Changeset 42125 in vbox for trunk

Timestamp:

Jul 12, 2012 10:39:18 AM (13 years ago)

Author:

vboxsync

Message:

optional encrypted store of the iSCSI initiator secret

Location:

trunk/src/VBox

Files:

• Frontends/VBoxManage/VBoxManage.cpp (modified) (5 diffs)
• Frontends/VBoxManage/VBoxManageHelp.cpp (modified) (1 diff)
• Main/idl/VirtualBox.xidl (modified) (1 diff)
• Main/include/MediumImpl.h (modified) (2 diffs)
• Main/include/VirtualBoxImpl.h (modified) (3 diffs)
• Main/src-server/MediumImpl.cpp (modified) (4 diffs)
• Main/src-server/VirtualBoxImpl.cpp (modified) (6 diffs)
• Storage/ISCSI.cpp (modified) (1 diff)

trunk/src/VBox/Frontends/VBoxManage/VBoxManage.cpp

@@ -37 +37 @@
 #include <iprt/asm.h>
 #include <iprt/buildconfig.h>
+#include <iprt/ctype.h>
 #include <iprt/initterm.h>
 #include <iprt/path.h>
@@ -245 +246 @@
 
 
+#ifndef VBOX_ONLY_DOCS
+static RTEXITCODE settingsPasswordFile(ComPtr<IVirtualBox> virtualBox, const char *pszFile)
+{
+    size_t cbFile;
+    char szPasswd[512];
+    int vrc = VINF_SUCCESS;
+    RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+    bool fStdIn = !strcmp(pszFile, "stdin");
+    PRTSTREAM pStrm;
+    if (!fStdIn)
+        vrc = RTStrmOpen(pszFile, "r", &pStrm);
+    else
+        pStrm = g_pStdIn;
+    if (RT_SUCCESS(vrc))
+    {
+        vrc = RTStrmReadEx(pStrm, szPasswd, sizeof(szPasswd)-1, &cbFile);
+        if (RT_SUCCESS(vrc))
+        {
+            if (cbFile >= sizeof(szPasswd)-1)
+                rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Provided password too long");
+            else
+            {
+                unsigned i;
+                for (i = 0; i < cbFile && !RT_C_IS_CNTRL(szPasswd[i]); i++)
+                    ;
+                szPasswd[i] = '\0';
+                int rc;
+                CHECK_ERROR(virtualBox, SetSettingsSecret(com::Bstr(szPasswd).raw()));
+                if (FAILED(rc))
+                    rcExit = RTEXITCODE_FAILURE;
+            }
+        }
+        if (!fStdIn)
+            RTStrmClose(pStrm);
+    }
+    else
+        rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Cannot open password file '%s' (%Rrc)", pszFile);
+
+    return rcExit;
+}
+#endif
+
 int main(int argc, char *argv[])
 {
@@ -260 +303 @@
     int  iCmd      = 1;
     int  iCmdArg;
+    const char *g_pszSettingsPw = NULL;
+    const char *g_pszSettingsPwFile = NULL;
 
     for (int i = 1; i < argc || argc <= iCmd; i++)
@@ -316 +361 @@
             iCmd++;
         }
+        else if (!strcmp(argv[i], "--settingspw"))
+        {
+            if (i >= argc-1)
+                return RTMsgErrorExit(RTEXITCODE_FAILURE,
+                                      "Password expected");
+            /* password for certain settings */
+            g_pszSettingsPw = argv[i+1];
+            iCmd += 2;
+        }
+        else if (!strcmp(argv[i], "--settingspwfile"))
+        {
+            if (i >= argc-1)
+                return RTMsgErrorExit(RTEXITCODE_FAILURE,
+                                      "No password file specified");
+            g_pszSettingsPwFile = argv[i+1];
+            iCmd += 2;
+        }
         else
-        {
             break;
-        }
     }
 
@@ -447 +507 @@
         };
 
+        if (g_pszSettingsPw)
+        {
+            int rc;
+            CHECK_ERROR(virtualBox, SetSettingsSecret(Bstr(g_pszSettingsPw).raw()));
+            if (FAILED(rc))
+            {
+                rcExit = RTEXITCODE_FAILURE;
+                break;
+            }
+        }
+        else if (g_pszSettingsPwFile)
+        {
+            rcExit = settingsPasswordFile(virtualBox, g_pszSettingsPwFile);
+            if (rcExit != RTEXITCODE_SUCCESS)
+                break;
+        }
+
         HandlerArg  handlerArg = { 0, NULL, virtualBox, session };
         int         commandIndex;

trunk/src/VBox/Frontends/VBoxManage/VBoxManageHelp.cpp

@@ -99 +99 @@
     if (u64Cmd == USAGE_ALL)
         RTStrmPrintf(pStrm,
-                     "VBoxManage [-v|--version]    print version number and exit\n"
-                     "VBoxManage [-q|--nologo] ... suppress the logo\n"
+                     "VBoxManage [-v|--version]          print version number and exit\n"
+                     "VBoxManage [-q|--nologo]       ... suppress the logo\n"
+                     "VBoxManage [--settingspw <pw>] ...\n"
+                     "VBoxManage [--settingspwfile]  ... provide the settings password\n"
                      "\n");
 

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -2100 +2100 @@
       <param name="value" type="wstring" dir="in">
         <desc>Value to assign to the key.</desc>
+      </param>
+    </method>
+
+    <method name="setSettingsSecret">
+      <desc>
+        Unlocks the secret data by passing the unlock password to the
+        server. The server will cache the password for that machine.
+
+        <result name="VBOX_E_INVALID_VM_STATE">
+          Virtual machine is not mutable.
+        </result>
+
+      </desc>
+      <param name="password" type="wstring" dir="in">
+        <desc>
+          The cipher key.
+        </desc>
       </param>
     </method>

trunk/src/VBox/Main/include/MediumImpl.h

@@ -183 +183 @@
     bool getFirstRegistryMachineId(Guid &uuid) const;
     void markRegistriesModified();
+    
+    HRESULT setPropertyDirect(const Utf8Str &aName, const Utf8Str &aValue);
 
     HRESULT addBackReference(const Guid &aMachineId,
@@ -188 +190 @@
     HRESULT removeBackReference(const Guid &aMachineId,
                                 const Guid &aSnapshotId = Guid::Empty);
+
 
     const Guid* getFirstMachineBackrefId() const;

trunk/src/VBox/Main/include/VirtualBoxImpl.h

@@ -153 +153 @@
     STDMETHOD(GetExtraData)(IN_BSTR aKey, BSTR *aValue);
     STDMETHOD(SetExtraData)(IN_BSTR aKey, IN_BSTR aValue);
+    STDMETHOD(SetSettingsSecret)(IN_BSTR aKey);
 
     STDMETHOD(CreateDHCPServer)(IN_BSTR aName, IDHCPServer ** aServer);
@@ -286 +287 @@
     RWLockHandle& getMediaTreeLockHandle();
 
+    int  encryptSetting(const Utf8Str &aPlaintext, Utf8Str *aCiphertext);
+    int  decryptSetting(Utf8Str *aPlaintext, const Utf8Str &aCiphertext);
+    void storeSettingsKey(const Utf8Str &aKey);
+
 private:
 
@@ -305 +310 @@
     HRESULT unregisterDHCPServer(DHCPServer *aDHCPServer,
                                  bool aSaveRegistry = true);
+    
+    void decryptSettings();
+    void decryptMediumSettings(Medium *pMedium);
+    int  decryptSettingBytes(uint8_t *aPlaintext, const uint8_t *aCiphertext,
+                             size_t aCiphertextSize) const;
+    int  encryptSettingBytes(const uint8_t *aPlaintext, uint8_t *aCiphertext,
+                             size_t aPlaintextSize, size_t aCiphertextSize) const;
 
     struct Data;            // opaque data structure, defined in VirtualBoxImpl.cpp

trunk/src/VBox/Main/src-server/MediumImpl.cpp

@@ -1180 +1180 @@
     }
 
+    /* try to decrypt an optional iSCSI initiator secret */
+    settings::StringsMap::const_iterator itCph = data.properties.find("InitiatorSecretEncrypted");
+    if (   itCph != data.properties.end()
+        && !itCph->second.isEmpty())
+    {
+        Utf8Str strPlaintext;
+        int vrc = m->pVirtualBox->decryptSetting(&strPlaintext, itCph->second);
+        if (RT_SUCCESS(vrc))
+            m->mapProperties["InitiatorSecret"] = strPlaintext;
+    }
+
     Utf8Str strFull;
     if (m->formatObj->getCapabilities() & MediumFormatCapabilities_File)
@@ -3754 +3765 @@
     /* optional properties */
     data.properties.clear();
+
+    /* handle iSCSI initiator secrets transparently */
+    bool fHaveInitiatorSecretEncrypted = false;
+    Utf8Str strCiphertext;
+    settings::StringsMap::const_iterator itPln = m->mapProperties.find("InitiatorSecret");
+    if (   itPln != m->mapProperties.end()
+        && !itPln->second.isEmpty())
+    {
+        /* Encrypt the plain secret. If that does not work (i.e. no settings key specified),
+         * just use the encrypted secret (if there is any). */
+        int rc = m->pVirtualBox->encryptSetting(itPln->second, &strCiphertext);
+        NOREF(rc);
+        fHaveInitiatorSecretEncrypted = true;
+    }
     for (settings::StringsMap::const_iterator it = m->mapProperties.begin();
          it != m->mapProperties.end();
@@ -3763 +3788 @@
             const Utf8Str &name = it->first;
             const Utf8Str &value = it->second;
-            data.properties[name] = value;
-        }
+            /* do NOT store the plain InitiatorSecret */
+            if (   !fHaveInitiatorSecretEncrypted
+                || !name.equals("InitiatorSecret"))
+                data.properties[name] = value;
+        }
+        if (fHaveInitiatorSecretEncrypted)
+            data.properties["InitiatorSecretEncrypted"] = strCiphertext;
     }
 
@@ -5799 +5829 @@
 
     return rc;
+}
+
+/**
+ * Like SetProperty but do not trigger a settings store. Only for internal use!
+ */
+HRESULT Medium::setPropertyDirect(const Utf8Str &aName, const Utf8Str &aValue)
+{
+    AutoCaller autoCaller(this);
+    if (FAILED(autoCaller.rc())) return autoCaller.rc();
+
+    AutoWriteLock mlock(this COMMA_LOCKVAL_SRC_POS);
+
+    switch (m->state)
+    {
+        case MediumState_Created:
+        case MediumState_Inaccessible:
+            break;
+        default:
+            return setStateError();
+    }
+
+    m->mapProperties[aName] = aValue;
+
+    return S_OK;
 }
 

trunk/src/VBox/Main/src-server/VirtualBoxImpl.cpp

@@ -17 +17 @@
 
 #include <iprt/asm.h>
+#include <iprt/base64.h>
 #include <iprt/buildconfig.h>
 #include <iprt/cpp/utils.h>
@@ -24 +25 @@
 #include <iprt/path.h>
 #include <iprt/process.h>
+#include <iprt/rand.h>
+#include <iprt/sha.h>
 #include <iprt/string.h>
 #include <iprt/stream.h>
@@ -295 +298 @@
     /** The global autostart database for the user. */
     AutostartDb * const                 pAutostartDb;
+
+    /** Settings secret */
+    bool                                fSettingsCipherKeySet;
+    uint8_t                             SettingsCipherKey[RTSHA512_HASH_SIZE];
 };
+
 
 // constructor / destructor
@@ -446 +454 @@
         if (FAILED(rc = initMachines()))
             throw rc;
-
 
 #ifdef DEBUG
@@ -1967 +1974 @@
 }
 
+/**
+ *
+ */
+STDMETHODIMP VirtualBox::SetSettingsSecret(IN_BSTR aValue)
+{
+    storeSettingsKey(aValue);
+    decryptSettings();
+    return S_OK;
+}
+
+void VirtualBox::decryptMediumSettings(Medium *pMedium)
+{
+    Bstr bstrCipher;
+    HRESULT hrc = pMedium->GetProperty(Bstr("InitiatorSecretEncrypted").raw(),
+                                       bstrCipher.asOutParam());
+    if (SUCCEEDED(hrc))
+    {
+        Bstr bstrName;
+        pMedium->COMGETTER(Name)(bstrName.asOutParam());
+        Utf8Str strPlaintext;
+        int rc = decryptSetting(&strPlaintext, bstrCipher);
+        if (RT_SUCCESS(rc))
+            pMedium->setPropertyDirect("InitiatorSecret", strPlaintext);
+    }
+}
+
+/**
+ * Decrypt all encrypted settings.
+ *
+ * So far we only have encrypted iSCSI initiator secrets so we just go through
+ * all hard disk mediums and determine the plain 'InitiatorSecret' from
+ * 'InitiatorSecretEncrypted. The latter is stored as Base64 because medium
+ * properties need to be null-terminated strings.
+ */
+void VirtualBox::decryptSettings()
+{
+    AutoReadLock al(m->allHardDisks.getLockHandle() COMMA_LOCKVAL_SRC_POS);
+    for (MediaList::const_iterator mt = m->allHardDisks.begin();
+         mt != m->allHardDisks.end();
+         ++mt)
+    {
+        ComObjPtr<Medium> pMedium = *mt;
+        AutoCaller medCaller(pMedium);
+        if (FAILED(medCaller.rc()))
+            continue;
+        AutoWriteLock mlock(pMedium COMMA_LOCKVAL_SRC_POS);
+        decryptMediumSettings(pMedium);
+    }
+}
+
+/**
+ * Encode.
+ *
+ * @param aPlaintext      plaintext to be encrypted
+ * @param aCiphertext     resulting ciphertext (base64-encoded)
+ */
+int VirtualBox::encryptSetting(const Utf8Str &aPlaintext, Utf8Str *aCiphertext)
+{
+    uint8_t abCiphertext[32];
+    char    szCipherBase64[128];
+    size_t  cchCipherBase64;
+    int rc = encryptSettingBytes((uint8_t*)aPlaintext.c_str(), abCiphertext,
+                                 aPlaintext.length()+1, sizeof(abCiphertext));
+    if (RT_SUCCESS(rc))
+    {
+        rc = RTBase64Encode(abCiphertext, sizeof(abCiphertext),
+                            szCipherBase64, sizeof(szCipherBase64),
+                            &cchCipherBase64);
+        if (RT_SUCCESS(rc))
+            *aCiphertext = szCipherBase64;
+    }
+    return rc;
+}
+
+/**
+ * Decode.
+ *
+ * @param aPlaintext      resulting plaintext
+ * @param aCiphertext     ciphertext (base64-encoded) to decrypt
+ */
+int VirtualBox::decryptSetting(Utf8Str *aPlaintext, const Utf8Str &aCiphertext)
+{
+    uint8_t abPlaintext[64];
+    uint8_t abCiphertext[64];
+    size_t  cbCiphertext;
+    int rc = RTBase64Decode(aCiphertext.c_str(),
+                            abCiphertext, sizeof(abCiphertext),
+                            &cbCiphertext, NULL);
+    if (RT_SUCCESS(rc))
+    {
+        rc = decryptSettingBytes(abPlaintext, abCiphertext, cbCiphertext);
+        if (RT_SUCCESS(rc))
+        {
+            /* check if this is really a Null-terminated string. */
+            for (unsigned i = 0; i < cbCiphertext; i++)
+            {
+                if (abPlaintext[i] == '\0')
+                {
+                    *aPlaintext = Utf8Str((const char*)abPlaintext);
+                    return VINF_SUCCESS;
+                }
+            }
+            rc = VERR_INVALID_PARAMETER;
+        }
+    }
+    return rc;
+}
+
+/**
+ * Encrypt secret bytes. Use the m->SettingsCipherKey as key.
