diff options
Diffstat (limited to 'src/gcrypt/hmac.c')
| -rw-r--r-- | src/gcrypt/hmac.c | 118 |
1 files changed, 42 insertions, 76 deletions
diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c index 631b4704..4f5d2762 100644 --- a/src/gcrypt/hmac.c +++ b/src/gcrypt/hmac.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for GCrypt. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -199,22 +207,15 @@ xmlSecGCryptHmacInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* open context */ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_open", err, + xmlSecTransformGetName(transform)); return(-1); } @@ -287,11 +288,8 @@ xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTr small value */ if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); return(-1); } @@ -299,11 +297,7 @@ xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTr } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -356,22 +350,15 @@ xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key is empty"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_setkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_setkey", err, + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -400,37 +387,30 @@ xmlSecGCryptHmacVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); /* compare the digest size in bytes */ - if(dataSize != ((ctx->dgstSize + 7) / 8)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + if(dataSize != ((ctx->dgstSize + 7) / 8)) { + xmlSecInvalidSizeError("HMAC digest size", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -472,11 +452,9 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -485,11 +463,8 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC gcry_md_final(ctx->digestCtx); dgst = gcry_md_read(ctx->digestCtx, ctx->digest); if(dgst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_read", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_md_read", GPG_ERR_NO_ERROR, + xmlSecTransformGetName(transform)); return(-1); } @@ -505,23 +480,18 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC } else if(ctx->dgstSize <= 8 * dgstSize) { dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * dgstSize, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * dgstSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", dgstSize); return(-1); } } @@ -531,11 +501,7 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "size=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } |