// uses empty salt & empty IV
static byte[] aesDecrypt(byte[] data, S password) ctex {
  SecretKey secret = crypto_makeAESKey(password, crypto_emptySalt());
  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  cipher.init(Cipher.DECRYPT_MODE, secret, crypto_emptyIV());
  ret crypto_cipherBytes(cipher, data);
}