Beispiel #1
0
func generateSessionKeys() (key []byte, err error) {
	var sym, mac []byte
	if sym, err = authsym.GenerateAESKey(); err != nil {
		return
	} else if mac, err = authsym.GenerateHMACKey(); err != nil {
		return
	}

	key = make([]byte, SharedKeyLen)
	copy(key, sym)
	copy(key[authsym.SymKeyLen:], mac)
	authsym.Scrub(mac, 3)
	authsym.Scrub(sym, 3)
	return
}
Beispiel #2
0
func Decrypt(prv *rsa.PrivateKey, ct []byte) (m []byte, err error) {
	var msg Message

	if _, err = asn1.Unmarshal(ct, &msg); err != nil {
		return
	}

	sym, mac, err := readSessionKeys(prv, msg.Key)
	if err != nil {
		return
	}
	m, err = authsym.Decrypt(sym, mac, msg.Msg)
	authsym.Scrub(sym, 3)
	authsym.Scrub(mac, 3)
	return
}
Beispiel #3
0
func Encrypt(pub *rsa.PublicKey, m []byte) (ct []byte, err error) {
	var msg Message
	var key []byte

	key, err = generateSessionKeys()
	if err != nil {
		return
	}
	if msg.Key, err = pkc.Encrypt(pub, key); err != nil {
		return
	} else if msg.Msg, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m); err != nil {
		return
	}
	ct, err = asn1.Marshal(msg)
	authsym.Scrub(key, 3)
	return
}