File: xmlsec-notes-new-crypto-transforms.html

package info (click to toggle)
xmlsec1 1.3.7-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 19,916 kB
  • sloc: ansic: 100,493; xml: 19,156; sh: 8,079; makefile: 1,186; javascript: 438; perl: 199
file content (107 lines) | stat: -rw-r--r-- 6,576 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Cryptographic transforms.: XML Security Library Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="XML Security Library Reference Manual">
<link rel="up" href="xmlsec-notes-new-crypto.html" title="Adding support for new cryptographic library.">
<link rel="prev" href="xmlsec-notes-new-crypto-klasses.html" title="Klasses and objects.">
<link rel="next" href="xmlsec-notes-new-crypto-keys.html" title="Keys data and keys data stores.">
<meta name="generator" content="GTK-Doc V1.34.0 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="xmlsec-notes-new-crypto-klasses.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="xmlsec-notes-new-crypto-keys.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="xmlsec-notes-new-crypto-transforms"></a>Cryptographic transforms.</h2></div></div></div>
<p>The cryptographic transforms (digests, signatures and encryption)
	implementation is the main goal of "xmlsec-&lt;crypto&gt;" library.
	Most of the cryptographic <a class="link" href="xmlsec-notes-transforms.html" title="Transforms and transforms chain.">transforms</a>
	use default <em class="structfield"><code>pushBin</code></em> and <em class="structfield"><code>popBin</code></em>
	methods and provide custom <a class="link" href="xmlsec-transforms.html#xmlSecTransformExecuteMethod" title="xmlSecTransformExecuteMethod ()">execute</a> method.
	The binary transform <a class="link" href="xmlsec-transforms.html#xmlSecTransformExecuteMethod" title="xmlSecTransformExecuteMethod ()">execute</a> method
	processes data from the input buffer
	<em class="structfield"><code>inBuf</code></em> and pushes results to
	<em class="structfield"><code>outBuf</code></em>. The transform should try to
	consume and remove data from <em class="structfield"><code>inBuf</code></em> buffer
	as soon as the data became available. However, it might happen
	that current data size in the input buffer is not enough (for example,
	RSA-PKCS1 algorithm requires that all the data are available in
	one buffer). In this case, transform might keep the data in the
	input buffer till the next call to
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformExecuteMethod" title="xmlSecTransformExecuteMethod ()">execute</a>
	method. The "last" parameter of the
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformExecuteMethod" title="xmlSecTransformExecuteMethod ()">execute</a>
	indicates that transform MUST process all the data in the input buffer
	and return as much as possible in the output buffer. The
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformExecuteMethod" title="xmlSecTransformExecuteMethod ()">execute</a> method
	might be called multiple times with non-zero "last" parameter until
	the transforms returns nothing
	in the output buffer. In addition, the transform implementation is
	responsible for managing the transform <em class="structfield"><code>status</code></em>
	variable.
	</p>
<div class="table">
<a name="id-1.2.14.5.2.13"></a><p class="title"><b>Table 2. Typical transform status managing.</b></p>
<div class="table-contents"><table class="table" summary="Typical transform status managing." border="1">
<colgroup>
<col>
<col>
</colgroup>
<tbody>
<tr>
<td>xmlSecTransformStatusNone</td>
<td>Transform initializes itself (for example, cipher transform
	generates or reads IV) and sets <em class="structfield"><code>status</code></em>
	variable to xmlSecTransformStatusWorking.</td>
</tr>
<tr>
<td>xmlSecTransformStatusWorking</td>
<td>Transform process the next (if "last" parameter is zero) or
	last block of data (if "last" parameter is non-zero).
	When transform returns all the data, it sets the
	<em class="structfield"><code>status</code></em> variable to
	xmlSecTransformStatusFinished.</td>
</tr>
<tr>
<td>xmlSecTransformStatusFinished</td>
<td>Transform returns no data to indicate that it finished
	processing.</td>
</tr>
</tbody>
</table></div>
</div>
<p><br class="table-break">
	</p>
<p>In adition to <a class="link" href="xmlsec-transforms.html#xmlSecTransformExecuteMethod" title="xmlSecTransformExecuteMethod ()">execute</a>
	methods, signature, hmac or digest transforms
	MUST implement <a class="link" href="xmlsec-transforms.html#xmlSecTransformVerifyMethod" title="xmlSecTransformVerifyMethod ()">verify</a> method.
	The <a class="link" href="xmlsec-transforms.html#xmlSecTransformVerifyMethod" title="xmlSecTransformVerifyMethod ()">verify</a> method is called
	after transform execution is finished. The
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformVerifyMethod" title="xmlSecTransformVerifyMethod ()">verify</a> method implementation
	must set the "status" member to <a class="link" href="xmlsec-transforms.html#xmlSecTransformStatusOk">xmlSecTransformStatusOk</a>
	if signature, hmac or digest is successfully verified or to
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformStatusFail">xmlSecTransformStatusFail</a>
	otherwise.
	</p>
<p>The transforms that require a key (signature or encryption
	transforms, for example) MUST imlpement
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformSetKeyRequirementsMethod" title="xmlSecTransformSetKeyRequirementsMethod ()">setKeyReq</a>
	(prepares the <a class="link" href="xmlsec-keys.html#xmlSecKeyReq" title="struct xmlSecKeyReq">key requirements</a>
	for key search) and
	<a class="link" href="xmlsec-transforms.html#xmlSecTransformSetKeyMethod" title="xmlSecTransformSetKeyMethod ()">setKey</a>
	(sets the key in the transform) methods.
	</p>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.34.0</div>
</body>
</html>