Changeset 55182 in vbox for trunk/src/VBox

Timestamp:

Apr 10, 2015 2:26:59 PM (10 years ago)

Author:

vboxsync

Message:

Main,FE/VBoxManage: Support exporting machines as appliances which have encrypted disks. Because the OVF standard doesn't support encrypted disks so far we always decrypt exported images which requires the password before starting the export proess

Location:

trunk/src/VBox

Files:

• Frontends/VBoxManage/VBoxManage.cpp (modified) (1 diff)
• Frontends/VBoxManage/VBoxManage.h (modified) (1 diff)
• Frontends/VBoxManage/VBoxManageAppliance.cpp (modified) (1 diff)
• Frontends/VBoxManage/VBoxManageDisk.cpp (modified) (4 diffs)
• Main/Makefile.kmk (modified) (2 diffs)
• Main/idl/VirtualBox.xidl (modified) (2 diffs)
• Main/include/MediumImpl.h (modified) (3 diffs)
• Main/include/SecretKeyStore.h (added)
• Main/src-all/SecretKeyStore.cpp (added)
• Main/src-client/ConsoleImpl.cpp (modified) (18 diffs)
• Main/src-server/ApplianceImpl.cpp (modified) (3 diffs)
• Main/src-server/ApplianceImplExport.cpp (modified) (3 diffs)
• Main/src-server/MediumImpl.cpp (modified) (9 diffs)

trunk/src/VBox/Frontends/VBoxManage/VBoxManage.cpp

@@ -301 +301 @@
     return rcExit;
 }
+
+RTEXITCODE readPasswordFromConsole(com::Utf8Str *pPassword, const char *pszPrompt, ...)
+{
+    RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+    char aszPwdInput[_1K] = { 0 };
+    va_list vaArgs;
+
+    va_start(vaArgs, pszPrompt);
+    int vrc = RTStrmPrintfV(g_pStdOut, pszPrompt, vaArgs);
+    if (RT_SUCCESS(vrc))
+    {
+        bool fEchoOld = false;
+        vrc = RTStrmInputGetEchoChars(g_pStdIn, &fEchoOld);
+        if (RT_SUCCESS(vrc))
+        {
+            vrc = RTStrmInputSetEchoChars(g_pStdIn, false);
+            if (RT_SUCCESS(vrc))
+            {
+                vrc = RTStrmGetLine(g_pStdIn, &aszPwdInput[0], sizeof(aszPwdInput));
+                if (RT_SUCCESS(vrc))
+                    *pPassword = aszPwdInput;
+                else
+                    rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed read password from command line (%Rrc)", vrc);
+
+                int vrc2 = RTStrmInputSetEchoChars(g_pStdIn, fEchoOld);
+                AssertRC(vrc2);
+            }
+            else
+                rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to disable echoing typed characters (%Rrc)", vrc);
+        }
+        else
+            rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to retrieve echo setting (%Rrc)", vrc);
+
+        RTStrmPutStr(g_pStdOut, "\n");
+    }
+    else
+        rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to print prompt (%Rrc)", vrc);
+    va_end(vaArgs);
+
+    return rcExit;
+}
+
 #endif
 

trunk/src/VBox/Frontends/VBoxManage/VBoxManage.h

@@ -188 +188 @@
 #ifndef VBOX_ONLY_DOCS
 RTEXITCODE readPasswordFile(const char *pszFilename, com::Utf8Str *pPasswd);
+RTEXITCODE readPasswordFromConsole(com::Utf8Str *pPassword, const char *pszPrompt, ...);
 
 int handleInternalCommands(HandlerArg *a);

trunk/src/VBox/Frontends/VBoxManage/VBoxManageAppliance.cpp

@@ -1202 +1202 @@
             break;
 
+        /* Query required passwords and supply them to the appliance. */
+        com::SafeArray<BSTR> aIdentifiers;
+
+        CHECK_ERROR_BREAK(pAppliance, GetPasswordIds(ComSafeArrayAsOutParam(aIdentifiers)));
+
+        if (aIdentifiers.size() > 0)
+        {
+            com::SafeArray<BSTR> aPasswords(aIdentifiers.size());
+            RTPrintf("Enter the passwords for the following identifiers to export the apppliance:\n");
+            for (unsigned idxId = 0; idxId < aIdentifiers.size(); idxId++)
+            {
+                com::Utf8Str strPassword;
+                Bstr bstrPassword;
+                Bstr bstrId = aIdentifiers[idxId];
+
+                RTEXITCODE rcExit = readPasswordFromConsole(&strPassword, "Password ID %s:", Utf8Str(bstrId).c_str());
+                if (rcExit == RTEXITCODE_FAILURE)
+                    return rcExit;
+
+                bstrPassword = strPassword;
+                bstrPassword.detachTo(&aPasswords[idxId]);
+            }
+
+            CHECK_ERROR_BREAK(pAppliance, AddPasswords(ComSafeArrayAsInParam(aIdentifiers),
+                                                       ComSafeArrayAsInParam(aPasswords)));
+        }
+
         if (fManifest)
             options.push_back(ExportOptions_CreateManifest);

trunk/src/VBox/Frontends/VBoxManage/VBoxManageDisk.cpp

@@ -50 +50 @@
     RTMsgErrorV(pszFormat, va);
     RTMsgError("Error code %Rrc at %s(%u) in function %s", rc, RT_SRC_POS_ARGS);
-}
-
-static int getPassword(const char *pszPrompt, Utf8Str *pPassword)
-{
-    char aszPwdInput[_1K] = { 0 };
-
-    int vrc = RTStrmPutStr(g_pStdOut, pszPrompt);
-    if (RT_SUCCESS(vrc))
-    {
-        bool fEchoOld = false;
-        vrc = RTStrmInputGetEchoChars(g_pStdIn, &fEchoOld);
-        if (RT_SUCCESS(vrc))
-        {
-            vrc = RTStrmInputSetEchoChars(g_pStdIn, false);
-            if (RT_SUCCESS(vrc))
-            {
-                vrc = RTStrmGetLine(g_pStdIn, &aszPwdInput[0], sizeof(aszPwdInput));
-                if (RT_SUCCESS(vrc))
-                    *pPassword = aszPwdInput;
-
-                int vrc2 = RTStrmInputSetEchoChars(g_pStdIn, fEchoOld);
-                AssertRC(vrc2);
-            }
-        }
-        RTStrmPutStr(g_pStdOut, "\n");
-    }
-
-    return vrc;
 }
 
@@ -1767 +1739 @@
         {
             /* Get password from console. */
-            vrc = getPassword("Enter new password:", &strPasswordNew);
-            if (RT_FAILURE(vrc))
-            {
-                RTMsgError("Failed to read new password from standard input");
-                return 1;
-            }
+            RTEXITCODE rcExit = readPasswordFromConsole(&strPasswordNew, "Enter new password:");
+            if (rcExit == RTEXITCODE_FAILURE)
+                return rcExit;
         }
         else
@@ -1790 +1759 @@
         {
             /* Get password from console. */
-            vrc = getPassword("Enter old password:", &strPasswordOld);
-            if (RT_FAILURE(vrc))
-            {
-                RTMsgError("Failed to read old password from standard input");
-                return 1;
-            }
+            RTEXITCODE rcExit = readPasswordFromConsole(&strPasswordOld, "Enter old password:");
+            if (rcExit == RTEXITCODE_FAILURE)
+                return rcExit;
         }
         else
@@ -1857 +1823 @@
     {
         /* Get password from console. */
-        vrc = getPassword("Enter password:", &strPassword);
-        if (RT_FAILURE(vrc))
-        {
-            RTMsgError("Failed to read password from standard input");
-            return 1;
-        }
+        RTEXITCODE rcExit = readPasswordFromConsole(&strPassword, "Enter password:");
+        if (rcExit == RTEXITCODE_FAILURE)
+            return rcExit;
     }
     else

trunk/src/VBox/Main/Makefile.kmk

@@ -357 +357 @@
         src-all/ProgressImpl.cpp \
         src-all/QMTranslatorImpl.cpp \
+        src-all/SecretKeyStore.cpp \
         src-all/SharedFolderImpl.cpp \
         src-all/AutoCaller.cpp \
@@ -716 +717 @@
         src-all/PCIDeviceAttachmentImpl.cpp \
         src-all/ProgressImpl.cpp \
+        src-all/SecretKeyStore.cpp \
         src-all/SharedFolderImpl.cpp \
         src-all/AutoCaller.cpp \

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -2987 +2987 @@
   <interface
     name="IAppliance" extends="$unknown"
-    uuid="3059cf9e-25c7-4f0b-9fa5-3c42e441670b"
+    uuid="d9432012-2740-499f-b3b3-0991da3679f3"
     wsmap="managed"
     >
@@ -3240 +3240 @@
       <param name="warnings" type="wstring" dir="return" safearray="yes">
         <desc></desc>
+      </param>
+    </method>
+
+    <method name="getPasswordIds">
+      <desc>
+        Returns a list of password identifiers which must be supplied to import or export
+        encrypted virtual machines.
+      </desc>
+
+      <param name="identifiers" type="wstring" dir="return" safearray="yes">
+        The list of password identifiers required on success.
+      </param>
+    </method>
+
+    <method name="addPasswords">
+      <desc>
+        Adds a list of passwords required to import or export encrypted virtual
+        machines.
+      </desc>
+
+      <param name="identifiers" type="wstring" dir="in" safearray="yes">
+        <desc>List of identifiers.</desc>
+      </param>
+
+      <param name="passwords" type="wstring" dir="in" safearray="yes">
+        <desc>List of matching passwords.</desc>
       </param>
     </method>

trunk/src/VBox/Main/include/MediumImpl.h

@@ -24 +24 @@
 #include "VirtualBoxBase.h"
 #include "AutoCaller.h"
+#include "SecretKeyStore.h"
 class Progress;
 class MediumFormat;
@@ -204 +205 @@
                          const ComObjPtr<MediumFormat> &aFormat,
                          MediumVariant_T aVariant,
+                         SecretKeyStore *pKeyStore,
                          PVDINTERFACEIO aVDImageIOIf, void *aVDImageIOUser,
                          const ComObjPtr<Progress> &aProgress);
@@ -216 +218 @@
                         const ComObjPtr<Medium> &aParent, IProgress **aProgress,
                         uint32_t idxSrcImageSame, uint32_t idxDstImageSame);
+
+    const Utf8Str& i_getKeyId();
 
 private:

trunk/src/VBox/Main/src-client/ConsoleImpl.cpp

@@ -430 +430 @@
 #endif
     , mBusMgr(NULL)
+    , m_pKeyStore(NULL)
     , mpIfSecKey(NULL)
     , mpIfSecKeyHlp(NULL)
@@ -627 +628 @@
 #endif
 
+        unconst(m_pKeyStore) = new SecretKeyStore(true /* fKeyBufNonPageable */);
+        AssertReturn(m_pKeyStore, E_FAIL);
+
         /* VirtualBox events registration. */
         {
@@ -768 +772 @@
     }
 
+    if (m_pKeyStore)
+    {
+        delete m_pKeyStore;
+        unconst(m_pKeyStore) = NULL;
+    }
+
     m_mapGlobalSharedFolders.clear();
     m_mapMachineSharedFolders.clear();
@@ -774 +784 @@
     mRemoteUSBDevices.clear();
     mUSBDevices.clear();
-
-    for (SecretKeyMap::iterator it = m_mapSecretKeys.begin();
-         it != m_mapSecretKeys.end();
-         it++)
-        delete it->second;
-    m_mapSecretKeys.clear();
 
     if (mVRDEServerInfo)
@@ -3368 +3372 @@
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    /* Check that the ID is not existing already. */
-    SecretKeyMap::const_iterator it = m_mapSecretKeys.find(aId);
-    if (it != m_mapSecretKeys.end())
-        return setError(VBOX_E_OBJECT_IN_USE, tr("A password with the given ID already exists"));
-
     HRESULT hrc = S_OK;
     size_t cbKey = aPassword.length() + 1; /* Include terminator */
-    uint8_t *pbKey = NULL;
-    int rc = RTMemSaferAllocZEx((void **)&pbKey, cbKey, RTMEMSAFER_F_REQUIRE_NOT_PAGABLE);
+    const uint8_t *pbKey = (const uint8_t *)aPassword.c_str();
+
+    int rc = m_pKeyStore->addSecretKey(aId, pbKey, cbKey);
     if (RT_SUCCESS(rc))
     {
         unsigned cDisksConfigured = 0;
-        memcpy(pbKey, aPassword.c_str(), cbKey);
-
-        /* Scramble content to make retrieving the key more difficult. */
-        rc = RTMemSaferScramble(pbKey, cbKey);
-        AssertRC(rc);
-        SecretKey *pKey = new SecretKey(pbKey, cbKey, !!aClearOnSuspend);
-        /* Add the key to the map */
-        m_mapSecretKeys.insert(std::make_pair(aId, pKey));
+
         hrc = i_configureEncryptionForDisk(aId, &cDisksConfigured);
         if (SUCCEEDED(hrc))
         {
-            pKey->m_cDisks = cDisksConfigured;
+            SecretKey *pKey = NULL;
+            rc = m_pKeyStore->retainSecretKey(aId, &pKey);
+            AssertRCReturn(rc, E_FAIL);
+
+            pKey->setUsers(cDisksConfigured);
+            pKey->setRemoveOnSuspend(!!aClearOnSuspend);
+            m_pKeyStore->releaseSecretKey(aId);
             m_cDisksPwProvided += cDisksConfigured;
 
@@ -3411 +3410 @@
             }
         }
-        else
-            m_mapSecretKeys.erase(aId);
-    }
+    }
+    else if (rc == VERR_ALREADY_EXISTS)
+        hrc = setError(VBOX_E_OBJECT_IN_USE, tr("A password with the given ID already exists"));
+    else if (rc == VERR_NO_MEMORY)
+        hrc = setError(E_FAIL, tr("Failed to allocate enough secure memory for the key"));
     else
-        return setError(E_FAIL, tr("Failed to allocate secure memory for the password (%Rrc)"), rc);
+        hrc = setError(E_FAIL, tr("Unknown error happened while adding a password (%Rrc)"), rc);
 
     return hrc;
@@ -3437 +3438 @@
     for (unsigned i = 0; i < aIds.size(); i++)
     {
-        SecretKeyMap::const_iterator it = m_mapSecretKeys.find(aIds[i]);
-        if (it != m_mapSecretKeys.end())
+        SecretKey *pKey = NULL;
+        int rc = m_pKeyStore->retainSecretKey(aIds[i], &pKey);
+        if (rc != VERR_NOT_FOUND)
+        {
+            AssertPtr(pKey);
+            if (pKey)
+                pKey->release();
             return setError(VBOX_E_OBJECT_IN_USE, tr("A password with the given ID already exists"));
+        }
     }
 
     for (unsigned i = 0; i < aIds.size(); i++)
     {
-        size_t cbKey = aPasswords[i].length() + 1; /* Include terminator */
-        uint8_t *pbKey = NULL;
-        int rc = RTMemSaferAllocZEx((void **)&pbKey, cbKey, RTMEMSAFER_F_REQUIRE_NOT_PAGABLE);
-        if (RT_SUCCESS(rc))
-        {
-            unsigned cDisksConfigured = 0;
-            memcpy(pbKey, aPasswords[i].c_str(), cbKey);
-
-            /* Scramble content to make retrieving the key more difficult. */
-            rc = RTMemSaferScramble(pbKey, cbKey);
-            AssertRC(rc);
-            SecretKey *pKey = new SecretKey(pbKey, cbKey, !!aClearOnSuspend);
-            /* Add the key to the map */
-            m_mapSecretKeys.insert(std::make_pair(aIds[i], pKey));
-            hrc = i_configureEncryptionForDisk(aIds[i], &cDisksConfigured);
-            if (FAILED(hrc))
-                m_mapSecretKeys.erase(aIds[i]);
-            else
-                pKey->m_cDisks = cDisksConfigured;
-        }
-        else
-            hrc = setError(E_FAIL, tr("Failed to allocate secure memory for the password (%Rrc)"), rc);
-
+        hrc = addDiskEncryptionPassword(aIds[i], aPasswords[i], aClearOnSuspend);
         if (FAILED(hrc))
         {
@@ -3484 +3469 @@
     }
 
-    if (   SUCCEEDED(hrc)
-        && m_cDisksPwProvided == m_cDisksEncrypted
-        && mMachineState == MachineState_Paused)
-    {
-        /* get the VM handle. */
-        SafeVMPtr ptrVM(this);
-        if (!ptrVM.isOk())
-            return ptrVM.rc();
-
-        alock.release();
-        int vrc = VMR3Resume(ptrVM.rawUVM(), VMRESUMEREASON_RECONFIG);
-
-        hrc = RT_SUCCESS(vrc) ? S_OK :
-                setError(VBOX_E_VM_ERROR,
-                         tr("Could not resume the machine execution (%Rrc)"), vrc);
-    }
-
     return hrc;
 }
@@ -3511 +3479 @@
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    SecretKeyMap::iterator it = m_mapSecretKeys.find(aId);
-    if (it == m_mapSecretKeys.end())
-        return setError(VBOX_E_OBJECT_NOT_FOUND, tr("A password with the given ID does not exist"));
-
-    SecretKey *pKey = it->second;
-    if (pKey->m_cRefs)
-        return setError(VBOX_E_OBJECT_IN_USE, tr("The password is still in use by the VM"));
-
-    m_cDisksPwProvided -= pKey->m_cDisks;
-    m_mapSecretKeys.erase(it);
-    delete pKey;
+    SecretKey *pKey = NULL;
+    int rc = m_pKeyStore->retainSecretKey(aId, &pKey);
+    if (RT_SUCCESS(rc))
+    {
+        m_cDisksPwProvided -= pKey->getUsers();
+        m_pKeyStore->releaseSecretKey(aId);
+        rc = m_pKeyStore->deleteSecretKey(aId);
+        AssertRCReturn(rc, E_FAIL);
+    }
+    else if (rc == VERR_NOT_FOUND)
+        return setError(VBOX_E_OBJECT_NOT_FOUND, tr("A password with the ID \"%s\" does not exist"),
+                                                 aId.c_str());
+    else
+        return setError(E_FAIL, tr("Failed to remove password with ID \"%s\" (%Rrc)"),
+                                aId.c_str(), rc);
 
     return S_OK;
@@ -3530 +3502 @@
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    /* First check whether a password is still in use. */
-    for (SecretKeyMap::iterator it = m_mapSecretKeys.begin();
-        it != m_mapSecretKeys.end();
-        it++)
-    {
-        SecretKey *pKey = it->second;
-        if (pKey->m_cRefs)
-            return setError(VBOX_E_OBJECT_IN_USE, tr("The password with ID \"%s\" is still in use by the VM"),
-                            it->first.c_str());
-    }
-
-    for (SecretKeyMap::iterator it = m_mapSecretKeys.begin();
-        it != m_mapSecretKeys.end();
-        it++)
-        delete it->second;
-    m_mapSecretKeys.clear();
+    int rc = m_pKeyStore->deleteAllSecretKeys(false /* fSuspend */, false /* fForce */);
+    if (rc == VERR_RESOURCE_IN_USE)
+        return setError(VBOX_E_OBJECT_IN_USE, tr("A password is still in use by the VM"));
+    else if (RT_FAILURE(rc))
+        return setError(E_FAIL, tr("Deleting all passwords failed (%Rrc)"));
+
     m_cDisksPwProvided = 0;
-
     return S_OK;
 }
@@ -3598 +3559 @@
         case StorageControllerType_USB:
             return "Msd";
+        case StorageControllerType_NVMe:
+            return "nvme";
         default:
             return NULL;
@@ -5073 +5036 @@
                 if (RT_SUCCESS(rc))
                 {
-                    SecretKey *pKey = new SecretKey(pbKey, cbKey, true /* fRemoveOnSuspend */);
-                    /* Add the key to the map */
-                    m_mapSecretKeys.insert(std::make_pair(Utf8Str(pszUuid), pKey));
-                    hrc = i_configureEncryptionForDisk(Utf8Str(pszUuid), NULL);
-                    if (FAILED(hrc))
+                    rc = m_pKeyStore->addSecretKey(Utf8Str(pszUuid), pbKey, cbKey);
+                    if (RT_SUCCESS(rc))
                     {
-                        /* Delete the key from the map. */
-                        m_mapSecretKeys.erase(Utf8Str(pszUuid));
+                        hrc = i_configureEncryptionForDisk(Utf8Str(pszUuid), NULL);
+                        if (FAILED(hrc))
+                        {
+                            /* Delete the key from the map. */
+                            rc = m_pKeyStore->deleteSecretKey(Utf8Str(pszUuid));
+                            AssertRC(rc);
+                        }
                     }
                 }
@@ -5087 +5052 @@
                                    tr("Failed to decode the key (%Rrc)"),
                                    rc);
+
+                RTMemSaferFree(pbKey, cbKey);
             }
             else
@@ -5133 +5100 @@
 {
     /* Remove keys which are supposed to be removed on a suspend. */
-    SecretKeyMap::iterator it = m_mapSecretKeys.begin();
-    while (it != m_mapSecretKeys.end())
-    {
-        SecretKey *pKey = it->second;
-        if (pKey->m_fRemoveOnSuspend)
-        {
-            /* Unconfigure disk encryption from all attachments associated with this key. */
-            i_clearDiskEncryptionKeysOnAllAttachmentsWithKeyId(it->first);
-
-            AssertMsg(!pKey->m_cRefs, ("No one should access the stored key at this point anymore!\n"));
-            m_cDisksPwProvided -= pKey->m_cDisks;
-            delete pKey;
-            m_mapSecretKeys.erase(it++);
-        }
-        else
-            it++;
-    }
+    int rc = m_pKeyStore->deleteAllSecretKeys(true /* fSuspend */, true /* fForce */);
 }
 
@@ -10682 +10633 @@
 
     AutoReadLock thatLock(pConsole COMMA_LOCKVAL_SRC_POS);
-    SecretKeyMap::const_iterator it = pConsole->m_mapSecretKeys.find(Utf8Str(pszId));
-    if (it != pConsole->m_mapSecretKeys.end())
-    {
-        SecretKey *pKey = (*it).second;
-
-        ASMAtomicIncU32(&pKey->m_cRefs);
-        *ppbKey = pKey->m_pbKey;
-        *pcbKey = pKey->m_cbKey;
-        return VINF_SUCCESS;
-    }
-
-    return VERR_NOT_FOUND;
+    SecretKey *pKey = NULL;
+
+    int rc = pConsole->m_pKeyStore->retainSecretKey(Utf8Str(pszId), &pKey);
+    if (RT_SUCCESS(rc))
+    {
+        *ppbKey = (const uint8_t *)pKey->getKeyBuffer();
+        *pcbKey = pKey->getKeySize();
+    }
+
+    return rc;
 }
 
@@ -10705 +10654 @@
 
     AutoReadLock thatLock(pConsole COMMA_LOCKVAL_SRC_POS);
-    SecretKeyMap::const_iterator it = pConsole->m_mapSecretKeys.find(Utf8Str(pszId));
-    if (it != pConsole->m_mapSecretKeys.end())
-    {
-        SecretKey *pKey = (*it).second;
-        ASMAtomicDecU32(&pKey->m_cRefs);
-        return VINF_SUCCESS;
-    }
-
-    return VERR_NOT_FOUND;
+    return pConsole->m_pKeyStore->releaseSecretKey(Utf8Str(pszId));
 }
 
@@ -10725 +10666 @@
 
     AutoReadLock thatLock(pConsole COMMA_LOCKVAL_SRC_POS);
-    SecretKeyMap::const_iterator it = pConsole->m_mapSecretKeys.find(Utf8Str(pszId));
-    if (it != pConsole->m_mapSecretKeys.end())
-    {
-        SecretKey *pKey = (*it).second;
-
-        uint32_t cRefs = ASMAtomicIncU32(&pKey->m_cRefs);
-        if (cRefs == 1)
-        {
-            int rc = RTMemSaferUnscramble(pKey->m_pbKey, pKey->m_cbKey);
-            AssertRC(rc);
-        }
-        *ppszPassword = (const char *)pKey->m_pbKey;
-        return VINF_SUCCESS;
-    }
-
-    return VERR_NOT_FOUND;
+    SecretKey *pKey = NULL;
+
+    int rc = pConsole->m_pKeyStore->retainSecretKey(Utf8Str(pszId), &pKey);
+    if (RT_SUCCESS(rc))
+        *ppszPassword = (const char *)pKey->getKeyBuffer();
+
+    return rc;
 }
 
@@ -10752 +10684 @@
 
     AutoReadLock thatLock(pConsole COMMA_LOCKVAL_SRC_POS);
-    SecretKeyMap::const_iterator it = pConsole->m_mapSecretKeys.find(Utf8Str(pszId));
-    if (it != pConsole->m_mapSecretKeys.end())
-    {
-        SecretKey *pKey = (*it).second;
-        uint32_t cRefs = ASMAtomicDecU32(&pKey->m_cRefs);
-        if (!cRefs)
-        {
-            int rc = RTMemSaferScramble(pKey->m_pbKey, pKey->m_cbKey);
-            AssertRC(rc);
-        }
-        return VINF_SUCCESS;
-    }
-
-    return VERR_NOT_FOUND;
+    return pConsole->m_pKeyStore->releaseSecretKey(Utf8Str(pszId));
 }
 

trunk/src/VBox/Main/src-server/ApplianceImpl.cpp

@@ -404 +404 @@
     // initialize data
     m = new Data;
+    m->m_pSecretKeyStore = new SecretKeyStore(false /* fRequireNonPageable*/);
+    AssertReturn(m->m_pSecretKeyStore, E_FAIL);
 
     i_initApplianceIONameMap();
@@ -425 +427 @@
     if (autoUninitSpan.uninitDone())
         return;
+
+    if (m->m_pSecretKeyStore)
+        delete m->m_pSecretKeyStore;
 
     delete m;
@@ -601 +606 @@
 }
 
+HRESULT Appliance::getPasswordIds(std::vector<com::Utf8Str> &aIdentifiers)
+{
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+
+    aIdentifiers = m->m_vecPasswordIdentifiers;
+    return S_OK;
+}
+
+HRESULT Appliance::addPasswords(const std::vector<com::Utf8Str> &aIdentifiers,
+                                const std::vector<com::Utf8Str> &aPasswords)
+{
+    HRESULT hrc = S_OK;
+
+    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
+
+    /* Check that the IDs do not exist already before changing anything. */
+    for (unsigned i = 0; i < aIdentifiers.size(); i++)
+    {
+        SecretKey *pKey = NULL;
+        int rc = m->m_pSecretKeyStore->retainSecretKey(aIdentifiers[i], &pKey);
+        if (rc != VERR_NOT_FOUND)
+        {
+            AssertPtr(pKey);
+            if (pKey)
+                pKey->release();
+            return setError(VBOX_E_OBJECT_IN_USE, tr("A password with the given ID already exists"));
+        }
+    }
+
+    for (unsigned i = 0; i < aIdentifiers.size() && SUCCEEDED(hrc); i++)
+    {
+        size_t cbKey = aPasswords[i].length() + 1; /* Include terminator */
+        const uint8_t *pbKey = (const uint8_t *)aPasswords[i].c_str();
+
+        int rc = m->m_pSecretKeyStore->addSecretKey(aIdentifiers[i], pbKey, cbKey);
+        if (RT_SUCCESS(rc))
+            m->m_cPwProvided++;
+        else if (rc == VERR_NO_MEMORY)
+            hrc = setError(E_OUTOFMEMORY, tr("Failed to allocate enough secure memory for the key"));
+        else
+            hrc = setError(E_FAIL, tr("Unknown error happened while adding a password (%Rrc)"), rc);
+    }
+
+    return hrc;
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 //

trunk/src/VBox/Main/src-server/ApplianceImplExport.cpp

@@ -358 +358 @@
                 rc = pBaseMedium->COMGETTER(Size)(&llSize);
                 if (FAILED(rc)) throw rc;
+
+                /* If the medium is encrypted add the key identifier to the */
+                IMedium *iBaseMedium = pBaseMedium;
+                Medium *pBase = static_cast<Medium*>(iBaseMedium);
+                const com::Utf8Str strKeyId = pBase->i_getKeyId();
+                if (!strKeyId.isEmpty())
+                {
+                    bool fKnown = false;
+
+                    /* Check whether the ID is already in our sequence, add it otherwise. */
+                    for (unsigned i = 0; i < pAppliance->m->m_vecPasswordIdentifiers.size(); i++)
+                    {
+                        if (strKeyId.equals(pAppliance->m->m_vecPasswordIdentifiers[i]))
+                        {
+                            fKnown = true;
+                            break;
+                        }
+                    }
+
+                    if (!fKnown)
+                        pAppliance->m->m_vecPasswordIdentifiers.push_back(strKeyId);
+                }
             }
             else if (   deviceType == DeviceType_DVD
@@ -649 +671 @@
         return setError(VBOX_E_FILE_ERROR,
                         tr("Invalid format \"%s\" specified"), aFormat.c_str());
+
+    /* Check whether all passwords are supplied or error out. */
+    if (m->m_cPwProvided < m->m_vecPasswordIdentifiers.size())
+        return setError(VBOX_E_INVALID_OBJECT_STATE,
+                        tr("Appliance export failed because not all passwords were provided for all encrypted media"));
 
     /* as of OVF 2.0 we have to use SHA256 */
@@ -2168 +2195 @@
                                                    format,
                                                    MediumVariant_VmdkStreamOptimized,
+                                                   m->m_pSecretKeyStore,
                                                    pIfIo,
                                                    pStorage,

trunk/src/VBox/Main/src-server/MediumImpl.cpp

@@ -572 +572 @@
                MediumFormat *aFormat,
                MediumVariant_T aVariant,
+               SecretKeyStore *pSecretKeyStore,
                VDINTERFACEIO *aVDImageIOIf,
                void *aVDImageIOUser,
@@ -581 +582 @@
           mFormat(aFormat),
           mVariant(aVariant),
+          m_pSecretKeyStore(pSecretKeyStore),
           mfKeepSourceMediumLockList(fKeepSourceMediumLockList)
     {
@@ -606 +608 @@
     MediumVariant_T mVariant;
     PVDINTERFACE mVDImageIfaces;
+    SecretKeyStore *m_pSecretKeyStore;
 
 private:
@@ -5587 +5590 @@
  * @param aVariant              Which exact image format variant to use
  *                              for the destination image.
+ * @param pKeyStore             The optional key store for decrypting the data
+ *                              for encrypted media during the export.
  * @param aVDImageIOCallbacks   Pointer to the callback table for a
  *                              VDINTERFACEIO interface. May be NULL.
@@ -5597 +5602 @@
                              const ComObjPtr<MediumFormat> &aFormat,
                              MediumVariant_T aVariant,
+                             SecretKeyStore *pKeyStore,
                              PVDINTERFACEIO aVDImageIOIf, void *aVDImageIOUser,
                              const ComObjPtr<Progress> &aProgress)
@@ -5638 +5644 @@
         /* setup task object to carry out the operation asynchronously */
         pTask = new Medium::ExportTask(this, aProgress, aFilename, aFormat,
-                                       aVariant, aVDImageIOIf,
+                                       aVariant, pKeyStore, aVDImageIOIf,
                                        aVDImageIOUser, pSourceMediumLockList);
         rc = pTask->rc();
@@ -5898 +5904 @@
 
     return rc;
+}
+
+/**
+ * Returns the key identifier for this medium if encryption is configured.
+ *
+ * @returns Key identifier or empty string if no encryption is configured.
+ */
+const Utf8Str& Medium::i_getKeyId()
+{
+    ComObjPtr<Medium> pBase = i_getBase();
+
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+
+    settings::StringsMap::const_iterator it = pBase->m->mapProperties.find("CRYPT/KeyId");
+    if (it == pBase->m->mapProperties.end())
+        return Utf8Str::Empty;
+
+    return it->second;
 }
 
@@ -8728 +8752 @@
          * signal from the task initiator (which releases it only after
          * RTThreadCreate()) that we can start the job. */
+        ComObjPtr<Medium> pBase = i_getBase();
         AutoWriteLock thisLock(this COMMA_LOCKVAL_SRC_POS);
 
@@ -8736 +8761 @@
         try
         {
+            settings::StringsMap::iterator itKeyStore = pBase->m->mapProperties.find("CRYPT/KeyStore");
+            if (itKeyStore != pBase->m->mapProperties.end())
+            {
+                settings::StringsMap::iterator itKeyId = pBase->m->mapProperties.find("CRYPT/KeyId");
+
+#ifdef VBOX_WITH_EXTPACK
+                static const Utf8Str strExtPackPuel("Oracle VM VirtualBox Extension Pack");
+                static const char *s_pszVDPlugin = "VDPluginCrypt";
+                ExtPackManager *pExtPackManager = m->pVirtualBox->i_getExtPackManager();
+                if (pExtPackManager->i_isExtPackUsable(strExtPackPuel.c_str()))
+                {
+                    /* Load the plugin */
+                    Utf8Str strPlugin;
+                    rc = pExtPackManager->i_getLibraryPathForExtPack(s_pszVDPlugin, &strExtPackPuel, &strPlugin);
+                    if (SUCCEEDED(rc))
+                    {
+                        vrc = VDPluginLoadFromFilename(strPlugin.c_str());
+                        if (RT_FAILURE(vrc))
+                            throw setError(VBOX_E_NOT_SUPPORTED,
+                                           tr("Retrieving encryption settings of the image failed because the encryption plugin could not be loaded (%s)"),
+                                           i_vdError(vrc).c_str());
+                    }
+                    else
+                        throw setError(VBOX_E_NOT_SUPPORTED,
+                                       tr("Encryption is not supported because the extension pack '%s' is missing the encryption plugin (old extension pack installed?)"),
+                                       strExtPackPuel.c_str());
+                }
+                else
+                    throw setError(VBOX_E_NOT_SUPPORTED,
+                                   tr("Encryption is not supported because the extension pack '%s' is missing"),
+                                   strExtPackPuel.c_str());
+#else
+                throw setError(VBOX_E_NOT_SUPPORTED,
+                               tr("Encryption is not supported because extension pack support is not built in"));
+#endif
+
+                if (itKeyId == pBase->m->mapProperties.end())
+                    throw setError(VBOX_E_INVALID_OBJECT_STATE,
+                                   tr("Image '%s' is configured for encryption but doesn't has a key identifier set"),
+                                   pBase->m->strLocationFull.c_str());
+
+                /* Find the proper secret key in the key store. */
+                if (!task.m_pSecretKeyStore)
+                    throw setError(VBOX_E_INVALID_OBJECT_STATE,
+                                   tr("Image '%s' is configured for encryption but there is no key store to retrieve the password from"),
+                                   pBase->m->strLocationFull.c_str());
+
+                SecretKey *pKey = NULL;
+                vrc = task.m_pSecretKeyStore->retainSecretKey(itKeyId->second, &pKey);
+                if (RT_FAILURE(vrc))
+                    throw setError(VBOX_E_INVALID_OBJECT_STATE,
+                                   tr("Failed to retrieve the secret key with ID \"%s\" from the store (%Rrc)"),
+                                   itKeyId->second.c_str(), vrc);
+
+                Medium::CryptoFilterSettings CryptoSettingsRead;
+                i_taskEncryptSettingsSetup(&CryptoSettingsRead, NULL, itKeyStore->second.c_str(), (const char *)pKey->getKeyBuffer(),
+                                           false /* fCreateKeyStore */);
+                vrc = VDFilterAdd(hdd, "CRYPT", VD_FILTER_FLAGS_READ, CryptoSettingsRead.vdFilterIfaces);
+                if (vrc == VERR_VD_PASSWORD_INCORRECT)
+                {
+                    task.m_pSecretKeyStore->releaseSecretKey(itKeyId->second);
+                    throw setError(VBOX_E_PASSWORD_INCORRECT,
+                                   tr("The password to decrypt the image is incorrect"));
+                }
+                else if (RT_FAILURE(vrc))
+                {
+                    task.m_pSecretKeyStore->releaseSecretKey(itKeyId->second);
+                    throw setError(VBOX_E_INVALID_OBJECT_STATE,
+                                   tr("Failed to load the decryption filter: %s"),
+                                   i_vdError(vrc).c_str());
+                }
+
+                task.m_pSecretKeyStore->releaseSecretKey(itKeyId->second);
+            }
+
             /* Open all media in the source chain. */
             MediumLockList::Base::const_iterator sourceListBegin =