VirtualBox

source: vbox/trunk/src/VBox/ImageMounter/vboximg-mount/vboximgCrypto.h@ 101693

Last change on this file since 101693 was 98103, checked in by vboxsync, 2 years ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 8.3 KB
Line 
1/* $Id: vboximgCrypto.h 98103 2023-01-17 14:15:46Z vboxsync $ $Revision: 98103 $ $Date: 2023-01-17 14:15:46 +0000 (Tue, 17 Jan 2023) $ $Author: vboxsync $ */
2
3/** @file
4 * vboximgCrypto.h
5 */
6
7/*
8 * Copyright (C) 2008-2023 Oracle and/or its affiliates.
9 *
10 * This file is part of VirtualBox base platform packages, as
11 * available from https://www.virtualbox.org.
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation, in version 3 of the
16 * License.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, see <https://www.gnu.org/licenses>.
25 *
26 * SPDX-License-Identifier: GPL-3.0-only
27 */
28
29#ifndef VBOX_INCLUDED_SRC_vboximg_mount_vboximgCrypto_h
30#define VBOX_INCLUDED_SRC_vboximg_mount_vboximgCrypto_h
31#ifndef RT_WITHOUT_PRAGMA_ONCE
32# pragma once
33#endif
34
35#include <map>
36
37/*
38 * Settings for a crypto filter instance.
39 */
40typedef struct VDiskCryptoSettings
41{
42 VDiskCryptoSettings()
43 : fCreateKeyStore(false),
44 pszPassword(NULL),
45 pszKeyStore(NULL),
46 pszKeyStoreLoad(NULL),
47 pbDek(NULL),
48 cbDek(0),
49 pszCipher(NULL),
50 pszCipherReturned(NULL)
51 { }
52
53 bool fCreateKeyStore;
54 const char *pszPassword;
55 char *pszKeyStore;
56 const char *pszKeyStoreLoad;
57
58 const uint8_t *pbDek;
59 size_t cbDek;
60 const char *pszCipher;
61
62 /** The cipher returned by the crypto filter. */
63 char *pszCipherReturned;
64
65 PVDINTERFACE vdFilterIfaces;
66
67 VDINTERFACECONFIG vdIfCfg;
68 VDINTERFACECRYPTO vdIfCrypto;
69} VDISKCRYPTOSETTINGS;
70
71
72class SecretKey
73{
74 public:
75
76 /**
77 * Constructor for a secret key.
78 *
79 * @param pbKey The key buffer.
80 * @param cbKey Size of the key.
81 * @param fKeyBufNonPageable Flag whether the key buffer should be non pageable.
82 */
83 SecretKey(const uint8_t *pbKey, size_t cbKey, bool fKeyBufNonPageable);
84
85 /**
86 * Secret key destructor.
87 */
88 ~SecretKey();
89
90 /**
91 * Increments the reference counter of the key.
92 *
93 * @returns The new reference count.
94 */
95 uint32_t retain();
96
97 /**
98 * Releases a reference of the key.
99 * If the reference counter reaches 0 the key buffer might be protected
100 * against further access or the data will become scrambled.
101 *
102 * @returns The new reference count.
103 */
104 uint32_t release();
105
106 /**
107 * Returns the reference count of the secret key.
108 */
109 uint32_t refCount();
110
111 /**
112 * Sets the possible number of users for this key.
113 *
114 * @returns VBox status code.
115 * @param cUsers The possible number of user for this key.
116 */
117 int setUsers(uint32_t cUsers);
118
119 /**
120 * Returns the possible amount of users.
121 *
122 * @returns Possible amount of users.
123 */
124 uint32_t getUsers();
125
126 /**
127 * Sets the remove on suspend flag.
128 *
129 * @returns VBox status code.
130 * @param fRemoveOnSuspend Flag whether to remove the key on host suspend.
131 */
132 int setRemoveOnSuspend(bool fRemoveOnSuspend);
133
134 /**
135 * Returns whether the key should be destroyed on suspend.
136 */
137 bool getRemoveOnSuspend();
138
139 /**
140 * Returns the buffer to the key.
141 */
142 const void *getKeyBuffer();
143
144 /**
145 * Returns the size of the key.
146 */
147 size_t getKeySize();
148
149 private:
150 /** Reference counter of the key. */
151 volatile uint32_t m_cRefs;
152 /** Key material. */
153 uint8_t *m_pbKey;
154 /** Size of the key in bytes. */
155 size_t m_cbKey;
156 /** Flag whether to remove the key on suspend. */
157 bool m_fRemoveOnSuspend;
158 /** Number of entities which will use this key. */
159 uint32_t m_cUsers;
160};
161
162class SecretKeyStore
163{
164 public:
165
166 /**
167 * Constructor for a secret key store.
168 *
169 * @param fKeyBufNonPageable Flag whether the key buffer is required to
170 * be non pageable.
171 */
172 SecretKeyStore(bool fKeyBufNonPageable);
173
174 /**
175 * Destructor of a secret key store. This will free all stored secret keys
176 * inluding the key buffers. Make sure there no one accesses one of the keys
177 * stored.
178 */
179 ~SecretKeyStore();
180
181 /**
182 * Add a secret key to the store.
183 *
184 * @returns VBox status code.
185 * @param strKeyId The key identifier.
186 * @param pbKey The key to store.
187 * @param cbKey Size of the key.
188 */
189 int addSecretKey(const com::Utf8Str &strKeyId, const uint8_t *pbKey, size_t cbKey);
190
191 /**
192 * Deletes a key from the key store associated with the given identifier.
193 *
194 * @returns VBox status code.
195 * @param strKeyId The key identifier.
196 */
197 int deleteSecretKey(const com::Utf8Str &strKeyId);
198
199 /**
200 * Returns the secret key object associated with the given identifier.
201 * This increments the reference counter of the secret key object.
202 *
203 * @returns VBox status code.
204 * @param strKeyId The key identifier.
205 * @param ppKey Where to store the secret key object on success.
206 */
207 int retainSecretKey(const com::Utf8Str &strKeyId, SecretKey **ppKey);
208
209 /**
210 * Releases a reference to the secret key object.
211 *
212 * @returns VBox status code.
213 * @param strKeyId The key identifier.
214 */
215 int releaseSecretKey(const com::Utf8Str &strKeyId);
216
217 /**
218 * Deletes all secret keys from the key store.
219 *
220 * @returns VBox status code.
221 * @param fSuspend Flag whether to delete only keys which are
222 * marked for deletion during a suspend.
223 * @param fForce Flag whether to force deletion if some keys
224 * are still in use. Otherwise an error is returned.
225 */
226 int deleteAllSecretKeys(bool fSuspend, bool fForce);
227
228 private:
229
230 typedef std::map<com::Utf8Str, SecretKey *> SecretKeyMap;
231
232 /** The map to map key identifers to secret keys. */
233 SecretKeyMap m_mapSecretKeys;
234 /** Flag whether key buffers should be non pagable. */
235 bool m_fKeyBufNonPageable;
236};
237
238void vboxImageCryptoSetup(VDISKCRYPTOSETTINGS *pSettings, const char *pszCipher,
239 const char *pszKeyStore, const char *pszPassword,
240 bool fCreateKeyStore);
241
242DECLCALLBACK(bool) vboximgVdCryptoConfigAreKeysValid(void *pvUser, const char *pszzValid);
243
244DECLCALLBACK(int) vboximgVdCryptoConfigQuerySize(void *pvUser, const char *pszName, size_t *pcbValue);
245
246DECLCALLBACK(int) vboximgVdCryptoConfigQuery(void *pvUser, const char *pszName,
247 char *pszValue, size_t cchValue);
248
249DECLCALLBACK(int) vboximgVdCryptoKeyRetain(void *pvUser, const char *pszId,
250 const uint8_t **ppbKey, size_t *pcbKey);
251
252DECLCALLBACK(int) vboximgVdCryptoKeyRelease(void *pvUser, const char *pszId);
253
254DECLCALLBACK(int) vboximgVdCryptoKeyStorePasswordRetain(void *pvUser, const char *pszId, const char **ppszPassword);
255
256DECLCALLBACK(int) vboximgVdCryptoKeyStorePasswordRelease(void *pvUser, const char *pszId);
257
258DECLCALLBACK(int) vboximgVdCryptoKeyStoreSave(void *pvUser, const void *pvKeyStore, size_t cbKeyStore);
259
260DECLCALLBACK(int) vboximgVdCryptoKeyStoreReturnParameters(void *pvUser, const char *pszCipher,
261 const uint8_t *pbDek, size_t cbDek);
262
263
264#endif /* !VBOX_INCLUDED_SRC_vboximg_mount_vboximgCrypto_h */
265
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette