func unwrapPbes2Pbkdf2()

in sec/pkcs.go [134:156]

• 19 lines of code
• 4 McCabe index (conditional complexity)

func unwrapPbes2Pbkdf2(param *pbkdf2Param, size int, iv []byte, hashNew hashFunc, encrypted []byte) (key interface{}, err error) {
	pass, err := getPassword()
	if err != nil {
		return nil, err
	}
	cryptoKey := pbkdf2.Key(pass, param.Salt, param.IterCount, size, hashNew)

	block, err := aes.NewCipher(cryptoKey)
	if err != nil {
		return nil, err
	}
	enc := cipher.NewCBCDecrypter(block, iv)

	plain := make([]byte, len(encrypted))
	enc.CryptBlocks(plain, encrypted)

	plain, err = checkPkcs7Padding(plain)
	if err != nil {
		return nil, err
	}

	return x509.ParsePKCS8PrivateKey(plain)
}