| 
|  |  |  | XML Security Library Reference Manual |  | 
 
 
The cryptographic transforms (digests, signatures and encryption)
	implementation is the main goal of "xmlsec-<crypto>" library.
	Most of the cryptographic transforms 
	use default pushBinandpopBinmethods and provide custom execute method. 
	The binary transform execute method 
	processes data from the input bufferinBufand pushes results tooutBuf. The transform should try to
	consume and remove data frominBufbuffer
	as soon as the data became available. However, it might happen
	that current data size in the input buffer is not enough (for example,
	RSA-PKCS1 algorithm requires that all the data are available in 
	one buffer). In this case, transform might keep the data in the 
	input buffer till the next call to 
	execute
	method. The "last" parameter of the 
	execute
	indicates that transform MUST process all the data in the input buffer
	and return as much as possible in the output buffer. The 
	execute method 
	might be called multiple times with non-zero "last" parameter until 
	the transforms returns nothing
	in the output buffer. In addition, the transform implementation is 
	responsible for managing the transformstatusvariable. 
Table 2. Typical transform status managing. 
| xmlSecTransformStatusNone | Transform initializes itself (for example, cipher transform 
	generates or reads IV) and sets statusvariable to xmlSecTransformStatusWorking. |  
| xmlSecTransformStatusWorking | Transform process the next (if "last" parameter is zero) or
	last block of data (if "last" parameter is non-zero).
	When transform returns all the data, it sets the statusvariable to 
	xmlSecTransformStatusFinished. |  
| xmlSecTransformStatusFinished | Transform returns no data to indicate that it finished
	processing. |  In adition to execute
	methods, signature, hmac or digest transforms 
	MUST implement verify method. 
	The verify method is called
	after transform execution is finished. The 
	verify method implementation 
	must set the "status" member to xmlSecTransformStatusOk
	if signature, hmac or digest is successfuly verified or to
	xmlSecTransformStatusFail
	otherwise.
	 The transforms that require a key (signature or encryption 
	transforms, for example) MUST imlpement 
	setKeyReq 
	(prepares the key requirements
	for key search) and
	setKey 
	(sets the key in the transform) methods. 
	 |