Changeset 94804 in vbox

Timestamp:

May 4, 2022 8:02:56 AM (3 years ago)

Author:

vboxsync

Message:

Main/Console: Implement log encryption for encrypted VMs, bugref:9955

Location:

trunk/src/VBox/Main

Files:

• include/ConsoleImpl.h (modified) (3 diffs)
• src-client/ConsoleImpl.cpp (modified) (4 diffs)

trunk/src/VBox/Main/include/ConsoleImpl.h

@@ -67 +67 @@
 
 #include <iprt/uuid.h>
+#include <iprt/log.h>
 #include <iprt/memsafer.h>
 #include <VBox/RemoteDesktop/VRDE.h>
@@ -947 +948 @@
     /** @} */
 
+#ifdef VBOX_WITH_FULL_VM_ENCRYPTION
+    /** @name Encrypted log interface
+     * @{ */
+    static DECLCALLBACK(int)    i_logEncryptedOpen(PCRTLOGOUTPUTIF pIf, void *pvUser, const char *pszFilename, uint32_t fFlags);
+    static DECLCALLBACK(int)    i_logEncryptedClose(PCRTLOGOUTPUTIF pIf, void *pvUser);
+    static DECLCALLBACK(int)    i_logEncryptedDelete(PCRTLOGOUTPUTIF pIf, void *pvUser, const char *pszFilename);
+    static DECLCALLBACK(int)    i_logEncryptedRename(PCRTLOGOUTPUTIF pIf, void *pvUser, const char *pszFilenameOld,
+                                                     const char *pszFilenameNew, uint32_t fFlags);
+    static DECLCALLBACK(int)    i_logEncryptedQuerySize(PCRTLOGOUTPUTIF pIf, void *pvUser, uint64_t *pcbSize);
+    static DECLCALLBACK(int)    i_logEncryptedWrite(PCRTLOGOUTPUTIF pIf, void *pvUser, const void *pvBuf,
+                                                    size_t cbWrite, size_t *pcbWritten);
+    static DECLCALLBACK(int)    i_logEncryptedFlush(PCRTLOGOUTPUTIF pIf, void *pvUser);
+    /** @} */
+#endif
+
     bool mSavedStateDataLoaded : 1;
 
@@ -1101 +1117 @@
     /** @} */
 
+#ifdef VBOX_WITH_FULL_VM_ENCRYPTION
+    /** Flag whether the log is encrypted. */
+    bool                                m_fEncryptedLog;
+    /** The file handle of the encrypted log. */
+    RTVFSFILE                           m_hVfsFileLog;
+    /** The logging output interface for encrypted logs. */
+    RTLOGOUTPUTIF                       m_LogOutputIf;
+    /** The log file key ID. */
+    Utf8Str                             m_strLogKeyId;
+    /** The log file key store. */
+    Utf8Str                             m_strLogKeyStore;
+#endif
+
 #ifdef VBOX_WITH_DRAG_AND_DROP
     HGCMSVCEXTHANDLE m_hHgcmSvcExtDragAndDrop;

trunk/src/VBox/Main/src-client/ConsoleImpl.cpp

@@ -742 +742 @@
     }
 
-    HRESULT rc = i_unloadCryptoIfModule();
-    AssertComRC(rc);
-
 #ifdef VBOX_WITH_USB_CARDREADER
     if (mUsbCardReader)
@@ -881 +878 @@
     }
     mcLedSets = 0;
+
+#ifdef VBOX_WITH_FULL_VM_ENCRYPTION
+    /* Close the release log before unloading the cryptographic module. */
+    if (m_fEncryptedLog)
+    {
+        PRTLOGGER pLogEnc = RTLogRelSetDefaultInstance(NULL);
+        int vrc = RTLogDestroy(pLogEnc);
+        AssertRC(vrc);
+    }
+#endif
+
+    HRESULT rc = i_unloadCryptoIfModule();
+    AssertComRC(rc);
 
     LogFlowThisFuncLeave();
@@ -7848 +7858 @@
 
 
+#ifdef VBOX_WITH_FULL_VM_ENCRYPTION
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedOpen(PCRTLOGOUTPUTIF pIf, void *pvUser, const char *pszFilename, uint32_t fFlags)
+{
+    RT_NOREF(pIf);
+    Console *pConsole = static_cast<Console *>(pvUser);
+    RTVFSFILE hVfsFile = NIL_RTVFSFILE;
+
+    int vrc = RTVfsFileOpenNormal(pszFilename, fFlags, &hVfsFile);
+    if (RT_SUCCESS(vrc))
+    {
+        PCVBOXCRYPTOIF pCryptoIf = NULL;
+        vrc = pConsole->i_retainCryptoIf(&pCryptoIf);
+        if (RT_SUCCESS(vrc))
+        {
+            SecretKey *pKey = NULL;
+
+            vrc = pConsole->m_pKeyStore->retainSecretKey(pConsole->m_strLogKeyId, &pKey);
+            if (RT_SUCCESS(vrc))
+            {
+                const char *pszPassword = (const char *)pKey->getKeyBuffer();
+
+                vrc = pCryptoIf->pfnCryptoFileFromVfsFile(hVfsFile, pConsole->m_strLogKeyStore.c_str(), pszPassword,
+                                                          &pConsole->m_hVfsFileLog);
+                pKey->release();
+            }
+
+            /* On success we keep the reference to keep the cryptographic module loaded. */
+            if (RT_FAILURE(vrc))
+                pConsole->i_releaseCryptoIf(pCryptoIf);
+        }
+
+        /* Always do this because the encrypted log has retained a reference to the underlying file. */
+        RTVfsFileRelease(hVfsFile);
+        if (RT_FAILURE(vrc))
+            RTFileDelete(pszFilename);
+    }
+
+    return vrc;
+}
+
+
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedClose(PCRTLOGOUTPUTIF pIf, void *pvUser)
+{
+    RT_NOREF(pIf);
+    Console *pConsole = static_cast<Console *>(pvUser);
+
+    RTVfsFileRelease(pConsole->m_hVfsFileLog);
+    pConsole->m_hVfsFileLog = NIL_RTVFSFILE;
+    return VINF_SUCCESS;
+}
+
+
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedDelete(PCRTLOGOUTPUTIF pIf, void *pvUser, const char *pszFilename)
+{
+    RT_NOREF(pIf, pvUser);
+    return RTFileDelete(pszFilename);
+}
+
+
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedRename(PCRTLOGOUTPUTIF pIf, void *pvUser, const char *pszFilenameOld,
+                                                const char *pszFilenameNew, uint32_t fFlags)
+{
+    RT_NOREF(pIf, pvUser);
+    return RTFileRename(pszFilenameOld, pszFilenameNew, fFlags);
+}
+
+
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedQuerySize(PCRTLOGOUTPUTIF pIf, void *pvUser, uint64_t *pcbSize)
+{
+    RT_NOREF(pIf);
+    Console *pConsole = static_cast<Console *>(pvUser);
+
+    return RTVfsFileQuerySize(pConsole->m_hVfsFileLog, pcbSize);
+}
+
+
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedWrite(PCRTLOGOUTPUTIF pIf, void *pvUser, const void *pvBuf,
+                                               size_t cbWrite, size_t *pcbWritten)
+{
+    RT_NOREF(pIf);
+    Console *pConsole = static_cast<Console *>(pvUser);
+
+    return RTVfsFileWrite(pConsole->m_hVfsFileLog, pvBuf, cbWrite, pcbWritten);
+}
+
+
+/*static*/
+DECLCALLBACK(int) Console::i_logEncryptedFlush(PCRTLOGOUTPUTIF pIf, void *pvUser)
+{
+    RT_NOREF(pIf);
+    Console *pConsole = static_cast<Console *>(pvUser);
+
+    return RTVfsFileFlush(pConsole->m_hVfsFileLog);
+}
+#endif
+
+
 /**
  * Initialize the release logging facility. In case something
@@ -7905 +8018 @@
     }
 
