IF_TRACING(T_KEYSET, {
trace(T_KEYSET,
- "keyset: encrypting packet %lu (type %u) using keyset %u",
+ "keyset: encrypting packet %lu (type 0x%02x) using keyset %u",
(unsigned long)ks->oseq, ty, ks->seq);
trace_block(T_CRYPTO, "crypto: plaintext packet", BCUR(b), sz);
})
IF_TRACING(T_KEYSET, {
trace(T_KEYSET,
- "keyset: try decrypting packet (type %u) using keyset %u",
+ "keyset: try decrypting packet (type 0x%02x) using keyset %u",
ty, ks->seq);
trace_block(T_CRYPTO, "crypto: ciphertext packet", BCUR(b), BLEFT(b));
})
GH_DESTROY(h);
IF_TRACING(T_KEYSET, { IF_TRACING(T_CRYPTO, {
char _buf[32];
- sprintf(_buf, "crypto: %s key %s", dir ? "incoming" : "outgoing", what);
+ sprintf(_buf, "crypto: %s key %s", dir ? "outgoing" : "incoming", what);
trace_block(T_CRYPTO, _buf, k, ksz);
}) })
}
* the key material; between @k + x@ and @k + y@ is `your'
* contribution; and between @k + y@ and @k + z@ is a shared
* value we made together. These are used to construct two
- * pairs of symmetric keys. Each pair consists of an encryption
- * key and a message authentication key. One pair is used for
- * outgoing messages, the other for incoming messages.
+ * collections of symmetric keys: one for outgoing messages, the
+ * other for incoming messages.
*
* The new key is marked so that it won't be selected for output
* by @ksl_encrypt@. You can still encrypt data with it by
~mdw / tripe / blobdiff