func TestGenerateKeys(t *testing.T) {
var err error
if testSender, err = dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
if testReceiver, err = dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
testSenderKEK = testSender.InitializeKEK(rand.Reader,
&testReceiver.PublicKey, dhkam.KEKAES128CBCHMACSHA256, nil, sha256.New())
if testSenderKEK == nil {
fmt.Println(ErrInvalidKEKParams.Error())
t.FailNow()
}
testReceiverKEK = testReceiver.InitializeKEK(rand.Reader,
&testSender.PublicKey, dhkam.KEKAES128CBCHMACSHA256, nil, sha256.New())
if testReceiverKEK == nil {
fmt.Println(ErrInvalidKEKParams.Error())
t.FailNow()
}
if testmsg, err = ioutil.ReadFile("README"); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
}
// Encrypt takes a message and encrypts it to the session's peer.
func (skey *SessionKey) Encrypt(message []byte) ([]byte, error) {
dhEphem, err := dhkam.GenerateKey(PRNG)
if err != nil {
return nil, err
}
shared, err := dhEphem.SharedKey(PRNG, skey.peer, sharedKeyLen)
if err != nil {
return nil, err
}
var ephem struct {
Pub []byte
CT []byte
}
symkey := shared[:authsym.SymKeyLen]
mackey := shared[authsym.SymKeyLen:]
ephem.CT, err = authsym.Encrypt(symkey, mackey, message)
if err != nil {
return nil, err
}
ephem.Pub = dhEphem.Export()
return asn1.Marshal(ephem)
}
func BenchmarkKeyGeneration(b *testing.B) {
for i := 0; i < b.N; i++ {
if _, err := dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
b.FailNow()
}
}
}
func TestGenerateKeys(t *testing.T) {
var err error
if testSender, err = dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
if testReceiver, err = dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
if testmsg, err = ioutil.ReadFile("README"); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
}
// NewSessionKey builds a new session and returns it. Once this is
// returned, the Public() value should be sent to the peer, and
// once that Public() value is received, the peer should call
// PeerSessionKey before attempting to use the session key for
// encryption.
func (id *IdentityKey) NewSessionKey() *SessionKey {
skey := new(SessionKey)
var err error
skey.key, err = dhkam.GenerateKey(PRNG)
if err != nil {
return nil
}
var sdhkey signedDHKey
sdhkey.Public = skey.key.Export()
sdhkey.Signature, err = pks.Sign(id.key, sdhkey.Public)
if err != nil {
return nil
}
skey.signedKey, err = asn1.Marshal(sdhkey)
if err != nil {
return nil
}
return skey
}
