Changeset 94726 in vbox

Timestamp:

Apr 27, 2022 5:39:33 PM (3 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

151106

Message:

Main/Settings: Implement encrypting/decrypting a VM config, bugref:9955

Location:

trunk

Files:

• include/VBox/settings.h (modified) (8 diffs)
• src/VBox/Main/xml/Settings.cpp (modified) (17 diffs)

trunk/include/VBox/settings.h

@@ -50 +50 @@
 #include <VBox/com/Guid.h>
 #include <VBox/com/string.h>
+#include <VBox/VBoxCryptoIf.h>
 
 #include <list>
@@ -618 +619 @@
 
     com::Utf8Str    strNvramPath;
+    com::Utf8Str    strKeyId;
+    com::Utf8Str    strKeyStore;
 };
 
@@ -1368 +1371 @@
     com::Guid               uuid;
 
+    enum
+    {
+        ParseState_NotParsed,
+        ParseState_PasswordError,
+        ParseState_Parsed
+    }                       enmParseState;
+
     MachineUserData         machineUserData;
 
+    com::Utf8Str            strStateKeyId;
+    com::Utf8Str            strStateKeyStore;
     com::Utf8Str            strStateFile;
     bool                    fCurrentStateModified;      // optional, default is true
@@ -1386 +1398 @@
     SnapshotsList           llFirstSnapshot;            // first snapshot or empty list if there's none
 
-    MachineConfigFile(const com::Utf8Str *pstrFilename);
+    com::Utf8Str            strKeyId;
+    com::Utf8Str            strKeyStore;                // if not empty, the encryption is used
+    com::Utf8Str            strLogKeyId;
+    com::Utf8Str            strLogKeyStore;
+
+    MachineConfigFile(const com::Utf8Str *pstrFilename,
+                      PCVBOXCRYPTOIF pCryptoIf = NULL,
+                      const char *pszPassword = NULL);
 
     bool operator==(const MachineConfigFile &m) const;
@@ -1394 +1413 @@
     void importMachineXML(const xml::ElementNode &elmMachine);
 
-    void write(const com::Utf8Str &strFilename);
+    void write(const com::Utf8Str &strFilename, PCVBOXCRYPTOIF pCryptoIf = NULL, const char *pszPassword = NULL);
 
     enum
@@ -1404 +1423 @@
         BuildMachineXML_SuppressSavedState = 0x10
     };
+
+    void copyEncryptionSettingsFrom(const MachineConfigFile &other);
     void buildMachineXML(xml::ElementNode &elmMachine,
                          uint32_t fl,
@@ -1432 +1453 @@
     void convertOldOSType_pre1_5(com::Utf8Str &str);
     void readMachine(const xml::ElementNode &elmMachine);
+    void readMachineEncrypted(const xml::ElementNode &elmMachine, PCVBOXCRYPTOIF pCryptoIf, const char *pszPassword);
 
     void buildHardwareXML(xml::ElementNode &elmParent, const Hardware &hw, uint32_t fl, std::list<xml::ElementNode*> *pllElementsWithUuidAttributes);
@@ -1444 +1466 @@
     void buildSnapshotXML(xml::ElementNode &elmParent, const Snapshot &snap);
 
+    void buildMachineEncryptedXML(xml::ElementNode &elmMachine,
+                                  uint32_t fl,
+                                  std::list<xml::ElementNode*> *pllElementsWithUuidAttributes,
+                                  PCVBOXCRYPTOIF pCryptoIf,
+                                  const char *pszPassword);
+
     void bumpSettingsVersionIfNeeded();
 };

trunk/src/VBox/Main/xml/Settings.cpp

@@ -3026 +3026 @@
 bool NvramSettings::areDefaultSettings() const
 {
-    return strNvramPath.isEmpty();
+    return     strNvramPath.isEmpty()
+            && strKeyId.isEmpty()
+            && strKeyStore.isEmpty();
 }
 
@@ -3037 +3039 @@
 {
     return (this == &g)
-        || (strNvramPath    == g.strNvramPath);
+        || (strNvramPath    == g.strNvramPath)
+        || (strKeyId        == g.strKeyId)
+        || (strKeyStore     == g.strKeyStore);
 }
 
@@ -3994 +3998 @@
  *
  * @param pstrFilename
- */
-MachineConfigFile::MachineConfigFile(const Utf8Str *pstrFilename)
+ * @param pCryptoIf             Pointer to the cryptographic interface, required for an encrypted machine config.
+ * @param pszPassword           The password to use for an encrypted machine config.
+ */
+MachineConfigFile::MachineConfigFile(const Utf8Str *pstrFilename, PCVBOXCRYPTOIF pCryptoIf, const char *pszPassword)
     : ConfigFileBase(pstrFilename),
+      enmParseState(ParseState_NotParsed),
       fCurrentStateModified(true),
       fAborted(false)
@@ -4011 +4018 @@
         while ((pelmRootChild = nlRootChildren.forAllNodes()))
         {
+            if (pelmRootChild->nameEquals("MachineEncrypted"))
+                readMachineEncrypted(*pelmRootChild, pCryptoIf, pszPassword);
             if (pelmRootChild->nameEquals("Machine"))
                 readMachine(*pelmRootChild);
@@ -4017 +4026 @@
         // clean up memory allocated by XML engine
         clearDocument();
+
+        if (enmParseState == ParseState_NotParsed)
+            enmParseState = ParseState_Parsed;
     }
 }
@@ -4029 +4041 @@
 {
     return (m->sv >= SettingsVersion_v1_11);
+}
+
+/**
+ * Public routine which copies encryption settings. Used by Machine::saveSettings
+ * so that the encryption settings do not get lost when a copy of the Machine settings
+ * file is made to see if settings have actually changed.
+ * @param other
+ */
+void MachineConfigFile::copyEncryptionSettingsFrom(const MachineConfigFile &other)
+{
+    strKeyId    = other.strKeyId;
+    strKeyStore = other.strKeyStore;
 }
 
@@ -4089 +4113 @@
             && mediaRegistry              == c.mediaRegistry        // this one's deep
             // skip mapExtraDataItems! there is no old state available as it's always forced
-            && llFirstSnapshot            == c.llFirstSnapshot);    // this one's deep
+            && llFirstSnapshot            == c.llFirstSnapshot     // this one's deep
+            && strKeyId                   == c.strKeyId
+            && strKeyStore                == c.strKeyStore
+            && strStateKeyId              == c.strStateKeyId
+            && strStateKeyStore           == c.strStateKeyStore
+            && strLogKeyId                == c.strLogKeyId
+            && strLogKeyStore             == c.strLogKeyStore);
 }
 
@@ -5169 +5199 @@
                 pelmBIOSChild->getAttributeValue("value", hw.biosSettings.llTimeOffset);
             if ((pelmBIOSChild = pelmHwChild->findChildElement("NVRAM")))
+            {
                 pelmBIOSChild->getAttributeValue("path", hw.nvramSettings.strNvramPath);
+                if (m->sv >= SettingsVersion_v1_19)
+                {
+                    pelmBIOSChild->getAttributeValue("keyId", hw.nvramSettings.strKeyId);
+                    pelmBIOSChild->getAttributeValue("keyStore", hw.nvramSettings.strKeyStore);
+                }
+            }
             if ((pelmBIOSChild = pelmHwChild->findChildElement("SmbiosUuidLittleEndian")))
                 pelmBIOSChild->getAttributeValue("enabled", hw.biosSettings.fSmbiosUuidLittleEndian);
@@ -6098 +6135 @@
             convertOldOSType_pre1_5(machineUserData.strOsType);
 
+        elmMachine.getAttributeValue("stateKeyId", strStateKeyId);
+        elmMachine.getAttributeValue("stateKeyStore", strStateKeyStore);
         elmMachine.getAttributeValuePath("stateFile", strStateFile);
+
+        elmMachine.getAttributeValue("strLogKeyId", strLogKeyId);
+        elmMachine.getAttributeValue("strLogKeyStore", strLogKeyStore);
 
         if (elmMachine.getAttributeValue("currentSnapshot", str))
@@ -6193 +6235 @@
 
 /**
+ * Called from the constructor to decrypt the machine config and read
+ * data from it.
+ * @param elmMachine
+ */
+void MachineConfigFile::readMachineEncrypted(const xml::ElementNode &elmMachine,
+                                             PCVBOXCRYPTOIF pCryptoIf = NULL,
+                                             const char *pszPassword = NULL)
+{
+    Utf8Str strUUID;
+    if (elmMachine.getAttributeValue("uuid", strUUID))
+    {
+        parseUUID(uuid, strUUID, &elmMachine);
+        if (!elmMachine.getAttributeValue("keyId", strKeyId))
+            throw ConfigFileError(this, &elmMachine, N_("Required MachineEncrypted/@keyId attribute is missing"));
+        if (!elmMachine.getAttributeValue("keyStore", strKeyStore))
+            throw ConfigFileError(this, &elmMachine, N_("Required MachineEncrypted/@keyStore attribute is missing"));
+
+        if (!pszPassword)
+        {
+            enmParseState = ParseState_PasswordError;
+            return;
+        }
+
+        VBOXCRYPTOCTX hCryptoCtx = NULL;
+        int rc = pCryptoIf->pfnCryptoCtxLoad(strKeyStore.c_str(), pszPassword, &hCryptoCtx);
+        if (RT_SUCCESS(rc))
+        {
+            com::Utf8Str str = elmMachine.getValue();
+            IconBlob abEncrypted; /** @todo Rename IconBlob because this is not about icons. */
+            /** @todo This is not nice. */
+            try
+            {
+                parseBase64(abEncrypted, str, &elmMachine);
+            }
+            catch(...)
+            {
+                int rc2 = pCryptoIf->pfnCryptoCtxDestroy(hCryptoCtx);
+                AssertRC(rc2);
+                throw;
+            }
+
+            IconBlob abDecrypted(abEncrypted.size());
+            size_t cbDecrypted = 0;
+            rc = pCryptoIf->pfnCryptoCtxDecrypt(hCryptoCtx, false /*fPartial*/,
+                                                &abEncrypted[0], abEncrypted.size(),
+                                                uuid.raw(), sizeof(RTUUID),
+                                                &abDecrypted[0], abDecrypted.size(), &cbDecrypted);
+            int rc2 = pCryptoIf->pfnCryptoCtxDestroy(hCryptoCtx);
+            AssertRC(rc2);
+
+            if (RT_SUCCESS(rc))
+            {
+                abDecrypted.resize(cbDecrypted);
+                xml::XmlMemParser parser;
+                xml::Document *pDoc = new xml::Document;
+                parser.read(&abDecrypted[0], abDecrypted.size(), m->strFilename, *pDoc);
+                xml::ElementNode *pelmRoot = pDoc->getRootElement();
+                if (!pelmRoot || !pelmRoot->nameEquals("Machine"))
+                    throw ConfigFileError(this, pelmRoot, N_("Root element in Machine settings encrypted block must be \"Machine\""));
+                readMachine(*pelmRoot);
+                delete pDoc;
+            }
+        }
+
+        if (RT_FAILURE(rc))
+        {
+            if (rc == VERR_ACCESS_DENIED)
+                enmParseState = ParseState_PasswordError;
+            else
+                throw ConfigFileError(this, &elmMachine, N_("Parsing config failed. (%Rrc)"), rc);
+        }
+    }
+    else
+        throw ConfigFileError(this, &elmMachine, N_("Required MachineEncrypted/@uuid attribute is missing"));
+}
+
+/**
  * Creates a \<Hardware\> node under elmParent and then writes out the XML
  * keys under that. Called for both the \<Machine\> node and for snapshots.
@@ -6664 +6783 @@
     }
 
-    if (!hw.biosSettings.areDefaultSettings())
+    if (!hw.biosSettings.areDefaultSettings() || !hw.nvramSettings.areDefaultSettings())
     {
         xml::ElementNode *pelmBIOS = pelmHardware->createChild("BIOS");
@@ -6718 +6837 @@
         if (hw.biosSettings.fPXEDebugEnabled)
             pelmBIOS->createChild("PXEDebug")->setAttribute("enabled", hw.biosSettings.fPXEDebugEnabled);
-        if (!hw.nvramSettings.strNvramPath.isEmpty())
-            pelmBIOS->createChild("NVRAM")->setAttribute("path", hw.nvramSettings.strNvramPath);
+        if (!hw.nvramSettings.areDefaultSettings())
+        {
+            xml::ElementNode *pelmNvram = pelmBIOS->createChild("NVRAM");
+            if (!hw.nvramSettings.strNvramPath.isEmpty())
+                pelmNvram->setAttribute("path", hw.nvramSettings.strNvramPath);
+            if (m->sv >= SettingsVersion_v1_9)
+            {
+                if (hw.nvramSettings.strKeyId.isNotEmpty())
+                    pelmNvram->setAttribute("keyId", hw.nvramSettings.strKeyId);
+                if (hw.nvramSettings.strKeyStore.isNotEmpty())
+                    pelmNvram->setAttribute("keyStore", hw.nvramSettings.strKeyStore);
+            }
+        }
         if (hw.biosSettings.fSmbiosUuidLittleEndian)
             pelmBIOS->createChild("SmbiosUuidLittleEndian")->setAttribute("enabled", hw.biosSettings.fSmbiosUuidLittleEndian);
@@ -7901 +8031 @@
         elmMachine.createChild("Description")->addContent(machineUserData.strDescription);
     elmMachine.setAttribute("OSType", machineUserData.strOsType);
+
+
+    if (m->sv >= SettingsVersion_v1_19)
+    {
+        if (strStateKeyId.length())
+            elmMachine.setAttribute("stateKeyId", strStateKeyId);
+        if (strStateKeyStore.length())
+            elmMachine.setAttribute("stateKeyStore", strStateKeyStore);
+        if (strLogKeyId.length())
+            elmMachine.setAttribute("strLogKeyId", strLogKeyId);
+        if (strLogKeyStore.length())
+            elmMachine.setAttribute("strLogKeyStore", strLogKeyStore);
+    }
     if (    strStateFile.length()
          && !(fl & BuildMachineXML_SuppressSavedState)
@@ -7974 +8117 @@
     buildAutostartXML(elmMachine, autostart);
     buildGroupsXML(elmMachine, machineUserData.llGroups);
+}
+
+ /**
+ * Builds encrypted config.
+ *
+ * @sa MachineConfigFile::buildMachineXML
+ */
+void MachineConfigFile::buildMachineEncryptedXML(xml::ElementNode &elmMachine,
+                                                 uint32_t fl,
+                                                 std::list<xml::ElementNode*> *pllElementsWithUuidAttributes,
+                                                 PCVBOXCRYPTOIF pCryptoIf,
+                                                 const char *pszPassword = NULL)
+{
+    if (   !pszPassword
+        || !pCryptoIf)
+        throw ConfigFileError(this, &elmMachine, N_("Password is required"));
+
+    xml::Document *pDoc = new xml::Document;
+    xml::ElementNode *pelmRoot = pDoc->createRootElement("Machine");
+    pelmRoot->setAttribute("xmlns", VBOX_XML_NAMESPACE);
+    // Have the code for producing a proper schema reference. Not used by most
+    // tools, so don't bother doing it. The schema is not on the server anyway.
+#ifdef VBOX_WITH_SETTINGS_SCHEMA
+    pelmRoot->setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+    pelmRoot->setAttribute("xsi:schemaLocation", VBOX_XML_NAMESPACE " " VBOX_XML_SCHEMA);
+#endif
+
+    buildMachineXML(*pelmRoot, fl, pllElementsWithUuidAttributes);
+    xml::XmlStringWriter writer;
+    com::Utf8Str strMachineXml;
+    int rc = writer.write(*pDoc, &strMachineXml);
+    delete pDoc;
+    if (RT_SUCCESS(rc))
+    {
+        VBOXCRYPTOCTX hCryptoCtx;
+        if (strKeyStore.isEmpty())
+        {
+            rc = pCryptoIf->pfnCryptoCtxCreate("AES-GCM256", pszPassword, &hCryptoCtx);
+            if (RT_SUCCESS(rc))
+            {
+                char *pszNewKeyStore;
+                rc = pCryptoIf->pfnCryptoCtxSave(hCryptoCtx, &pszNewKeyStore);
+                if (RT_SUCCESS(rc))
+                {
+                    strKeyStore = pszNewKeyStore;
+                    RTStrFree(pszNewKeyStore);
+                }
+                else
+                    pCryptoIf->pfnCryptoCtxDestroy(hCryptoCtx);
+            }
+        }
+        else
+            rc = pCryptoIf->pfnCryptoCtxLoad(strKeyStore.c_str(), pszPassword, &hCryptoCtx);
+        if (RT_SUCCESS(rc))
+        {
+            IconBlob abEncrypted;
+            size_t cbEncrypted = 0;
+            rc = pCryptoIf->pfnCryptoCtxQueryEncryptedSize(hCryptoCtx, strMachineXml.length(), &cbEncrypted);
+            if (RT_SUCCESS(rc))
+            {
+                abEncrypted.resize(cbEncrypted);
+                rc = pCryptoIf->pfnCryptoCtxEncrypt(hCryptoCtx, false /*fPartial*/, NULL /*pvIV*/, 0 /*cbIV*/,
+                                                    strMachineXml.c_str(), strMachineXml.length(),
+                                                    uuid.raw(), sizeof(RTUUID),
+                                                    &abEncrypted[0], abEncrypted.size(), &cbEncrypted);
+                int rc2 = pCryptoIf->pfnCryptoCtxDestroy(hCryptoCtx);
+                AssertRC(rc2);
+                if (RT_SUCCESS(rc))
+                {
+                    abEncrypted.resize(cbEncrypted);
+                    toBase64(strMachineXml, abEncrypted);
+                    elmMachine.setAttribute("uuid", uuid.toStringCurly());
+                    elmMachine.setAttribute("keyId", strKeyId);
+                    elmMachine.setAttribute("keyStore", strKeyStore);
+                    elmMachine.setContent(strMachineXml.c_str());
+                }
+            }
+        }
+
+        if (RT_FAILURE(rc))
+            throw ConfigFileError(this, &elmMachine, N_("Creating machine encrypted xml failed. (%Rrc)"), rc);
+    }
+    else
+        throw ConfigFileError(this, &elmMachine, N_("Creating machine xml failed. (%Rrc)"), rc);
 }
 
@@ -8080 +8307 @@
     if (m->sv < SettingsVersion_v1_19)
     {
-        // VirtualBox 7.0 adds iommu device.
-        if (hardwareMachine.iommuType != IommuType_None)
+        // VirtualBox 7.0 adds iommu device and full VM encryption.
+        if (   hardwareMachine.iommuType != IommuType_None
+            || strKeyId.isNotEmpty()
+            || strKeyStore.isNotEmpty()
+            || strStateKeyId.isNotEmpty()
+            || strStateKeyStore.isNotEmpty()
+            || hardwareMachine.nvramSettings.strKeyId.isNotEmpty()
+            || hardwareMachine.nvramSettings.strKeyStore.isNotEmpty()
+            || strLogKeyId.isNotEmpty()
+            || strLogKeyStore.isEmpty())
         {
             m->sv = SettingsVersion_v1_19;
@@ -8742 +8977 @@
  * in particular if the file cannot be written.
  */
-void MachineConfigFile::write(const com::Utf8Str &strFilename)
+void MachineConfigFile::write(const com::Utf8Str &strFilename, PCVBOXCRYPTOIF pCryptoIf, const char *pszPassword)
 {
     try
@@ -8752 +8987 @@
 
         m->strFilename = strFilename;
-        specialBackupIfFirstBump();
+        /*
+         * Only create a backup if it is not encrypted.
+         * Otherwise we get an unencrypted copy of the settings.
+         */
+        if (strKeyId.isEmpty() && strKeyStore.isEmpty())
+            specialBackupIfFirstBump();
         createStubDocument();
 
-        xml::ElementNode *pelmMachine = m->pelmRoot->createChild("Machine");
-        buildMachineXML(*pelmMachine,
-                          MachineConfigFile::BuildMachineXML_IncludeSnapshots
-                        | MachineConfigFile::BuildMachineXML_MediaRegistry,
-                            // but not BuildMachineXML_WriteVBoxVersionAttribute
-                        NULL); /* pllElementsWithUuidAttributes */
+        if (strKeyStore.isNotEmpty())
+        {
+            xml::ElementNode *pelmMachine = m->pelmRoot->createChild("MachineEncrypted");
+            buildMachineEncryptedXML(*pelmMachine,
+                                       MachineConfigFile::BuildMachineXML_IncludeSnapshots
+                                     | MachineConfigFile::BuildMachineXML_MediaRegistry,
+                                         // but not BuildMachineXML_WriteVBoxVersionAttribute
+                                     NULL, /* pllElementsWithUuidAttributes */
+                                     pCryptoIf,
+                                     pszPassword);
+        }
+        else
+        {
+            xml::ElementNode *pelmMachine = m->pelmRoot->createChild("Machine");
+            buildMachineXML(*pelmMachine,
+                              MachineConfigFile::BuildMachineXML_IncludeSnapshots
+                            | MachineConfigFile::BuildMachineXML_MediaRegistry,
+                                // but not BuildMachineXML_WriteVBoxVersionAttribute
+                            NULL); /* pllElementsWithUuidAttributes */
+        }
 
         // now go write the XML