#include "config.h"
+#define DEBUG_FLAG GCR_DEBUG_SECRET_EXCHANGE
+#include "gcr-debug.h"
#include "gcr-secret-exchange.h"
#include "egg/egg-dh.h"
switch (prop_id) {
case PROP_PROTOCOL:
protocol = g_value_get_string (value);
- if (protocol != NULL) {
- if (g_str_equal (protocol, GCR_SECRET_EXCHANGE_PROTOCOL_1))
+ if (protocol == NULL) {
+ _gcr_debug ("automatically selecting secret exchange protocol");
+
+ } else {
+ if (g_str_equal (protocol, GCR_SECRET_EXCHANGE_PROTOCOL_1)) {
+ _gcr_debug ("explicitly using secret exchange protocol: %s",
+ GCR_SECRET_EXCHANGE_PROTOCOL_1);
self->pv->explicit_protocol = TRUE;
- else
+ } else {
g_warning ("the GcrSecretExchange protocol %s is unsupported defaulting to %s",
protocol, GCR_SECRET_EXCHANGE_PROTOCOL_1);
+ }
}
break;
default:
g_strchug (result);
+ if (_gcr_debugging) {
+ gchar *string = g_strescape (result, "");
+ _gcr_debug ("beginning the secret exchange: %s", string);
+ g_free (string);
+ }
+
if (!g_str_has_prefix (result, SECRET_EXCHANGE_PROTOCOL_1_PREFIX))
g_warning ("the prepared data does not have the correct protocol prefix");
klass = GCR_SECRET_EXCHANGE_GET_CLASS (self);
g_return_val_if_fail (klass->derive_transport_key, FALSE);
+ _gcr_debug ("deriving shared transport key");
+
peer = key_file_get_base64 (input, GCR_SECRET_EXCHANGE_PROTOCOL_1, "public", &n_peer);
if (peer == NULL) {
g_message ("secret-exchange: invalid or missing 'public' argument");
g_return_val_if_fail (klass->generate_exchange_key, FALSE);
g_return_val_if_fail (klass->derive_transport_key, FALSE);
+ if (_gcr_debugging) {
+ gchar *string = g_strescape (exchange, "");
+ _gcr_debug ("receiving secret exchange: %s", string);
+ g_free (string);
+ }
+
/* Parse the input */
input = g_key_file_new ();
if (!g_key_file_load_from_data (input, exchange, strlen (exchange),
g_strchug (result);
+ if (_gcr_debugging) {
+ gchar *string = g_strescape (result, "");
+ _gcr_debug ("sending the secret exchange: %s", string);
+ g_free (string);
+ }
+
if (!g_str_has_prefix (result, SECRET_EXCHANGE_PROTOCOL_1_PREFIX))
g_warning ("the prepared data does not have the correct protocol prefix: %s", result);
{
GcrSecretExchangeDefault *data = exchange->pv->default_exchange;
+ _gcr_debug ("generating public key");
+
if (data == NULL) {
data = g_new0 (GcrSecretExchangeDefault, 1);
if (!egg_dh_default_params (EXCHANGE_1_IKE_NAME, &data->prime, &data->base))
gsize n_ikm;
gcry_mpi_t mpi;
+ _gcr_debug ("deriving transport key");
+
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data->priv != NULL, FALSE);
mpi = mpi_from_data (peer, n_peer);
- if (mpi == NULL)
+ if (mpi == NULL) {
+ _gcr_debug ("invalid peer mpi");
return FALSE;
+ }
/* Build up a key we can use */
ikm = egg_dh_gen_secret (mpi, data->priv, data->prime, &n_ikm);
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data->key != NULL, FALSE);
+ _gcr_debug ("encrypting data");
+
gcry = gcry_cipher_open (&cih, EXCHANGE_1_CIPHER_ALGO, EXCHANGE_1_CIPHER_MODE, 0);
if (gcry != 0) {
g_warning ("couldn't create aes cipher context: %s", gcry_strerror (gcry));
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data->key != NULL, FALSE);
+ _gcr_debug ("decrypting data");
+
if (iv == NULL || n_iv != EXCHANGE_1_IV_LENGTH) {
g_message ("secret-exchange: invalid or missing iv");
return FALSE;