- Timestamp:
- May 3, 2022 11:47:03 AM (2 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
-
include/VBox/vmm/vmapi.h (modified) (1 diff)
-
src/VBox/Main/Makefile.kmk (modified) (1 diff)
-
src/VBox/Main/include/ConsoleImpl.h (modified) (1 diff)
-
src/VBox/Main/include/CryptoUtils.h (modified) (4 diffs)
-
src/VBox/Main/src-all/CryptoUtils.cpp (modified) (6 diffs)
-
src/VBox/Main/src-client/ConsoleImpl.cpp (modified) (23 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/VBox/vmm/vmapi.h
r93901 r94793 386 386 VMMR3_INT_DECL(VBOXSTRICTRC) VMR3ResetFF(PVM pVM); 387 387 VMMR3_INT_DECL(VBOXSTRICTRC) VMR3ResetTripleFault(PVM pVM); 388 VMMR3DECL(int) VMR3Save(PUVM pUVM, const char *pszFilename, bool fContinueAfterwards, PFNVMPROGRESS pfnProgress, void *pvUser, bool *pfSuspended);388 VMMR3DECL(int) VMR3Save(PUVM pUVM, const char *pszFilename, PCSSMSTRMOPS pStreamOps, void *pvStreamOpsUser, bool fContinueAfterwards, PFNVMPROGRESS pfnProgress, void *pvUser, bool *pfSuspended); 389 389 VMMR3DECL(int) VMR3Teleport(PUVM pUVM, uint32_t cMsDowntime, PCSSMSTRMOPS pStreamOps, void *pvStreamOpsUser, PFNVMPROGRESS pfnProgress, void *pvProgressUser, bool *pfSuspended); 390 390 VMMR3DECL(int) VMR3LoadFromFile(PUVM pUVM, const char *pszFilename, PFNVMPROGRESS pfnProgress, void *pvUser); -
trunk/src/VBox/Main/Makefile.kmk
r94776 r94793 1066 1066 VBoxC_SOURCES += \ 1067 1067 $(VBoxAPIWrap_0_OUTDIR)/VBoxAPI.d \ 1068 src-all/CryptoUtils.cpp \ 1068 1069 src-all/DisplayPNGUtil.cpp \ 1069 1070 src-all/DisplayResampleImage.cpp \ -
trunk/src/VBox/Main/include/ConsoleImpl.h
r94744 r94793 325 325 int i_retainCryptoIf(PCVBOXCRYPTOIF *ppCryptoIf); 326 326 int i_releaseCryptoIf(PCVBOXCRYPTOIF pCryptoIf); 327 HRESULT i_unloadCryptoIfModule(void); 327 328 328 329 #ifdef VBOX_WITH_GUEST_PROPS -
trunk/src/VBox/Main/include/CryptoUtils.h
r94771 r94793 28 28 #include <VBox/VBoxCryptoIf.h> 29 29 #include <VBox/com/string.h> 30 30 31 #include <VBox/vmm/ssm.h> 32 #include <VBox/vmm/vmmr3vtable.h> 33 #include <VBox/vmm/vmapi.h> 31 34 32 35 #include "SecretKeyStore.h" … … 46 49 public: 47 50 #ifdef VBOX_COM_INPROC 48 SsmStream(Console *pParent, SecretKeyStore *pKeyStore, const Utf8Str &strKeyId, const Utf8Str &strKeyStore);51 SsmStream(Console *pParent, PCVMMR3VTABLE pVMM, SecretKeyStore *pKeyStore, const Utf8Str &strKeyId, const Utf8Str &strKeyStore); 49 52 #else 50 53 SsmStream(VirtualBox *pParent, SecretKeyStore *pKeyStore, const Utf8Str &strKeyId, const Utf8Str &strKeyStore); … … 61 64 */ 62 65 int open(const Utf8Str &strFilename, bool fWrite, PSSMHANDLE *ppSsmHandle); 66 67 /** 68 * Opens the saved state file for reading, doesn't call SSMR3Open(). 69 * 70 * @returns VBox status code. 71 * @param strFilename The filename of the saved state to open. 72 */ 73 int open(const Utf8Str &strFilename); 74 75 /** 76 * Creates a new saved state file under the given path. 77 * 78 * @returns VBox status code. 79 * @param strFilename The filename of the saved state to create. 80 */ 81 int create(const Utf8Str &strFilename); 82 83 /** 84 * Returns the pointer to the stream operations table after a succesful opening/creation. 85 * 86 * @return VBox status code. 87 * @param ppStrmOps Where to store the pointer to the stream operations table on success. 88 * @param ppvStrmOpsUser Where to store the pointer to the opaque user data on success. 89 */ 90 int querySsmStrmOps(PCSSMSTRMOPS *ppStrmOps, void **ppvStrmOpsUser); 63 91 64 92 /** … … 81 109 #ifdef VBOX_COM_INPROC 82 110 Console *m_pParent; 111 PCVMMR3VTABLE m_pVMM; 83 112 #else 84 113 VirtualBox *m_pParent; -
trunk/src/VBox/Main/src-all/CryptoUtils.cpp
r94779 r94793 93 93 94 94 #ifdef VBOX_COM_INPROC 95 SsmStream::SsmStream(Console *pParent, SecretKeyStore *pKeyStore, const Utf8Str &strKeyId, const Utf8Str &strKeyStore)95 SsmStream::SsmStream(Console *pParent, PCVMMR3VTABLE pVMM, SecretKeyStore *pKeyStore, const Utf8Str &strKeyId, const Utf8Str &strKeyStore) 96 96 #else 97 97 SsmStream::SsmStream(VirtualBox *pParent, SecretKeyStore *pKeyStore, const Utf8Str &strKeyId, const Utf8Str &strKeyStore) … … 115 115 m_pSsm = NULL; 116 116 m_pCryptoIf = NULL; 117 #ifdef VBOX_COM_INPROC 118 m_pVMM = pVMM; 119 #endif 117 120 } 118 121 … … 137 140 AssertReturn(!fWrite, VERR_NOT_SUPPORTED); 138 141 142 #ifdef VBOX_COM_INPROC 143 int rc = m_pVMM->pfnSSMR3Open(strFilename.c_str(), NULL /*pStreamOps*/, NULL /*pvStreamOps*/, 144 0 /*fFlags*/, &m_pSsm); 145 #else 139 146 int rc = SSMR3Open(strFilename.c_str(), NULL /*pStreamOps*/, NULL /*pvStreamOps*/, 140 147 0 /*fFlags*/, &m_pSsm); 141 if (RT_SUCCESS(rc)) 148 #endif 149 if ( RT_SUCCESS(rc) 150 && ppSsmHandle) 142 151 *ppSsmHandle = m_pSsm; 143 152 … … 176 185 if (RT_SUCCESS(rc)) 177 186 { 187 #ifdef VBOX_COM_INPROC 188 rc = m_pVMM->pfnSSMR3Open(NULL /*pszFilename*/, &m_StrmOps, this, 0 /*fFlags*/, &m_pSsm); 189 #else 178 190 rc = SSMR3Open(NULL /*pszFilename*/, &m_StrmOps, this, 0 /*fFlags*/, &m_pSsm); 179 if (RT_SUCCESS(rc)) 191 #endif 192 if ( RT_SUCCESS(rc) 193 && ppSsmHandle) 180 194 *ppSsmHandle = m_pSsm; 181 195 … … 198 212 199 213 214 int SsmStream::open(const Utf8Str &strFilename) 215 { 216 #ifdef VBOX_COM_INPROC 217 RTVFSFILE hVfsFileSsm = NIL_RTVFSFILE; 218 uint32_t fOpen = RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE; 219 220 int rc = RTVfsFileOpenNormal(strFilename.c_str(), fOpen, &hVfsFileSsm); 221 if (RT_SUCCESS(rc)) 222 { 223 if (m_strKeyId.isNotEmpty()) 224 { 225 /* File is encrypted, set up machinery. */ 226 if (!m_pCryptoIf) 227 rc = m_pParent->i_retainCryptoIf(&m_pCryptoIf); 228 229 if (RT_SUCCESS(rc)) 230 { 231 SecretKey *pKey; 232 rc = m_pKeyStore->retainSecretKey(m_strKeyId, &pKey); 233 if (RT_SUCCESS(rc)) 234 { 235 const char *pszPassword = (const char *)pKey->getKeyBuffer(); 236 237 rc = m_pCryptoIf->pfnCryptoFileFromVfsFile(hVfsFileSsm, m_strKeyStore.c_str(), pszPassword, &m_hVfsFile); 238 pKey->release(); 239 } 240 241 /* Also release in success case because the encrypted file handle retained a new reference to it. */ 242 RTVfsFileRelease(hVfsFileSsm); 243 } 244 } 245 else /* File is not encrypted. */ 246 m_hVfsFile = hVfsFileSsm; 247 } 248 249 return rc; 250 #else 251 RT_NOREF(strFilename); 252 return VERR_NOT_SUPPORTED; 253 #endif 254 } 255 256 257 int SsmStream::create(const Utf8Str &strFilename) 258 { 259 #ifdef VBOX_COM_INPROC 260 RTVFSFILE hVfsFileSsm = NIL_RTVFSFILE; 261 uint32_t fOpen = RTFILE_O_READWRITE | RTFILE_O_CREATE_REPLACE | RTFILE_O_DENY_WRITE; 262 263 int rc = RTVfsFileOpenNormal(strFilename.c_str(), fOpen, &hVfsFileSsm); 264 if (RT_SUCCESS(rc)) 265 { 266 if (m_strKeyId.isNotEmpty()) 267 { 268 /* File is encrypted, set up machinery. */ 269 if (!m_pCryptoIf) 270 rc = m_pParent->i_retainCryptoIf(&m_pCryptoIf); 271 272 if (RT_SUCCESS(rc)) 273 { 274 SecretKey *pKey; 275 rc = m_pKeyStore->retainSecretKey(m_strKeyId, &pKey); 276 if (RT_SUCCESS(rc)) 277 { 278 const char *pszPassword = (const char *)pKey->getKeyBuffer(); 279 280 rc = m_pCryptoIf->pfnCryptoFileFromVfsFile(hVfsFileSsm, m_strKeyStore.c_str(), pszPassword, &m_hVfsFile); 281 pKey->release(); 282 } 283 284 /* Also release in success case because the encrypted file handle retained a new reference to it. */ 285 RTVfsFileRelease(hVfsFileSsm); 286 if (RT_FAILURE(rc)) 287 RTFileDelete(strFilename.c_str()); 288 } 289 } 290 else /* File doesn't need to be encrypted. */ 291 m_hVfsFile = hVfsFileSsm; 292 } 293 294 return rc; 295 #else 296 RT_NOREF(strFilename); 297 return VERR_NOT_SUPPORTED; 298 #endif 299 } 300 301 302 int SsmStream::querySsmStrmOps(PCSSMSTRMOPS *ppStrmOps, void **ppvStrmOpsUser) 303 { 304 AssertReturn(m_hVfsFile != NIL_RTVFSFILE, VERR_INVALID_STATE); 305 306 *ppStrmOps = &m_StrmOps; 307 *ppvStrmOpsUser = this; 308 return VINF_SUCCESS; 309 } 310 311 200 312 int SsmStream::close(void) 201 313 { 202 314 if (m_pSsm) 203 315 { 316 #ifdef VBOX_COM_INPROC 317 int rc = m_pVMM->pfnSSMR3Close(m_pSsm); 318 #else 204 319 int rc = SSMR3Close(m_pSsm); 320 #endif 205 321 AssertRCReturn(rc, rc); 206 322 } … … 211 327 m_hVfsFile = NIL_RTVFSFILE; 212 328 m_pSsm = NULL; 329 #ifdef VBOX_COM_INPROC 330 m_pVMM = NULL; 331 #endif 213 332 214 333 return VINF_SUCCESS; -
trunk/src/VBox/Main/src-client/ConsoleImpl.cpp
r94763 r94793 88 88 #endif 89 89 90 #include "CryptoUtils.h" 91 90 92 #include <VBox/com/array.h> 91 93 #include "VBox/com/ErrorInfo.h" … … 233 235 , mStartPaused(false) 234 236 , mTeleporterEnabled(FALSE) 237 , m_pKeyStore(NULL) 235 238 { 236 239 m_strTaskName = "VMPwrUp"; … … 239 242 PFNCFGMCONSTRUCTOR mpfnConfigConstructor; 240 243 Utf8Str mSavedStateFile; 244 Utf8Str mKeyStore; 245 Utf8Str mKeyId; 241 246 Console::SharedFolderDataMap mSharedFolders; 242 247 bool mStartPaused; 243 248 BOOL mTeleporterEnabled; 249 SecretKeyStore *m_pKeyStore; 244 250 245 251 /* array of progress objects for hard disk reset operations */ … … 576 582 AssertComRCReturnRC(rc); 577 583 584 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 585 Bstr bstrNvramKeyId; 586 Bstr bstrNvramKeyStore; 587 rc = pNvramStore->COMGETTER(KeyId)(bstrNvramKeyId.asOutParam()); 588 AssertComRCReturnRC(rc); 589 rc = pNvramStore->COMGETTER(KeyStore)(bstrNvramKeyStore.asOutParam()); 590 AssertComRCReturnRC(rc); 591 const Utf8Str strNvramKeyId(bstrNvramKeyId); 592 const Utf8Str strNvramKeyStore(bstrNvramKeyStore); 593 mptrNvramStore->i_updateEncryptionSettings(strNvramKeyId, strNvramKeyStore); 594 #endif 595 578 596 /* Grab global and machine shared folder lists */ 579 597 … … 723 741 mpIfSecKeyHlp = NULL; 724 742 } 743 744 HRESULT rc = i_unloadCryptoIfModule(); 745 AssertComRC(rc); 725 746 726 747 #ifdef VBOX_WITH_USB_CARDREADER … … 1610 1631 if (SUCCEEDED(hrc)) 1611 1632 { 1612 Utf8Str const strSavedStateFile(bstrSavedStateFile); 1613 1614 PCVMMR3VTABLE pVMM = mpVMM; 1615 AssertPtrReturn(pVMM, E_UNEXPECTED); 1616 1617 