// PBAesDecryptPtr: AES-based password-based decryption
// Changes the slice supplied itself
func (p *pbe) PBAesDecryptPtr(block *[]byte, password string) error {
// extract constants
saltlen := p.pbkdf2_salt_length
keylen := p.aes_key_length
blocklen := AES_BLOCK_LENGTH
// define indexes
salt_idx := len(*block) - saltlen
iv_idx := salt_idx - blocklen
// extract salt & IV
salt := (*block)[salt_idx:]
iv := (*block)[iv_idx:salt_idx]
// restore key
key := PBKDF2Key(password, salt, keylen)
// remove salt & IV
*block = (*block)[:iv_idx]
// decrypt
err := aes_dec_block(*block, iv, key)
if err != nil {
return err
}
// remove padding
*block, err = pad.PKCS7Unpad(*block)
return err
}
// This method is specific to the bindings
func (s *Secret) GetValue(session Session) ([]byte, error) {
switch session.Algorithm {
case AlgoPlain:
return s.Value, nil
case AlgoDH:
paddedPlaintext := make([]byte, len(s.Value))
block, err := aes.NewCipher(session.Key)
if err != nil {
return []byte{}, err
}
dec := cipher.NewCBCDecrypter(block, s.Parameters)
dec.CryptBlocks(paddedPlaintext, s.Value)
return pad.PKCS7Unpad(paddedPlaintext)
default:
return []byte{}, InvalidSession
}
}
