github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/composite/ecdh/subtle/ecdh_aes_aead_composite_decrypt.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package subtle 8 9 import ( 10 "encoding/json" 11 "fmt" 12 13 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite" 14 ) 15 16 // package subtle provides the core crypto primitives to be used by ECDH composite primitives. It is intended for 17 // internal use only. 18 19 // ECDHAEADCompositeDecrypt is an instance of AES-GCM decryption in the context of ECDH/concat kdf WK of CEK 20 // and AEAD content decryption. 21 type ECDHAEADCompositeDecrypt struct { 22 encHelper composite.EncrypterHelper 23 cek []byte 24 } 25 26 // NewECDHAEADCompositeDecrypt returns ECDH composite decryption construct with Concat KDF/ECDH-ES key unwrapping 27 // and AEAD payload decryption. 28 func NewECDHAEADCompositeDecrypt(encHelper composite.EncrypterHelper, cek []byte) *ECDHAEADCompositeDecrypt { 29 return &ECDHAEADCompositeDecrypt{ 30 encHelper: encHelper, 31 cek: cek, 32 } 33 } 34 35 // Decrypt using composite ECDH-ES with a Concat KDF key unwrap and AEAD content decryption. 36 func (d *ECDHAEADCompositeDecrypt) Decrypt(ciphertext, aad []byte) ([]byte, error) { 37 encData := new(composite.EncryptedData) 38 39 err := json.Unmarshal(ciphertext, encData) 40 if err != nil { 41 return nil, err 42 } 43 44 if d.cek == nil { 45 return nil, fmt.Errorf("ecdh decrypt: missing cek") 46 } 47 48 aead, err := d.encHelper.GetAEAD(d.cek) 49 if err != nil { 50 return nil, err 51 } 52 53 finalCT := d.encHelper.BuildDecData(encData) 54 55 return aead.Decrypt(finalCT, aad) 56 }