// PBAesDecryptPtr: AES-based password-based decryption // Changes the slice supplied itself func (p *pbe) PBAesDecryptPtr(block *[]byte, password string) error { // extract constants saltlen := p.pbkdf2_salt_length keylen := p.aes_key_length blocklen := AES_BLOCK_LENGTH // define indexes salt_idx := len(*block) - saltlen iv_idx := salt_idx - blocklen // extract salt & IV salt := (*block)[salt_idx:] iv := (*block)[iv_idx:salt_idx] // restore key key := PBKDF2Key(password, salt, keylen) // remove salt & IV *block = (*block)[:iv_idx] // decrypt err := aes_dec_block(*block, iv, key) if err != nil { return err } // remove padding *block, err = pad.PKCS7Unpad(*block) return err }
// This method is specific to the bindings func (s *Secret) GetValue(session Session) ([]byte, error) { switch session.Algorithm { case AlgoPlain: return s.Value, nil case AlgoDH: paddedPlaintext := make([]byte, len(s.Value)) block, err := aes.NewCipher(session.Key) if err != nil { return []byte{}, err } dec := cipher.NewCBCDecrypter(block, s.Parameters) dec.CryptBlocks(paddedPlaintext, s.Value) return pad.PKCS7Unpad(paddedPlaintext) default: return []byte{}, InvalidSession } }