PSSMHANDLE pSSM; 1618 int vrc = pVMM->pfnSSMR3Open(strSavedStateFile.c_str(), NULL /*pStreamOps*/, NULL /*pvStreamOps*/, 1619 0, &pSSM); 1620 if (RT_SUCCESS(vrc)) 1621 { 1622 uint32_t uVersion = 0; 1623 vrc = pVMM->pfnSSMR3Seek(pSSM, sSSMConsoleUnit, 0 /* iInstance */, &uVersion); 1624 /** @todo r=bird: This version check is premature, so the logic here is 1625 * buggered as we won't ignore VERR_SSM_UNIT_NOT_FOUND as seems to be 1626 * intended. Sigh. */ 1627 if (SSM_VERSION_MAJOR(uVersion) == SSM_VERSION_MAJOR(CONSOLE_SAVED_STATE_VERSION)) 1633 Bstr bstrStateKeyId; 1634 hrc = mMachine->COMGETTER(StateKeyId)(bstrStateKeyId.asOutParam()); 1635 if (SUCCEEDED(hrc)) 1636 { 1637 Bstr bstrStateKeyStore; 1638 hrc = mMachine->COMGETTER(StateKeyStore)(bstrStateKeyStore.asOutParam()); 1639 if (SUCCEEDED(hrc)) 1628 1640 { 1641 Utf8Str const strSavedStateFile(bstrSavedStateFile); 1642 1643 PCVMMR3VTABLE pVMM = mpVMM; 1644 AssertPtrReturn(pVMM, E_UNEXPECTED); 1645 1646 PSSMHANDLE pSSM; 1647 SsmStream ssmStream(this, pVMM, m_pKeyStore, bstrStateKeyId, bstrStateKeyStore); 1648 1649 int vrc = ssmStream.open(strSavedStateFile.c_str(), false /*fWrite*/, &pSSM); 1629 1650 if (RT_SUCCESS(vrc)) 1630 try 1651 { 1652 uint32_t uVersion = 0; 1653 vrc = pVMM->pfnSSMR3Seek(pSSM, sSSMConsoleUnit, 0 /* iInstance */, &uVersion); 1654 /** @todo r=bird: This version check is premature, so the logic here is 1655 * buggered as we won't ignore VERR_SSM_UNIT_NOT_FOUND as seems to be 1656 * intended. Sigh. */ 1657 if (SSM_VERSION_MAJOR(uVersion) == SSM_VERSION_MAJOR(CONSOLE_SAVED_STATE_VERSION)) 1631 1658 { 1632 vrc = i_loadStateFileExecInternal(pSSM, pVMM, uVersion); 1659 if (RT_SUCCESS(vrc)) 1660 try 1661 { 1662 vrc = i_loadStateFileExecInternal(pSSM, pVMM, uVersion); 1663 } 1664 catch (std::bad_alloc &) 1665 { 1666 vrc = VERR_NO_MEMORY; 1667 } 1668 else if (vrc == VERR_SSM_UNIT_NOT_FOUND) 1669 vrc = VINF_SUCCESS; 1633 1670 } 1634 catch (std::bad_alloc &) 1635 { 1636 vrc = VERR_NO_MEMORY; 1637 } 1638 else if (vrc == VERR_SSM_UNIT_NOT_FOUND) 1639 vrc = VINF_SUCCESS; 1671 else 1672 vrc = VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION; 1673 1674 ssmStream.close(); 1675 } 1676 1677 if (RT_FAILURE(vrc)) 1678 hrc = setErrorBoth(VBOX_E_FILE_ERROR, vrc, 1679 tr("The saved state file '%s' is invalid (%Rrc). Delete the saved state and try again"), 1680 strSavedStateFile.c_str(), vrc); 1681 1682 mSavedStateDataLoaded = true; 1640 1683 } 1641 else 1642 vrc = VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION; 1643 1644 pVMM->pfnSSMR3Close(pSSM); 1645 } 1646 1647 if (RT_FAILURE(vrc)) 1648 hrc = setErrorBoth(VBOX_E_FILE_ERROR, vrc, 1649 tr("The saved state file '%s' is invalid (%Rrc). Delete the saved state and try again"), 1650 strSavedStateFile.c_str(), vrc); 1651 1652 mSavedStateDataLoaded = true; 1684 } 1653 1685 } 1654 1686 … … 3143 3175 3144 3176 int vrc = m_pKeyStore->addSecretKey(aId, pbKey, cbKey); 3145 if (RT_SUCCESS(vrc)) 3177 if ( RT_SUCCESS(vrc) 3178 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 3179 || vrc == VERR_ALREADY_EXISTS /* Allow setting an existing key for encrypted VMs. */ 3180 #endif 3181 ) 3146 3182 { 3147 3183 unsigned cDisksConfigured = 0; 3184 3185 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 3186 if (mptrNvramStore.isNotNull()) 3187 mptrNvramStore->i_addPassword(aId, aPassword); 3188 3189 SecretKey *pKey = NULL; 3190 vrc = m_pKeyStore->retainSecretKey(aId, &pKey); 3191 AssertRCReturn(vrc, E_FAIL); 3192 pKey->setRemoveOnSuspend(!!aClearOnSuspend); 3193 pKey->release(); 3194 #endif 3148 3195 3149 3196 hrc = i_configureEncryptionForDisk(aId, &cDisksConfigured); 3150 3197 if (SUCCEEDED(hrc)) 3151 3198 { 3199 #ifndef VBOX_WITH_FULL_VM_ENCRYPTION 3152 3200 SecretKey *pKey = NULL; 3201 #endif 3153 3202 vrc = m_pKeyStore->retainSecretKey(aId, &pKey); 3154 3203 AssertRCReturn(vrc, E_FAIL); 3155 3204 3156 3205 pKey->setUsers(cDisksConfigured); 3206 #ifndef VBOX_WITH_FULL_VM_ENCRYPTION 3157 3207 pKey->setRemoveOnSuspend(!!aClearOnSuspend); 3158 3208 m_pKeyStore->releaseSecretKey(aId); 3209 #endif 3159 3210 m_cDisksPwProvided += cDisksConfigured; 3160 3211 … … 3175 3226 } 3176 3227 } 3228 #ifndef VBOX_WITH_FULL_VM_ENCRYPTION 3177 3229 else if (vrc == VERR_ALREADY_EXISTS) 3178 3230 hrc = setErrorBoth(VBOX_E_OBJECT_IN_USE, vrc, tr("A password with the given ID already exists")); 3231 #endif 3179 3232 else if (vrc == VERR_NO_MEMORY) 3180 3233 hrc = setErrorBoth(E_FAIL, vrc, tr("Failed to allocate enough secure memory for the key")); … … 3199 3252 AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); 3200 3253 3254 #ifndef VBOX_WITH_FULL_VM_ENCRYPTION 3201 3255 /* Check that the IDs do not exist already before changing anything. */ 3202 3256 for (unsigned i = 0; i < aIds.size(); i++) … … 3212 3266 } 3213 3267 } 3268 #else 3269 /* 3270 * Passwords for the same ID can be added in different ways because 3271 * of encrypted VMs now. Just add them instead of generating an error. 3272 */ 3273 /** @todo Check that passwords with the same ID match. */ 3274 #endif 3214 3275 3215 3276 for (unsigned i = 0; i < aIds.size(); i++) … … 3251 3312 vrc = m_pKeyStore->deleteSecretKey(aId); 3252 3313 AssertRCReturn(vrc, E_FAIL); 3314 3315 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 3316 if (mptrNvramStore.isNotNull()) 3317 mptrNvramStore->i_removePassword(aId); 3318 #endif 3253 3319 } 3254 3320 else if (vrc == VERR_NOT_FOUND) … … 3263 3329 { 3264 3330 AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); 3331 3332 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 3333 if (mptrNvramStore.isNotNull()) 3334 mptrNvramStore->i_removeAllPasswords(); 3335 #endif 3265 3336 3266 3337 int vrc = m_pKeyStore->deleteAllSecretKeys(false /* fSuspend */, false /* fForce */); … … 4435 4506 AssertComRCReturnRC(hrc); 4436 4507 4508 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 4509 m_cDisksPwProvided = 0; 4510 #endif 4511 4437 4512 /* Find the correct attachment. */ 4438 4513 for (unsigned i = 0; i < sfaAttachments.size(); i++) 4439 4514 { 4440 4515 const ComPtr<IMediumAttachment> &pAtt = sfaAttachments[i]; 4516 4517 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 4518 ComPtr<IMedium> pMedium; 4519 ComPtr<IMedium> pBase; 4520 4521 hrc = pAtt->COMGETTER(Medium)(pMedium.asOutParam()); 4522 AssertComRC(hrc); 4523 4524 bool fKeepSecIf = false; 4525 /* Skip non hard disk attachments. */ 4526 if (pMedium.isNotNull()) 4527 { 4528 /* Get the UUID of the base medium and compare. */ 4529 hrc = pMedium->COMGETTER(Base)(pBase.asOutParam()); 