예제 #1
0
// Decrypt takes the incoming ciphertext and decrypts it.
func (skey *SessionKey) Decrypt(in []byte) ([]byte, error) {
	var ephem struct {
		Pub []byte
		CT  []byte
	}

	_, err := asn1.Unmarshal(in, &ephem)
	if err != nil {
		return nil, err
	}

	pub, err := dhkam.ImportPublic(ephem.Pub)
	if err != nil {
		return nil, err
	}

	shared, err := skey.key.SharedKey(PRNG, pub, sharedKeyLen)
	if err != nil {
		return nil, err
	}

	symkey := shared[:authsym.SymKeyLen]
	mackey := shared[authsym.SymKeyLen:]
	out, err := authsym.Decrypt(symkey, mackey, ephem.CT)
	if err != nil {
		return nil, err
	}
	return out, nil
}
예제 #2
0
// PeerSessionKey reads the session key passed and checks the
// signature on it; if the signature is valid, it returns the peer's
// DH public key. On failure, it returns nil.
func (skey *SessionKey) PeerSessionKey(peer *rsa.PublicKey, session []byte) error {
	var signedKey signedDHKey
	_, err := asn1.Unmarshal(session, &signedKey)
	if err != nil {
		return err
	}

	if err = pks.Verify(peer, signedKey.Public, signedKey.Signature); err != nil {
		return err
	}

	pub, err := dhkam.ImportPublic(signedKey.Public)
	if err != nil {
		return err
	}
	skey.peer = pub
	return nil
}