func decryptRoomKey(clientKey *security.ManagedKey, capability security.Capability) ( *security.ManagedKey, error) { if clientKey.Encrypted() { return nil, security.ErrKeyMustBeDecrypted } iv, err := base64.URLEncoding.DecodeString(capability.CapabilityID()) if err != nil { return nil, err } roomKeyJSON := capability.EncryptedPayload() if err := clientKey.BlockCrypt(iv, clientKey.Plaintext, roomKeyJSON, false); err != nil { return nil, err } roomKey := &security.ManagedKey{ KeyType: security.AES128, } if err := json.Unmarshal(clientKey.Unpad(roomKeyJSON), &roomKey.Plaintext); err != nil { return nil, err } return roomKey, nil }