VirtualBox

source: vbox/trunk/include/VBox/VBoxCryptoIf.h@ 94689

Last change on this file since 94689 was 94689, checked in by vboxsync, 3 years ago

include/VBox/VBoxCryptoIf.h: Some changes to the interface, bugref:9955

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 14.7 KB
Line 
1/** @file
2 * VirtualBox - Cryptographic support functions Interface.
3 */
4
5/*
6 * Copyright (C) 2022 Oracle Corporation
7 *
8 * This file is part of VirtualBox Open Source Edition (OSE), as
9 * available from http://www.virtualbox.org. This file is free software;
10 * you can redistribute it and/or modify it under the terms of the GNU
11 * General Public License (GPL) as published by the Free Software
12 * Foundation, in version 2 as it comes in the "COPYING" file of the
13 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15 *
16 * The contents of this file may alternatively be used under the terms
17 * of the Common Development and Distribution License Version 1.0
18 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
19 * VirtualBox OSE distribution, in which case the provisions of the
20 * CDDL are applicable instead of those of the GPL.
21 *
22 * You may elect to license modified versions of this file under the
23 * terms and conditions of either the GPL or the CDDL or both.
24 */
25
26#ifndef VBOX_INCLUDED_VBoxCryptoIf_h
27#define VBOX_INCLUDED_VBoxCryptoIf_h
28#ifndef RT_WITHOUT_PRAGMA_ONCE
29# pragma once
30#endif
31
32#include <iprt/vfs.h>
33#include <VBox/types.h>
34
35/** An opaque VBox cryptographic context handle. */
36typedef struct VBOXCRYPTOCTXINT *VBOXCRYPTOCTX;
37/**Pointer to an opaque VBox cryptographic context handle. */
38typedef VBOXCRYPTOCTX *PVBOXCRYPTOCTX;
39
40/** Magic identifying the cryptographic interface (Charles Babbage). */
41#define VBOXCRYPTOIF_MAGIC UINT32_C(0x17911226)
42
43/** Pointer to const cryptographic interface. */
44typedef const struct VBOXCRYPTOIF *PCVBOXCRYPTOIF;
45/**
46 * The main cryptographic callbacks interface table.
47 */
48typedef struct VBOXCRYPTOIF
49{
50 /** Interface magic, set to VBOXCRYPTOIF_MAGIC. */
51 uint32_t u32Magic;
52 /** Interface version.
53 * This is set to VBOXCRYPTOIF_VERSION. */
54 uint32_t u32Version;
55 /** Description string. */
56 const char *pszDesc;
57
58 /** @name Generic crytographic context operations.
59 * @{ */
60
61 /**
62 * Creates a new cryptographic context for encryption.
63 *
64 * @returns VBox status code.
65 * @param pszCipher The identifier of the cipher to use.
66 * @param pszPassword Password for encrypting the context.
67 * @param phCryptoCtx Where to store the handle to the crypto context on success.
68 */
69 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxCreate, (const char *pszCipher, const char *pszPassword,
70 PVBOXCRYPTOCTX phCryptoCtx));
71
72 /**
73 * Creates a new cryptographic context for decryption from the given base-64 encoded context.
74 *
75 * @returns VBox status code.
76 * @param pszStoredCtx The base-64 encoded context to decrypt with the given password.
77 * @param pszPassword Password for encrypting the context.
78 * @param phCryptoCtx Where to store the handle to the crypto context on success.
79 */
80 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxLoad, (const char *pszStoredCtx, const char *pszPassword,
81 PVBOXCRYPTOCTX phCryptoCtx));
82
83 /**
84 * Destroys a previously created cryptographic context.
85 *
86 * @returns VBox status code.
87 * @param hCryptoCtx Handle of crpytographic context to destroy.
88 */
89 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxDestroy, (VBOXCRYPTOCTX hCryptoCtx));
90
91 /**
92 * Returns the given cryptographic context as a base-64 encoded string.
93 *
94 * @returns VBox status code.
95 * @param hCryptoCtx Handle of crpytographic context.
96 * @param ppszStoredCtx Where to store the base-64 encoded cryptographic context on success.
97 * Must be freed with RTMemFree() when not required anymore.
98 */
99 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxSave, (VBOXCRYPTOCTX hCryptoCtx, char **ppszStoredCtx));
100
101 /**
102 * Changes the encryption password for the given context.
103 *
104 * @returns VBox status code.
105 * @param hCryptoCtx Handle of crpytographic context.
106 * @param pszPassword New password used for encrypting the DEK.
107 */
108 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxPasswordChange, (VBOXCRYPTOCTX hCryptoCtx, const char *pszPassword));
109
110 /**
111 * Queries the required size of the output buffer for encrypted data. Depends on the cipher.
112 *
113 * @returns VBox status code.
114 * @param hCryptoCtx Handle of crpytographic context.
115 * @param cbPlainText The size of the data to be encrypted.
116 * @param pcbEncrypted Where to store the size in bytes of the encrypted data on success.
