search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 6.12 compat: META
[zfs.git] / lib / libzfs / libzfs_crypto.c
blob93dfa9cbc2c086afbc38c2cf6256c9cf624061c1
1 /*
2 * CDDL HEADER START
3 *
4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
7 * 1.0 of the CDDL.
8 *
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
12 *
13 * CDDL HEADER END
14 */
15
16 /*
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
18 * Copyright 2020 Joyent, Inc.
19 */
20
21 #include <sys/zfs_context.h>
22 #include <sys/fs/zfs.h>
23 #include <sys/dsl_crypt.h>
24 #include <libintl.h>
25 #include <termios.h>
26 #include <signal.h>
27 #include <errno.h>
28 #include <openssl/evp.h>
29 #if LIBFETCH_DYNAMIC
30 #include <dlfcn.h>
31 #endif
32 #if LIBFETCH_IS_FETCH
33 #include <sys/param.h>
34 #include <stdio.h>
35 #include <fetch.h>
36 #elif LIBFETCH_IS_LIBCURL
37 #include <curl/curl.h>
38 #endif
39 #include <libzfs.h>
40 #include <libzutil.h>
41 #include "libzfs_impl.h"
42 #include "zfeature_common.h"
43
44 /*
45 * User keys are used to decrypt the master encryption keys of a dataset. This
46 * indirection allows a user to change his / her access key without having to
47 * re-encrypt the entire dataset. User keys can be provided in one of several
48 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
49 * are converted to binary and passed into the kernel. Password based keys are
50 * a bit more complicated. Passwords alone do not provide suitable entropy for
51 * encryption and may be too short or too long to be used. In order to derive
52 * a more appropriate key we use a PBKDF2 function. This function is designed
53 * to take a (relatively) long time to calculate in order to discourage
54 * attackers from guessing from a list of common passwords. PBKDF2 requires
55 * 2 additional parameters. The first is the number of iterations to run, which
56 * will ultimately determine how long it takes to derive the resulting key from
57 * the password. The second parameter is a salt that is randomly generated for
58 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
59 * attackers cannot reasonably generate a table of commonly known passwords to
60 * their output keys and expect it work for all past and future PBKDF2 users.
61 * We store the salt as a hidden property of the dataset (although it is
62 * technically ok if the salt is known to the attacker).
63 */
64
65 #define MIN_PASSPHRASE_LEN 8
66 #define MAX_PASSPHRASE_LEN 512
67 #define MAX_KEY_PROMPT_ATTEMPTS 3
68
69 static int caught_interrupt;
70
71 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
72 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
73 static int get_key_material_https(libzfs_handle_t *, const char *, const char *,
74 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
75
76 static zfs_uri_handler_t uri_handlers[] = {
77 { "file", get_key_material_file },
78 { "https", get_key_material_https },
79 { "http", get_key_material_https },
80 { NULL, NULL }
81 };
82
83 static int
84 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
85 {
86 int rand;
87 ssize_t bytes_read = 0;
88
89 rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
90
91 if (rand < 0)
92 return (rand);
93
94 while (bytes_read < bytes) {
95 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
96 if (rc < 0)
97 break;
98 bytes_read += rc;
99 }
100
101 (void) close(rand);
102
103 return (bytes_read);
104 }
105
106 static int
107 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
108 zfs_keylocation_t *restrict locp, char **restrict schemep)
109 {
110 *locp = ZFS_KEYLOCATION_NONE;
111 *schemep = NULL;
112
113 if (strcmp("prompt", str) == 0) {
114 *locp = ZFS_KEYLOCATION_PROMPT;
115 return (0);
116 }
117
118 regmatch_t pmatch[2];
119
120 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),
121 pmatch, 0) == 0) {
122 size_t scheme_len;
123
124 if (pmatch[1].rm_so == -1) {
125 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
126 "Invalid URI"));
127 return (EINVAL);
128 }
129
130 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;
131
132 *schemep = calloc(1, scheme_len + 1);
133 if (*schemep == NULL) {
134 int ret = errno;
135
136 errno = 0;
137 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
138 "Invalid URI"));
139 return (ret);
140 }
141
142 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);
143 *locp = ZFS_KEYLOCATION_URI;
144 return (0);
145 }
146
147 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
148 return (EINVAL);
149 }
150
151 static int
152 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
153 {
154 int ret, i;
155 unsigned int c;
156
157 for (i = 0; i < hexlen; i += 2) {
158 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
159 ret = EINVAL;
160 goto error;
161 }
162
163 ret = sscanf(&hex[i], "%02x", &c);
164 if (ret != 1) {
165 ret = EINVAL;
166 goto error;
167 }
168
169 out[i / 2] = c;
170 }
171
172 return (0);
173
174 error:
175 return (ret);
176 }
177
178
179 static void
180 catch_signal(int sig)
181 {
182 caught_interrupt = sig;
183 }
184
185 static const char *
186 get_format_prompt_string(zfs_keyformat_t format)
187 {
188 switch (format) {
189 case ZFS_KEYFORMAT_RAW:
190 return ("raw key");
191 case ZFS_KEYFORMAT_HEX:
192 return ("hex key");
193 case ZFS_KEYFORMAT_PASSPHRASE:
194 return ("passphrase");
195 default:
196 /* shouldn't happen */
197 return (NULL);
198 }
199 }
200
201 /* do basic validation of the key material */
202 static int
203 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
204 const char *key, size_t keylen, boolean_t do_verify)
205 {
206 switch (keyformat) {
207 case ZFS_KEYFORMAT_RAW:
208 /* verify the key length is correct */
209 if (keylen < WRAPPING_KEY_LEN) {
210 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
211 "Raw key too short (expected %u)."),
212 WRAPPING_KEY_LEN);
213 return (EINVAL);
214 }
215
216 if (keylen > WRAPPING_KEY_LEN) {
217 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
218 "Raw key too long (expected %u)."),
219 WRAPPING_KEY_LEN);
220 return (EINVAL);
221 }
222 break;
223 case ZFS_KEYFORMAT_HEX:
224 /* verify the key length is correct */
225 if (keylen < WRAPPING_KEY_LEN * 2) {
226 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
227 "Hex key too short (expected %u)."),
228 WRAPPING_KEY_LEN * 2);
229 return (EINVAL);
230 }
231
232 if (keylen > WRAPPING_KEY_LEN * 2) {
233 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
234 "Hex key too long (expected %u)."),
235 WRAPPING_KEY_LEN * 2);
236 return (EINVAL);
237 }
238
239 /* check for invalid hex digits */
240 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
241 if (!isxdigit(key[i])) {
242 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
243 "Invalid hex character detected."));
244 return (EINVAL);
245 }
246 }
247 break;
248 case ZFS_KEYFORMAT_PASSPHRASE:
249 /*
250 * Verify the length is within bounds when setting a new key,
251 * but not when loading an existing key.
252 */
253 if (!do_verify)
254 break;
255 if (keylen > MAX_PASSPHRASE_LEN) {
256 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
257 "Passphrase too long (max %u)."),
258 MAX_PASSPHRASE_LEN);
259 return (EINVAL);
260 }
261
262 if (keylen < MIN_PASSPHRASE_LEN) {
263 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
264 "Passphrase too short (min %u)."),
265 MIN_PASSPHRASE_LEN);
266 return (EINVAL);
267 }
268 break;
269 default:
270 /* can't happen, checked above */
271 break;
272 }
273
274 return (0);
275 }
276
277 static int
278 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
279 boolean_t new_key, const char *fsname,
280 char **restrict res, size_t *restrict reslen)
281 {
282 FILE *f = stdin;
283 size_t buflen = 0;
284 ssize_t bytes;
285 int ret = 0;
286 struct termios old_term, new_term;
287 struct sigaction act, osigint, osigtstp;
288
289 *res = NULL;
290 *reslen = 0;
291
292 /*
293 * handle SIGINT and ignore SIGSTP. This is necessary to
294 * restore the state of the terminal.
295 */
296 caught_interrupt = 0;
297 act.sa_flags = 0;
298 (void) sigemptyset(&act.sa_mask);
299 act.sa_handler = catch_signal;
300
301 (void) sigaction(SIGINT, &act, &osigint);
302 act.sa_handler = SIG_IGN;
303 (void) sigaction(SIGTSTP, &act, &osigtstp);
304
305 (void) printf("%s %s%s",
306 is_reenter ? "Re-enter" : "Enter",
307 new_key ? "new " : "",
308 get_format_prompt_string(keyformat));
309 if (fsname != NULL)
310 (void) printf(" for '%s'", fsname);
311 (void) fputc(':', stdout);
312 (void) fflush(stdout);
313
314 /* disable the terminal echo for key input */
315 (void) tcgetattr(fileno(f), &old_term);
316
317 new_term = old_term;
318 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
319
320 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
321 if (ret != 0) {
322 ret = errno;
323 errno = 0;
324 goto out;
325 }
326
327 bytes = getline(res, &buflen, f);
328 if (bytes < 0) {
329 ret = errno;
330 errno = 0;
331 goto out;
332 }
333
334 /* trim the ending newline if it exists */
335 if (bytes > 0 && (*res)[bytes - 1] == '\n') {
336 (*res)[bytes - 1] = '\0';
337 bytes--;
338 }
339
340 *reslen = bytes;
341
342 out:
343 /* reset the terminal */
344 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
345 (void) sigaction(SIGINT, &osigint, NULL);
346 (void) sigaction(SIGTSTP, &osigtstp, NULL);
347
348 /* if we caught a signal, re-throw it now */
349 if (caught_interrupt != 0)
350 (void) kill(getpid(), caught_interrupt);
351
352 /* print the newline that was not echo'd */
353 (void) printf("\n");
354
355 return (ret);
356 }
357
358 static int
359 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
360 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
361 uint8_t **restrict outbuf, size_t *restrict len_out)
362 {
363 char *buf = NULL, *buf2 = NULL;
364 size_t buflen = 0, buf2len = 0;
365 int ret = 0;
366
367 ASSERT(isatty(fileno(stdin)));
368
369 /* raw keys cannot be entered on the terminal */
370 if (keyformat == ZFS_KEYFORMAT_RAW) {
371 ret = EINVAL;
372 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
373 "Cannot enter raw keys on the terminal"));
374 goto out;
375 }
376
377 /* prompt for the key */
378 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
379 &buf, &buflen)) != 0) {
380 free(buf);
381 buf = NULL;
382 buflen = 0;
383 goto out;
384 }
385
386 if (!confirm_key)
387 goto out;
388
389 if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) !=
390 0) {
391 free(buf);
392 return (ret);
393 }
394
395 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
396 &buf2len);
397 if (ret != 0) {
398 free(buf);
399 free(buf2);
400 buf = buf2 = NULL;
401 buflen = buf2len = 0;
402 goto out;
403 }
404
405 if (buflen != buf2len || strcmp(buf, buf2) != 0) {
406 free(buf);
407 buf = NULL;
408 buflen = 0;
409
410 ret = EINVAL;
411 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
412 "Provided keys do not match."));
413 }
414
415 free(buf2);
416
417 out:
418 *outbuf = (uint8_t *)buf;
419 *len_out = buflen;
420 return (ret);
421 }
422
423 static int
424 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
425 uint8_t **buf, size_t *len_out)
426 {
427 int ret = 0;
428 size_t buflen = 0;
429
430 *len_out = 0;
431
432 /* read the key material */
433 if (keyformat != ZFS_KEYFORMAT_RAW) {
434 ssize_t bytes;
435
436 bytes = getline((char **)buf, &buflen, fd);
437 if (bytes < 0) {
438 ret = errno;
439 errno = 0;
440 goto out;
441 }
442
443 /* trim the ending newline if it exists */
444 if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
445 (*buf)[bytes - 1] = '\0';
446 bytes--;
447 }
448
449 *len_out = bytes;
450 } else {
451 size_t n;
452
453 /*
454 * Raw keys may have newline characters in them and so can't
455 * use getline(). Here we attempt to read 33 bytes so that we
456 * can properly check the key length (the file should only have
457 * 32 bytes).
458 */
459 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
460 if (*buf == NULL) {
461 ret = ENOMEM;
462 goto out;
463 }
464
465 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
466 if (n == 0 || ferror(fd)) {
467 /* size errors are handled by the calling function */
468 free(*buf);
469 *buf = NULL;
470 ret = errno;
471 errno = 0;
472 goto out;
473 }
474
475 *len_out = n;
476 }
477 out:
478 return (ret);
479 }
480
481 static int
482 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
483 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
484 uint8_t **restrict buf, size_t *restrict len_out)
485 {
486 (void) fsname, (void) newkey;
487 FILE *f = NULL;
488 int ret = 0;
489
490 if (strlen(uri) < 7)
491 return (EINVAL);
492
493 if ((f = fopen(uri + 7, "re")) == NULL) {
494 ret = errno;
495 errno = 0;
496 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
497 "Failed to open key material file: %s"), zfs_strerror(ret));
498 return (ret);
499 }
500
501 ret = get_key_material_raw(f, keyformat, buf, len_out);
502
503 (void) fclose(f);
504
505 return (ret);
506 }
507
508 static int
509 get_key_material_https(libzfs_handle_t *hdl, const char *uri,
510 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
511 uint8_t **restrict buf, size_t *restrict len_out)
512 {
513 (void) fsname, (void) newkey;
514 int ret = 0;
515 FILE *key = NULL;
516 boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0;
517
518 if (strlen(uri) < (is_http ? 7 : 8)) {
519 ret = EINVAL;
520 goto end;
521 }
522
523 #if LIBFETCH_DYNAMIC
524 #define LOAD_FUNCTION(func) \
525 __typeof__(func) *func = dlsym(hdl->libfetch, #func);
526
527 if (hdl->libfetch == NULL)
528 hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY);
529
530 if (hdl->libfetch == NULL) {
531 hdl->libfetch = (void *)-1;
532 char *err = dlerror();
533 if (err)
534 hdl->libfetch_load_error = strdup(err);
535 }
536
537 if (hdl->libfetch == (void *)-1) {
538 ret = ENOSYS;
539 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
540 "Couldn't load %s: %s"),
541 LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)");
542 goto end;
543 }
544
545 boolean_t ok;
546 #if LIBFETCH_IS_FETCH
547 LOAD_FUNCTION(fetchGetURL);
548 char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString");
549
550 ok = fetchGetURL && fetchLastErrString;
551 #elif LIBFETCH_IS_LIBCURL
552 LOAD_FUNCTION(curl_easy_init);
553 LOAD_FUNCTION(curl_easy_setopt);
554 LOAD_FUNCTION(curl_easy_perform);
555 LOAD_FUNCTION(curl_easy_cleanup);
556 LOAD_FUNCTION(curl_easy_strerror);
557 LOAD_FUNCTION(curl_easy_getinfo);
558
559 ok = curl_easy_init && curl_easy_setopt && curl_easy_perform &&
560 curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo;
561 #endif
562 if (!ok) {
563 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
564 "keylocation=%s back-end %s missing symbols."),
565 is_http ? "http://" : "https://", LIBFETCH_SONAME);
566 ret = ENOSYS;
567 goto end;
568 }
569 #endif
570
571 #if LIBFETCH_IS_FETCH
572 key = fetchGetURL(uri, "");
573 if (key == NULL) {
574 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
575 "Couldn't GET %s: %s"),
576 uri, fetchLastErrString);
577 ret = ENETDOWN;
578 }
579 #elif LIBFETCH_IS_LIBCURL
580 CURL *curl = curl_easy_init();
581 if (curl == NULL) {
582 ret = ENOTSUP;
583 goto end;
584 }
585
586 int kfd = -1;
587 #ifdef O_TMPFILE
588 kfd = open(getenv("TMPDIR") ?: "/tmp",
589 O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600);
590 if (kfd != -1)
591 goto kfdok;
592 #endif
593
594 char *path;
595 if (asprintf(&path,
596 "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) {
597 ret = ENOMEM;
598 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"),
599 zfs_strerror(ret));
600 goto end;
601 }
602
603 kfd = mkostemps(path, strlen(".https"), O_CLOEXEC);
604 if (kfd == -1) {
605 ret = errno;
606 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
607 "Couldn't create temporary file %s: %s"),
608 path, zfs_strerror(ret));
609 free(path);
610 goto end;
611 }
612 (void) unlink(path);
613 free(path);
614
615 kfdok:
616 if ((key = fdopen(kfd, "r+")) == NULL) {
617 ret = errno;
618 (void) close(kfd);
619 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
620 "Couldn't reopen temporary file: %s"), zfs_strerror(ret));
621 goto end;
622 }
623
624 char errbuf[CURL_ERROR_SIZE] = "";
625 char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */
626 char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */
627 char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */
628 char *clkey = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */
629 (void) curl_easy_setopt(curl, CURLOPT_URL, uri);
630 (void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
631 (void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L);
632 (void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key);
633 (void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
634 if (cainfo != NULL)
635 (void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
636 if (capath != NULL)
637 (void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
638 if (clcert != NULL)
639 (void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert);
640 if (clkey != NULL)
641 (void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey);
642
643 CURLcode res = curl_easy_perform(curl);
644
645 if (res != CURLE_OK) {
646 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
647 "Failed to connect to %s: %s"),
648 uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res));
649 ret = ENETDOWN;
650 } else {
651 long resp = 200;
652 (void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp);
653
654 if (resp < 200 || resp >= 300) {
655 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
656 "Couldn't GET %s: %ld"),
657 uri, resp);
658 ret = ENOENT;
659 } else
660 rewind(key);
661 }
662
663 curl_easy_cleanup(curl);
664 #else
665 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
666 "No keylocation=%s back-end."), is_http ? "http://" : "https://");
667 ret = ENOSYS;
668 #endif
669
670 end:
671 if (ret == 0)
672 ret = get_key_material_raw(key, keyformat, buf, len_out);
673
674 if (key != NULL)
675 fclose(key);
676
677 return (ret);
678 }
679
680 /*
681 * Attempts to fetch key material, no matter where it might live. The key
682 * material is allocated and returned in km_out. *can_retry_out will be set
683 * to B_TRUE if the user is providing the key material interactively, allowing
684 * for re-entry attempts.
685 */
686 static int
687 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
688 zfs_keyformat_t keyformat, const char *keylocation, const char *fsname,
689 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
690 {
691 int ret;
692 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
693 uint8_t *km = NULL;
694 size_t kmlen = 0;
695 char *uri_scheme = NULL;
696 zfs_uri_handler_t *handler = NULL;
697 boolean_t can_retry = B_FALSE;
698
699 /* verify and parse the keylocation */
700 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,
701 &uri_scheme);
702 if (ret != 0)
703 goto error;
704
705 /* open the appropriate file descriptor */
706 switch (keyloc) {
707 case ZFS_KEYLOCATION_PROMPT:
708 if (isatty(fileno(stdin))) {
709 can_retry = keyformat != ZFS_KEYFORMAT_RAW;
710 ret = get_key_interactive(hdl, fsname, keyformat,
711 do_verify, newkey, &km, &kmlen);
712 } else {
713 /* fetch the key material into the buffer */
714 ret = get_key_material_raw(stdin, keyformat, &km,
715 &kmlen);
716 }
717
718 if (ret != 0)
719 goto error;
720
721 break;
722 case ZFS_KEYLOCATION_URI:
723 ret = ENOTSUP;
724
725 for (handler = uri_handlers; handler->zuh_scheme != NULL;
726 handler++) {
727 if (strcmp(handler->zuh_scheme, uri_scheme) != 0)
728 continue;
729
730 if ((ret = handler->zuh_handler(hdl, keylocation,
731 fsname, keyformat, newkey, &km, &kmlen)) != 0)
732 goto error;
733
734 break;
735 }
736
737 if (ret == ENOTSUP) {
738 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
739 "URI scheme is not supported"));
740 goto error;
741 }
742
743 break;
744 default:
745 ret = EINVAL;
746 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
747 "Invalid keylocation."));
748 goto error;
749 }
750
751 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen,
752 do_verify)) != 0)
753 goto error;
754
755 *km_out = km;
756 *kmlen_out = kmlen;
757 if (can_retry_out != NULL)
758 *can_retry_out = can_retry;
759
760 free(uri_scheme);
761 return (0);
762
763 error:
764 free(km);
765
766 *km_out = NULL;
767 *kmlen_out = 0;
768
769 if (can_retry_out != NULL)
770 *can_retry_out = can_retry;
771
772 free(uri_scheme);
773 return (ret);
774 }
775
776 static int
777 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
778 uint8_t *key_material, uint64_t salt,
779 uint8_t **key_out)
780 {
781 int ret;
782 uint8_t *key;
783
784 *key_out = NULL;
785
786 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
787
788 switch (format) {
789 case ZFS_KEYFORMAT_RAW:
790 memcpy(key, key_material, WRAPPING_KEY_LEN);
791 break;
792 case ZFS_KEYFORMAT_HEX:
793 ret = hex_key_to_raw((char *)key_material,
794 WRAPPING_KEY_LEN * 2, key);
795 if (ret != 0) {
796 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
797 "Invalid hex key provided."));
798 goto error;
799 }
800 break;
801 case ZFS_KEYFORMAT_PASSPHRASE:
802 salt = LE_64(salt);
803
804 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
805 strlen((char *)key_material), ((uint8_t *)&salt),
806 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
807 if (ret != 1) {
808 ret = EIO;
809 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
810 "Failed to generate key from passphrase."));
811 goto error;
812 }
813 break;
814 default:
815 ret = EINVAL;
816 goto error;
817 }
818
819 *key_out = key;
820 return (0);
821
822 error:
823 free(key);
824
825 *key_out = NULL;
826 return (ret);
827 }
828
829 static boolean_t
830 encryption_feature_is_enabled(zpool_handle_t *zph)
831 {
832 nvlist_t *features;
833 uint64_t feat_refcount;
834
835 /* check that features can be enabled */
836 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
837 < SPA_VERSION_FEATURES)
838 return (B_FALSE);
839
840 /* check for crypto feature */
841 features = zpool_get_features(zph);
842 if (!features || nvlist_lookup_uint64(features,
843 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
844 &feat_refcount) != 0)
845 return (B_FALSE);
846
847 return (B_TRUE);
848 }
849
850 static int
851 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
852 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
853 const char *keylocation, nvlist_t *props, uint8_t **wkeydata,
854 uint_t *wkeylen)
855 {
856 int ret;
857 uint64_t iters = 0, salt = 0;
858 uint8_t *key_material = NULL;
859 size_t key_material_len = 0;
860 uint8_t *key_data = NULL;
861 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
862
863 /* get key material from keyformat and keylocation */
864 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
865 fsname, &key_material, &key_material_len, NULL);
866 if (ret != 0)
867 goto error;
868
869 /* passphrase formats require a salt and pbkdf2 iters property */
870 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
871 /* always generate a new salt */
872 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
873 if (ret != sizeof (uint64_t)) {
874 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
875 "Failed to generate salt."));
876 goto error;
877 }
878
879 ret = nvlist_add_uint64(props,
880 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
881 if (ret != 0) {
882 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
883 "Failed to add salt to properties."));
884 goto error;
885 }
886
887 /*
888 * If not otherwise specified, use the default number of
889 * pbkdf2 iterations. If specified, we have already checked
890 * that the given value is greater than MIN_PBKDF2_ITERATIONS
891 * during zfs_valid_proplist().