-    RTERRINFOSTATIC ErrInfo;
-    int vrc = com::VBoxLogRelCreate("VM", logFile.c_str(),
-                                    RTLOGFLAGS_PREFIX_TIME_PROG | RTLOGFLAGS_RESTRICT_GROUPS,
-                                    "all all.restrict -default.restrict",
-                                    "VBOX_RELEASE_LOG", RTLOGDEST_FILE,
-                                    32768 /* cMaxEntriesPerGroup */,
-                                    0 /* cHistory */, 0 /* uHistoryFileTime */,
-                                    0 /* uHistoryFileSize */, RTErrInfoInitStatic(&ErrInfo));
+    Bstr bstrLogKeyId;
+    Bstr bstrLogKeyStore;
+    PCRTLOGOUTPUTIF pLogOutputIf = NULL;
+    void *pvLogOutputUser = NULL;
+    int vrc = aMachine->COMGETTER(LogKeyId)(bstrLogKeyId.asOutParam());
+    if (RT_SUCCESS(vrc))
+    {
+        vrc = aMachine->COMGETTER(LogKeyStore)(bstrLogKeyStore.asOutParam());
+        if (   RT_SUCCESS(vrc)
+            && bstrLogKeyId.isNotEmpty()
+            && bstrLogKeyStore.isNotEmpty())
+        {
+            m_LogOutputIf.pfnOpen      = Console::i_logEncryptedOpen;
+            m_LogOutputIf.pfnClose     = Console::i_logEncryptedClose;
+            m_LogOutputIf.pfnDelete    = Console::i_logEncryptedDelete;
+            m_LogOutputIf.pfnRename    = Console::i_logEncryptedRename;
+            m_LogOutputIf.pfnQuerySize = Console::i_logEncryptedQuerySize;
+            m_LogOutputIf.pfnWrite     = Console::i_logEncryptedWrite;
+            m_LogOutputIf.pfnFlush     = Console::i_logEncryptedFlush;
+
+            m_strLogKeyId    = Utf8Str(bstrLogKeyId);
+            m_strLogKeyStore = Utf8Str(bstrLogKeyStore);
+
+            pLogOutputIf    = &m_LogOutputIf;
+            pvLogOutputUser = this;
+        }
+    }
+
     if (RT_FAILURE(vrc))
-        hrc = setErrorBoth(E_FAIL, vrc, tr("Failed to open release log (%s, %Rrc)"), ErrInfo.Core.pszMsg, vrc);
+        hrc = setErrorBoth(E_FAIL, vrc, tr("Failed to set encryption for release log (%Rrc)"), vrc);
+    else
+    {
+        RTERRINFOSTATIC ErrInfo;
+         vrc = com::VBoxLogRelCreateEx("VM", logFile.c_str(),
+                                       RTLOGFLAGS_PREFIX_TIME_PROG | RTLOGFLAGS_RESTRICT_GROUPS,
+                                       "all all.restrict -default.restrict",
+                                       "VBOX_RELEASE_LOG", RTLOGDEST_FILE,
+                                       32768 /* cMaxEntriesPerGroup */,
+                                       0 /* cHistory */, 0 /* uHistoryFileTime */,
+                                       0 /* uHistoryFileSize */,
+                                       pLogOutputIf, pvLogOutputUser,
+                                       RTErrInfoInitStatic(&ErrInfo));
+        if (RT_FAILURE(vrc))
+            hrc = setErrorBoth(E_FAIL, vrc, tr("Failed to open release log (%s, %Rrc)"), ErrInfo.Core.pszMsg, vrc);
+    }
 
     /* If we've made any directory changes, flush the directory to increase