ceph/src/common/ceph_crypto.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab
   3 /*
   4  * Ceph - scalable distributed file system
   5  *
   6  * Copyright (C) 2010-2011 Dreamhost
   7  *
   8  * This is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public
  10  * License version 2.1, as published by the Free Software
  11  * Foundation.  See file COPYING.
  12  *
  13  */
  14
  15 #include "include/int_types.h"
  16 #include "common/config.h"
  17 #include "common/ceph_context.h"
  18 #include "ceph_crypto.h"
  19 #include "auth/Crypto.h"
  20
  21 #include <pthread.h>
  22 #include <stdlib.h>
  23
  24
  25 #ifdef USE_CRYPTOPP
  26 void ceph::crypto::init(CephContext *cct)
  27 {
  28 }
  29
  30 void ceph::crypto::shutdown(bool)
  31 {
  32 }
  33
  34 // nothing
  35 ceph::crypto::HMACSHA1::~HMACSHA1()
  36 {
  37 }
  38
  39 ceph::crypto::HMACSHA256::~HMACSHA256()
  40 {
  41 }
  42
  43 #elif defined(USE_NSS)
  44
  45 // for SECMOD_RestartModules()
  46 #include <secmod.h>
  47 #include <nspr.h>
  48
  49 static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
  50 static uint32_t crypto_refs = 0;
  51 static NSSInitContext *crypto_context = NULL;
  52 static pid_t crypto_init_pid = 0;
  53
  54 void ceph::crypto::init(CephContext *cct)
  55 {
  56   pid_t pid = getpid();
  57   pthread_mutex_lock(&crypto_init_mutex);
  58   if (crypto_init_pid != pid) {
  59     if (crypto_init_pid > 0) {
  60       SECMOD_RestartModules(PR_FALSE);
  61     }
  62     crypto_init_pid = pid;
  63   }
  64
  65   if (++crypto_refs == 1) {
  66     NSSInitParameters init_params;
  67     memset(&init_params, 0, sizeof(init_params));
  68     init_params.length = sizeof(init_params);
  69
  70     uint32_t flags = NSS_INIT_READONLY;
  71     if (cct->_conf->nss_db_path.empty()) {
  72       flags |= (NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB);
  73     }
  74     crypto_context = NSS_InitContext(cct->_conf->nss_db_path.c_str(), "", "",
  75                                      SECMOD_DB, &init_params, flags);
  76   }
  77   pthread_mutex_unlock(&crypto_init_mutex);
  78   assert(crypto_context != NULL);
  79 }
  80
  81 void ceph::crypto::shutdown(bool shared)
  82 {
  83   pthread_mutex_lock(&crypto_init_mutex);
  84   assert(crypto_refs > 0);
  85   if (--crypto_refs == 0) {
  86     NSS_ShutdownContext(crypto_context);
  87     if (!shared) {
  88       PR_Cleanup();
  89     }
  90     crypto_context = NULL;
  91     crypto_init_pid = 0;
  92   }
  93   pthread_mutex_unlock(&crypto_init_mutex);
  94 }
  95
  96 ceph::crypto::HMAC::~HMAC()
  97 {
  98   PK11_DestroyContext(ctx, PR_TRUE);
  99   PK11_FreeSymKey(symkey);
 100   PK11_FreeSlot(slot);
 101 }
 102
 103 #else
 104 # error "No supported crypto implementation found."
 105 #endif