[ceph.git] / ceph / src / common / ceph_crypto.cc

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab
/*
 * Ceph - scalable distributed file system
 *
 * Copyright (C) 2010-2011 Dreamhost
 *
 * This is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License version 2.1, as published by the Free Software
 * Foundation.  See file COPYING.
 *
 */

#include "common/config.h"
#include "ceph_crypto.h"

#ifdef USE_CRYPTOPP
void ceph::crypto::init(CephContext *cct)
{
}

void ceph::crypto::shutdown(bool)
{
}

// nothing
ceph::crypto::HMACSHA1::~HMACSHA1()
{
}

ceph::crypto::HMACSHA256::~HMACSHA256()
{
}

#elif defined(USE_NSS)

// for SECMOD_RestartModules()
#include <secmod.h>
#include <nspr.h>

static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
static uint32_t crypto_refs = 0;
static NSSInitContext *crypto_context = NULL;
static pid_t crypto_init_pid = 0;

void ceph::crypto::init(CephContext *cct)
{
  pid_t pid = getpid();
  pthread_mutex_lock(&crypto_init_mutex);
  if (crypto_init_pid != pid) {
    if (crypto_init_pid > 0) {
      SECMOD_RestartModules(PR_FALSE);
    }
    crypto_init_pid = pid;
  }

  if (++crypto_refs == 1) {
    NSSInitParameters init_params;
    memset(&init_params, 0, sizeof(init_params));
    init_params.length = sizeof(init_params);

    uint32_t flags = (NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
    if (cct->_conf->nss_db_path.empty()) {
      flags |= (NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB);
    }
    crypto_context = NSS_InitContext(cct->_conf->nss_db_path.c_str(), "", "",
                                     SECMOD_DB, &init_params, flags);
  }
  pthread_mutex_unlock(&crypto_init_mutex);
  assert(crypto_context != NULL);
}

void ceph::crypto::shutdown(bool shared)
{
  pthread_mutex_lock(&crypto_init_mutex);
  assert(crypto_refs > 0);
  if (--crypto_refs == 0) {
    NSS_ShutdownContext(crypto_context);
    if (!shared) {
      PR_Cleanup();
    }
    crypto_context = NULL;
    crypto_init_pid = 0;
  }
  pthread_mutex_unlock(&crypto_init_mutex);
}

ceph::crypto::HMAC::~HMAC()
{
  PK11_DestroyContext(ctx, PR_TRUE);
  PK11_FreeSymKey(symkey);
  PK11_FreeSlot(slot);
}

#else
# error "No supported crypto implementation found."
#endif
Commit	Line	Data
7c673cae FG	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
	2	// vim: ts=8 sw=2 smarttab
	3	/*
	4	* Ceph - scalable distributed file system
	5	*
	6	* Copyright (C) 2010-2011 Dreamhost
	7	*
	8	* This is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU Lesser General Public
	10	* License version 2.1, as published by the Free Software
	11	* Foundation. See file COPYING.
	12	*
	13	*/
	14
7c673cae	15	#include "common/config.h"
7c673cae	16	#include "ceph_crypto.h"
7c673cae FG	17
	18	#ifdef USE_CRYPTOPP
	19	void ceph::crypto::init(CephContext *cct)
	20	{
	21	}
	22
	23	void ceph::crypto::shutdown(bool)
	24	{
	25	}
	26
	27	// nothing
	28	ceph::crypto::HMACSHA1::~HMACSHA1()
	29	{
	30	}
	31
	32	ceph::crypto::HMACSHA256::~HMACSHA256()
	33	{
	34	}
	35
	36	#elif defined(USE_NSS)
	37
	38	// for SECMOD_RestartModules()
	39	#include <secmod.h>
	40	#include <nspr.h>
	41
	42	static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
	43	static uint32_t crypto_refs = 0;
	44	static NSSInitContext *crypto_context = NULL;
	45	static pid_t crypto_init_pid = 0;
	46
	47	void ceph::crypto::init(CephContext *cct)
	48	{
	49	pid_t pid = getpid();
	50	pthread_mutex_lock(&crypto_init_mutex);
	51	if (crypto_init_pid != pid) {
	52	if (crypto_init_pid > 0) {
	53	SECMOD_RestartModules(PR_FALSE);
	54	}
	55	crypto_init_pid = pid;
	56	}
	57
	58	if (++crypto_refs == 1) {
	59	NSSInitParameters init_params;
	60	memset(&init_params, 0, sizeof(init_params));
	61	init_params.length = sizeof(init_params);
	62
224ce89b	63	uint32_t flags = (NSS_INIT_READONLY \| NSS_INIT_PK11RELOAD);
7c673cae FG	64	if (cct->_conf->nss_db_path.empty()) {
	65	flags \|= (NSS_INIT_NOCERTDB \| NSS_INIT_NOMODDB);
	66	}
	67	crypto_context = NSS_InitContext(cct->_conf->nss_db_path.c_str(), "", "",
	68	SECMOD_DB, &init_params, flags);
	69	}
	70	pthread_mutex_unlock(&crypto_init_mutex);
	71	assert(crypto_context != NULL);
	72	}
	73
	74	void ceph::crypto::shutdown(bool shared)
	75	{
	76	pthread_mutex_lock(&crypto_init_mutex);
	77	assert(crypto_refs > 0);
	78	if (--crypto_refs == 0) {
	79	NSS_ShutdownContext(crypto_context);
	80	if (!shared) {
	81	PR_Cleanup();
	82	}
	83	crypto_context = NULL;
	84	crypto_init_pid = 0;
	85	}
	86	pthread_mutex_unlock(&crypto_init_mutex);
	87	}
	88
	89	ceph::crypto::HMAC::~HMAC()
	90	{
	91	PK11_DestroyContext(ctx, PR_TRUE);
	92	PK11_FreeSymKey(symkey);
	93	PK11_FreeSlot(slot);
	94	}
	95
	96	#else
	97	# error "No supported crypto implementation found."
	98	#endif