-#if HAVE_GCRYPT_H
-static int network_set_encryption (sockent_t *se, /* {{{ */
- const char *shared_secret)
-{
- char hash[32];
- gcry_error_t err;
-
- se->shared_secret = sstrdup (shared_secret);
-
- /*
- * We use CBC *without* an initialization vector: The cipher is reset after
- * each packet and we would have to re-set the IV each time. The first
- * encrypted block will contain the SHA-224 checksum anyway, so this should
- * be quite unpredictable. Also, there's a 2 byte field in the header that's
- * being filled with random numbers. So we only use CBC so the blocks
- * *within* one packet are chained.
- */
- err = gcry_cipher_open (&se->cypher,
- GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, /* flags = */ 0);
- if (err != 0)
- {
- ERROR ("network plugin: gcry_cipher_open returned: %s",
- gcry_strerror (err));
- return (-1);
- }
-
- assert (se->shared_secret != NULL);
- gcry_md_hash_buffer (GCRY_MD_SHA256, hash,
- se->shared_secret, strlen (se->shared_secret));
-
- err = gcry_cipher_setkey (se->cypher, hash, sizeof (hash));
- if (err != 0)
- {
- DEBUG ("network plugin: gcry_cipher_setkey returned: %s",
- gcry_strerror (err));
- gcry_cipher_close (se->cypher);
- se->cypher = NULL;
- return (-1);
- }
-
- return (0);
-} /* }}} int network_set_encryption */
-#endif /* HAVE_GCRYPT_H */
-