892 */
893 ret = nvlist_lookup_uint64(props,
894 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
895 if (ret == ENOENT) {
896 iters = DEFAULT_PBKDF2_ITERATIONS;
897 ret = nvlist_add_uint64(props,
898 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
899 if (ret != 0)
900 goto error;
901 } else if (ret != 0) {
902 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
903 "Failed to get pbkdf2 iterations."));
904 goto error;
905 }
906 } else {
907 /* check that pbkdf2iters was not specified by the user */
908 ret = nvlist_lookup_uint64(props,
909 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
910 if (ret == 0) {
911 ret = EINVAL;
912 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
913 "Cannot specify pbkdf2iters with a non-passphrase "
914 "keyformat."));
915 goto error;
916 }
917 }
918
919 /* derive a key from the key material */
920 ret = derive_key(hdl, keyformat, iters, key_material, salt, &key_data);
921 if (ret != 0)
922 goto error;
923
924 free(key_material);
925
926 *wkeydata = key_data;
927 *wkeylen = WRAPPING_KEY_LEN;
928 return (0);
929
930 error:
931 if (key_material != NULL)
932 free(key_material);
933 if (key_data != NULL)
934 free(key_data);
935
936 *wkeydata = NULL;
937 *wkeylen = 0;
938 return (ret);
939 }
940
941 static boolean_t
942 proplist_has_encryption_props(nvlist_t *props)
943 {
944 int ret;
945 uint64_t intval;
946 const char *strval;
947
948 ret = nvlist_lookup_uint64(props,
949 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
950 if (ret == 0 && intval != ZIO_CRYPT_OFF)
951 return (B_TRUE);
952
953 ret = nvlist_lookup_string(props,
954 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
955 if (ret == 0 && strcmp(strval, "none") != 0)
956 return (B_TRUE);
957
958 ret = nvlist_lookup_uint64(props,
959 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
960 if (ret == 0)
961 return (B_TRUE);
962
963 ret = nvlist_lookup_uint64(props,
964 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
965 if (ret == 0)
966 return (B_TRUE);
967
968 return (B_FALSE);
969 }
970
971 int
972 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
973 char *buf)
974 {
975 int ret;
976 char prop_encroot[MAXNAMELEN];
977
978 /* if the dataset isn't encrypted, just return */
979 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
980 *is_encroot = B_FALSE;
981 if (buf != NULL)
982 buf[0] = '\0';
983 return (0);
984 }
985
986 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
987 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
988 if (ret != 0) {
989 *is_encroot = B_FALSE;
990 if (buf != NULL)
991 buf[0] = '\0';
992 return (ret);
993 }
994
995 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
996 if (buf != NULL)
997 strcpy(buf, prop_encroot);
998
999 return (0);
1000 }
1001
1002 int
1003 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
1004 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
1005 uint_t *wkeylen_out)
1006 {
1007 int ret;
1008 char errbuf[ERRBUFLEN];
1009 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
1010 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1011 const char *keylocation = NULL;
1012 zfs_handle_t *pzhp = NULL;
1013 uint8_t *wkeydata = NULL;
1014 uint_t wkeylen = 0;
1015 boolean_t local_crypt = B_TRUE;
1016
1017 (void) snprintf(errbuf, sizeof (errbuf),
1018 dgettext(TEXT_DOMAIN, "Encryption create error"));
1019
1020 /* lookup crypt from props */
1021 ret = nvlist_lookup_uint64(props,
1022 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
1023 if (ret != 0)
1024 local_crypt = B_FALSE;
1025
1026 /* lookup key location and format from props */
1027 (void) nvlist_lookup_uint64(props,
1028 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1029 (void) nvlist_lookup_string(props,
1030 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1031
1032 if (parent_name != NULL) {
1033 /* get a reference to parent dataset */
1034 pzhp = make_dataset_handle(hdl, parent_name);
1035 if (pzhp == NULL) {
1036 ret = ENOENT;
1037 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1038 "Failed to lookup parent."));
1039 goto out;
1040 }
1041
1042 /* Lookup parent's crypt */
1043 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1044
1045 /* Params require the encryption feature */
1046 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
1047 if (proplist_has_encryption_props(props)) {
1048 ret = EINVAL;
1049 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1050 "Encryption feature not enabled."));
1051 goto out;
1052 }
1053
1054 ret = 0;
1055 goto out;
1056 }
1057 } else {
1058 /*
1059 * special case for root dataset where encryption feature
1060 * feature won't be on disk yet
1061 */
1062 if (!nvlist_exists(pool_props, "feature@encryption")) {
1063 if (proplist_has_encryption_props(props)) {
1064 ret = EINVAL;
1065 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1066 "Encryption feature not enabled."));
1067 goto out;
1068 }
1069
1070 ret = 0;
1071 goto out;
1072 }
1073
1074 pcrypt = ZIO_CRYPT_OFF;
1075 }
1076
1077 /* Get the inherited encryption property if we don't have it locally */
1078 if (!local_crypt)
1079 crypt = pcrypt;
1080
1081 /*
1082 * At this point crypt should be the actual encryption value. If
1083 * encryption is off just verify that no encryption properties have
1084 * been specified and return.
1085 */
1086 if (crypt == ZIO_CRYPT_OFF) {
1087 if (proplist_has_encryption_props(props)) {
1088 ret = EINVAL;
1089 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1090 "Encryption must be turned on to set encryption "
1091 "properties."));
1092 goto out;
1093 }
1094
1095 ret = 0;
1096 goto out;
1097 }
1098
1099 /*
1100 * If we have a parent crypt it is valid to specify encryption alone.
1101 * This will result in a child that is encrypted with the chosen
1102 * encryption suite that will also inherit the parent's key. If
1103 * the parent is not encrypted we need an encryption suite provided.
1104 */
1105 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
1106 keyformat == ZFS_KEYFORMAT_NONE) {
1107 ret = EINVAL;
1108 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1109 "Keyformat required for new encryption root."));
1110 goto out;
1111 }
1112
1113 /*
1114 * Specifying a keylocation implies this will be a new encryption root.
1115 * Check that a keyformat is also specified.
1116 */
1117 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
1118 ret = EINVAL;
1119 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1120 "Keyformat required for new encryption root."));
1121 goto out;
1122 }
1123
1124 /* default to prompt if no keylocation is specified */
1125 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
1126 keylocation = (char *)"prompt";
1127 ret = nvlist_add_string(props,
1128 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
1129 if (ret != 0)
1130 goto out;
1131 }
1132
1133 /*
1134 * If a local key is provided, this dataset will be a new
1135 * encryption root. Populate the encryption params.
1136 */
1137 if (keylocation != NULL) {
1138 /*
1139 * 'zfs recv -o keylocation=prompt' won't work because stdin
1140 * is being used by the send stream, so we disallow it.
1141 */
1142 if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
1143 ret = EINVAL;
1144 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
1145 "'prompt' keylocation because stdin is in use."));
1146 goto out;
1147 }
1148
1149 ret = populate_create_encryption_params_nvlists(hdl, NULL,
1150 B_TRUE, keyformat, keylocation, props, &wkeydata,
1151 &wkeylen);
1152 if (ret != 0)
1153 goto out;
1154 }
1155
1156 if (pzhp != NULL)
1157 zfs_close(pzhp);
1158
1159 *wkeydata_out = wkeydata;
1160 *wkeylen_out = wkeylen;
1161 return (0);
1162
1163 out:
1164 if (pzhp != NULL)
1165 zfs_close(pzhp);
1166 if (wkeydata != NULL)
1167 free(wkeydata);
1168
1169 *wkeydata_out = NULL;
1170 *wkeylen_out = 0;
1171 return (ret);
1172 }
1173
1174 int
1175 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1176 char *parent_name, nvlist_t *props)
1177 {
1178 (void) origin_zhp, (void) parent_name;
1179 char errbuf[ERRBUFLEN];
1180
1181 (void) snprintf(errbuf, sizeof (errbuf),
1182 dgettext(TEXT_DOMAIN, "Encryption clone error"));
1183
1184 /*
1185 * No encryption properties should be specified. They will all be
1186 * inherited from the origin dataset.
1187 */
1188 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1189 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1190 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1191 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1192 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1193 "Encryption properties must inherit from origin dataset."));
1194 return (EINVAL);
1195 }
1196
1197 return (0);
1198 }
1199
1200 typedef struct loadkeys_cbdata {
1201 uint64_t cb_numfailed;
1202 uint64_t cb_numattempted;
1203 } loadkey_cbdata_t;
1204
1205 static int
1206 load_keys_cb(zfs_handle_t *zhp, void *arg)
1207 {
1208 int ret;
1209 boolean_t is_encroot;
1210 loadkey_cbdata_t *cb = arg;
1211 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1212
1213 /* only attempt to load keys for encryption roots */
1214 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1215 if (ret != 0 || !is_encroot)
1216 goto out;
1217
1218 /* don't attempt to load already loaded keys */
1219 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1220 goto out;
1221
1222 /* Attempt to load the key. Record status in cb. */
1223 cb->cb_numattempted++;
1224
1225 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1226 if (ret)
1227 cb->cb_numfailed++;
1228
1229 out:
1230 (void) zfs_iter_filesystems_v2(zhp, 0, load_keys_cb, cb);
1231 zfs_close(zhp);
1232
1233 /* always return 0, since this function is best effort */
1234 return (0);
1235 }
1236
1237 /*
1238 * This function is best effort. It attempts to load all the keys for the given
1239 * filesystem and all of its children.
1240 */
1241 int
1242 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, const char *fsname)
1243 {
1244 int ret;
1245 zfs_handle_t *zhp = NULL;
1246 loadkey_cbdata_t cb = { 0 };
1247
1248 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1249 if (zhp == NULL) {
1250 ret = ENOENT;
1251 goto error;
1252 }
1253
1254 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1255 if (ret)
1256 goto error;
1257
1258 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1259 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1260 (u_longlong_t)cb.cb_numattempted);
1261
1262 if (cb.cb_numfailed != 0) {
1263 ret = -1;
1264 goto error;
1265 }
1266
1267 zfs_close(zhp);
1268 return (0);
1269
1270 error:
1271 if (zhp != NULL)
1272 zfs_close(zhp);
1273 return (ret);
1274 }
1275
1276 int
1277 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop,
1278 const char *alt_keylocation)
1279 {
1280 int ret, attempts = 0;
1281 char errbuf[ERRBUFLEN];
1282 uint64_t keystatus, iters = 0, salt = 0;
1283 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1284 char prop_keylocation[MAXNAMELEN];
1285 char prop_encroot[MAXNAMELEN];
1286 const char *keylocation = NULL;
1287 uint8_t *key_material = NULL, *key_data = NULL;
1288 size_t key_material_len;
1289 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1290
1291 (void) snprintf(errbuf, sizeof (errbuf),
1292 dgettext(TEXT_DOMAIN, "Key load error"));
1293
1294 /* check that encryption is enabled for the pool */
1295 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1296 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1297 "Encryption feature not enabled."));
1298 ret = EINVAL;
1299 goto error;
1300 }
1301
1302 /* Fetch the keyformat. Check that the dataset is encrypted. */
1303 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1304 if (keyformat == ZFS_KEYFORMAT_NONE) {
1305 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1306 "'%s' is not encrypted."), zfs_get_name(zhp));
1307 ret = EINVAL;
1308 goto error;
1309 }
1310
1311 /*
1312 * Fetch the key location. Check that we are working with an
1313 * encryption root.
1314 */
1315 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1316 if (ret != 0) {
1317 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1318 "Failed to get encryption root for '%s'."),
1319 zfs_get_name(zhp));
1320 goto error;
1321 } else if (!is_encroot) {
1322 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1323 "Keys must be loaded for encryption root of '%s' (%s)."),
1324 zfs_get_name(zhp), prop_encroot);
1325 ret = EINVAL;
1326 goto error;
1327 }
1328
1329 /*
1330 * if the caller has elected to override the keylocation property
1331 * use that instead
1332 */
1333 if (alt_keylocation != NULL) {
1334 keylocation = alt_keylocation;
1335 } else {
1336 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1337 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1338 if (ret != 0) {
1339 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1340 "Failed to get keylocation for '%s'."),
1341 zfs_get_name(zhp));
1342 goto error;
1343 }
1344
1345 keylocation = prop_keylocation;
1346 }
1347
1348 /* check that the key is unloaded unless this is a noop */
1349 if (!noop) {
1350 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1351 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1352 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1353 "Key already loaded for '%s'."), zfs_get_name(zhp));
1354 ret = EEXIST;
1355 goto error;
1356 }
1357 }
1358
1359 /* passphrase formats require a salt and pbkdf2_iters property */
1360 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1361 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1362 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1363 }
1364
1365 try_again:
1366 /* fetching and deriving the key are correctable errors. set the flag */
1367 correctible = B_TRUE;
1368
1369 /* get key material from key format and location */
1370 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1371 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1372 &can_retry);
1373 if (ret != 0)
1374 goto error;
1375
1376 /* derive a key from the key material */
1377 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, salt,
1378 &key_data);
1379 if (ret != 0)
1380 goto error;
1381
1382 correctible = B_FALSE;
1383
1384 /* pass the wrapping key and noop flag to the ioctl */
1385 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1386 if (ret != 0) {
1387 switch (ret) {
1388 case EPERM:
1389 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1390 "Permission denied."));
1391 break;
1392 case EINVAL:
1393 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1394 "Invalid parameters provided for dataset %s."),
1395 zfs_get_name(zhp));
1396 break;
1397 case EEXIST:
1398 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1399 "Key already loaded for '%s'."), zfs_get_name(zhp));
1400 break;
1401 case EBUSY:
1402 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1403 "'%s' is busy."), zfs_get_name(zhp));
1404 break;
1405 case EACCES:
1406 correctible = B_TRUE;
1407 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1408 "Incorrect key provided for '%s'."),
1409 zfs_get_name(zhp));
1410 break;
1411 case ZFS_ERR_CRYPTO_NOTSUP:
1412 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1413 "'%s' uses an unsupported encryption suite."),
1414 zfs_get_name(zhp));
1415 break;
1416 }
1417 goto error;
1418 }
1419
1420 free(key_material);
1421 free(key_data);
1422
1423 return (0);
1424
1425 error:
1426 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1427 if (key_material != NULL) {
1428 free(key_material);
1429 key_material = NULL;
1430 }
1431 if (key_data != NULL) {
1432 free(key_data);
1433 key_data = NULL;
1434 }
1435
1436 /*
1437 * Here we decide if it is ok to allow the user to retry entering their
1438 * key. The can_retry flag will be set if the user is entering their
1439 * key from an interactive prompt. The correctable flag will only be
1440 * set if an error that occurred could be corrected by retrying. Both
1441 * flags are needed to allow the user to attempt key entry again
1442 */
1443 attempts++;
1444 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1445 goto try_again;
1446
1447 return (ret);
1448 }
1449
1450 int
1451 zfs_crypto_unload_key(zfs_handle_t *zhp)
1452 {
1453 int ret;
1454 char errbuf[ERRBUFLEN];
1455 char prop_encroot[MAXNAMELEN];
1456 uint64_t keystatus, keyformat;
1457 boolean_t is_encroot;
1458
1459 (void) snprintf(errbuf, sizeof (errbuf),
1460 dgettext(TEXT_DOMAIN, "Key unload error"));
1461
1462 /* check that encryption is enabled for the pool */
1463 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1464 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1465 "Encryption feature not enabled."));
1466 ret = EINVAL;
1467 goto error;
1468 }
1469
1470 /* Fetch the keyformat. Check that the dataset is encrypted. */
1471 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1472 if (keyformat == ZFS_KEYFORMAT_NONE) {
1473 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1474 "'%s' is not encrypted."), zfs_get_name(zhp));
1475 ret = EINVAL;
1476 goto error;
1477 }
1478
1479 /*
1480 * Fetch the key location. Check that we are working with an
1481 * encryption root.
