// Decrypt takes the incoming ciphertext and decrypts it.
func (skey *SessionKey) Decrypt(in []byte) ([]byte, error) {
var ephem struct {
Pub []byte
CT []byte
}
_, err := asn1.Unmarshal(in, &ephem)
if err != nil {
return nil, err
}
pub, err := dhkam.ImportPublic(ephem.Pub)
if err != nil {
return nil, err
}
shared, err := skey.key.SharedKey(PRNG, pub, sharedKeyLen)
if err != nil {
return nil, err
}
symkey := shared[:authsym.SymKeyLen]
mackey := shared[authsym.SymKeyLen:]
out, err := authsym.Decrypt(symkey, mackey, ephem.CT)
if err != nil {
return nil, err
}
return out, nil
}
// PeerSessionKey reads the session key passed and checks the
// signature on it; if the signature is valid, it returns the peer's
// DH public key. On failure, it returns nil.
func (skey *SessionKey) PeerSessionKey(peer *rsa.PublicKey, session []byte) error {
var signedKey signedDHKey
_, err := asn1.Unmarshal(session, &signedKey)
if err != nil {
return err
}
if err = pks.Verify(peer, signedKey.Public, signedKey.Signature); err != nil {
return err
}
pub, err := dhkam.ImportPublic(signedKey.Public)
if err != nil {
return err
}
skey.peer = pub
return nil
}