summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Haller <thaller@redhat.com>2022-03-18 20:53:40 +0100
committerThomas Haller <thaller@redhat.com>2022-03-29 11:56:03 +0200
commit3a97604a27aceb58d8edfeee7da9e56b50387a2b (patch)
treeecda76f585f78e5e63fa2f4bf8914a029e206fda
parent89bba8fa847ffb3f37ba625e8eefec4e161074e1 (diff)
downloadNetworkManager-3a97604a27aceb58d8edfeee7da9e56b50387a2b.tar.gz
libnm: don't depend nm-crypto on "nm-error.h"
"nm-error.h" is public API of libnm, and contains error numbers and quarks. Clearly our "nm-crypto" implementation wants to use those errors. I want to move "nm-crypto" out of libnm, and as it's more basic, I think it should not have a dependency on all of libnm-core. Also because libnm-core currently uses nm-crypto, so there would be a circular dependency. Which would be possible to do (libnm-core-aux-intern is also used in such a way). But it's better avoided, to have clear hierarchy of dependencies. Add a version of the same error codes to libnm-base. libnm-base is a very basic dependency (just one step above libnm-glib-aux).
Diffstat
-rw-r--r--src/libnm-base/nm-base.c6
-rw-r--r--src/libnm-base/nm-base.h16
-rw-r--r--src/libnm-core-impl/nm-crypto-gnutls.c69
-rw-r--r--src/libnm-core-impl/nm-crypto-impl.h1
-rw-r--r--src/libnm-core-impl/nm-crypto-nss.c107
-rw-r--r--src/libnm-core-impl/nm-crypto-null.c29
-rw-r--r--src/libnm-core-impl/nm-crypto.c113
-rw-r--r--src/libnm-core-impl/nm-errors.c14
-rw-r--r--src/libnm-core-impl/tests/test-crypto.c18
9 files changed, 214 insertions, 159 deletions
diff --git a/src/libnm-base/nm-base.c b/src/libnm-base/nm-base.c
index e35b5d56ef..f81b285c4e 100644
--- a/src/libnm-base/nm-base.c
+++ b/src/libnm-base/nm-base.c
@@ -3,3 +3,9 @@
#include "libnm-glib-aux/nm-default-glib-i18n-lib.h"
#include "nm-base.h"
+
+/*****************************************************************************/
+
+NM_CACHED_QUARK_FCN("nm-crypto-error-quark", _nm_crypto_error_quark);
+
+/*****************************************************************************/
diff --git a/src/libnm-base/nm-base.h b/src/libnm-base/nm-base.h
index 0363e3b64b..ff062a18b8 100644
--- a/src/libnm-base/nm-base.h
+++ b/src/libnm-base/nm-base.h
@@ -393,4 +393,20 @@ typedef struct {
#define NM_BOND_PORT_QUEUE_ID_DEF 0
+/*****************************************************************************/
+
+/* NM_CRYPTO_ERROR is part of public API in libnm (implemented in libnm-core).
+ * We also want to use it without libnm-core. So this "_" variant is the internal
+ * version, with numerically same values -- to be used without libnm-base. */
+
+#define _NM_CRYPTO_ERROR_FAILED 0
+#define _NM_CRYPTO_ERROR_INVALID_DATA 1
+#define _NM_CRYPTO_ERROR_INVALID_PASSWORD 2
+#define _NM_CRYPTO_ERROR_UNKNOWN_CIPHER 3
+#define _NM_CRYPTO_ERROR_DECRYPTION_FAILED 4
+#define _NM_CRYPTO_ERROR_ENCRYPTION_FAILED 5
+
+#define _NM_CRYPTO_ERROR _nm_crypto_error_quark()
+GQuark _nm_crypto_error_quark(void);
+
#endif /* __NM_LIBNM_BASE_H__ */
diff --git a/src/libnm-core-impl/nm-crypto-gnutls.c b/src/libnm-core-impl/nm-crypto-gnutls.c
index d9e5913645..7352a38e60 100644
--- a/src/libnm-core-impl/nm-crypto-gnutls.c
+++ b/src/libnm-core-impl/nm-crypto-gnutls.c
@@ -14,7 +14,6 @@
#include <gnutls/pkcs12.h>
#include "libnm-glib-aux/nm-secret-utils.h"
-#include "nm-errors.h"
/*****************************************************************************/
@@ -54,8 +53,8 @@ _nm_crypto_init(GError **error)
if (gnutls_global_init() != 0) {
gnutls_global_deinit();
g_set_error_literal(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Failed to initialize the crypto engine."));
return FALSE;
}
@@ -87,8 +86,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
if (!_get_cipher_info(cipher, &cipher_mech, &real_iv_len)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
_("Unsupported key cipher for decryption"));
return NULL;
}
@@ -98,8 +97,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
if (iv_len < real_iv_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Invalid IV length (must be at least %u)."),
(guint) real_iv_len);
return NULL;
@@ -116,8 +115,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
err = gnutls_cipher_init(&ctx, cipher_mech, &key_dt, &iv_dt);
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to initialize the decryption cipher context: %s (%s)"),
gnutls_strerror_name(err),
gnutls_strerror(err));
@@ -130,8 +129,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: %s (%s)"),
gnutls_strerror_name(err),
gnutls_strerror(err));
@@ -143,8 +142,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
/* Check if the padding at the end of the decrypted data is valid */
if (pad_len == 0 || pad_len > real_iv_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: unexpected padding length."));
return NULL;
}
@@ -155,8 +154,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
for (pad_i = 1; pad_i <= pad_len; ++pad_i) {
if (output.bin[data_len - pad_i] != pad_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key."));
return NULL;
}
@@ -189,8 +188,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
if (cipher == NM_CRYPTO_CIPHER_DES_CBC || !_get_cipher_info(cipher, &cipher_mech, NULL)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
_("Unsupported key cipher for encryption"));
return NULL;
}
@@ -206,8 +205,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
err = gnutls_cipher_init(&ctx, cipher_mech, &key_dt, &iv_dt);
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to initialize the encryption cipher context: %s (%s)"),
gnutls_strerror_name(err),
gnutls_strerror(err));
@@ -234,8 +233,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to encrypt the data: %s (%s)"),
gnutls_strerror_name(err),
gnutls_strerror(err));
@@ -259,8 +258,8 @@ _nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
err = gnutls_x509_crt_init(&der);
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Error initializing certificate data: %s"),
gnutls_strerror(err));
return FALSE;
@@ -282,8 +281,8 @@ _nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
return TRUE;
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode certificate: %s"),
gnutls_strerror(err));
return FALSE;
@@ -307,8 +306,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
err = gnutls_pkcs12_init(&p12);
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Couldn't initialize PKCS#12 decoder: %s"),
gnutls_strerror(err));
return FALSE;
@@ -321,8 +320,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
