VirtualBox

source: vbox/trunk/src/VBox/ImageMounter/vboximg-mount/vboximgCrypto.h@ 77329

Last change on this file since 77329 was 76585, checked in by vboxsync, 6 years ago

*: scm --fix-header-guard-endif
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 8.0 KB
Line 
1/* $Id: vboximgCrypto.h 76585 2019-01-01 06:31:29Z vboxsync $ $Revision: 76585 $ $Date: 2019-01-01 06:31:29 +0000 (Tue, 01 Jan 2019) $ $Author: vboxsync $ */
2
3/** @file
4 * vboximgCrypto.h
5 */
6
7/*
8 * Copyright (C) 2008-2019 Oracle Corporation
9 *
10 * This file is part of VirtualBox Open Source Edition (OSE), as
11 * available from http://www.virtualbox.org. This file is free software;
12 * you can redistribute it and/or modify it under the terms of the GNU
13 * General Public License (GPL) as published by the Free Software
14 * Foundation, in version 2 as it comes in the "COPYING" file of the
15 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
16 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
17 */
18
19#ifndef VBOX_INCLUDED_SRC_vboximg_mount_vboximgCrypto_h
20#define VBOX_INCLUDED_SRC_vboximg_mount_vboximgCrypto_h
21#ifndef RT_WITHOUT_PRAGMA_ONCE
22# pragma once
23#endif
24
25#include <map>
26
27/*
28 * Settings for a crypto filter instance.
29 */
30typedef struct VDiskCryptoSettings
31{
32 VDiskCryptoSettings()
33 : fCreateKeyStore(false),
34 pszPassword(NULL),
35 pszKeyStore(NULL),
36 pszKeyStoreLoad(NULL),
37 pbDek(NULL),
38 cbDek(0),
39 pszCipher(NULL),
40 pszCipherReturned(NULL)
41 { }
42
43 bool fCreateKeyStore;
44 const char *pszPassword;
45 char *pszKeyStore;
46 const char *pszKeyStoreLoad;
47
48 const uint8_t *pbDek;
49 size_t cbDek;
50 const char *pszCipher;
51
52 /** The cipher returned by the crypto filter. */
53 char *pszCipherReturned;
54
55 PVDINTERFACE vdFilterIfaces;
56
57 VDINTERFACECONFIG vdIfCfg;
58 VDINTERFACECRYPTO vdIfCrypto;
59} VDISKCRYPTOSETTINGS;
60
61
62class SecretKey
63{
64 public:
65
66 /**
67 * Constructor for a secret key.
68 *
69 * @param pbKey The key buffer.
70 * @param cbKey Size of the key.
71 * @param fKeyBufNonPageable Flag whether the key buffer should be non pageable.
72 */
73 SecretKey(const uint8_t *pbKey, size_t cbKey, bool fKeyBufNonPageable);
74
75 /**
76 * Secret key destructor.
77 */
78 ~SecretKey();
79
80 /**
81 * Increments the reference counter of the key.
82 *
83 * @returns The new reference count.
84 */
85 uint32_t retain();
86
87 /**
88 * Releases a reference of the key.
89 * If the reference counter reaches 0 the key buffer might be protected
90 * against further access or the data will become scrambled.
91 *
92 * @returns The new reference count.
93 */
94 uint32_t release();
95
96 /**
97 * Returns the reference count of the secret key.
98 */
99 uint32_t refCount();
100
101 /**
102 * Sets the possible number of users for this key.
103 *
104 * @returns VBox status code.
105 * @param cUsers The possible number of user for this key.
106 */
107 int setUsers(uint32_t cUsers);
108
109 /**
110 * Returns the possible amount of users.
111 *
112 * @returns Possible amount of users.
113 */
114 uint32_t getUsers();
115
116 /**
117 * Sets the remove on suspend flag.
118 *
119 * @returns VBox status code.
120 * @param fRemoveOnSuspend Flag whether to remove the key on host suspend.
121 */
122 int setRemoveOnSuspend(bool fRemoveOnSuspend);
123
124 /**
125 * Returns whether the key should be destroyed on suspend.
126 */
127 bool getRemoveOnSuspend();
128
129 /**
130 * Returns the buffer to the key.
131 */
132 const void *getKeyBuffer();
133
134 /**
135 * Returns the size of the key.
136 */
137 size_t getKeySize();
138
139 private:
140 /** Reference counter of the key. */
141 volatile uint32_t m_cRefs;
142 /** Key material. */
143 uint8_t *m_pbKey;
144 /** Size of the key in bytes. */
145 size_t m_cbKey;
146 /** Flag whether to remove the key on suspend. */
147 bool m_fRemoveOnSuspend;
148 /** Number of entities which will use this key. */
149 uint32_t m_cUsers;
150};
151
152class SecretKeyStore
153{
154 public:
155
156 /**
157 * Constructor for a secret key store.
158 *
159 * @param fKeyBufNonPageable Flag whether the key buffer is required to
160 * be non pageable.
161 */
162 SecretKeyStore(bool fKeyBufNonPageable);
163
164 /**
165 * Destructor of a secret key store. This will free all stored secret keys
166 * inluding the key buffers. Make sure there no one accesses one of the keys
167 * stored.
168 */
169 ~SecretKeyStore();
170
171 /**
172 * Add a secret key to the store.
173 *
174 * @returns VBox status code.
175 * @param strKeyId The key identifier.
176 * @param pbKey The key to store.
177 * @param cbKey Size of the key.
178 */
179 int addSecretKey(const com::Utf8Str &strKeyId, const uint8_t *pbKey, size_t cbKey);
180
181 /**
182 * Deletes a key from the key store associated with the given identifier.
183 *
184 * @returns VBox status code.
185 * @param strKeyId The key identifier.
186 */
187 int deleteSecretKey(const com::Utf8Str &strKeyId);
188
189 /**
190 * Returns the secret key object associated with the given identifier.
191 * This increments the reference counter of the secret key object.
192 *
193 * @returns VBox status code.
194 * @param strKeyId The key identifier.
195 * @param ppKey Where to store the secret key object on success.
196 */
197 int retainSecretKey(const com::Utf8Str &strKeyId, SecretKey **ppKey);
198
199 /**
200 * Releases a reference to the secret key object.
201 *
202 * @returns VBox status code.
203 * @param strKeyId The key identifier.
204 */
205 int releaseSecretKey(const com::Utf8Str &strKeyId);
206
207 /**
208 * Deletes all secret keys from the key store.
209 *
210 * @returns VBox status code.
211 * @param fSuspend Flag whether to delete only keys which are
212 * marked for deletion during a suspend.
213 * @param fForce Flag whether to force deletion if some keys
214 * are still in use. Otherwise an error is returned.
215 */
216 int deleteAllSecretKeys(bool fSuspend, bool fForce);
217
218 private:
219
220 typedef std::map<com::Utf8Str, SecretKey *> SecretKeyMap;
221
222 /** The map to map key identifers to secret keys. */
223 SecretKeyMap m_mapSecretKeys;
224 /** Flag whether key buffers should be non pagable. */
225 bool m_fKeyBufNonPageable;
226};
227
228void vboxImageCryptoSetup(VDISKCRYPTOSETTINGS *pSettings, const char *pszCipher,
229 const char *pszKeyStore, const char *pszPassword,
230 bool fCreateKeyStore);
231
232DECLCALLBACK(bool) vboximgVdCryptoConfigAreKeysValid(void *pvUser, const char *pszzValid);
233
234DECLCALLBACK(int) vboximgVdCryptoConfigQuerySize(void *pvUser, const char *pszName, size_t *pcbValue);
235
236DECLCALLBACK(int) vboximgVdCryptoConfigQuery(void *pvUser, const char *pszName,
237 char *pszValue, size_t cchValue);
238
239DECLCALLBACK(int) vboximgVdCryptoKeyRetain(void *pvUser, const char *pszId,
240 const uint8_t **ppbKey, size_t *pcbKey);
241
242DECLCALLBACK(int) vboximgVdCryptoKeyRelease(void *pvUser, const char *pszId);
243
244DECLCALLBACK(int) vboximgVdCryptoKeyStorePasswordRetain(void *pvUser, const char *pszId, const char **ppszPassword);
245
246DECLCALLBACK(int) vboximgVdCryptoKeyStorePasswordRelease(void *pvUser, const char *pszId);
247
248DECLCALLBACK(int) vboximgVdCryptoKeyStoreSave(void *pvUser, const void *pvKeyStore, size_t cbKeyStore);
249
250DECLCALLBACK(int) vboximgVdCryptoKeyStoreReturnParameters(void *pvUser, const char *pszCipher,
251 const uint8_t *pbDek, size_t cbDek);
252
253
254#endif /* !VBOX_INCLUDED_SRC_vboximg_mount_vboximgCrypto_h */
255
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette