pub fn decrypt_items(self, secret: &Secret) -> Result<Vec<UnlockedItem>, Error> {

            &**secret,

            self.key_strength(secret),

            self.iteration_count.try_into().unwrap(),

        let decrypted = crypto::decrypt_no_padding(&self.encrypted_content, &key, iv)?;

        let (digest, content) = decrypted.split_at(16);

        if !crypto::verify_checksum_md5(digest, content) {

            return Err(Error::ChecksumMismatch);

        self.read_items(content)

    fn read_attributes<'a>(

        let mut result = HashMap::new();

        for _ in 0..count {

            let name = Self::read_string(cursor)?.ok_or_else(|| {

            let value = match cursor.read_u32(Endian::Big)? {

                0 => Self::read_string(cursor)?

                    .ok_or_else(|| {

            result.insert(name, value);

        Ok(result)

    fn read_items(self, decrypted: &[u8]) -> Result<Vec<UnlockedItem>, Error> {

        let mut cursor = Cursor::new(decrypted);

        let mut items = Vec::with_capacity(self.item_count);

        for _ in 0..self.item_count {

            let display_name = Self::read_string(&mut cursor)?

                .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidInput, "empty item label"))?;

            let secret = Self::read_byte_array(&mut cursor)?

                .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidInput, "empty item secret"))?;

            let _created_time = Self::read_time(&mut cursor)?;

            let _modified_time = Self::read_time(&mut cursor)?;

            let _reserved = Self::read_string(&mut cursor)?;

            for _ in 0..4 {

                let _ = cursor.read_u32(Endian::Big)?;

            let attribute_count = cursor.read_u32(Endian::Big)? as usize;

            let attributes = Self::read_attributes(&mut cursor, attribute_count)?;

            items.push(UnlockedItem::new(display_name, &attributes, secret));

            let acl_count = cursor.read_u32(Endian::Big)? as usize;

            Self::skip_acls(&mut cursor, acl_count)?;

        Ok(items)

    fn key_strength(&self, _secret: &[u8]) -> Result<(), WeakKeyError> {

        Ok(())

    fn read_byte_array<'a>(cursor: &mut Cursor<&'a [u8]>) -> Result<Option<&'a [u8]>, Error> {

        let len = cursor.read_u32(Endian::Big)? as usize;

        if len == 0xffffffff {

            Ok(None)

        } else if len >= 0x7fffffff {

        } else if len > cursor.get_ref().len() {

            let pos = cursor.position() as usize;

            let bytes = &cursor.get_ref()[pos..pos + len];

            cursor.set_position((pos + len) as u64);

            Ok(Some(bytes))

    fn read_string<'a>(cursor: &mut Cursor<&'a [u8]>) -> Result<Option<&'a str>, Error> {

        match Self::read_byte_array(cursor) {

            Ok(Some(bytes)) => Ok(Some(std::str::from_utf8(bytes)?)),

            Ok(None) => Ok(None),

    fn read_time(cursor: &mut Cursor<&[u8]>) -> Result<u64, Error> {

        let hi = cursor.read_u32(Endian::Big)? as u64;

        let lo = cursor.read_u32(Endian::Big)? as u64;

        Ok((hi << 32) | lo)

    fn skip_hashed_items(cursor: &mut Cursor<&[u8]>, count: usize) -> Result<(), Error> {

        for _ in 0..count {

            let _id = cursor.read_u32(Endian::Big)?;

            let _type = cursor.read_u32(Endian::Big)?;

            let num_attributes = cursor.read_u32(Endian::Big)?;

            for _ in 0..num_attributes {

                let _name = Self::read_string(cursor)?;

                match cursor.read_u32(Endian::Big)? {

                        let _value = Self::read_string(cursor);

        Ok(())

    fn skip_acls(cursor: &mut Cursor<&[u8]>, count: usize) -> Result<(), Error> {

        for _ in 0..count {

        Ok(())

    fn parse(data: &[u8]) -> Result<Self, Error> {

        let mut cursor = Cursor::new(data);

        let crypto = cursor.read_u8(Endian::Big)?;

        if crypto != 0 {

        let hash = cursor.read_u8(Endian::Big)?;

        if hash != 0 {

        let _display_name = Self::read_string(&mut cursor)?;

        let _created_time = Self::read_time(&mut cursor)?;

        let _modified_time = Self::read_time(&mut cursor)?;

        let _flags = cursor.read_u32(Endian::Big)?;

        let _lock_timeout = cursor.read_u32(Endian::Big)?;

        let iteration_count = cursor.read_u32(Endian::Big)?;

        let mut salt = vec![0; 8];

        cursor.read_exact(salt.as_mut_slice())?;

        for _ in 0..4 {

            let _ = cursor.read_u32(Endian::Big)?;

        let item_count = cursor.read_u32(Endian::Big)? as usize;

        Self::skip_hashed_items(&mut cursor, item_count)?;

        let mut size = cursor.read_u32(Endian::Big)? as usize;

        let pos = cursor.position() as usize;

        if size > cursor.get_ref()[pos..].len() {

        if !size.is_multiple_of(16) {

        let encrypted_content = Vec::from(&cursor.get_ref()[pos..pos + size]);

        Ok(Self {

            salt,

    fn try_from(value: &[u8]) -> Result<Self, Error> {

        let header = value.get(..FILE_HEADER.len());

        if header != Some(FILE_HEADER) {

        let version = value.get(FILE_HEADER_LEN..(FILE_HEADER_LEN + 2));

        if version != Some(&[MAJOR_VERSION, MINOR_VERSION]) {

        if let Some(data) = value.get((FILE_HEADER_LEN + 2)..) {

            Self::parse(data)