+#if HAVE_LIBGCRYPT
+static int nb_add_signature (lcc_network_buffer_t *nb) /* {{{ */
+{
+ char *buffer;
+ size_t buffer_size;
+
+ gcry_md_hd_t hd;
+ gcry_error_t err;
+ unsigned char *hash;
+ const size_t hash_length = 32;
+
+ /* The type, length and username have already been filled in by
+ * "lcc_network_buffer_initialize". All we do here is calculate the hash over
+ * the username and the data and add the hash value to the buffer. */
+
+ buffer = nb->buffer + PART_SIGNATURE_SHA256_SIZE;
+ assert (nb->size >= (nb->free + PART_SIGNATURE_SHA256_SIZE));
+ buffer_size = nb->size - (nb->free + PART_SIGNATURE_SHA256_SIZE);
+
+ hd = NULL;
+ err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ if (err != 0)
+ return (-1);
+
+ assert (nb->password != NULL);
+ err = gcry_md_setkey (hd, nb->password, strlen (nb->password));
+ if (err != 0)
+ {
+ gcry_md_close (hd);
+ return (-1);
+ }
+
+ gcry_md_write (hd, buffer, buffer_size);
+ hash = gcry_md_read (hd, GCRY_MD_SHA256);
+ if (hash == NULL)
+ {
+ gcry_md_close (hd);
+ return (-1);
+ }
+
+ assert (((2 * sizeof (uint16_t)) + hash_length) == PART_SIGNATURE_SHA256_SIZE);
+ memcpy (nb->buffer + (2 * sizeof (uint16_t)), hash, hash_length);
+
+ gcry_md_close (hd);
+ return (0);
+} /* }}} int nb_add_signature */
+
+static int nb_add_encryption (lcc_network_buffer_t *nb) /* {{{ */
+{
+ size_t package_length;
+ char *encr_ptr; /* pointer to data being encrypted */
+ size_t encr_size;
+
+ char *hash_ptr; /* pointer to data being hashed */
+ size_t hash_size;
+ char hash[20];
+
+ uint16_t pkg_length;
+ gcry_error_t err;
+
+ /* Fill in the package length */
+ package_length = nb->size - nb->free;
+ pkg_length = htons ((uint16_t) package_length);
+ memcpy (nb->buffer + 2, &pkg_length, sizeof (pkg_length));
+
+ /* Calculate what to hash */
+ hash_ptr = nb->buffer + PART_ENCRYPTION_AES256_SIZE;
+ hash_size = package_length - nb->encr_header_len;
+
+ /* Calculate what to encrypt */
+ encr_ptr = hash_ptr - sizeof (hash);
+ encr_size = hash_size + sizeof (hash);
+
+ /* Calculate the SHA-1 hash */
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash_ptr, hash_size);
+ memcpy (encr_ptr, hash, sizeof (hash));
+
+ if (nb->encr_cypher == NULL)
+ {
+ unsigned char password_hash[32];
+
+ err = gcry_cipher_open (&nb->encr_cypher,
+ GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, /* flags = */ 0);
+ if (err != 0)
+ return (-1);
+
+ /* Calculate our 256bit key used for AES */
+ gcry_md_hash_buffer (GCRY_MD_SHA256, password_hash,
+ nb->password, strlen (nb->password));
+
+ err = gcry_cipher_setkey (nb->encr_cypher,
+ password_hash, sizeof (password_hash));
+ if (err != 0)
+ {
+ gcry_cipher_close (nb->encr_cypher);
+ nb->encr_cypher = NULL;
+ return (-1);
+ }
+ }
+ else /* if (nb->encr_cypher != NULL) */
+ {
+ gcry_cipher_reset (nb->encr_cypher);
+ }
+
+ /* Set the initialization vector */
+ err = gcry_cipher_setiv (nb->encr_cypher,
+ nb->encr_iv, sizeof (nb->encr_iv));
+ if (err != 0)
+ {
+ gcry_cipher_close (nb->encr_cypher);
+ nb->encr_cypher = NULL;
+ return (-1);
+ }
+
+ /* Encrypt the buffer in-place */
+ err = gcry_cipher_encrypt (nb->encr_cypher,
+ encr_ptr, encr_size,
+ /* in = */ NULL, /* in len = */ 0);
+ if (err != 0)
+ {
+ gcry_cipher_close (nb->encr_cypher);
+ nb->encr_cypher = NULL;
+ return (-1);
+ }
+
+ return (0);
+} /* }}} int nb_add_encryption */
+#endif
+