hmac.Equal(mac, ct[tagStart:]) {
return nil, errors.New("Invalid MAC")
}
paddedOut, err := symcrypt.DecryptCBC(ct[aes.BlockSize:tagStart], ct[:aes.BlockSize], shared[:16])
if err != nil {
return
}
out, err = padding.RemovePadding(paddedOut)
return
}
