plivox/mod_session_crypto.go

## mod_session_crypto.go
package main

import (
	"crypto/sha1"
	"encoding/base64"
	"fmt"
	"log"

	"github.com/spacemonkeygo/openssl"
	"golang.org/x/crypto/pbkdf2"
)

const (
	// hardcoded in mod_session_crypto.c
	iter = 4096

	// for SipHash-2-4
	macLen = 8

	// 32 bytes for AES
	keyLen = 32

	// 16 bytes for AES
	blockSize = 16

	// sizeof apr_uuid_t=unsigned char data[16] (in apr_uuid.h)
	saltLen = 16
)

func decrypt(secret, input string) (decrypted string, err error) {
	data, err := base64.StdEncoding.DecodeString(input)
	if err != nil {
		return
	}

	var (
		// mac      = binary.LittleEndian.Uint64(data) // for verify password ??
		saltIvCt = data[macLen:]
		salt     = saltIvCt[:saltLen]
		iv       = saltIvCt[blockSize:keyLen]
		ct       = saltIvCt[keyLen:]
	)

	cipher, err := openssl.GetCipherByName("aes-256-cbc")
	if err != nil {
		return
	}

	key := pbkdf2.Key([]byte(secret), salt, iter, keyLen, sha1.New)

	ctx, err := openssl.NewDecryptionCipherCtx(cipher, nil, key, iv)
	if err != nil {
		return
	}

	cipherbytes, err := ctx.DecryptUpdate(ct)
	if err != nil {
		return
	}

	finalbytes, err := ctx.DecryptFinal()
	if err != nil {
		return
	}

	cipherbytes = append(cipherbytes, finalbytes...)
	decrypted = string(cipherbytes)
	return
}

func main() {
	cookie := "Fb49quJppaGLG+WaLSNB35DeT9QIYV793gig5aiW1Nz0uEhZIvMspdtmPYTprMjEa7pCNtM/XHNW0qHN8k80l6luQk3P8KOY"
	secret := "secret"

	decrypted, err := decrypt(secret, cookie)
	if err != nil {
		log.Fatal(err)
		return
	}
	fmt.Println(decrypted)
}
	package main

	import (
	"crypto/sha1"
	"encoding/base64"
	"fmt"
	"log"

	"github.com/spacemonkeygo/openssl"
	"golang.org/x/crypto/pbkdf2"
	)

	const (
	// hardcoded in mod_session_crypto.c
	iter = 4096

	// for SipHash-2-4
	macLen = 8

	// 32 bytes for AES
	keyLen = 32

	// 16 bytes for AES
	blockSize = 16

	// sizeof apr_uuid_t=unsigned char data[16] (in apr_uuid.h)
	saltLen = 16
	)

	func decrypt(secret, input string) (decrypted string, err error) {
	data, err := base64.StdEncoding.DecodeString(input)
	if err != nil {
	return
	}

	var (
	// mac = binary.LittleEndian.Uint64(data) // for verify password ??
	saltIvCt = data[macLen:]
	salt = saltIvCt[:saltLen]
	iv = saltIvCt[blockSize:keyLen]
	ct = saltIvCt[keyLen:]
	)

	cipher, err := openssl.GetCipherByName("aes-256-cbc")
	if err != nil {
	return
	}

	key := pbkdf2.Key([]byte(secret), salt, iter, keyLen, sha1.New)

	ctx, err := openssl.NewDecryptionCipherCtx(cipher, nil, key, iv)
	if err != nil {
	return
	}

	cipherbytes, err := ctx.DecryptUpdate(ct)
	if err != nil {
	return
	}

	finalbytes, err := ctx.DecryptFinal()
	if err != nil {
	return
	}

	cipherbytes = append(cipherbytes, finalbytes...)
	decrypted = string(cipherbytes)
	return
	}

	func main() {
	cookie := "Fb49quJppaGLG+WaLSNB35DeT9QIYV793gig5aiW1Nz0uEhZIvMspdtmPYTprMjEa7pCNtM/XHNW0qHN8k80l6luQk3P8KOY"
	secret := "secret"

	decrypted, err := decrypt(secret, cookie)
	if err != nil {
	log.Fatal(err)
	return
	}
	fmt.Println(decrypted)
	}