// Encrypt takes a message and encrypts it to the session's peer.
func (skey *SessionKey) Encrypt(message []byte) ([]byte, error) {
dhEphem, err := dhkam.GenerateKey(PRNG)
if err != nil {
return nil, err
}
shared, err := dhEphem.SharedKey(PRNG, skey.peer, sharedKeyLen)
if err != nil {
return nil, err
}
var ephem struct {
Pub []byte
CT []byte
}
symkey := shared[:authsym.SymKeyLen]
mackey := shared[authsym.SymKeyLen:]
ephem.CT, err = authsym.Encrypt(symkey, mackey, message)
if err != nil {
return nil, err
}
ephem.Pub = dhEphem.Export()
return asn1.Marshal(ephem)
}
func Encrypt(prv *dhkam.PrivateKey, kek *dhkam.KEK, pub *dhkam.PublicKey, m []byte) (out []byte, err error) {
key, err := prv.CEK(kek)
if err != nil {
return
}
out, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m)
return
}
func Encrypt(prv *dhkam.PrivateKey, pub *dhkam.PublicKey, m []byte) (out []byte, err error) {
key, err := prv.SharedKey(rand.Reader, pub, keyMaterialSize)
if err != nil {
return
}
out, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m)
return
}
func Encrypt(pub *rsa.PublicKey, m []byte) (ct []byte, err error) {
var msg Message
var key []byte
key, err = generateSessionKeys()
if err != nil {
return
}
if msg.Key, err = pkc.Encrypt(pub, key); err != nil {
return
} else if msg.Msg, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m); err != nil {
return
}
ct, err = asn1.Marshal(msg)
authsym.Scrub(key, 3)
return
}