4530 AssertComRC(hrc); 4531 4532 Bstr bstrKeyId; 4533 hrc = pBase->GetProperty(Bstr("CRYPT/KeyId").raw(), bstrKeyId.asOutParam()); 4534 if (SUCCEEDED(hrc)) 4535 { 4536 Utf8Str strKeyId(bstrKeyId); 4537 SecretKey *pKey = NULL; 4538 int vrc = m_pKeyStore->retainSecretKey(strKeyId, &pKey); 4539 if (RT_SUCCESS(vrc)) 4540 { 4541 fKeepSecIf = true; 4542 m_pKeyStore->releaseSecretKey(strKeyId); 4543 } 4544 } 4545 } 4546 #endif 4547 4441 4548 /* 4442 4549 * Query storage controller, port and device … … 4486 4593 if (pIMedium) 4487 4594 { 4595 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 4596 rc = pIMedium->pfnSetSecKeyIf(pIMedium, fKeepSecIf ? mpIfSecKey : NULL, mpIfSecKeyHlp); 4597 Assert(RT_SUCCESS(rc) || rc == VERR_NOT_SUPPORTED); 4598 if (fKeepSecIf) 4599 m_cDisksPwProvided++; 4600 #else 4488 4601 rc = pIMedium->pfnSetSecKeyIf(pIMedium, NULL, mpIfSecKeyHlp); 4489 4602 Assert(RT_SUCCESS(rc) || rc == VERR_NOT_SUPPORTED); 4603 #endif 4490 4604 } 4491 4605 } … … 6950 7064 hrc = setErrorBoth(VBOX_E_VM_ERROR, vrc, tr("Could not suspend the machine execution (%Rrc)"), vrc); 6951 7065 } 7066 7067 Bstr bstrStateKeyId; 7068 Bstr bstrStateKeyStore; 7069 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 7070 if (SUCCEEDED(hrc)) 7071 { 7072 hrc = mMachine->COMGETTER(StateKeyId)(bstrStateKeyId.asOutParam()); 7073 if (SUCCEEDED(hrc)) 7074 { 7075 hrc = mMachine->COMGETTER(StateKeyStore)(bstrStateKeyStore.asOutParam()); 7076 if (FAILED(hrc)) 7077 hrc = setError(hrc, tr("Could not get key store for state file(%Rhrc (0x%08X))"), hrc, hrc); 7078 } 7079 else 7080 hrc = setError(hrc, tr("Could not get key id for state file(%Rhrc (0x%08X))"), hrc, hrc); 7081 } 7082 #endif 7083 6952 7084 if (SUCCEEDED(hrc)) 6953 7085 { … … 6956 7088 mpVmm2UserMethods->pISnapshot = aSnapshot; 6957 7089 mptrCancelableProgress = aProgress; 6958 alock.release(); 6959 6960 int vrc = ptrVM.vtable()->pfnVMR3Save(ptrVM.rawUVM(), 6961 aStateFilePath.c_str(), 6962 fContinueAfterwards, 6963 Console::i_stateProgressCallback, 6964 static_cast<IProgress *>(aProgress), 6965 &aLeftPaused); 6966 6967 alock.acquire(); 7090 7091 SsmStream ssmStream(this, ptrVM.vtable(), m_pKeyStore, bstrStateKeyId, bstrStateKeyStore); 7092 int vrc = ssmStream.create(aStateFilePath.c_str()); 7093 if (RT_SUCCESS(vrc)) 7094 { 7095 PCSSMSTRMOPS pStreamOps = NULL; 7096 void *pvStreamOpsUser = NULL; 7097 vrc = ssmStream.querySsmStrmOps(&pStreamOps, &pvStreamOpsUser); 7098 if (RT_SUCCESS(vrc)) 7099 { 7100 alock.release(); 7101 7102 vrc = ptrVM.vtable()->pfnVMR3Save(ptrVM.rawUVM(), 7103 NULL /*pszFilename*/, 7104 pStreamOps, 7105 pvStreamOpsUser, 7106 fContinueAfterwards, 7107 Console::i_stateProgressCallback, 7108 static_cast<IProgress *>(aProgress), 7109 &aLeftPaused); 7110 7111 alock.acquire(); 7112 } 7113 7114 ssmStream.close(); 7115 if (RT_FAILURE(vrc)) 7116 { 7117 int vrc2 = RTFileDelete(aStateFilePath.c_str()); 7118 AssertRC(vrc2); 7119 } 7120 } 7121 6968 7122 mpVmm2UserMethods->pISnapshot = NULL; 6969 7123 mptrCancelableProgress.setNull(); … … 7853 8007 */ 7854 8008 Utf8Str strSavedStateFile; 8009 Bstr bstrStateKeyId; 8010 Bstr bstrStateKeyStore; 8011 7855 8012 if (mMachineState == MachineState_Saved || mMachineState == MachineState_AbortedSaved) 7856 8013 { … … 