err = gnutls_pkcs12_import(p12, &dt, GNUTLS_X509_FMT_PEM, 0);
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode PKCS#12 file: %s"),
gnutls_strerror(err));
gnutls_pkcs12_deinit(p12);
@@ -336,8 +335,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
if (err != GNUTLS_E_SUCCESS) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Couldn't verify PKCS#12 file: %s"),
gnutls_strerror(err));
return FALSE;
@@ -365,8 +364,8 @@ _nm_crypto_verify_pkcs8(const guint8 *data,
err = gnutls_x509_privkey_init(&p8);
if (err < 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Couldn't initialize PKCS#8 decoder: %s"),
gnutls_strerror(err));
return FALSE;
@@ -393,8 +392,8 @@ _nm_crypto_verify_pkcs8(const guint8 *data,
*/
} else {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode PKCS#8 file: %s"),
gnutls_strerror(err));
return FALSE;
diff --git a/src/libnm-core-impl/nm-crypto-impl.h b/src/libnm-core-impl/nm-crypto-impl.h
index 61c3f7f8e2..0b7c14dc08 100644
--- a/src/libnm-core-impl/nm-crypto-impl.h
+++ b/src/libnm-core-impl/nm-crypto-impl.h
@@ -8,6 +8,7 @@
#define __NM_CRYPTO_IMPL_H__
#include "nm-crypto.h"
+#include "libnm-base/nm-base.h"
gboolean _nm_crypto_init(GError **error);
diff --git a/src/libnm-core-impl/nm-crypto-nss.c b/src/libnm-core-impl/nm-crypto-nss.c
index c27bf09e35..cd5966c42a 100644
--- a/src/libnm-core-impl/nm-crypto-nss.c
+++ b/src/libnm-core-impl/nm-crypto-nss.c
@@ -21,7 +21,7 @@ NM_PRAGMA_WARNING_DISABLE("-Wstrict-prototypes")
NM_PRAGMA_WARNING_REENABLE
#include "libnm-glib-aux/nm-secret-utils.h"
-#include "nm-errors.h"
+#include "libnm-base/nm-base.h"
/*****************************************************************************/
@@ -65,8 +65,8 @@ _nm_crypto_init(GError **error)
ret = NSS_NoDB_Init(NULL);
if (ret != SECSuccess) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Failed to initialize the crypto engine: %d."),
PR_GetError());
PR_Cleanup();
@@ -113,16 +113,16 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
if (!_get_cipher_info(cipher, &cipher_mech, &real_iv_len)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
_("Unsupported key cipher for decryption"));
return NULL;
}
if (iv_len < real_iv_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Invalid IV length (must be at least %u)."),
(guint) real_iv_len);
return NULL;
@@ -134,8 +134,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
slot = PK11_GetBestSlot(cipher_mech, NULL);
if (!slot) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Failed to initialize the decryption cipher slot."));
goto out;
}
@@ -145,8 +145,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
sym_key = PK11_ImportSymKey(slot, cipher_mech, PK11_OriginUnwrap, CKA_DECRYPT, &key_item, NULL);
if (!sym_key) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to set symmetric key for decryption."));
goto out;
}
@@ -156,8 +156,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
sec_param = PK11_ParamFromIV(cipher_mech, &key_item);
if (!sec_param) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to set IV for decryption."));
goto out;
}
@@ -165,8 +165,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
ctx = PK11_CreateContextBySymKey(cipher_mech, CKA_DECRYPT, sym_key, sec_param);
if (!ctx) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to initialize the decryption context."));
goto out;
}
@@ -182,8 +182,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
data_len);
if (s != SECSuccess) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: %d."),
PORT_GetError());
goto out;
@@ -191,8 +191,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
if (decrypted_len > data_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: decrypted data too large."));
goto out;
}
@@ -203,8 +203,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
data_len - decrypted_len);
if (s != SECSuccess) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to finalize decryption of the private key: %d."),
PORT_GetError());
goto out;
@@ -216,8 +216,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
/* Check if the padding at the end of the decrypted data is valid */