117 */
118 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxQueryEncryptedSz, (VBOXCRYPTOCTX hCryptoCtx, size_t cbPlaintext,
119 size_t *pcbEncrypted));
120
121 /**
122 * Queries the required size of the output buffer for decrypted data. Depends on the cipher.
123 *
124 * @returns VBox status code.
125 * @param hCryptoCtx Handle of crpytographic context.
126 * @param cbEncrypted The size of the encrypted chunk before decryption.
127 * @param pcbPlaintext Where to store the size in bytes of the decrypted data on success.
128 */
129 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxQueryDecryptedSz, (VBOXCRYPTOCTX hCryptoCtx, size_t cbEncrypted,
130 size_t *pcbPlaintext));
131
132 /**
133 * Encrypts data.
134 *
135 * @returns VBox status code.
136 * @param hCryptoCtx Handle of crpytographic context.
137 * @param fPartial Only part of data to be encrypted is specified. The encryption
138 * cipher context will not be closed. Set to false for last piece
139 * of data, or if data is specified completely.
140 * Only CTR mode supports partial encryption.
141 * @param pvIV Pointer to IV. If null it will be generated.
142 * @param cbIV Size of the IV.
143 * @param pvPlainText Data to encrypt.
144 * @param cbPlainText Size of the data in the pvPlainText.
145 * @param pvAuthData Data used for authenticate the pvPlainText
146 * @param cbAuthData Size of the pvAuthData
147 * @param pvEncrypted Buffer to store encrypted data
148 * @param cbEncrypted Size of the buffer in pvEncrypted
149 * @param pcbEncrypted Placeholder where the size of the encrypted data returned.
150 */
151 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxEncrypt, (VBOXCRYPTOCTX hCryptoCtx, bool fPartial, void const *pvIV, size_t cbIV,
152 void const *pvPlainText, size_t cbPlainText,
153 void const *pvAuthData, size_t cbAuthData,
154 void *pvEncrypted, size_t cbEncrypted,
155 size_t *pcbEncrypted));
156
157 /**
158 * Decrypts data.
159 *
160 * @returns VBox status code.
161 * @param hCryptoCtx Handle of crpytographic context.
162 * @param fPartial Only part of data to be encrypted is specified. The encryption
163 * cipher context will not be closed. Set to false for last piece
164 * of data, or if data is specified completely.
165 * Only CTR mode supports partial encryption.
166 * @param pvEncrypted Data to decrypt.
167 * @param cbEncrypted Size of the data in the pvEncrypted.
168 * @param pvAuthData Data used for authenticate the pvEncrypted
169 * @param cbAuthData Size of the pvAuthData
170 * @param pvPlainText Buffer to store decrypted data
171 * @param cbPlainText Size of the buffer in pvPlainText
172 * @param pcbPlainText Placeholder where the size of the decrypted data returned.
173 */
174 DECLR3CALLBACKMEMBER(int, pfnCryptoCtxDecrypt, (VBOXCRYPTOCTX hCryptoCtx, bool fPartial,
175 void const *pvEncrypted, size_t cbEncrypted,
176 void const *pvAuthData, size_t cbAuthData,
177 void *pvPlainText, size_t cbPlainText, size_t *pcbPlainText));
178 /** @} */
179
180 /** @name File based cryptographic operations.
181 * @{ */
182 /**
183 * Creates a new VFS file handle for an encrypted or to be encrypted file handle.
184 *
185 * @returns VBox status code.
186 * @param hVfsFile The input file handle, a new reference is retained upon success.
187 * @param pszKeyStore The key store containing the DEK used for encryption.
188 * @param pszPassword Password encrypting the DEK.
189 * @param phVfsFile Where to store the handle to the VFS file on success.
190 */
191 DECLR3CALLBACKMEMBER(int, pfnCryptoFileFromVfsFile, (RTVFSFILE hVfsFile, const char *pszKeyStore, const char *pszPassword,
192 PRTVFSFILE phVfsFile));
193
194 /**
195 * Opens a new encryption I/O stream.
196 *
197 * @returns VBox status code.
198 * @param hVfsIosDst The encrypted output stream (must be writeable).
199 * The reference is not consumed, instead another
200 * one is retained.
201 * @param pszKeyStore The key store containing the DEK used for encryption.
202 * @param pszPassword Password encrypting the DEK.
203 * @param phVfsIosCrypt Where to return the crypting input I/O stream handle
204 * (you write to this).
205 */
206 DECLR3CALLBACKMEMBER(int, pfnCryptoIoStrmFromVfsIoStrmEncrypt, (RTVFSIOSTREAM hVfsIosDst, const char *pszKeyStore,
207 const char *pszPassword, PRTVFSIOSTREAM phVfsIosCrypt));
208
209 /**
210 * Opens a new decryption I/O stream.
211 *
212 * @returns VBox status code.
213 * @param hVfsIosIn The encrypted input stream (must be readable).
214 * The reference is not consumed, instead another
215 * one is retained.
216 * @param pszKeyStore The key store containing the DEK used for encryption.
217 * @param pszPassword Password encrypting the DEK.
