[libvirt] [PATCH REPOST 4/4] util: Adjust virCryptoEncryptData code to use macros
Will make it easier to add new key lengths
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/vircrypto.c | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 27a3d1d..f50ac6a 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -229,36 +229,40 @@ virCryptoEncryptData(virCryptoCipher algorithm,
uint8_t **ciphertext,
size_t *ciphertextlen)
{
+ /*
+ * Encrypt the data buffer using an encryption key and
+ * initialization vector via the gnutls_cipher_encrypt API
+ * for the specific cipher algorithm.
+ */
+# define DO_CRYPT(ekl, ivl, alg, nam) \
+ do { \
+ if (enckeylen != ekl) { \
+ virReportError(VIR_ERR_INVALID_ARG, \
+ _("'%s' encryption invalid keylen=%d"),
\
+ nam, ekl); \
+ return -1; \
+ } \
+ if (ivlen != ivl) { \
+ virReportError(VIR_ERR_INVALID_ARG, \
+ _("'%s' initialization vector invalid
len=%d"), \
+ nam, ivl); \
+ return -1; \
+ } \
+ return virCryptoEncryptDataAESgnutls(alg, enckey, enckeylen, \
+ iv, ivlen, data, datalen, \
+ ciphertext, ciphertextlen); \
+ } while (0);
+
switch (algorithm) {
case VIR_CRYPTO_CIPHER_AES256CBC:
- if (enckeylen != 32) {
- virReportError(VIR_ERR_INVALID_ARG,
- _("AES256CBC encryption invalid keylen=%zu"),
- enckeylen);
- return -1;
- }
-
- if (ivlen != 16) {
- virReportError(VIR_ERR_INVALID_ARG,
- _("AES256CBC initialization vector invalid
len=%zu"),
- ivlen);
- return -1;
- }
-
- /*
- * Encrypt the data buffer using an encryption key and
- * initialization vector via the gnutls_cipher_encrypt API
- * for GNUTLS_CIPHER_AES_256_CBC.
- */
- return virCryptoEncryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC,
- enckey, enckeylen, iv, ivlen,
- data, datalen,
- ciphertext, ciphertextlen);
+ DO_CRYPT(32, 16, GNUTLS_CIPHER_AES_256_CBC, "AES256CBC");
case VIR_CRYPTO_CIPHER_NONE:
case VIR_CRYPTO_CIPHER_LAST:
break;
}
+# undef DO_CRYPT
+
virReportError(VIR_ERR_INVALID_ARG,
_("algorithm=%d is not supported"), algorithm);
--
2.5.5