6 #define CEPH_CRYPTO_MD5_DIGESTSIZE 16
7 #define CEPH_CRYPTO_HMACSHA1_DIGESTSIZE 20
8 #define CEPH_CRYPTO_SHA1_DIGESTSIZE 20
9 #define CEPH_CRYPTO_HMACSHA256_DIGESTSIZE 32
10 #define CEPH_CRYPTO_SHA256_DIGESTSIZE 32
13 # define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
15 #include <cryptopp/md5.h>
16 #include <cryptopp/sha.h>
17 #include <cryptopp/hmac.h>
19 // reinclude our assert to clobber the system one
20 # include "include/assert.h"
25 void init(CephContext *cct);
26 // @param shared true if the the underlying crypto library could be shared
27 // with the application linked against the Ceph library.
28 // @note we do extra global cleanup specific to the underlying crypto
29 // library, if @c shared is @c false.
30 void shutdown(bool shared=true);
32 using CryptoPP::Weak::MD5;
34 using CryptoPP::SHA256;
36 class HMACSHA1: public CryptoPP::HMAC<CryptoPP::SHA1> {
38 HMACSHA1 (const byte *key, size_t length)
39 : CryptoPP::HMAC<CryptoPP::SHA1>(key, length)
45 class HMACSHA256: public CryptoPP::HMAC<CryptoPP::SHA256> {
47 HMACSHA256 (const byte *key, size_t length)
48 : CryptoPP::HMAC<CryptoPP::SHA256>(key, length)
55 #elif defined(USE_NSS)
56 // you *must* use CRYPTO_CXXFLAGS in CMakeLists.txt for including this include
60 // NSS thinks a lot of fairly fundamental operations might potentially
61 // fail, because it has been written to support e.g. smartcards doing all
62 // the crypto operations. We don't want to contaminate too much code
63 // with error checking, and just say these really should never fail.
64 // This assert MUST NOT be compiled out, even on non-debug builds.
65 # include "include/assert.h"
67 // ugly bit of CryptoPP that we have to emulate here :(
68 typedef unsigned char byte;
73 void init(CephContext *cct);
74 void shutdown(bool shared=true);
80 Digest (SECOidTag _type, size_t _digest_size) : digest_size(_digest_size) {
81 ctx = PK11_CreateDigestContext(_type);
86 PK11_DestroyContext(ctx, PR_TRUE);
90 s = PK11_DigestBegin(ctx);
91 assert(s == SECSuccess);
93 void Update (const byte *input, size_t length) {
96 s = PK11_DigestOp(ctx, input, length);
97 assert(s == SECSuccess);
100 void Final (byte *digest) {
103 s = PK11_DigestFinal(ctx, digest, &dummy, digest_size);
104 assert(s == SECSuccess);
105 assert(dummy == digest_size);
109 class MD5 : public Digest {
111 MD5 () : Digest(SEC_OID_MD5, CEPH_CRYPTO_MD5_DIGESTSIZE) { }
114 class SHA1 : public Digest {
116 SHA1 () : Digest(SEC_OID_SHA1, CEPH_CRYPTO_SHA1_DIGESTSIZE) { }
119 class SHA256 : public Digest {
121 SHA256 () : Digest(SEC_OID_SHA256, CEPH_CRYPTO_SHA256_DIGESTSIZE) { }
129 unsigned int digest_size;
131 HMAC (CK_MECHANISM_TYPE cktype, unsigned int digestsize, const byte *key, size_t length) {
132 digest_size = digestsize;
133 slot = PK11_GetBestSlot(cktype, NULL);
136 keyItem.type = siBuffer;
137 keyItem.data = (unsigned char*)key;
138 keyItem.len = length;
139 symkey = PK11_ImportSymKey(slot, cktype, PK11_OriginUnwrap,
140 CKA_SIGN, &keyItem, NULL);
143 param.type = siBuffer;
146 ctx = PK11_CreateContextBySymKey(cktype, CKA_SIGN, symkey, ¶m);
153 s = PK11_DigestBegin(ctx);
154 assert(s == SECSuccess);
156 void Update (const byte *input, size_t length) {
158 s = PK11_DigestOp(ctx, input, length);
159 assert(s == SECSuccess);
161 void Final (byte *digest) {
164 s = PK11_DigestFinal(ctx, digest, &dummy, digest_size);
165 assert(s == SECSuccess);
166 assert(dummy == digest_size);
171 class HMACSHA1 : public HMAC {
173 HMACSHA1 (const byte *key, size_t length) : HMAC(CKM_SHA_1_HMAC, CEPH_CRYPTO_HMACSHA1_DIGESTSIZE, key, length) { }
176 class HMACSHA256 : public HMAC {
178 HMACSHA256 (const byte *key, size_t length) : HMAC(CKM_SHA256_HMAC, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE, key, length) { }
184 // cppcheck-suppress preprocessorErrorDirective
185 # error "No supported crypto implementation found."