// Decrypt takes the incoming ciphertext and decrypts it.
func (skey *SessionKey) Decrypt(in []byte) ([]byte, error) {
var ephem struct {
Pub []byte
CT []byte
}
_, err := asn1.Unmarshal(in, &ephem)
if err != nil {
return nil, err
}
pub, err := dhkam.ImportPublic(ephem.Pub)
if err != nil {
return nil, err
}
shared, err := skey.key.SharedKey(PRNG, pub, sharedKeyLen)
if err != nil {
return nil, err
}
symkey := shared[:authsym.SymKeyLen]
mackey := shared[authsym.SymKeyLen:]
out, err := authsym.Decrypt(symkey, mackey, ephem.CT)
if err != nil {
return nil, err
}
return out, nil
}
func Decrypt(prv *dhkam.PrivateKey, kek *dhkam.KEK, pub *dhkam.PublicKey, m []byte) (out []byte, err error) {
key, err := prv.CEK(kek)
if err != nil {
return
}
out, err = authsym.Decrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m)
return
}
func Decrypt(prv *dhkam.PrivateKey, pub *dhkam.PublicKey, m []byte) (out []byte, err error) {
key, err := prv.SharedKey(rand.Reader, pub, keyMaterialSize)
if err != nil {
return
}
out, err = authsym.Decrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m)
return
}
func Decrypt(prv *rsa.PrivateKey, ct []byte) (m []byte, err error) {
var msg Message
if _, err = asn1.Unmarshal(ct, &msg); err != nil {
return
}
sym, mac, err := readSessionKeys(prv, msg.Key)
if err != nil {
return
}
m, err = authsym.Decrypt(sym, mac, msg.Msg)
authsym.Scrub(sym, 3)
authsym.Scrub(mac, 3)
return
}