if (pad_len == 0 || pad_len > real_iv_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: unexpected padding length."));
goto out;
}
@@ -228,8 +228,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
for (i = pad_len; i > 0; i--) {
if (output.bin[data_len - i] != pad_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key."));
goto out;
}
@@ -283,8 +283,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
if (cipher == NM_CRYPTO_CIPHER_DES_CBC || !_get_cipher_info(cipher, &cipher_mech, NULL)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
_("Unsupported key cipher for encryption"));
return NULL;
}
@@ -295,8 +295,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
slot = PK11_GetBestSlot(cipher_mech, NULL);
if (!slot) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Failed to initialize the encryption cipher slot."));
return NULL;
}
@@ -304,8 +304,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
sym_key = PK11_ImportSymKey(slot, cipher_mech, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, NULL);
if (!sym_key) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to set symmetric key for encryption."));
goto out;
}
@@ -313,8 +313,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
sec_param = PK11_ParamFromIV(cipher_mech, &iv_item);
if (!sec_param) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to set IV for encryption."));
goto out;
}
@@ -322,8 +322,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
ctx = PK11_CreateContextBySymKey(cipher_mech, CKA_ENCRYPT, sym_key, sec_param);
if (!ctx) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to initialize the encryption context."));
goto out;
}
@@ -347,8 +347,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
PK11_CipherOp(ctx, output.bin, &encrypted_len, output.len, padded_buf.bin, padded_buf.len);
if (ret != SECSuccess) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to encrypt: %d."),
PORT_GetError());
goto out;
@@ -356,8 +356,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
if (encrypted_len != output.len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Unexpected amount of data after encrypting."));
goto out;
}
@@ -393,8 +393,8 @@ _nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
cert = CERT_DecodeCertFromPackage((char *) data, len);
if (!cert) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode certificate: %d"),
PORT_GetError());
return FALSE;
@@ -438,8 +438,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
if (!ucs2_password.bin || ucs2_password.len == 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_PASSWORD,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_PASSWORD,
_("Password must be UTF-8"));
return FALSE;
}
@@ -461,15 +461,18 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
slot = PK11_GetInternalKeySlot();
if (!slot) {
- g_set_error(error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_FAILED, _("Couldn't initialize slot"));
+ g_set_error(error,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
+ _("Couldn't initialize slot"));
goto out;
}
p12ctx = SEC_PKCS12DecoderStart(&pw, slot, NULL, NULL, NULL, NULL, NULL, NULL);
if (!p12ctx) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Couldn't initialize PKCS#12 decoder: %d"),
PORT_GetError());
goto out;
@@ -478,8 +481,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
s = SEC_PKCS12DecoderUpdate(p12ctx, (guint8 *) data, data_len);
if (s != SECSuccess) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode PKCS#12 file: %d"),
PORT_GetError());
goto out;
@@ -488,8 +491,8 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
s = SEC_PKCS12DecoderVerify(p12ctx);
if (s != SECSuccess) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_DECRYPTION_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Couldn't verify PKCS#12 file: %d"),
PORT_GetError());
goto out;
@@ -539,8 +542,8 @@ _nm_crypto_randomize(void *buffer, gsize buffer_len, GError **error)
s = PK11_GenerateRandom(buffer, buffer_len);
if (s != SECSuccess) {
g_set_error_literal(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Could not generate random data."));
return FALSE;
}
diff --git a/src/libnm-core-impl/nm-crypto-null.c b/src/libnm-core-impl/nm-crypto-null.c
index 2f072257ec..6f6c7f2897 100644
--- a/src/libnm-core-impl/nm-crypto-null.c
+++ b/src/libnm-core-impl/nm-crypto-null.c
@@ -9,7 +9,6 @@
#include "nm-crypto-impl.h"
#include "libnm-glib-aux/nm-secret-utils.h"
-#include "nm-errors.h"
/*****************************************************************************/
@@ -17,8 +16,8 @@ gboolean
_nm_crypto_init(GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return FALSE;
}
@@ -35,8 +34,8 @@ _nmtst_crypto_decrypt(NMCryptoCipherType cipher,
GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return NULL;
}
@@ -53,8 +52,8 @@ _nmtst_crypto_encrypt(NMCryptoCipherType cipher,
GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return NULL;
}
@@ -63,8 +62,8 @@ gboolean
_nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return FALSE;
}
@@ -73,8 +72,8 @@ gboolean
_nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *password, GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return FALSE;
}
@@ -87,8 +86,8 @@ _nm_crypto_verify_pkcs8(const guint8 *data,
GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return FALSE;
}
@@ -97,8 +96,8 @@ gboolean
_nm_crypto_randomize(void *buffer, gsize buffer_len, GError **error)
{
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_FAILED,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_FAILED,
_("Compiled without crypto support."));
return FALSE;
}
diff --git a/src/libnm-core-impl/nm-crypto.c b/src/libnm-core-impl/nm-crypto.c
index d081f49728..f612b5f3fe 100644
--- a/src/libnm-core-impl/nm-crypto.c
+++ b/src/libnm-core-impl/nm-crypto.c
@@ -16,7 +16,8 @@
#include "libnm-glib-aux/nm-io-utils.h"
#include "nm-crypto-impl.h"
-#include "nm-errors.h"
+
+/*****************************************************************************/
#define PEM_RSA_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
#define PEM_RSA_KEY_END "-----END RSA PRIVATE KEY-----"
@@ -202,8 +203,8 @@ parse_old_openssl_key_file(const guint8 *data,
end_tag = PEM_DSA_KEY_END;
} else {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("PEM key file had no start tag"));
return FALSE;
}
@@ -211,8 +212,8 @@ parse_old_openssl_key_file(const guint8 *data,
start += strlen(start_tag);
if (!find_tag(end_tag, data, data_len, start, &end)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("PEM key file had no end tag '%s'."),
end_tag);
return FALSE;
@@ -239,8 +240,8 @@ parse_old_openssl_key_file(const guint8 *data,
if (!strncmp(p, PROC_TYPE_TAG, strlen(PROC_TYPE_TAG))) {
if (enc_tags++ != 0 || str_p != str) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: Proc-Type was not first tag."));
return FALSE;
}
@@ -248,8 +249,8 @@ parse_old_openssl_key_file(const guint8 *data,
p += strlen(PROC_TYPE_TAG);
if (strcmp(p, "4,ENCRYPTED")) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: unknown Proc-Type tag '%s'."),
p);
return FALSE;
@@ -261,8 +262,8 @@ parse_old_openssl_key_file(const guint8 *data,
if (enc_tags++ != 1 || str_p != str) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: DEK-Info was not the second tag."));
return FALSE;
}
@@ -273,8 +274,8 @@ parse_old_openssl_key_file(const guint8 *data,
comma = strchr(p, ',');
if (!comma || (*(comma + 1) == '\0')) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: no IV found in DEK-Info tag."));
return FALSE;
}
@@ -282,8 +283,8 @@ parse_old_openssl_key_file(const guint8 *data,
comma++;
if (!g_ascii_isxdigit(*comma)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: invalid format of IV in DEK-Info tag."));
return FALSE;
}
@@ -294,8 +295,8 @@ parse_old_openssl_key_file(const guint8 *data,
cipher_info = nm_crypto_cipher_get_info_by_name(p, p_len);
if (!cipher_info) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: unknown private key cipher '%s'."),
p);
return FALSE;
@@ -304,8 +305,8 @@ parse_old_openssl_key_file(const guint8 *data,
} else {
if (enc_tags == 1) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
"Malformed PEM file: both Proc-Type and DEK-Info tags are required.");
return FALSE;
}
@@ -317,8 +318,8 @@ parse_old_openssl_key_file(const guint8 *data,
parsed.bin = (guint8 *) g_base64_decode(str, &parsed.len);
if (!parsed.bin || parsed.len == 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Could not decode private key."));
nm_secret_ptr_clear(&parsed);
return FALSE;
@@ -359,8 +360,8 @@ parse_pkcs8_key_file(const guint8 *data,
encrypted = FALSE;
} else {
g_set_error_literal(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to find expected PKCS#8 start tag."));
return FALSE;
}
@@ -368,8 +369,8 @@ parse_pkcs8_key_file(const guint8 *data,
start += strlen(start_tag);
if (!find_tag(end_tag, data, data_len, start, &end)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to find expected PKCS#8 end tag '%s'."),
end_tag);
return FALSE;
@@ -381,8 +382,8 @@ parse_pkcs8_key_file(const guint8 *data,
parsed->bin = (guint8 *) g_base64_decode(der_base64, &parsed->len);
if (!parsed->bin || parsed->len == 0) {
g_set_error_literal(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to decode PKCS#8 private key."));
nm_secret_ptr_clear(parsed);
return FALSE;
@@ -411,8 +412,8 @@ parse_tpm2_wrapped_key_file(const guint8 *data,
end_tag = PEM_TPM2_OLD_WRAPPED_KEY_END;
} else {
g_set_error_literal(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to find expected TSS start tag."));
return FALSE;
}
@@ -420,8 +421,8 @@ parse_tpm2_wrapped_key_file(const guint8 *data,
start += strlen(start_tag);
if (!find_tag(end_tag, data, data_len, start, &end)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to find expected TSS end tag '%s'."),
end_tag);
return FALSE;
@@ -475,8 +476,8 @@ _nmtst_convert_iv(const char *src, gsize *out_len, GError **error)
num = strlen(src);
if (num == 0 || (num % 2) != 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("IV must be an even number of bytes in length."));
return NULL;
}
@@ -492,8 +493,8 @@ _nmtst_convert_iv(const char *src, gsize *out_len, GError **error)
if (((c0 = nm_utils_hexchar_to_int(*(src++))) < 0)
|| ((c1 = nm_utils_hexchar_to_int(*(src++))) < 0)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("IV contains non-hexadecimal digits."));
nm_explicit_bzero(c, i);
return FALSE;
@@ -568,8 +569,8 @@ _nmtst_decrypt_key(NMCryptoCipherType cipher,
if (bin_iv.len < 8) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("IV must contain at least 8 characters"));
return FALSE;
}
@@ -618,8 +619,8 @@ nmtst_crypto_decrypt_openssl_private_key_data(const guint8 *data,
if (!parse_old_openssl_key_file(data, data_len, &parsed, &key_type, &cipher, &iv, NULL)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Unable to determine private key type."));
return NULL;
}
@@ -631,8 +632,8 @@ nmtst_crypto_decrypt_openssl_private_key_data(const guint8 *data,
if (cipher == NM_CRYPTO_CIPHER_UNKNOWN || !iv) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_PASSWORD,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_PASSWORD,
_("Password provided, but key was not encrypted."));
return NULL;
}
@@ -687,8 +688,8 @@ extract_pem_cert_data(const guint8 *contents,
if (!find_tag(PEM_CERT_BEGIN, contents, contents_len, 0, &start)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("PEM certificate had no start tag '%s'."),
PEM_CERT_BEGIN);
return FALSE;
@@ -697,8 +698,8 @@ extract_pem_cert_data(const guint8 *contents,
start += strlen(PEM_CERT_BEGIN);
if (!find_tag(PEM_CERT_END, contents, contents_len, start, &end)) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("PEM certificate had no end tag '%s'."),
PEM_CERT_END);
return FALSE;
@@ -710,8 +711,8 @@ extract_pem_cert_data(const guint8 *contents,
out_cert->bin = (guint8 *) g_base64_decode(der_base64, &out_cert->len);
if (!out_cert->bin || !out_cert->len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to decode certificate."));
nm_secret_ptr_clear(out_cert);
return FALSE;
@@ -739,8 +740,8 @@ nm_crypto_load_and_verify_certificate(const char *file,
if (contents.len == 0) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Certificate file is empty"));
goto out;
}
