From: Tommi Virtanen Date: Thu, 10 Mar 2011 19:49:17 +0000 (-0800) Subject: ceph_crypto: Implement MD5 wrapper for NSS. X-Git-Tag: v0.26~169 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=edcf6a0a231fc233c64d106a27c37064e2e4ea24;p=ceph.git ceph_crypto: Implement MD5 wrapper for NSS. Signed-off-by: Tommi Virtanen --- diff --git a/src/Makefile.am b/src/Makefile.am index 27fcfb393d1a..af3c06faae77 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -295,13 +295,15 @@ libradosgw_a_SOURCES = \ rgw/rgw_rest.cc \ rgw/rgw_common.cc libradosgw_a_CFLAGS = ${AM_CFLAGS} -libradosgw_a_CXXFLAGS = ${AM_CXXFLAGS} +libradosgw_a_CXXFLAGS = ${CRYPTO_CXXFLAGS} ${AM_CXXFLAGS} +libradosgw_a_LDFLAGS = ${CRYPTO_LDFLAGS} ${AM_LDFLAGS} # lib_LTLIBRARIES += libradosgw.a radosgw_SOURCES = rgw/rgw_main.cc radosgw_LDADD = libradosgw.a librados.a libcrush.a -lfcgi -lexpat -lpthread -lm $(CRYPTO_LIBS) $(EXTRALIBS) -radosgw_CXXFLAGS = ${AM_CXXFLAGS} +radosgw_CXXFLAGS = ${CRYPTO_CXXFLAGS} ${AM_CXXFLAGS} radosgw_admin_SOURCES = rgw/rgw_admin.cc +radosgw_admin_CXXFLAGS = ${CRYPTO_CXXFLAGS} ${AM_CXXFLAGS} radosgw_admin_LDADD = libradosgw.a librados.a libcrush.a -lfcgi -lexpat -lpthread -lm $(CRYPTO_LIBS) $(EXTRALIBS) bin_PROGRAMS += radosgw radosgw_admin endif @@ -405,7 +407,7 @@ check_PROGRAMS += unittest_crypto unittest_ceph_crypto_SOURCES = test/ceph_crypto.cc unittest_ceph_crypto_LDFLAGS = ${CRYPTO_LDFLAGS} ${AM_LDFLAGS} -unittest_ceph_crypto_LDADD = ${CRYPTO_LIBS} \ +unittest_ceph_crypto_LDADD = libcommon.a ${CRYPTO_LIBS} \ ${UNITTEST_LDADD} unittest_ceph_crypto_CXXFLAGS = ${CRYPTO_CXXFLAGS} ${AM_CXXFLAGS} ${UNITTEST_CXXFLAGS} check_PROGRAMS += unittest_ceph_crypto @@ -581,7 +583,8 @@ libcommon_files = \ common/debug.cc \ common/version.cc \ common/hex.cc \ - common/entity_name.cc + common/entity_name.cc \ + common/ceph_crypto.cc if WITH_PROFILER libcommon_files += perfglue/cpu_profiler.cc diff --git a/src/common/ceph_crypto.cc b/src/common/ceph_crypto.cc new file mode 100644 index 000000000000..a625732a5be4 --- /dev/null +++ b/src/common/ceph_crypto.cc @@ -0,0 +1,13 @@ +#include "ceph_crypto.h" + +#ifdef USE_CRYPTOPP +// nothing +#elif USE_NSS + +void ceph::crypto::init() { + NSS_NoDB_Init(NULL); +} + +#else +# error "No supported crypto implementation found." +#endif diff --git a/src/common/ceph_crypto.h b/src/common/ceph_crypto.h index bd2d20ad4c6a..bad620933145 100644 --- a/src/common/ceph_crypto.h +++ b/src/common/ceph_crypto.h @@ -15,7 +15,58 @@ namespace ceph { } } #elif USE_NSS -# error "TODO NSS support for md5" +// you *must* use CRYPTO_CXXFLAGS in Makefile.am for including this include +# include +# include + +// NSS thinks a lot of fairly fundamental operations might potentially +// fail, because it has been written to support e.g. smartcards doing all +// the crypto operations. We don't want to contaminate too much code +// with error checking, and just say these really should never fail. +// This assert MUST NOT be compiled out, even on non-debug builds. +# include "assert.h" + +// ugly bit of CryptoPP that we have to emulate here :( +typedef unsigned char byte; + +namespace ceph { + namespace crypto { + void init(); + + class MD5 { + private: + PK11Context *ctx; + public: + static const int DIGESTSIZE = 16; + MD5 () { + ctx = PK11_CreateDigestContext(SEC_OID_MD5); + assert(ctx); + Restart(); + } + ~MD5 () { + PK11_DestroyContext(ctx, PR_TRUE); + } + void Restart() { + SECStatus s; + s = PK11_DigestBegin(ctx); + assert(s == SECSuccess); + } + void Update (const byte *input, size_t length) { + SECStatus s; + s = PK11_DigestOp(ctx, input, length); + assert(s == SECSuccess); + } + void Final (byte *digest) { + SECStatus s; + unsigned int dummy; + s = PK11_DigestFinal(ctx, digest, &dummy, DIGESTSIZE); + assert(s == SECSuccess); + assert(dummy == (unsigned int)DIGESTSIZE); + Restart(); + } + }; + } +} #else # error "No supported crypto implementation found." #endif