func TestGenerateKeys(t *testing.T) { var err error if testSender, err = dhkam.GenerateKey(rand.Reader); err != nil { fmt.Println(err.Error()) t.FailNow() } if testReceiver, err = dhkam.GenerateKey(rand.Reader); err != nil { fmt.Println(err.Error()) t.FailNow() } testSenderKEK = testSender.InitializeKEK(rand.Reader, &testReceiver.PublicKey, dhkam.KEKAES128CBCHMACSHA256, nil, sha256.New()) if testSenderKEK == nil { fmt.Println(ErrInvalidKEKParams.Error()) t.FailNow() } testReceiverKEK = testReceiver.InitializeKEK(rand.Reader, &testSender.PublicKey, dhkam.KEKAES128CBCHMACSHA256, nil, sha256.New()) if testReceiverKEK == nil { fmt.Println(ErrInvalidKEKParams.Error()) t.FailNow() } if testmsg, err = ioutil.ReadFile("README"); err != nil { fmt.Println(err.Error()) t.FailNow() } }
// Encrypt takes a message and encrypts it to the session's peer. func (skey *SessionKey) Encrypt(message []byte) ([]byte, error) { dhEphem, err := dhkam.GenerateKey(PRNG) if err != nil { return nil, err } shared, err := dhEphem.SharedKey(PRNG, skey.peer, sharedKeyLen) if err != nil { return nil, err } var ephem struct { Pub []byte CT []byte } symkey := shared[:authsym.SymKeyLen] mackey := shared[authsym.SymKeyLen:] ephem.CT, err = authsym.Encrypt(symkey, mackey, message) if err != nil { return nil, err } ephem.Pub = dhEphem.Export() return asn1.Marshal(ephem) }
func BenchmarkKeyGeneration(b *testing.B) { for i := 0; i < b.N; i++ { if _, err := dhkam.GenerateKey(rand.Reader); err != nil { fmt.Println(err.Error()) b.FailNow() } } }
func TestGenerateKeys(t *testing.T) { var err error if testSender, err = dhkam.GenerateKey(rand.Reader); err != nil { fmt.Println(err.Error()) t.FailNow() } if testReceiver, err = dhkam.GenerateKey(rand.Reader); err != nil { fmt.Println(err.Error()) t.FailNow() } if testmsg, err = ioutil.ReadFile("README"); err != nil { fmt.Println(err.Error()) t.FailNow() } }
// NewSessionKey builds a new session and returns it. Once this is // returned, the Public() value should be sent to the peer, and // once that Public() value is received, the peer should call // PeerSessionKey before attempting to use the session key for // encryption. func (id *IdentityKey) NewSessionKey() *SessionKey { skey := new(SessionKey) var err error skey.key, err = dhkam.GenerateKey(PRNG) if err != nil { return nil } var sdhkey signedDHKey sdhkey.Public = skey.key.Export() sdhkey.Signature, err = pks.Sign(id.key, sdhkey.Public) if err != nil { return nil } skey.signedKey, err = asn1.Marshal(sdhkey) if err != nil { return nil } return skey }