VBoxCryptoIf.h@ 94775

Last change on this file since 94775 was 94775, checked in by vboxsync, 2 years ago
Revert r151158 and r151159
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 14.7 KB

Line
1	/** @file
2	* VirtualBox - Cryptographic support functions Interface.
3	*/
4
5	/*
6	* Copyright (C) 2022 Oracle Corporation
7	*
8	* This file is part of VirtualBox Open Source Edition (OSE), as
9	* available from http://www.virtualbox.org. This file is free software;
10	* you can redistribute it and/or modify it under the terms of the GNU
11	* General Public License (GPL) as published by the Free Software
12	* Foundation, in version 2 as it comes in the "COPYING" file of the
13	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15	*
16	* The contents of this file may alternatively be used under the terms
17	* of the Common Development and Distribution License Version 1.0
18	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
19	* VirtualBox OSE distribution, in which case the provisions of the
20	* CDDL are applicable instead of those of the GPL.
21	*
22	* You may elect to license modified versions of this file under the
23	* terms and conditions of either the GPL or the CDDL or both.
24	*/
25
26	#ifndef VBOX_INCLUDED_VBoxCryptoIf_h
27	#define VBOX_INCLUDED_VBoxCryptoIf_h
28	#ifndef RT_WITHOUT_PRAGMA_ONCE
29	# pragma once
30	#endif
31
32	#include <iprt/vfs.h>
33	#include <VBox/types.h>
34
35	/** An opaque VBox cryptographic context handle. */
36	typedef struct VBOXCRYPTOCTXINT *VBOXCRYPTOCTX;
37	/*Pointer to an opaque VBox cryptographic context handle. /
38	typedef VBOXCRYPTOCTX *PVBOXCRYPTOCTX;
39
40	/** Magic identifying the cryptographic interface (Charles Babbage). */
41	#define VBOXCRYPTOIF_MAGIC UINT32_C(0x17911226)
42
43	/** Pointer to const cryptographic interface. */
44	typedef const struct VBOXCRYPTOIF *PCVBOXCRYPTOIF;
45	/**
46	* The main cryptographic callbacks interface table.
47	*/
48	typedef struct VBOXCRYPTOIF
49	{
50	/** Interface magic, set to VBOXCRYPTOIF_MAGIC. */
51	uint32_t u32Magic;
52	/** Interface version.
53	* This is set to VBOXCRYPTOIF_VERSION. */
54	uint32_t u32Version;
55	/** Description string. */
56	const char *pszDesc;
57
58	/** @name Generic crytographic context operations.
59	* @{ */
60
61	/**
62	* Creates a new cryptographic context for encryption.
63	*
64	* @returns VBox status code.
65	* @param pszCipher The identifier of the cipher to use.
66	* @param pszPassword Password for encrypting the context.
67	* @param phCryptoCtx Where to store the handle to the crypto context on success.
68	*/
69	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxCreate, (const char pszCipher, const char pszPassword,
70	PVBOXCRYPTOCTX phCryptoCtx));
71
72	/**
73	* Creates a new cryptographic context for decryption from the given base-64 encoded context.
74	*
75	* @returns VBox status code.
76	* @param pszStoredCtx The base-64 encoded context to decrypt with the given password.
77	* @param pszPassword Password for encrypting the context.
78	* @param phCryptoCtx Where to store the handle to the crypto context on success.
79	*/
80	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxLoad, (const char pszStoredCtx, const char pszPassword,
81	PVBOXCRYPTOCTX phCryptoCtx));
82
83	/**
84	* Destroys a previously created cryptographic context.
85	*
86	* @returns VBox status code.
87	* @param hCryptoCtx Handle of crpytographic context to destroy.
88	*/
89	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxDestroy, (VBOXCRYPTOCTX hCryptoCtx));
90
91	/**
92	* Returns the given cryptographic context as a base-64 encoded string.
93	*
94	* @returns VBox status code.
95	* @param hCryptoCtx Handle of crpytographic context.
96	* @param ppszStoredCtx Where to store the base-64 encoded cryptographic context on success.
97	* Must be freed with RTMemFree() when not required anymore.
98	*/
99	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxSave, (VBOXCRYPTOCTX hCryptoCtx, char **ppszStoredCtx));
100
101	/**
102	* Changes the encryption password for the given context.
103	*
104	* @returns VBox status code.
105	* @param hCryptoCtx Handle of crpytographic context.
106	* @param pszPassword New password used for encrypting the DEK.
107	*/
108	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxPasswordChange, (VBOXCRYPTOCTX hCryptoCtx, const char *pszPassword));
109
110	/**
111	* Queries the required size of the output buffer for encrypted data. Depends on the cipher.
112	*
113	* @returns VBox status code.
114	* @param hCryptoCtx Handle of crpytographic context.
115	* @param cbPlainText The size of the data to be encrypted.
116	* @param pcbEncrypted Where to store the size in bytes of the encrypted data on success.
117	*/
118	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxQueryEncryptedSize, (VBOXCRYPTOCTX hCryptoCtx, size_t cbPlaintext,
119	size_t *pcbEncrypted));
120
121	/**
122	* Queries the required size of the output buffer for decrypted data. Depends on the cipher.
123	*
124	* @returns VBox status code.
125	* @param hCryptoCtx Handle of crpytographic context.
126	* @param cbEncrypted The size of the encrypted chunk before decryption.
127	* @param pcbPlaintext Where to store the size in bytes of the decrypted data on success.
128	*/
129	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxQueryDecryptedSize, (VBOXCRYPTOCTX hCryptoCtx, size_t cbEncrypted,
130	size_t *pcbPlaintext));
131
132	/**
133	* Encrypts data.
134	*
135	* @returns VBox status code.
136	* @param hCryptoCtx Handle of crpytographic context.
137	* @param fPartial Only part of data to be encrypted is specified. The encryption
138	* cipher context will not be closed. Set to false for last piece
139	* of data, or if data is specified completely.
140	* Only CTR mode supports partial encryption.
141	* @param pvIV Pointer to IV. If null it will be generated.
142	* @param cbIV Size of the IV.
143	* @param pvPlainText Data to encrypt.
144	* @param cbPlainText Size of the data in the pvPlainText.
145	* @param pvAuthData Data used for authenticate the pvPlainText
146	* @param cbAuthData Size of the pvAuthData
147	* @param pvEncrypted Buffer to store encrypted data
148	* @param cbEncrypted Size of the buffer in pvEncrypted
149	* @param pcbEncrypted Placeholder where the size of the encrypted data returned.
150	*/
151	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxEncrypt, (VBOXCRYPTOCTX hCryptoCtx, bool fPartial, void const *pvIV, size_t cbIV,
152	void const *pvPlainText, size_t cbPlainText,
153	void const *pvAuthData, size_t cbAuthData,
154	void *pvEncrypted, size_t cbEncrypted,
155	size_t *pcbEncrypted));
156
157	/**
158	* Decrypts data.
159	*
160	* @returns VBox status code.
161	* @param hCryptoCtx Handle of crpytographic context.
162	* @param fPartial Only part of data to be encrypted is specified. The encryption
163	* cipher context will not be closed. Set to false for last piece
164	* of data, or if data is specified completely.
165	* Only CTR mode supports partial encryption.
166	* @param pvEncrypted Data to decrypt.
167	* @param cbEncrypted Size of the data in the pvEncrypted.
168	* @param pvAuthData Data used for authenticate the pvEncrypted
169	* @param cbAuthData Size of the pvAuthData
170	* @param pvPlainText Buffer to store decrypted data
171	* @param cbPlainText Size of the buffer in pvPlainText
172	* @param pcbPlainText Placeholder where the size of the decrypted data returned.
173	*/
174	DECLR3CALLBACKMEMBER(int, pfnCryptoCtxDecrypt, (VBOXCRYPTOCTX hCryptoCtx, bool fPartial,
175	void const *pvEncrypted, size_t cbEncrypted,
176	void const *pvAuthData, size_t cbAuthData,
177	void pvPlainText, size_t cbPlainText, size_t pcbPlainText));
178	/** @} */
179
180	/** @name File based cryptographic operations.
181	* @{ */
182	/**
183	* Creates a new VFS file handle for an encrypted or to be encrypted file handle.
184	*
185	* @returns VBox status code.
186	* @param hVfsFile The input file handle, a new reference is retained upon success.
187	* @param pszKeyStore The key store containing the DEK used for encryption.
188	* @param pszPassword Password encrypting the DEK.
189	* @param phVfsFile Where to store the handle to the VFS file on success.
190	*/
191	DECLR3CALLBACKMEMBER(int, pfnCryptoFileFromVfsFile, (RTVFSFILE hVfsFile, const char pszKeyStore, const char pszPassword,
192	PRTVFSFILE phVfsFile));
193
194	/**
195	* Opens a new encryption I/O stream.
196	*
197	* @returns VBox status code.
198	* @param hVfsIosDst The encrypted output stream (must be writeable).
199	* The reference is not consumed, instead another
200	* one is retained.
201	* @param pszKeyStore The key store containing the DEK used for encryption.
202	* @param pszPassword Password encrypting the DEK.
203	* @param phVfsIosCrypt Where to return the crypting input I/O stream handle
204	* (you write to this).
205	*/
206	DECLR3CALLBACKMEMBER(int, pfnCryptoIoStrmFromVfsIoStrmEncrypt, (RTVFSIOSTREAM hVfsIosDst, const char *pszKeyStore,
207	const char *pszPassword, PRTVFSIOSTREAM phVfsIosCrypt));
208
209	/**
210	* Opens a new decryption I/O stream.
211	*
212	* @returns VBox status code.
213	* @param hVfsIosIn The encrypted input stream (must be readable).
214	* The reference is not consumed, instead another
215	* one is retained.
216	* @param pszKeyStore The key store containing the DEK used for encryption.
217	* @param pszPassword Password encrypting the DEK.
218	* @param phVfsIosOut Where to return the handle to the decrypted I/O stream (read).
219	*/
220	DECLR3CALLBACKMEMBER(int, pfnCryptoIoStrmFromVfsIoStrmDecrypt, (RTVFSIOSTREAM hVfsIosIn, const char *pszKeyStore,
221	const char *pszPassword, PRTVFSIOSTREAM phVfsIosOut));
222	/** @} */
223
224	/** @name Keystore related functions.
225	* @{ */
226	/**
227	* Return the encryption parameters and DEK from the base64 encoded key store data.
228	*
229	* @returns VBox status code.
230	* @param pszEnc The base64 encoded key store data.
231	* @param pszPassword The password to use for key decryption.
232	* If the password is NULL only the cipher is returned.
233	* @param ppbKey Where to store the DEK on success.
234	* Must be freed with RTMemSaferFree().
235	* @param pcbKey Where to store the DEK size in bytes on success.
236	* @param ppszCipher Where to store the used cipher for the decrypted DEK.
237	* Must be freed with RTStrFree().
238	*/
239	DECLR3CALLBACKMEMBER(int, pfnCryptoKeyStoreGetDekFromEncoded, (const char pszEnc, const char pszPassword,
240	uint8_t *ppbKey, size_t pcbKey, char **ppszCipher));
241
242	/**
243	* Stores the given DEK in a key store protected by the given password.
244	*
245	* @returns VBox status code.
246	* @param pszPassword The password to protect the DEK.
247	* @param pbKey The DEK to protect.
248	* @param cbKey Size of the DEK to protect.
249	* @param pszCipher The cipher string associated with the DEK.
250	* @param ppszEnc Where to store the base64 encoded key store data on success.
251	* Must be freed with RTMemFree().
252	*/
253	DECLR3CALLBACKMEMBER(int, pfnCryptoKeyStoreCreate, (const char pszPassword, const uint8_t pbKey, size_t cbKey,
254	const char pszCipher, char *ppszEnc));
255	/** @} */
256
257	DECLR3CALLBACKMEMBER(int, pfnReserved1,(void)); /*< Reserved for minor structure revisions. /
258	DECLR3CALLBACKMEMBER(int, pfnReserved2,(void)); /*< Reserved for minor structure revisions. /
259	DECLR3CALLBACKMEMBER(int, pfnReserved3,(void)); /*< Reserved for minor structure revisions. /
260	DECLR3CALLBACKMEMBER(int, pfnReserved4,(void)); /*< Reserved for minor structure revisions. /
261	DECLR3CALLBACKMEMBER(int, pfnReserved5,(void)); /*< Reserved for minor structure revisions. /
262	DECLR3CALLBACKMEMBER(int, pfnReserved6,(void)); /*< Reserved for minor structure revisions. /
263
264	/** Reserved for minor structure revisions. */
265	uint32_t uReserved7;
266
267	/** End of structure marker (VBOXCRYPTOIF_VERSION). */
268	uint32_t u32EndMarker;
269	} VBOXCRYPTOIF;
270	/** Current version of the VBOXCRYPTOIF structure. */
271	#define VBOXCRYPTOIF_VERSION RT_MAKE_U32(0, 1)
272
273
274	/**
275	* The VBoxCrypto entry callback function.
276	*
277	* @returns VBox status code.
278	* @param ppCryptoIf Where to store the pointer to the crypto module interface callback table
279	* on success.
280	*/
281	typedef DECLCALLBACKTYPE(int, FNVBOXCRYPTOENTRY,(PCVBOXCRYPTOIF *ppCryptoIf));
282	/** Pointer to a FNVBOXCRYPTOENTRY. */
283	typedef FNVBOXCRYPTOENTRY *PFNVBOXCRYPTOENTRY;
284
285	/** The name of the crypto module entry point. */
286	#define VBOX_CRYPTO_MOD_ENTRY_POINT "VBoxCryptoEntry"
287
288
289	/**
290	* Checks if cryptographic interface version is compatible.
291	*
292	* @returns true if the do, false if they don't.
293	* @param u32Provider The provider version.
294	* @param u32User The user version.
295	*/
296	#define VBOXCRYPTO_IS_VER_COMPAT(u32Provider, u32User) \
297	( VBOXCRYPTO_IS_MAJOR_VER_EQUAL(u32Provider, u32User) \
298	&& (int32_t)RT_LOWORD(u32Provider) >= (int32_t)RT_LOWORD(u32User) ) /* stupid casts to shut up gcc */
299
300	/**
301	* Check if two cryptographic interface versions have the same major version.
302	*
303	* @returns true if the do, false if they don't.
304	* @param u32Ver1 The first version number.
305	* @param u32Ver2 The second version number.
306	*/
307	#define VBOXCRYPTO_IS_MAJOR_VER_EQUAL(u32Ver1, u32Ver2) (RT_HIWORD(u32Ver1) == RT_HIWORD(u32Ver2))
308
309	#endif /* !VBOX_INCLUDED_VBoxCryptoIf_h */
310

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/VBox/VBoxCryptoIf.h@ 94775

Download in other formats: