// Encrypt takes a message and encrypts it to the session's peer. func (skey *SessionKey) Encrypt(message []byte) ([]byte, error) { dhEphem, err := dhkam.GenerateKey(PRNG) if err != nil { return nil, err } shared, err := dhEphem.SharedKey(PRNG, skey.peer, sharedKeyLen) if err != nil { return nil, err } var ephem struct { Pub []byte CT []byte } symkey := shared[:authsym.SymKeyLen] mackey := shared[authsym.SymKeyLen:] ephem.CT, err = authsym.Encrypt(symkey, mackey, message) if err != nil { return nil, err } ephem.Pub = dhEphem.Export() return asn1.Marshal(ephem) }
func Encrypt(prv *dhkam.PrivateKey, kek *dhkam.KEK, pub *dhkam.PublicKey, m []byte) (out []byte, err error) { key, err := prv.CEK(kek) if err != nil { return } out, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m) return }
func Encrypt(prv *dhkam.PrivateKey, pub *dhkam.PublicKey, m []byte) (out []byte, err error) { key, err := prv.SharedKey(rand.Reader, pub, keyMaterialSize) if err != nil { return } out, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m) return }
func Encrypt(pub *rsa.PublicKey, m []byte) (ct []byte, err error) { var msg Message var key []byte key, err = generateSessionKeys() if err != nil { return } if msg.Key, err = pkc.Encrypt(pub, key); err != nil { return } else if msg.Msg, err = authsym.Encrypt(key[:authsym.SymKeyLen], key[authsym.SymKeyLen:], m); err != nil { return } ct, err = asn1.Marshal(msg) authsym.Scrub(key, 3) return }