mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-06 16:21:50 +00:00
libnm: don't depend nm-crypto on "nm-error.h"
"nm-error.h" is public API of libnm, and contains error numbers and quarks. Clearly our "nm-crypto" implementation wants to use those errors. I want to move "nm-crypto" out of libnm, and as it's more basic, I think it should not have a dependency on all of libnm-core. Also because libnm-core currently uses nm-crypto, so there would be a circular dependency. Which would be possible to do (libnm-core-aux-intern is also used in such a way). But it's better avoided, to have clear hierarchy of dependencies. Add a version of the same error codes to libnm-base. libnm-base is a very basic dependency (just one step above libnm-glib-aux).
This commit is contained in:
parent
89bba8fa84
commit
3a97604a27
|
@ -3,3 +3,9 @@
|
|||
#include "libnm-glib-aux/nm-default-glib-i18n-lib.h"
|
||||
|
||||
#include "nm-base.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
NM_CACHED_QUARK_FCN("nm-crypto-error-quark", _nm_crypto_error_quark);
|
||||
|
||||
/*****************************************************************************/
|
||||
|
|
|
@ -393,4 +393,20 @@ typedef struct {
|
|||
|
||||
#define NM_BOND_PORT_QUEUE_ID_DEF 0
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
/* NM_CRYPTO_ERROR is part of public API in libnm (implemented in libnm-core).
|
||||
* We also want to use it without libnm-core. So this "_" variant is the internal
|
||||
* version, with numerically same values -- to be used without libnm-base. */
|
||||
|
||||
#define _NM_CRYPTO_ERROR_FAILED 0
|
||||
#define _NM_CRYPTO_ERROR_INVALID_DATA 1
|
||||
#define _NM_CRYPTO_ERROR_INVALID_PASSWORD 2
|
||||
#define _NM_CRYPTO_ERROR_UNKNOWN_CIPHER 3
|
||||
#define _NM_CRYPTO_ERROR_DECRYPTION_FAILED 4
|
||||
#define _NM_CRYPTO_ERROR_ENCRYPTION_FAILED 5
|
||||
|
||||
#define _NM_CRYPTO_ERROR _nm_crypto_error_quark()
|
||||
GQuark _nm_crypto_error_quark(void);
|
||||
|
||||
#endif /* __NM_LIBNM_BASE_H__ */
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
#include <gnutls/pkcs12.h>
|
||||
|
||||
#include "libnm-glib-aux/nm-secret-utils.h"
|
||||
#include "nm-errors.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
|
@ -54,8 +53,8 @@ _nm_crypto_init(GError **error)
|
|||
if (gnutls_global_init() != 0) {
|
||||
gnutls_global_deinit();
|
||||
g_set_error_literal(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Failed to initialize the crypto engine."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -87,8 +86,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (!_get_cipher_info(cipher, &cipher_mech, &real_iv_len)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_("Unsupported key cipher for decryption"));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -98,8 +97,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (iv_len < real_iv_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Invalid IV length (must be at least %u)."),
|
||||
(guint) real_iv_len);
|
||||
return NULL;
|
||||
|
@ -116,8 +115,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
err = gnutls_cipher_init(&ctx, cipher_mech, &key_dt, &iv_dt);
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to initialize the decryption cipher context: %s (%s)"),
|
||||
gnutls_strerror_name(err),
|
||||
gnutls_strerror(err));
|
||||
|
@ -130,8 +129,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key: %s (%s)"),
|
||||
gnutls_strerror_name(err),
|
||||
gnutls_strerror(err));
|
||||
|
@ -143,8 +142,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
/* Check if the padding at the end of the decrypted data is valid */
|
||||
if (pad_len == 0 || pad_len > real_iv_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key: unexpected padding length."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -155,8 +154,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
for (pad_i = 1; pad_i <= pad_len; ++pad_i) {
|
||||
if (output.bin[data_len - pad_i] != pad_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -189,8 +188,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (cipher == NM_CRYPTO_CIPHER_DES_CBC || !_get_cipher_info(cipher, &cipher_mech, NULL)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_("Unsupported key cipher for encryption"));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -206,8 +205,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
err = gnutls_cipher_init(&ctx, cipher_mech, &key_dt, &iv_dt);
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Failed to initialize the encryption cipher context: %s (%s)"),
|
||||
gnutls_strerror_name(err),
|
||||
gnutls_strerror(err));
|
||||
|
@ -234,8 +233,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Failed to encrypt the data: %s (%s)"),
|
||||
gnutls_strerror_name(err),
|
||||
gnutls_strerror(err));
|
||||
|
@ -259,8 +258,8 @@ _nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
|
|||
err = gnutls_x509_crt_init(&der);
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Error initializing certificate data: %s"),
|
||||
gnutls_strerror(err));
|
||||
return FALSE;
|
||||
|
@ -282,8 +281,8 @@ _nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
|
|||
return TRUE;
|
||||
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Couldn't decode certificate: %s"),
|
||||
gnutls_strerror(err));
|
||||
return FALSE;
|
||||
|
@ -307,8 +306,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
err = gnutls_pkcs12_init(&p12);
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Couldn't initialize PKCS#12 decoder: %s"),
|
||||
gnutls_strerror(err));
|
||||
return FALSE;
|
||||
|
@ -321,8 +320,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
err = gnutls_pkcs12_import(p12, &dt, GNUTLS_X509_FMT_PEM, 0);
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Couldn't decode PKCS#12 file: %s"),
|
||||
gnutls_strerror(err));
|
||||
gnutls_pkcs12_deinit(p12);
|
||||
|
@ -336,8 +335,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
|
||||
if (err != GNUTLS_E_SUCCESS) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Couldn't verify PKCS#12 file: %s"),
|
||||
gnutls_strerror(err));
|
||||
return FALSE;
|
||||
|
@ -365,8 +364,8 @@ _nm_crypto_verify_pkcs8(const guint8 *data,
|
|||
err = gnutls_x509_privkey_init(&p8);
|
||||
if (err < 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Couldn't initialize PKCS#8 decoder: %s"),
|
||||
gnutls_strerror(err));
|
||||
return FALSE;
|
||||
|
@ -393,8 +392,8 @@ _nm_crypto_verify_pkcs8(const guint8 *data,
|
|||
*/
|
||||
} else {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Couldn't decode PKCS#8 file: %s"),
|
||||
gnutls_strerror(err));
|
||||
return FALSE;
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
#define __NM_CRYPTO_IMPL_H__
|
||||
|
||||
#include "nm-crypto.h"
|
||||
#include "libnm-base/nm-base.h"
|
||||
|
||||
gboolean _nm_crypto_init(GError **error);
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ NM_PRAGMA_WARNING_DISABLE("-Wstrict-prototypes")
|
|||
NM_PRAGMA_WARNING_REENABLE
|
||||
|
||||
#include "libnm-glib-aux/nm-secret-utils.h"
|
||||
#include "nm-errors.h"
|
||||
#include "libnm-base/nm-base.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
|
@ -65,8 +65,8 @@ _nm_crypto_init(GError **error)
|
|||
ret = NSS_NoDB_Init(NULL);
|
||||
if (ret != SECSuccess) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Failed to initialize the crypto engine: %d."),
|
||||
PR_GetError());
|
||||
PR_Cleanup();
|
||||
|
@ -113,16 +113,16 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (!_get_cipher_info(cipher, &cipher_mech, &real_iv_len)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_("Unsupported key cipher for decryption"));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (iv_len < real_iv_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Invalid IV length (must be at least %u)."),
|
||||
(guint) real_iv_len);
|
||||
return NULL;
|
||||
|
@ -134,8 +134,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
slot = PK11_GetBestSlot(cipher_mech, NULL);
|
||||
if (!slot) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Failed to initialize the decryption cipher slot."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -145,8 +145,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
sym_key = PK11_ImportSymKey(slot, cipher_mech, PK11_OriginUnwrap, CKA_DECRYPT, &key_item, NULL);
|
||||
if (!sym_key) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to set symmetric key for decryption."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -156,8 +156,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
sec_param = PK11_ParamFromIV(cipher_mech, &key_item);
|
||||
if (!sec_param) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to set IV for decryption."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -165,8 +165,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
ctx = PK11_CreateContextBySymKey(cipher_mech, CKA_DECRYPT, sym_key, sec_param);
|
||||
if (!ctx) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to initialize the decryption context."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -182,8 +182,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
data_len);
|
||||
if (s != SECSuccess) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key: %d."),
|
||||
PORT_GetError());
|
||||
goto out;
|
||||
|
@ -191,8 +191,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (decrypted_len > data_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key: decrypted data too large."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -203,8 +203,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
data_len - decrypted_len);
|
||||
if (s != SECSuccess) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to finalize decryption of the private key: %d."),
|
||||
PORT_GetError());
|
||||
goto out;
|
||||
|
@ -216,8 +216,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
/* Check if the padding at the end of the decrypted data is valid */
|
||||
if (pad_len == 0 || pad_len > real_iv_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key: unexpected padding length."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -228,8 +228,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
for (i = pad_len; i > 0; i--) {
|
||||
if (output.bin[data_len - i] != pad_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Failed to decrypt the private key."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -283,8 +283,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (cipher == NM_CRYPTO_CIPHER_DES_CBC || !_get_cipher_info(cipher, &cipher_mech, NULL)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
|
||||
_("Unsupported key cipher for encryption"));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -295,8 +295,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
slot = PK11_GetBestSlot(cipher_mech, NULL);
|
||||
if (!slot) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Failed to initialize the encryption cipher slot."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -304,8 +304,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
sym_key = PK11_ImportSymKey(slot, cipher_mech, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, NULL);
|
||||
if (!sym_key) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Failed to set symmetric key for encryption."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -313,8 +313,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
sec_param = PK11_ParamFromIV(cipher_mech, &iv_item);
|
||||
if (!sec_param) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Failed to set IV for encryption."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -322,8 +322,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
ctx = PK11_CreateContextBySymKey(cipher_mech, CKA_ENCRYPT, sym_key, sec_param);
|
||||
if (!ctx) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Failed to initialize the encryption context."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -347,8 +347,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
PK11_CipherOp(ctx, output.bin, &encrypted_len, output.len, padded_buf.bin, padded_buf.len);
|
||||
if (ret != SECSuccess) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Failed to encrypt: %d."),
|
||||
PORT_GetError());
|
||||
goto out;
|
||||
|
@ -356,8 +356,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
|
||||
if (encrypted_len != output.len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
|
||||
_("Unexpected amount of data after encrypting."));
|
||||
goto out;
|
||||
}
|
||||
|
@ -393,8 +393,8 @@ _nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
|
|||
cert = CERT_DecodeCertFromPackage((char *) data, len);
|
||||
if (!cert) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Couldn't decode certificate: %d"),
|
||||
PORT_GetError());
|
||||
return FALSE;
|
||||
|
@ -438,8 +438,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
|
||||
if (!ucs2_password.bin || ucs2_password.len == 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_PASSWORD,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_PASSWORD,
|
||||
_("Password must be UTF-8"));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -461,15 +461,18 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
|
||||
slot = PK11_GetInternalKeySlot();
|
||||
if (!slot) {
|
||||
g_set_error(error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_FAILED, _("Couldn't initialize slot"));
|
||||
g_set_error(error,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Couldn't initialize slot"));
|
||||
goto out;
|
||||
}
|
||||
|
||||
p12ctx = SEC_PKCS12DecoderStart(&pw, slot, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
if (!p12ctx) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Couldn't initialize PKCS#12 decoder: %d"),
|
||||
PORT_GetError());
|
||||
goto out;
|
||||
|
@ -478,8 +481,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
s = SEC_PKCS12DecoderUpdate(p12ctx, (guint8 *) data, data_len);
|
||||
if (s != SECSuccess) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Couldn't decode PKCS#12 file: %d"),
|
||||
PORT_GetError());
|
||||
goto out;
|
||||
|
@ -488,8 +491,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
|
|||
s = SEC_PKCS12DecoderVerify(p12ctx);
|
||||
if (s != SECSuccess) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_DECRYPTION_FAILED,
|
||||
_("Couldn't verify PKCS#12 file: %d"),
|
||||
PORT_GetError());
|
||||
goto out;
|
||||
|
@ -539,8 +542,8 @@ _nm_crypto_randomize(void *buffer, gsize buffer_len, GError **error)
|
|||
s = PK11_GenerateRandom(buffer, buffer_len);
|
||||
if (s != SECSuccess) {
|
||||
g_set_error_literal(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Could not generate random data."));
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
#include "nm-crypto-impl.h"
|
||||
|
||||
#include "libnm-glib-aux/nm-secret-utils.h"
|
||||
#include "nm-errors.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
|
@ -17,8 +16,8 @@ gboolean
|
|||
_nm_crypto_init(GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -35,8 +34,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
|
|||
GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -53,8 +52,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
|
|||
GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -63,8 +62,8 @@ gboolean
|
|||
_nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -73,8 +72,8 @@ gboolean
|
|||
_nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *password, GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -87,8 +86,8 @@ _nm_crypto_verify_pkcs8(const guint8 *data,
|
|||
GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -97,8 +96,8 @@ gboolean
|
|||
_nm_crypto_randomize(void *buffer, gsize buffer_len, GError **error)
|
||||
{
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_FAILED,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_FAILED,
|
||||
_("Compiled without crypto support."));
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
@ -16,7 +16,8 @@
|
|||
#include "libnm-glib-aux/nm-io-utils.h"
|
||||
|
||||
#include "nm-crypto-impl.h"
|
||||
#include "nm-errors.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define PEM_RSA_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
|
||||
#define PEM_RSA_KEY_END "-----END RSA PRIVATE KEY-----"
|
||||
|
@ -202,8 +203,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
end_tag = PEM_DSA_KEY_END;
|
||||
} else {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("PEM key file had no start tag"));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -211,8 +212,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
start += strlen(start_tag);
|
||||
if (!find_tag(end_tag, data, data_len, start, &end)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("PEM key file had no end tag '%s'."),
|
||||
end_tag);
|
||||
return FALSE;
|
||||
|
@ -239,8 +240,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
if (!strncmp(p, PROC_TYPE_TAG, strlen(PROC_TYPE_TAG))) {
|
||||
if (enc_tags++ != 0 || str_p != str) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Malformed PEM file: Proc-Type was not first tag."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -248,8 +249,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
p += strlen(PROC_TYPE_TAG);
|
||||
if (strcmp(p, "4,ENCRYPTED")) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Malformed PEM file: unknown Proc-Type tag '%s'."),
|
||||
p);
|
||||
return FALSE;
|
||||
|
@ -261,8 +262,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
|
||||
if (enc_tags++ != 1 || str_p != str) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Malformed PEM file: DEK-Info was not the second tag."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -273,8 +274,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
comma = strchr(p, ',');
|
||||
if (!comma || (*(comma + 1) == '\0')) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Malformed PEM file: no IV found in DEK-Info tag."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -282,8 +283,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
comma++;
|
||||
if (!g_ascii_isxdigit(*comma)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Malformed PEM file: invalid format of IV in DEK-Info tag."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -294,8 +295,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
cipher_info = nm_crypto_cipher_get_info_by_name(p, p_len);
|
||||
if (!cipher_info) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Malformed PEM file: unknown private key cipher '%s'."),
|
||||
p);
|
||||
return FALSE;
|
||||
|
@ -304,8 +305,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
} else {
|
||||
if (enc_tags == 1) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
"Malformed PEM file: both Proc-Type and DEK-Info tags are required.");
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -317,8 +318,8 @@ parse_old_openssl_key_file(const guint8 *data,
|
|||
parsed.bin = (guint8 *) g_base64_decode(str, &parsed.len);
|
||||
if (!parsed.bin || parsed.len == 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Could not decode private key."));
|
||||
nm_secret_ptr_clear(&parsed);
|
||||
return FALSE;
|
||||
|
@ -359,8 +360,8 @@ parse_pkcs8_key_file(const guint8 *data,
|
|||
encrypted = FALSE;
|
||||
} else {
|
||||
g_set_error_literal(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to find expected PKCS#8 start tag."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -368,8 +369,8 @@ parse_pkcs8_key_file(const guint8 *data,
|
|||
start += strlen(start_tag);
|
||||
if (!find_tag(end_tag, data, data_len, start, &end)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to find expected PKCS#8 end tag '%s'."),
|
||||
end_tag);
|
||||
return FALSE;
|
||||
|
@ -381,8 +382,8 @@ parse_pkcs8_key_file(const guint8 *data,
|
|||
parsed->bin = (guint8 *) g_base64_decode(der_base64, &parsed->len);
|
||||
if (!parsed->bin || parsed->len == 0) {
|
||||
g_set_error_literal(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to decode PKCS#8 private key."));
|
||||
nm_secret_ptr_clear(parsed);
|
||||
return FALSE;
|
||||
|
@ -411,8 +412,8 @@ parse_tpm2_wrapped_key_file(const guint8 *data,
|
|||
end_tag = PEM_TPM2_OLD_WRAPPED_KEY_END;
|
||||
} else {
|
||||
g_set_error_literal(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to find expected TSS start tag."));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -420,8 +421,8 @@ parse_tpm2_wrapped_key_file(const guint8 *data,
|
|||
start += strlen(start_tag);
|
||||
if (!find_tag(end_tag, data, data_len, start, &end)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to find expected TSS end tag '%s'."),
|
||||
end_tag);
|
||||
return FALSE;
|
||||
|
@ -475,8 +476,8 @@ _nmtst_convert_iv(const char *src, gsize *out_len, GError **error)
|
|||
num = strlen(src);
|
||||
if (num == 0 || (num % 2) != 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("IV must be an even number of bytes in length."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -492,8 +493,8 @@ _nmtst_convert_iv(const char *src, gsize *out_len, GError **error)
|
|||
if (((c0 = nm_utils_hexchar_to_int(*(src++))) < 0)
|
||||
|| ((c1 = nm_utils_hexchar_to_int(*(src++))) < 0)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("IV contains non-hexadecimal digits."));
|
||||
nm_explicit_bzero(c, i);
|
||||
return FALSE;
|
||||
|
@ -568,8 +569,8 @@ _nmtst_decrypt_key(NMCryptoCipherType cipher,
|
|||
|
||||
if (bin_iv.len < 8) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("IV must contain at least 8 characters"));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -618,8 +619,8 @@ nmtst_crypto_decrypt_openssl_private_key_data(const guint8 *data,
|
|||
|
||||
if (!parse_old_openssl_key_file(data, data_len, &parsed, &key_type, &cipher, &iv, NULL)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Unable to determine private key type."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -631,8 +632,8 @@ nmtst_crypto_decrypt_openssl_private_key_data(const guint8 *data,
|
|||
|
||||
if (cipher == NM_CRYPTO_CIPHER_UNKNOWN || !iv) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_PASSWORD,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_PASSWORD,
|
||||
_("Password provided, but key was not encrypted."));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -687,8 +688,8 @@ extract_pem_cert_data(const guint8 *contents,
|
|||
|
||||
if (!find_tag(PEM_CERT_BEGIN, contents, contents_len, 0, &start)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("PEM certificate had no start tag '%s'."),
|
||||
PEM_CERT_BEGIN);
|
||||
return FALSE;
|
||||
|
@ -697,8 +698,8 @@ extract_pem_cert_data(const guint8 *contents,
|
|||
start += strlen(PEM_CERT_BEGIN);
|
||||
if (!find_tag(PEM_CERT_END, contents, contents_len, start, &end)) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("PEM certificate had no end tag '%s'."),
|
||||
PEM_CERT_END);
|
||||
return FALSE;
|
||||
|
@ -710,8 +711,8 @@ extract_pem_cert_data(const guint8 *contents,
|
|||
out_cert->bin = (guint8 *) g_base64_decode(der_base64, &out_cert->len);
|
||||
if (!out_cert->bin || !out_cert->len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to decode certificate."));
|
||||
nm_secret_ptr_clear(out_cert);
|
||||
return FALSE;
|
||||
|
@ -739,8 +740,8 @@ nm_crypto_load_and_verify_certificate(const char *file,
|
|||
|
||||
if (contents.len == 0) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Certificate file is empty"));
|
||||
goto out;
|
||||
}
|
||||
|
@ -772,8 +773,8 @@ nm_crypto_load_and_verify_certificate(const char *file,
|
|||
}
|
||||
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Failed to recognize certificate"));
|
||||
|
||||
out:
|
||||
|
@ -790,8 +791,8 @@ nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error)
|
|||
|
||||
if (!data_len) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("Certificate file is empty"));
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -805,7 +806,7 @@ nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error)
|
|||
if (success == FALSE) {
|
||||
/* If the error was just a decryption error, then it's pkcs#12 */
|
||||
if (local) {
|
||||
if (g_error_matches(local, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_DECRYPTION_FAILED)) {
|
||||
if (g_error_matches(local, _NM_CRYPTO_ERROR, _NM_CRYPTO_ERROR_DECRYPTION_FAILED)) {
|
||||
success = TRUE;
|
||||
g_error_free(local);
|
||||
} else
|
||||
|
@ -880,8 +881,8 @@ nm_crypto_verify_private_key_data(const guint8 *data,
|
|||
|
||||
if (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN && error && !*error) {
|
||||
g_set_error(error,
|
||||
NM_CRYPTO_ERROR,
|
||||
NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_NM_CRYPTO_ERROR,
|
||||
_NM_CRYPTO_ERROR_INVALID_DATA,
|
||||
_("not a valid private key"));
|
||||
}
|
||||
|
||||
|
|
|
@ -12,12 +12,24 @@
|
|||
|
||||
NM_CACHED_QUARK_FCN("nm-agent-manager-error-quark", nm_agent_manager_error_quark);
|
||||
NM_CACHED_QUARK_FCN("nm-connection-error-quark", nm_connection_error_quark);
|
||||
NM_CACHED_QUARK_FCN("nm-crypto-error-quark", nm_crypto_error_quark);
|
||||
NM_CACHED_QUARK_FCN("nm-device-error-quark", nm_device_error_quark);
|
||||
NM_CACHED_QUARK_FCN("nm-secret-agent-error-quark", nm_secret_agent_error_quark);
|
||||
NM_CACHED_QUARK_FCN("nm-settings-error-quark", nm_settings_error_quark);
|
||||
NM_CACHED_QUARK_FCN("nm-vpn-plugin-error-quark", nm_vpn_plugin_error_quark);
|
||||
|
||||
GQuark
|
||||
nm_crypto_error_quark(void)
|
||||
{
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_FAILED == _NM_CRYPTO_ERROR_FAILED);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_DATA == _NM_CRYPTO_ERROR_INVALID_DATA);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_PASSWORD == _NM_CRYPTO_ERROR_INVALID_PASSWORD);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_UNKNOWN_CIPHER == _NM_CRYPTO_ERROR_UNKNOWN_CIPHER);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_DECRYPTION_FAILED == _NM_CRYPTO_ERROR_DECRYPTION_FAILED);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_ENCRYPTION_FAILED == _NM_CRYPTO_ERROR_ENCRYPTION_FAILED);
|
||||
|
||||
return _nm_crypto_error_quark();
|
||||
}
|
||||
|
||||
static void
|
||||
register_error_domain(GQuark domain, const char *interface, GType enum_type)
|
||||
{
|
||||
|
|
|
@ -399,6 +399,23 @@ test_md5(void)
|
|||
}
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
static void
|
||||
test_crypto_error(void)
|
||||
{
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_FAILED == _NM_CRYPTO_ERROR_FAILED);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_DATA == _NM_CRYPTO_ERROR_INVALID_DATA);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_PASSWORD == _NM_CRYPTO_ERROR_INVALID_PASSWORD);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_UNKNOWN_CIPHER == _NM_CRYPTO_ERROR_UNKNOWN_CIPHER);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_DECRYPTION_FAILED == _NM_CRYPTO_ERROR_DECRYPTION_FAILED);
|
||||
G_STATIC_ASSERT(NM_CRYPTO_ERROR_ENCRYPTION_FAILED == _NM_CRYPTO_ERROR_ENCRYPTION_FAILED);
|
||||
|
||||
g_assert_cmpint(NM_CRYPTO_ERROR, ==, _NM_CRYPTO_ERROR);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
NMTST_DEFINE();
|
||||
|
||||
int
|
||||
|
@ -448,6 +465,7 @@ main(int argc, char **argv)
|
|||
g_test_add_data_func("/libnm/crypto/PKCS#8", "pkcs8-enc-key.pem, 1234567890", test_pkcs8);
|
||||
|
||||
g_test_add_func("/libnm/crypto/md5", test_md5);
|
||||
g_test_add_func("/libnm/crypto/error", test_crypto_error);
|
||||
|
||||
ret = g_test_run();
|
||||
|
||||
|
|
Loading…
Reference in a new issue