6 #define CEPH_CRYPTO_MD5_DIGESTSIZE 16
7 #define CEPH_CRYPTO_HMACSHA1_DIGESTSIZE 20
8 #define CEPH_CRYPTO_SHA1_DIGESTSIZE 20
9 #define CEPH_CRYPTO_HMACSHA256_DIGESTSIZE 32
10 #define CEPH_CRYPTO_SHA256_DIGESTSIZE 32
13 # define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
15 #include <cryptopp/md5.h>
16 #include <cryptopp/sha.h>
17 #include <cryptopp/hmac.h>
19 // reinclude our assert to clobber the system one
20 # include "include/assert.h"
25 void init(CephContext
*cct
);
26 // @param shared true if the the underlying crypto library could be shared
27 // with the application linked against the Ceph library.
28 // @note we do extra global cleanup specific to the underlying crypto
29 // library, if @c shared is @c false.
30 void shutdown(bool shared
=true);
32 using CryptoPP::Weak::MD5
;
34 using CryptoPP::SHA256
;
36 class HMACSHA1
: public CryptoPP::HMAC
<CryptoPP::SHA1
> {
38 HMACSHA1 (const byte
*key
, size_t length
)
39 : CryptoPP::HMAC
<CryptoPP::SHA1
>(key
, length
)
45 class HMACSHA256
: public CryptoPP::HMAC
<CryptoPP::SHA256
> {
47 HMACSHA256 (const byte
*key
, size_t length
)
48 : CryptoPP::HMAC
<CryptoPP::SHA256
>(key
, length
)
55 #elif defined(USE_NSS)
56 // you *must* use CRYPTO_CXXFLAGS in CMakeLists.txt for including this include
60 // NSS thinks a lot of fairly fundamental operations might potentially
61 // fail, because it has been written to support e.g. smartcards doing all
62 // the crypto operations. We don't want to contaminate too much code
63 // with error checking, and just say these really should never fail.
64 // This assert MUST NOT be compiled out, even on non-debug builds.
65 # include "include/assert.h"
67 // ugly bit of CryptoPP that we have to emulate here :(
68 typedef unsigned char byte
;
73 void init(CephContext
*cct
);
74 void shutdown(bool shared
=true);
80 Digest (SECOidTag _type
, size_t _digest_size
) : digest_size(_digest_size
) {
81 ctx
= PK11_CreateDigestContext(_type
);
86 PK11_DestroyContext(ctx
, PR_TRUE
);
90 s
= PK11_DigestBegin(ctx
);
91 assert(s
== SECSuccess
);
93 void Update (const byte
*input
, size_t length
) {
96 s
= PK11_DigestOp(ctx
, input
, length
);
97 assert(s
== SECSuccess
);
100 void Final (byte
*digest
) {
103 s
= PK11_DigestFinal(ctx
, digest
, &dummy
, digest_size
);
104 assert(s
== SECSuccess
);
105 assert(dummy
== digest_size
);
109 class MD5
: public Digest
{
111 MD5 () : Digest(SEC_OID_MD5
, CEPH_CRYPTO_MD5_DIGESTSIZE
) { }
114 class SHA1
: public Digest
{
116 SHA1 () : Digest(SEC_OID_SHA1
, CEPH_CRYPTO_SHA1_DIGESTSIZE
) { }
119 class SHA256
: public Digest
{
121 SHA256 () : Digest(SEC_OID_SHA256
, CEPH_CRYPTO_SHA256_DIGESTSIZE
) { }
129 unsigned int digest_size
;
131 HMAC (CK_MECHANISM_TYPE cktype
, unsigned int digestsize
, const byte
*key
, size_t length
) {
132 digest_size
= digestsize
;
133 slot
= PK11_GetBestSlot(cktype
, NULL
);
136 keyItem
.type
= siBuffer
;
137 keyItem
.data
= (unsigned char*)key
;
138 keyItem
.len
= length
;
139 symkey
= PK11_ImportSymKey(slot
, cktype
, PK11_OriginUnwrap
,
140 CKA_SIGN
, &keyItem
, NULL
);
143 param
.type
= siBuffer
;
146 ctx
= PK11_CreateContextBySymKey(cktype
, CKA_SIGN
, symkey
, ¶m
);
153 s
= PK11_DigestBegin(ctx
);
154 assert(s
== SECSuccess
);
156 void Update (const byte
*input
, size_t length
) {
158 s
= PK11_DigestOp(ctx
, input
, length
);
159 assert(s
== SECSuccess
);
161 void Final (byte
*digest
) {
164 s
= PK11_DigestFinal(ctx
, digest
, &dummy
, digest_size
);
165 assert(s
== SECSuccess
);
166 assert(dummy
== digest_size
);
171 class HMACSHA1
: public HMAC
{
173 HMACSHA1 (const byte
*key
, size_t length
) : HMAC(CKM_SHA_1_HMAC
, CEPH_CRYPTO_HMACSHA1_DIGESTSIZE
, key
, length
) { }
176 class HMACSHA256
: public HMAC
{
178 HMACSHA256 (const byte
*key
, size_t length
) : HMAC(CKM_SHA256_HMAC
, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE
, key
, length
) { }
184 // cppcheck-suppress preprocessorErrorDirective
185 # error "No supported crypto implementation found."