<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GcrSecretExchange: Gcr Library Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="Gcr Library Reference Manual">
<link rel="up" href="misc.html" title="Part VI. Miscellaneous">
<link rel="prev" href="gcr-Key-Fingerprints.html" title="Key Fingerprints">
<link rel="next" href="gcr-Non-pageable-Memory.html" title="Non-pageable Memory">
<meta name="generator" content="GTK-Doc V1.27.1 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts">
<a href="#" class="shortcut">Top</a><span id="nav_description"> <span class="dim">|</span>
<a href="#GcrSecretExchange.description" class="shortcut">Description</a></span><span id="nav_hierarchy"> <span class="dim">|</span>
<a href="#GcrSecretExchange.object-hierarchy" class="shortcut">Object Hierarchy</a></span>
</td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="misc.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="gcr-Key-Fingerprints.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="gcr-Non-pageable-Memory.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="GcrSecretExchange"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle"><a name="GcrSecretExchange.top_of_page"></a>GcrSecretExchange</span></h2>
<p>GcrSecretExchange — Exchange secrets between processes in an unexposed way.</p>
</td>
<td class="gallery_image" valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="GcrSecretExchange.functions"></a><h2>Functions</h2>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="functions_return">
<col class="functions_name">
</colgroup>
<tbody>
<tr>
<td class="function_type">
<a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="returnvalue">GcrSecretExchange</span></a> *
</td>
<td class="function_name">
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-new" title="gcr_secret_exchange_new ()">gcr_secret_exchange_new</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gchar</span> *
</td>
<td class="function_name">
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-begin" title="gcr_secret_exchange_begin ()">gcr_secret_exchange_begin</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gboolean</span>
</td>
<td class="function_name">
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-receive" title="gcr_secret_exchange_receive ()">gcr_secret_exchange_receive</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">const <span class="returnvalue">gchar</span> *
</td>
<td class="function_name">
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-get-protocol" title="gcr_secret_exchange_get_protocol ()">gcr_secret_exchange_get_protocol</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">const <span class="returnvalue">gchar</span> *
</td>
<td class="function_name">
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-get-secret" title="gcr_secret_exchange_get_secret ()">gcr_secret_exchange_get_secret</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gchar</span> *
</td>
<td class="function_name">
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-send" title="gcr_secret_exchange_send ()">gcr_secret_exchange_send</a> <span class="c_punctuation">()</span>
</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="GcrSecretExchange.other"></a><h2>Types and Values</h2>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="name">
<col class="description">
</colgroup>
<tbody>
<tr>
<td class="datatype_keyword">struct</td>
<td class="function_name"><a class="link" href="GcrSecretExchange.html#GcrSecretExchange-struct" title="struct GcrSecretExchange">GcrSecretExchange</a></td>
</tr>
<tr>
<td class="datatype_keyword">struct</td>
<td class="function_name"><a class="link" href="GcrSecretExchange.html#GcrSecretExchangeClass" title="struct GcrSecretExchangeClass">GcrSecretExchangeClass</a></td>
</tr>
<tr>
<td class="define_keyword">#define</td>
<td class="function_name"><a class="link" href="GcrSecretExchange.html#GCR-SECRET-EXCHANGE-PROTOCOL-1:CAPS" title="GCR_SECRET_EXCHANGE_PROTOCOL_1">GCR_SECRET_EXCHANGE_PROTOCOL_1</a></td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="GcrSecretExchange.object-hierarchy"></a><h2>Object Hierarchy</h2>
<pre class="screen"> GObject
<span class="lineart">╰──</span> GcrSecretExchange
</pre>
</div>
<div class="refsect1">
<a name="GcrSecretExchange.description"></a><h2>Description</h2>
<p>Allows exchange of secrets between two processes on the same system without
exposing those secrets to things like loggers, non-pageable memory etc.</p>
<p>This does not protect against active attacks like MITM attacks.</p>
<p>Each side creates a <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object, and one of the sides calls
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-begin" title="gcr_secret_exchange_begin ()"><code class="function">gcr_secret_exchange_begin()</code></a>. This creates a string, which should be passed
to the other side. Each side passes the strings it receives into
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-receive" title="gcr_secret_exchange_receive ()"><code class="function">gcr_secret_exchange_receive()</code></a>.</p>
<p>In order to send a reply (either with or without a secret) use
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-send" title="gcr_secret_exchange_send ()"><code class="function">gcr_secret_exchange_send()</code></a>. A side must have had <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-receive" title="gcr_secret_exchange_receive ()"><code class="function">gcr_secret_exchange_receive()</code></a>
successfully called before it can use <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-send" title="gcr_secret_exchange_send ()"><code class="function">gcr_secret_exchange_send()</code></a>.</p>
<p>The <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> objects can be used for multiple iterations of the
conversation, or for just one request/reply. The only limitation being that
the initial request cannot contain a secret.</p>
<p>Caveat: Information about the approximate length (rounded up to the nearest
16 bytes) may be leaked. If this is considered inacceptable, do not use
<a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a>.</p>
</div>
<div class="refsect1">
<a name="GcrSecretExchange.functions_details"></a><h2>Functions</h2>
<div class="refsect2">
<a name="gcr-secret-exchange-new"></a><h3>gcr_secret_exchange_new ()</h3>
<pre class="programlisting"><a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="returnvalue">GcrSecretExchange</span></a> *
gcr_secret_exchange_new (<em class="parameter"><code>const <span class="type">gchar</span> *protocol</code></em>);</pre>
<p>Create a new secret exchange object.</p>
<p>Specify a protocol of <code class="literal">NULL</code> to allow any protocol. This is especially
relevant on the side of the exchange that does not call
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-begin" title="gcr_secret_exchange_begin ()"><code class="function">gcr_secret_exchange_begin()</code></a>, that is the originator. Currently the only
protocol supported is <a class="link" href="GcrSecretExchange.html#GCR-SECRET-EXCHANGE-PROTOCOL-1:CAPS" title="GCR_SECRET_EXCHANGE_PROTOCOL_1"><code class="literal">GCR_SECRET_EXCHANGE_PROTOCOL_1</code></a>.</p>
<div class="refsect3">
<a name="gcr-secret-exchange-new.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>protocol</p></td>
<td class="parameter_description"><p>the exchange protocol to use. </p></td>
<td class="parameter_annotations"><span class="annotation">[<acronym title="NULL is OK, both for passing and for returning."><span class="acronym">allow-none</span></acronym>]</span></td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-secret-exchange-new.returns"></a><h4>Returns</h4>
<p>A new <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object. </p>
<p><span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-secret-exchange-begin"></a><h3>gcr_secret_exchange_begin ()</h3>
<pre class="programlisting"><span class="returnvalue">gchar</span> *
gcr_secret_exchange_begin (<em class="parameter"><code><a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> *self</code></em>);</pre>
<p>Begin the secret exchange. The resulting string should be sent to the other
side of the exchange. The other side should use <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-receive" title="gcr_secret_exchange_receive ()"><code class="function">gcr_secret_exchange_receive()</code></a>
to process the string.</p>
<div class="refsect3">
<a name="gcr-secret-exchange-begin.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>a <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object</p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-secret-exchange-begin.returns"></a><h4>Returns</h4>
<p>A newly allocated string to be sent to the other
side of the secret exchange. </p>
<p><span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-secret-exchange-receive"></a><h3>gcr_secret_exchange_receive ()</h3>
<pre class="programlisting"><span class="returnvalue">gboolean</span>
gcr_secret_exchange_receive (<em class="parameter"><code><a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> *self</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *exchange</code></em>);</pre>
<p>Receive a string from the other side of secret exchange. This string will
have been created by <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-begin" title="gcr_secret_exchange_begin ()"><code class="function">gcr_secret_exchange_begin()</code></a> or <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-send" title="gcr_secret_exchange_send ()"><code class="function">gcr_secret_exchange_send()</code></a>.</p>
<p>After this call completes successfully the value returned from
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-get-secret" title="gcr_secret_exchange_get_secret ()"><code class="function">gcr_secret_exchange_get_secret()</code></a> will have changed.</p>
<div class="refsect3">
<a name="gcr-secret-exchange-receive.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>a <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>exchange</p></td>
<td class="parameter_description"><p>the string received</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-secret-exchange-receive.returns"></a><h4>Returns</h4>
<p> whether the string was successfully parsed and received</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-secret-exchange-get-protocol"></a><h3>gcr_secret_exchange_get_protocol ()</h3>
<pre class="programlisting">const <span class="returnvalue">gchar</span> *
gcr_secret_exchange_get_protocol (<em class="parameter"><code><a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> *self</code></em>);</pre>
<p>Will return <code class="literal">NULL</code> if no protocol was specified, and either
<a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-begin" title="gcr_secret_exchange_begin ()"><code class="function">gcr_secret_exchange_begin()</code></a> or <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-receive" title="gcr_secret_exchange_receive ()"><code class="function">gcr_secret_exchange_receive()</code></a> have not been
called successfully.</p>
<div class="refsect3">
<a name="gcr-secret-exchange-get-protocol.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>a <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object
Get the secret exchange protocol.</p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-secret-exchange-get-protocol.returns"></a><h4>Returns</h4>
<p> the protocol or <code class="literal">NULL</code></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-secret-exchange-get-secret"></a><h3>gcr_secret_exchange_get_secret ()</h3>
<pre class="programlisting">const <span class="returnvalue">gchar</span> *
gcr_secret_exchange_get_secret (<em class="parameter"><code><a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> *self</code></em>,
<em class="parameter"><code><span class="type">gsize</span> *secret_len</code></em>);</pre>
<p>Returns the last secret received. If no secret has yet been received this
will return <code class="literal">NULL</code>. The string is owned by the <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object
and will be valid until the next time that <a class="link" href="GcrSecretExchange.html#gcr-secret-exchange-receive" title="gcr_secret_exchange_receive ()"><code class="function">gcr_secret_exchange_receive()</code></a>
is called on this object, or the object is destroyed.</p>
<p>Depending on the secret passed into the other side of the secret exchange,
the result may be a binary string. It does however have a null terminator,
so if you're certain that it is does not contain arbitrary binary data,
it can be used as a string.</p>
<div class="refsect3">
<a name="gcr-secret-exchange-get-secret.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>a <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>secret_len</p></td>
<td class="parameter_description"><p>optionally, a location to store the length of returned secret. </p></td>
<td class="parameter_annotations"><span class="annotation">[<acronym title="NULL is OK, both for passing and for returning."><span class="acronym">allow-none</span></acronym>]</span></td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-secret-exchange-get-secret.returns"></a><h4>Returns</h4>
<p>the last secret received. </p>
<p><span class="annotation">[<acronym title="Don't free data after the code is done."><span class="acronym">transfer none</span></acronym>][<acronym title="Parameter points to an array of items."><span class="acronym">array</span></acronym> length=secret_len]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-secret-exchange-send"></a><h3>gcr_secret_exchange_send ()</h3>
<pre class="programlisting"><span class="returnvalue">gchar</span> *
gcr_secret_exchange_send (<em class="parameter"><code><a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> *self</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *secret</code></em>,
<em class="parameter"><code><span class="type">gssize</span> secret_len</code></em>);</pre>
<p>Send a reply to the other side of the secret exchange, optionally sending a
secret.</p>
<p>gcr_secret_exchange_receive() must have been successfully called at least
once on this object. In other words this object must have received data
from the other side of the secret exchange, before we can send a secret.</p>
<div class="refsect3">
<a name="gcr-secret-exchange-send.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>a <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a> object</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>secret</p></td>
<td class="parameter_description"><p>optionally, a secret to send to the other side. </p></td>
<td class="parameter_annotations"><span class="annotation">[<acronym title="NULL is OK, both for passing and for returning."><span class="acronym">allow-none</span></acronym>]</span></td>
</tr>
<tr>
<td class="parameter_name"><p>secret_len</p></td>
<td class="parameter_description"><p>length of <em class="parameter"><code>secret</code></em>
, or -1 if null terminated</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-secret-exchange-send.returns"></a><h4>Returns</h4>
<p>a newly allocated string to be sent to the other
side of the secret exchange. </p>
<p><span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span></p>
</div>
</div>
</div>
<div class="refsect1">
<a name="GcrSecretExchange.other_details"></a><h2>Types and Values</h2>
<div class="refsect2">
<a name="GcrSecretExchange-struct"></a><h3>struct GcrSecretExchange</h3>
<pre class="programlisting">struct GcrSecretExchange;</pre>
<p>An object representing one side of a secret exchange.</p>
</div>
<hr>
<div class="refsect2">
<a name="GcrSecretExchangeClass"></a><h3>struct GcrSecretExchangeClass</h3>
<pre class="programlisting">struct GcrSecretExchangeClass {
};
</pre>
<p>The class for <a class="link" href="GcrSecretExchange.html" title="GcrSecretExchange"><span class="type">GcrSecretExchange</span></a></p>
</div>
<hr>
<div class="refsect2">
<a name="GCR-SECRET-EXCHANGE-PROTOCOL-1:CAPS"></a><h3>GCR_SECRET_EXCHANGE_PROTOCOL_1</h3>
<pre class="programlisting">#define GCR_SECRET_EXCHANGE_PROTOCOL_1 "sx-aes-1"
</pre>
<p>The current secret exchange protocol. Key agreement is done using DH with the
1536 bit IKE parameter group. Keys are derived using SHA256 with HKDF. The
transport encryption is done with 128 bit AES.</p>
</div>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.27.1</div>
</body>
</html>