Will make it easier to add new key lengths Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> --- src/util/vircrypto.c | 50 +++++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 27a3d1d..f50ac6a 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -229,36 +229,40 @@ virCryptoEncryptData(virCryptoCipher algorithm, uint8_t **ciphertext, size_t *ciphertextlen) { + /* + * Encrypt the data buffer using an encryption key and + * initialization vector via the gnutls_cipher_encrypt API + * for the specific cipher algorithm. + */ +# define DO_CRYPT(ekl, ivl, alg, nam) \ + do { \ + if (enckeylen != ekl) { \ + virReportError(VIR_ERR_INVALID_ARG, \ + _("'%s' encryption invalid keylen=%d"), \ + nam, ekl); \ + return -1; \ + } \ + if (ivlen != ivl) { \ + virReportError(VIR_ERR_INVALID_ARG, \ + _("'%s' initialization vector invalid len=%d"), \ + nam, ivl); \ + return -1; \ + } \ + return virCryptoEncryptDataAESgnutls(alg, enckey, enckeylen, \ + iv, ivlen, data, datalen, \ + ciphertext, ciphertextlen); \ + } while (0); + switch (algorithm) { case VIR_CRYPTO_CIPHER_AES256CBC: - if (enckeylen != 32) { - virReportError(VIR_ERR_INVALID_ARG, - _("AES256CBC encryption invalid keylen=%zu"), - enckeylen); - return -1; - } - - if (ivlen != 16) { - virReportError(VIR_ERR_INVALID_ARG, - _("AES256CBC initialization vector invalid len=%zu"), - ivlen); - return -1; - } - - /* - * Encrypt the data buffer using an encryption key and - * initialization vector via the gnutls_cipher_encrypt API - * for GNUTLS_CIPHER_AES_256_CBC. - */ - return virCryptoEncryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC, - enckey, enckeylen, iv, ivlen, - data, datalen, - ciphertext, ciphertextlen); + DO_CRYPT(32, 16, GNUTLS_CIPHER_AES_256_CBC, "AES256CBC"); case VIR_CRYPTO_CIPHER_NONE: case VIR_CRYPTO_CIPHER_LAST: break; } +# undef DO_CRYPT + virReportError(VIR_ERR_INVALID_ARG, _("algorithm=%d is not supported"), algorithm); -- 2.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list