7861 8018 strSavedStateFile = bstrSavedStateFile; 7862 8019 8020 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 8021 rc = mMachine->COMGETTER(StateKeyId)(bstrStateKeyId.asOutParam()); 8022 if (FAILED(rc)) 8023 throw rc; 8024 rc = mMachine->COMGETTER(StateKeyStore)(bstrStateKeyStore.asOutParam()); 8025 if (FAILED(rc)) 8026 throw rc; 8027 #endif 8028 7863 8029 ComAssertRet(bstrSavedStateFile.isNotEmpty(), E_FAIL); 7864 int vrc = pVMM->pfnSSMR3ValidateFile(strSavedStateFile.c_str(), NULL /*pStreamOps*/, NULL /*pvStreamOps*/, 7865 false /* fChecksumIt */); 8030 SsmStream ssmStream(this, pVMM, m_pKeyStore, bstrStateKeyId, bstrStateKeyStore); 8031 int vrc = ssmStream.open(strSavedStateFile.c_str()); 8032 if (RT_SUCCESS(vrc)) 8033 { 8034 PCSSMSTRMOPS pStreamOps; 8035 void *pvStreamOpsUser; 8036 8037 vrc = ssmStream.querySsmStrmOps(&pStreamOps, &pvStreamOpsUser); 8038 if (RT_SUCCESS(vrc)) 8039 vrc = pVMM->pfnSSMR3ValidateFile(NULL /*pszFilename*/, pStreamOps, pvStreamOpsUser, 8040 false /* fChecksumIt */); 8041 } 8042 7866 8043 if (RT_FAILURE(vrc)) 7867 8044 { … … 7880 8057 throw setErrorBoth(VBOX_E_FILE_ERROR, vrc, errMsg.c_str()); 7881 8058 } 8059 7882 8060 } 7883 8061 … … 8180 8358 } 8181 8359 8360 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 8361 task->mKeyStore = Utf8Str(bstrStateKeyStore); 8362 task->mKeyId = Utf8Str(bstrStateKeyId); 8363 task->m_pKeyStore = m_pKeyStore; 8364 #endif 8365 8182 8366 rc = task->createThread(); 8183 8367 task = NULL; … … 8947 9131 AssertReturn(ppCryptoIf != NULL, VERR_INVALID_PARAMETER); 8948 9132 9133 int vrc = VINF_SUCCESS; 8949 9134 if (mhLdrModCrypto == NIL_RTLDRMOD) 8950 return VERR_NOT_SUPPORTED; 8951 8952 ASMAtomicIncU32(&mcRefsCrypto); 8953 *ppCryptoIf = mpCryptoIf; 8954 8955 return VINF_SUCCESS; 9135 { 9136 #ifdef VBOX_WITH_EXTPACK 9137 /* 9138 * Check that a crypto extension pack name is set and resolve it into a 9139 * library path. 9140 */ 9141 HRESULT hrc = S_OK; 9142 Bstr bstrExtPack; 9143 9144 ComPtr<IVirtualBox> pVirtualBox; 9145 mMachine->COMGETTER(Parent)(pVirtualBox.asOutParam()); 9146 ComPtr<ISystemProperties> pSystemProperties; 9147 if (pVirtualBox) 9148 pVirtualBox->COMGETTER(SystemProperties)(pSystemProperties.asOutParam()); 9149 if (pSystemProperties) 9150 pSystemProperties->COMGETTER(DefaultCryptoExtPack)(bstrExtPack.asOutParam()); 9151 if (FAILED(hrc)) 9152 return hrc; 9153 9154 Utf8Str strExtPack(bstrExtPack); 9155 if (strExtPack.isEmpty()) 9156 { 9157 setError(VBOX_E_OBJECT_NOT_FOUND, 9158 tr("Ńo extension pack providing a cryptographic support module could be found")); 9159 return VERR_NOT_FOUND; 9160 } 9161 9162 Utf8Str strCryptoLibrary; 9163 vrc = mptrExtPackManager->i_getCryptoLibraryPathForExtPack(&strExtPack, &strCryptoLibrary); 9164 if (RT_SUCCESS(vrc)) 9165 { 9166 RTERRINFOSTATIC ErrInfo; 9167 vrc = SUPR3HardenedLdrLoadPlugIn(strCryptoLibrary.c_str(), &mhLdrModCrypto, RTErrInfoInitStatic(&ErrInfo)); 9168 if (RT_SUCCESS(vrc)) 9169 { 9170 /* Resolve the entry point and query the pointer to the cryptographic interface. */ 9171 PFNVBOXCRYPTOENTRY pfnCryptoEntry = NULL; 9172 vrc = RTLdrGetSymbol(mhLdrModCrypto, VBOX_CRYPTO_MOD_ENTRY_POINT, (void **)&pfnCryptoEntry); 9173 if (RT_SUCCESS(vrc)) 9174 { 9175 vrc = pfnCryptoEntry(&mpCryptoIf); 9176 if (RT_FAILURE(vrc)) 9177 setErrorBoth(VBOX_E_IPRT_ERROR, vrc, 9178 tr("Failed to query the interface callback table from the cryptographic support module '%s' from extension pack '%s'"), 9179 strCryptoLibrary.c_str(), strExtPack.c_str()); 9180 } 9181 else 9182 setErrorBoth(VBOX_E_IPRT_ERROR, vrc, 9183 tr("Failed to resolve the entry point for the cryptographic support module '%s' from extension pack '%s'"), 9184 strCryptoLibrary.c_str(), strExtPack.c_str()); 9185 9186 if (RT_FAILURE(vrc)) 9187 { 9188 RTLdrClose(mhLdrModCrypto); 9189 mhLdrModCrypto = NIL_RTLDRMOD; 9190 } 9191 } 9192 else 9193 setErrorBoth(VBOX_E_IPRT_ERROR, vrc, 9194 tr("Couldn't load the cryptographic support module '%s' from extension pack '%s' (error: '%s')"), 9195 strCryptoLibrary.c_str(), strExtPack.c_str(), ErrInfo.Core.pszMsg); 9196 } 9197 else 9198 setErrorBoth(VBOX_E_IPRT_ERROR, vrc, 9199 tr("Couldn't resolve the library path of the crpytographic support module for extension pack '%s'"), 9200 strExtPack.c_str()); 9201 #else 9202 setError(VBOX_E_NOT_SUPPORTED, 9203 tr("The cryptographic support module is not supported in this build because extension packs are not supported")); 9204 vrc = VERR_NOT_SUPPORTED; 9205 #endif 9206 } 9207 9208 if (RT_SUCCESS(vrc)) 9209 { 9210 ASMAtomicIncU32(&mcRefsCrypto); 9211 *ppCryptoIf = mpCryptoIf; 9212 } 9213 9214 return vrc; 8956 9215 } 8957 9216 … … 8970 9229 ASMAtomicDecU32(&mcRefsCrypto); 8971 9230 return VINF_SUCCESS; 9231 } 9232 9233 /** 9234 * Tries to unload any loaded cryptographic support module if it is not in use currently. 9235 * 9236 * @returns COM status code. 9237 * 9238 * @note Locks this object for writing. 9239 */ 9240 HRESULT Console::i_unloadCryptoIfModule(void) 9241 { 9242 AutoCaller autoCaller(this); 9243 AssertComRCReturnRC(autoCaller.rc()); 9244 9245 AutoWriteLock wlock(this COMMA_LOCKVAL_SRC_POS); 9246 9247 if (mcRefsCrypto) 9248 return setError(E_ACCESSDENIED, 9249 tr("The cryptographic support module is in use and can't be unloaded")); 9250 9251 if (mhLdrModCrypto != NIL_RTLDRMOD) 9252 { 9253 int vrc = RTLdrClose(mhLdrModCrypto); 9254 AssertRC(vrc); 9255 mhLdrModCrypto = NIL_RTLDRMOD; 9256 } 9257 9258 return S_OK; 8972 9259 } 8973 9260 … … 10567 10854 LogFlowFunc(("Restoring saved state from '%s'...\n", pTask->mSavedStateFile.c_str())); 10568 10855 10856 #ifdef VBOX_WITH_FULL_VM_ENCRYPTION 10857 SsmStream ssmStream(pConsole, pVMM, pTask->m_pKeyStore, pTask->mKeyId, pTask->mKeyStore); 10858 10859 vrc = ssmStream.open(pTask->mSavedStateFile.c_str()); 10860 if (RT_SUCCESS(vrc)) 10861 { 10862 PCSSMSTRMOPS pStreamOps; 10863 void *pvStreamOpsUser; 10864 10865 vrc = ssmStream.querySsmStrmOps(&pStreamOps, &pvStreamOpsUser); 10866 if (RT_SUCCESS(vrc)) 10867 vrc = pVMM->pfnVMR3LoadFromStream(pConsole->mpUVM, 10868 pStreamOps, pvStreamOpsUser, 10869 Console::i_stateProgressCallback, 10870 static_cast<IProgress *>(pTask->mProgress)); 10871 } 10872 #else 10569 10873 vrc = pVMM->pfnVMR3LoadFromFile(pConsole->mpUVM, 10570 10874 pTask->mSavedStateFile.c_str(), 10571 10875 Console::i_stateProgressCallback, 10572 10876 static_cast<IProgress *>(pTask->mProgress)); 10877 #endif 10573 10878 if (RT_SUCCESS(vrc)) 10574 10879 {
Note:
See TracChangeset
for help on using the changeset viewer.