+ *
+ * @param aPlaintext      clear text to be encrypted
+ * @param aCiphertext     resulting encrypted text
+ * @param aPlaintextSize  size of the plaintext
+ * @param aCiphertextSize size of the ciphertext
+ */
+int VirtualBox::encryptSettingBytes(const uint8_t *aPlaintext, uint8_t *aCiphertext,
+                                    size_t aPlaintextSize, size_t aCiphertextSize) const
+{
+    unsigned i, j;
+    uint8_t aBytes[64];
+
+    if (!m->fSettingsCipherKeySet)
+        return VERR_INVALID_STATE;
+
+    if (aCiphertextSize > sizeof(aBytes))
+        return VERR_BUFFER_OVERFLOW;
+
+    for (i = 0, j = 0; i < aPlaintextSize && i < aCiphertextSize; i++)
+    {
+        aCiphertext[i] = (aPlaintext[i] ^ m->SettingsCipherKey[j]);
+        if (++j >= sizeof(m->SettingsCipherKey))
+            j = 0;
+    }
+
+    /* fill with random data to have a minimal length */
+    if (i < aCiphertextSize)
+    {
+        RTRandBytes(aBytes, aCiphertextSize - i);
+        for (; i < aCiphertextSize; i++)
+        {
+            aCiphertext[i] = aBytes[i] ^ m->SettingsCipherKey[j];
+            if (++j >= sizeof(m->SettingsCipherKey))
+                j = 0;
+        }
+    }
+
+    return VINF_SUCCESS;
+}
+
+/**
+ * Decrypt secret bytes. Use the m->SettingsCipherKey as key.
+ *
+ * @param aPlaintext      resulting plaintext
+ * @param aCiphertext     ciphertext to be decrypted
+ * @param aCiphertextSize size of the ciphertext == size of the plaintext
+ */
+int VirtualBox::decryptSettingBytes(uint8_t *aPlaintext,
+                                    const uint8_t *aCiphertext, size_t aCiphertextSize) const
+{
+    if (!m->fSettingsCipherKeySet)
+        return VERR_INVALID_STATE;
+
+    for (unsigned i = 0, j = 0; i < aCiphertextSize; i++)
+    {
+        aPlaintext[i] = aCiphertext[i] ^ m->SettingsCipherKey[j];
+        if (++j >= sizeof(m->SettingsCipherKey))
+            j = 0;
+    }
+
+    return VINF_SUCCESS;
+}
+
+/**
+ * Store a settings key.
+ *
+ * @param aKey          the key to store
+ */
+void VirtualBox::storeSettingsKey(const Utf8Str &aKey)
+{
+    RTSha512(aKey.c_str(), aKey.length(), m->SettingsCipherKey);
+    m->fSettingsCipherKeySet = true;
+}
+
 // public methods only for internal purposes
 /////////////////////////////////////////////////////////////////////////////
@@ -3998 +4189 @@
         rc = saveSettings();
     }
+    NOREF(rc); /* XXX */
 }
 

trunk/src/VBox/Storage/ISCSI.cpp

@@ -3771 +3771 @@
     /* Validate configuration, detect unknown keys. */
     if (!VDCFGAreKeysValid(pImage->pIfConfig,
-                           "TargetName\0InitiatorName\0LUN\0TargetAddress\0InitiatorUsername\0InitiatorSecret\0TargetUsername\0TargetSecret\0WriteSplit\0Timeout\0HostIPStack\0"))
+                           "TargetName\0"
+                           "InitiatorName\0"
+                           "LUN\0"
+                           "TargetAddress\0"
+                           "InitiatorUsername\0"
+                           "InitiatorSecret\0"
+                           "InitiatorSecretEncrypted\0"
+                           "TargetUsername\0"
+                           "TargetSecret\0"
+                           "WriteSplit\0"
+                           "Timeout\0"
+                           "HostIPStack\0"))
     {
         rc = vdIfError(pImage->pIfError, VERR_VD_ISCSI_UNKNOWN_CFG_VALUES, RT_SRC_POS, N_("iSCSI: configuration error: unknown configuration keys present"));