ceph/src/common/ceph_crypto.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab
   3 /*
   4  * Ceph - scalable distributed file system
   5  *
   6  * Copyright (C) 2010-2011 Dreamhost
   7  *
   8  * This is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public
  10  * License version 2.1, as published by the Free Software
  11  * Foundation.  See file COPYING.
  12  *
  13  */
  14
  15 #include "common/ceph_context.h"
  16 #include "common/config.h"
  17 #include "ceph_crypto.h"
  18
  19 #ifdef USE_NSS
  20
  21 // for SECMOD_RestartModules()
  22 #include <secmod.h>
  23 #include <nspr.h>
  24
  25 #endif /*USE_NSS*/
  26
  27 #ifdef USE_OPENSSL
  28 #include <openssl/evp.h>
  29 #endif /*USE_OPENSSL*/
  30
  31 #ifdef USE_NSS
  32
  33 static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
  34 static uint32_t crypto_refs = 0;
  35 static NSSInitContext *crypto_context = NULL;
  36 static pid_t crypto_init_pid = 0;
  37
  38 void ceph::crypto::init(CephContext *cct)
  39 {
  40   pid_t pid = getpid();
  41   pthread_mutex_lock(&crypto_init_mutex);
  42   if (crypto_init_pid != pid) {
  43     if (crypto_init_pid > 0) {
  44       SECMOD_RestartModules(PR_FALSE);
  45     }
  46     crypto_init_pid = pid;
  47   }
  48
  49   if (++crypto_refs == 1) {
  50     NSSInitParameters init_params;
  51     memset(&init_params, 0, sizeof(init_params));
  52     init_params.length = sizeof(init_params);
  53
  54     uint32_t flags = (NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
  55     if (cct->_conf->nss_db_path.empty()) {
  56       flags |= (NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB);
  57     }
  58     crypto_context = NSS_InitContext(cct->_conf->nss_db_path.c_str(), "", "",
  59                                      SECMOD_DB, &init_params, flags);
  60   }
  61   pthread_mutex_unlock(&crypto_init_mutex);
  62   ceph_assert_always(crypto_context != NULL);
  63 }
  64
  65 void ceph::crypto::shutdown(bool shared)
  66 {
  67   pthread_mutex_lock(&crypto_init_mutex);
  68   ceph_assert_always(crypto_refs > 0);
  69   if (--crypto_refs == 0) {
  70     NSS_ShutdownContext(crypto_context);
  71     if (!shared) {
  72       PR_Cleanup();
  73     }
  74     crypto_context = NULL;
  75     crypto_init_pid = 0;
  76   }
  77   pthread_mutex_unlock(&crypto_init_mutex);
  78 }
  79
  80 ceph::crypto::nss::HMAC::~HMAC()
  81 {
  82   PK11_DestroyContext(ctx, PR_TRUE);
  83   PK11_FreeSymKey(symkey);
  84   PK11_FreeSlot(slot);
  85 }
  86
  87 #else
  88 # error "No supported crypto implementation found."
  89 #endif /*USE_NSS*/
  90
  91 #ifdef USE_OPENSSL
  92
  93 ceph::crypto::ssl::OpenSSLDigest::OpenSSLDigest(const EVP_MD * _type)
  94   : mpContext(EVP_MD_CTX_create())
  95   , mpType(_type) {
  96   this->Restart();
  97 }
  98
  99 ceph::crypto::ssl::OpenSSLDigest::~OpenSSLDigest() {
 100   EVP_MD_CTX_destroy(mpContext);
 101 }
 102
 103 void ceph::crypto::ssl::OpenSSLDigest::Restart() {
 104   EVP_DigestInit_ex(mpContext, mpType, NULL);
 105 }
 106
 107 void ceph::crypto::ssl::OpenSSLDigest::Update(const unsigned char *input, size_t length) {
 108   if (length) {
 109     EVP_DigestUpdate(mpContext, const_cast<void *>(reinterpret_cast<const void *>(input)), length);
 110   }
 111 }
 112
 113 void ceph::crypto::ssl::OpenSSLDigest::Final(unsigned char *digest) {
 114   unsigned int s;
 115   EVP_DigestFinal_ex(mpContext, digest, &s);
 116 }
 117 #endif /*USE_OPENSSL*/