@@ -772,8 +773,8 @@ nm_crypto_load_and_verify_certificate(const char *file,
}
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Failed to recognize certificate"));
out:
@@ -790,8 +791,8 @@ nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error)
if (!data_len) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("Certificate file is empty"));
return FALSE;
}
@@ -805,7 +806,7 @@ nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error)
if (success == FALSE) {
/* If the error was just a decryption error, then it's pkcs#12 */
if (local) {
- if (g_error_matches(local, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_DECRYPTION_FAILED)) {
+ if (g_error_matches(local, _NM_CRYPTO_ERROR, _NM_CRYPTO_ERROR_DECRYPTION_FAILED)) {
success = TRUE;
g_error_free(local);
} else
@@ -880,8 +881,8 @@ nm_crypto_verify_private_key_data(const guint8 *data,
if (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN && error && !*error) {
g_set_error(error,
- NM_CRYPTO_ERROR,
- NM_CRYPTO_ERROR_INVALID_DATA,
+ _NM_CRYPTO_ERROR,
+ _NM_CRYPTO_ERROR_INVALID_DATA,
_("not a valid private key"));
}
diff --git a/src/libnm-core-impl/nm-errors.c b/src/libnm-core-impl/nm-errors.c
index ea4ca5e9e6..fad854bc2d 100644
--- a/src/libnm-core-impl/nm-errors.c
+++ b/src/libnm-core-impl/nm-errors.c
@@ -12,12 +12,24 @@
NM_CACHED_QUARK_FCN("nm-agent-manager-error-quark", nm_agent_manager_error_quark);
NM_CACHED_QUARK_FCN("nm-connection-error-quark", nm_connection_error_quark);
-NM_CACHED_QUARK_FCN("nm-crypto-error-quark", nm_crypto_error_quark);
NM_CACHED_QUARK_FCN("nm-device-error-quark", nm_device_error_quark);
NM_CACHED_QUARK_FCN("nm-secret-agent-error-quark", nm_secret_agent_error_quark);
NM_CACHED_QUARK_FCN("nm-settings-error-quark", nm_settings_error_quark);
NM_CACHED_QUARK_FCN("nm-vpn-plugin-error-quark", nm_vpn_plugin_error_quark);
+GQuark
+nm_crypto_error_quark(void)
+{
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_FAILED == _NM_CRYPTO_ERROR_FAILED);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_DATA == _NM_CRYPTO_ERROR_INVALID_DATA);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_PASSWORD == _NM_CRYPTO_ERROR_INVALID_PASSWORD);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_UNKNOWN_CIPHER == _NM_CRYPTO_ERROR_UNKNOWN_CIPHER);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_DECRYPTION_FAILED == _NM_CRYPTO_ERROR_DECRYPTION_FAILED);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_ENCRYPTION_FAILED == _NM_CRYPTO_ERROR_ENCRYPTION_FAILED);
+
+ return _nm_crypto_error_quark();
+}
+
static void
register_error_domain(GQuark domain, const char *interface, GType enum_type)
{
diff --git a/src/libnm-core-impl/tests/test-crypto.c b/src/libnm-core-impl/tests/test-crypto.c
index 6a6e7fbc80..8ff250cdce 100644
--- a/src/libnm-core-impl/tests/test-crypto.c
+++ b/src/libnm-core-impl/tests/test-crypto.c
@@ -399,6 +399,23 @@ test_md5(void)
}
}
+/*****************************************************************************/
+
+static void
+test_crypto_error(void)
+{
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_FAILED == _NM_CRYPTO_ERROR_FAILED);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_DATA == _NM_CRYPTO_ERROR_INVALID_DATA);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_INVALID_PASSWORD == _NM_CRYPTO_ERROR_INVALID_PASSWORD);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_UNKNOWN_CIPHER == _NM_CRYPTO_ERROR_UNKNOWN_CIPHER);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_DECRYPTION_FAILED == _NM_CRYPTO_ERROR_DECRYPTION_FAILED);
+ G_STATIC_ASSERT(NM_CRYPTO_ERROR_ENCRYPTION_FAILED == _NM_CRYPTO_ERROR_ENCRYPTION_FAILED);
+
+ g_assert_cmpint(NM_CRYPTO_ERROR, ==, _NM_CRYPTO_ERROR);
+}
+
+/*****************************************************************************/
+
NMTST_DEFINE();
int
@@ -448,6 +465,7 @@ main(int argc, char **argv)
g_test_add_data_func("/libnm/crypto/PKCS#8", "pkcs8-enc-key.pem, 1234567890", test_pkcs8);
g_test_add_func("/libnm/crypto/md5", test_md5);
+ g_test_add_func("/libnm/crypto/error", test_crypto_error);
ret = g_test_run();
View Lorry Controller Status