The cryptographic transforms (digests, signatures and encryption)
implementation is the main goal of "xmlsec-<crypto>" library.
Most of the cryptographic transforms
methods and provide custom execute method.
The binary transform execute method
processes data from the input buffer
inBuf and pushes results to
outBuf. The transform should try to
consume and remove data from
as soon as the data became available. However, it might happen
that current data size in the input buffer is not enough (for example,
RSA-PKCS1 algorithm requires that all the data are available in
one buffer). In this case, transform might keep the data in the
input buffer till the next call to
method. The "last" parameter of the
indicates that transform MUST process all the data in the input buffer
and return as much as possible in the output buffer. The
might be called multiple times with non-zero "last" parameter until
the transforms returns nothing
in the output buffer. In addition, the transform implementation is
responsible for managing the transform
Table 2. Typical transform status managing.
||Transform initializes itself (for example, cipher transform
generates or reads IV) and sets
variable to xmlSecTransformStatusWorking.
||Transform process the next (if "last" parameter is zero) or
last block of data (if "last" parameter is non-zero).
When transform returns all the data, it sets the
status variable to
||Transform returns no data to indicate that it finished
In adition to execute
methods, signature, hmac or digest transforms
MUST implement verify method.
The verify method is called
after transform execution is finished. The
verify method implementation
must set the "status" member to xmlSecTransformStatusOk
if signature, hmac or digest is successfuly verified or to
The transforms that require a key (signature or encryption
transforms, for example) MUST imlpement
(prepares the key requirements
for key search) and
(sets the key in the transform) methods.