218 * @param phVfsIosOut Where to return the handle to the decrypted I/O stream (read).
219 */
220 DECLR3CALLBACKMEMBER(int, pfnCryptoIoStrmFromVfsIoStrmDecrypt, (RTVFSIOSTREAM hVfsIosIn, const char *pszKeyStore,
221 const char *pszPassword, PRTVFSIOSTREAM phVfsIosOut));
222 /** @} */
223
224 /** @name Keystore related functions.
225 * @{ */
226 /**
227 * Return the encryption parameters and DEK from the base64 encoded key store data.
228 *
229 * @returns VBox status code.
230 * @param pszEnc The base64 encoded key store data.
231 * @param pszPassword The password to use for key decryption.
232 * If the password is NULL only the cipher is returned.
233 * @param ppbKey Where to store the DEK on success.
234 * Must be freed with RTMemSaferFree().
235 * @param pcbKey Where to store the DEK size in bytes on success.
236 * @param ppszCipher Where to store the used cipher for the decrypted DEK.
237 * Must be freed with RTStrFree().
238 */
239 DECLR3CALLBACKMEMBER(int, pfnCryptoKeyStoreGetDekFromEncoded, (const char *pszEnc, const char *pszPassword,
240 uint8_t **ppbKey, size_t *pcbKey, char **ppszCipher));
241
242 /**
243 * Stores the given DEK in a key store protected by the given password.
244 *
245 * @returns VBox status code.
246 * @param pszPassword The password to protect the DEK.
247 * @param pbKey The DEK to protect.
248 * @param cbKey Size of the DEK to protect.
249 * @param pszCipher The cipher string associated with the DEK.
250 * @param ppszEnc Where to store the base64 encoded key store data on success.
251 * Must be freed with RTMemFree().
252 */
253 DECLR3CALLBACKMEMBER(int, pfnCryptoKeyStoreCreate, (const char *pszPassword, const uint8_t *pbKey, size_t cbKey,
254 const char *pszCipher, char **ppszEnc));
255 /** @} */
256
257 DECLR3CALLBACKMEMBER(int, pfnReserved1,(void)); /**< Reserved for minor structure revisions. */
258 DECLR3CALLBACKMEMBER(int, pfnReserved2,(void)); /**< Reserved for minor structure revisions. */
259 DECLR3CALLBACKMEMBER(int, pfnReserved3,(void)); /**< Reserved for minor structure revisions. */
260 DECLR3CALLBACKMEMBER(int, pfnReserved4,(void)); /**< Reserved for minor structure revisions. */
261 DECLR3CALLBACKMEMBER(int, pfnReserved5,(void)); /**< Reserved for minor structure revisions. */
262 DECLR3CALLBACKMEMBER(int, pfnReserved6,(void)); /**< Reserved for minor structure revisions. */
263
264 /** Reserved for minor structure revisions. */
265 uint32_t uReserved7;
266
267 /** End of structure marker (VBOXCRYPTOIF_VERSION). */
268 uint32_t u32EndMarker;
269} VBOXCRYPTOIF;
270/** Current version of the VBOXCRYPTOIF structure. */
271#define VBOXCRYPTOIF_VERSION RT_MAKE_U32(0, 1)
272
273
274/**
275 * The VBoxCrypto entry callback function.
276 *
277 * @returns VBox status code.
278 * @param ppCryptoIf Where to store the pointer to the crypto module interface callback table
279 * on success.
280 */
281typedef DECLCALLBACKTYPE(int, FNVBOXCRYPTOENTRY,(PCVBOXCRYPTOIF *ppCryptoIf));
282/** Pointer to a FNVBOXCRYPTOENTRY. */
283typedef FNVBOXCRYPTOENTRY *PFNVBOXCRYPTOENTRY;
284
285/** The name of the crypto module entry point. */
286#define VBOX_CRYPTO_MOD_ENTRY_POINT "VBoxCryptoEntry"
287
288
289/**
290 * Checks if cryptographic interface version is compatible.
291 *
292 * @returns true if the do, false if they don't.
293 * @param u32Provider The provider version.
294 * @param u32User The user version.
295 */
296#define VBOXCRYPTO_IS_VER_COMPAT(u32Provider, u32User) \
297 ( VBOXCRYPTO_IS_MAJOR_VER_EQUAL(u32Provider, u32User) \
298 && (int32_t)RT_LOWORD(u32Provider) >= (int32_t)RT_LOWORD(u32User) ) /* stupid casts to shut up gcc */
299
300/**
301 * Check if two cryptographic interface versions have the same major version.
302 *
303 * @returns true if the do, false if they don't.
304 * @param u32Ver1 The first version number.
305 * @param u32Ver2 The second version number.
306 */
307#define VBOXCRYPTO_IS_MAJOR_VER_EQUAL(u32Ver1, u32Ver2) (RT_HIWORD(u32Ver1) == RT_HIWORD(u32Ver2))
308
309#endif /* !VBOX_INCLUDED_VBoxCryptoIf_h */
310
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette