// Encrypt takes a message and encrypts it to the session's peer.
func (skey *SessionKey) Encrypt(message []byte) ([]byte, error) {
	dhEphem, err := dhkam.GenerateKey(PRNG)
	if err != nil {
		return nil, err
	}

	shared, err := dhEphem.SharedKey(PRNG, skey.peer, sharedKeyLen)
	if err != nil {
		return nil, err
	}

	var ephem struct {
		Pub []byte
		CT  []byte
	}

	symkey := shared[:authsym.SymKeyLen]
	mackey := shared[authsym.SymKeyLen:]
	ephem.CT, err = authsym.Encrypt(symkey, mackey, message)
	if err != nil {
		return nil, err
	}

	ephem.Pub = dhEphem.Export()
	return asn1.Marshal(ephem)
}
Exemple #2
0
func Encrypt(prv *dhkam.PrivateKey, kek *dhkam.KEK, pub *dhkam.PublicKey, m []byte) (out []byte, err error) {
	key, err := prv.CEK(kek)
	if err != nil {
		return
	}
	out, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m)
	return
}
Exemple #3
0
func Encrypt(prv *dhkam.PrivateKey, pub *dhkam.PublicKey, m []byte) (out []byte, err error) {
	key, err := prv.SharedKey(rand.Reader, pub, keyMaterialSize)
	if err != nil {
		return
	}

	out, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m)
	return
}
Exemple #4
0
func Encrypt(pub *rsa.PublicKey, m []byte) (ct []byte, err error) {
	var msg Message
	var key []byte

	key, err = generateSessionKeys()
	if err != nil {
		return
	}
	if msg.Key, err = pkc.Encrypt(pub, key); err != nil {
		return
	} else if msg.Msg, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m); err != nil {
		return
	}
	ct, err = asn1.Marshal(msg)
	authsym.Scrub(key, 3)
	return
}