1482 */
1483 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1484 if (ret != 0) {
1485 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1486 "Failed to get encryption root for '%s'."),
1487 zfs_get_name(zhp));
1488 goto error;
1489 } else if (!is_encroot) {
1490 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1491 "Keys must be unloaded for encryption root of '%s' (%s)."),
1492 zfs_get_name(zhp), prop_encroot);
1493 ret = EINVAL;
1494 goto error;
1495 }
1496
1497 /* check that the key is loaded */
1498 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1499 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1500 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1501 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1502 ret = EACCES;
1503 goto error;
1504 }
1505
1506 /* call the ioctl */
1507 ret = lzc_unload_key(zhp->zfs_name);
1508
1509 if (ret != 0) {
1510 switch (ret) {
1511 case EPERM:
1512 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1513 "Permission denied."));
1514 break;
1515 case EACCES:
1516 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1517 "Key already unloaded for '%s'."),
1518 zfs_get_name(zhp));
1519 break;
1520 case EBUSY:
1521 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1522 "'%s' is busy."), zfs_get_name(zhp));
1523 break;
1524 }
1525 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1526 }
1527
1528 return (ret);
1529
1530 error:
1531 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1532 return (ret);
1533 }
1534
1535 static int
1536 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1537 nvlist_t **props_out, char *errbuf)
1538 {
1539 int ret;
1540 nvpair_t *elem = NULL;
1541 zfs_prop_t prop;
1542 nvlist_t *new_props = NULL;
1543
1544 new_props = fnvlist_alloc();
1545
1546 /*
1547 * loop through all provided properties, we should only have
1548 * keyformat, keylocation and pbkdf2iters. The actual validation of
1549 * values is done by zfs_valid_proplist().
1550 */
1551 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1552 const char *propname = nvpair_name(elem);
1553 prop = zfs_name_to_prop(propname);
1554
1555 switch (prop) {
1556 case ZFS_PROP_PBKDF2_ITERS:
1557 case ZFS_PROP_KEYFORMAT:
1558 case ZFS_PROP_KEYLOCATION:
1559 break;
1560 default:
1561 ret = EINVAL;
1562 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1563 "Only keyformat, keylocation and pbkdf2iters may "
1564 "be set with this command."));
1565 goto error;
1566 }
1567 }
1568
1569 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1570 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1571 B_TRUE, errbuf);
1572 if (new_props == NULL) {
1573 ret = EINVAL;
1574 goto error;
1575 }
1576
1577 *props_out = new_props;
1578 return (0);
1579
1580 error:
1581 nvlist_free(new_props);
1582 *props_out = NULL;
1583 return (ret);
1584 }
1585
1586 int
1587 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1588 {
1589 int ret;
1590 char errbuf[ERRBUFLEN];
1591 boolean_t is_encroot;
1592 nvlist_t *props = NULL;
1593 uint8_t *wkeydata = NULL;
1594 uint_t wkeylen = 0;
1595 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1596 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1597 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1598 zfs_handle_t *pzhp = NULL;
1599 const char *keylocation = NULL;
1600 char origin_name[MAXNAMELEN];
1601 char prop_keylocation[MAXNAMELEN];
1602 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1603
1604 (void) snprintf(errbuf, sizeof (errbuf),
1605 dgettext(TEXT_DOMAIN, "Key change error"));
1606
1607 /* check that encryption is enabled for the pool */
1608 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1609 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1610 "Encryption feature not enabled."));
1611 ret = EINVAL;
1612 goto error;
1613 }
1614
1615 /* get crypt from dataset */
1616 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1617 if (crypt == ZIO_CRYPT_OFF) {
1618 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1619 "Dataset not encrypted."));
1620 ret = EINVAL;
1621 goto error;
1622 }
1623
1624 /* get the encryption root of the dataset */
1625 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1626 if (ret != 0) {
1627 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1628 "Failed to get encryption root for '%s'."),
1629 zfs_get_name(zhp));
1630 goto error;
1631 }
1632
1633 /* Clones use their origin's key and cannot rewrap it */
1634 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1635 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1636 if (ret == 0 && strcmp(origin_name, "") != 0) {
1637 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1638 "Keys cannot be changed on clones."));
1639 ret = EINVAL;
1640 goto error;
1641 }
1642
1643 /*
1644 * If the user wants to use the inheritkey variant of this function
1645 * we don't need to collect any crypto arguments.
1646 */
1647 if (!inheritkey) {
1648 /* validate the provided properties */
1649 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1650 errbuf);
1651 if (ret != 0)
1652 goto error;
1653
1654 /*
1655 * Load keyformat and keylocation from the nvlist. Fetch from
1656 * the dataset properties if not specified.
1657 */
1658 (void) nvlist_lookup_uint64(props,
1659 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1660 (void) nvlist_lookup_string(props,
1661 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1662
1663 if (is_encroot) {
1664 /*
1665 * If this is already an encryption root, just keep
1666 * any properties not set by the user.
1667 */
1668 if (keyformat == ZFS_KEYFORMAT_NONE) {
1669 keyformat = zfs_prop_get_int(zhp,
1670 ZFS_PROP_KEYFORMAT);
1671 ret = nvlist_add_uint64(props,
1672 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1673 keyformat);
1674 if (ret != 0) {
1675 zfs_error_aux(zhp->zfs_hdl,
1676 dgettext(TEXT_DOMAIN, "Failed to "
1677 "get existing keyformat "
1678 "property."));
1679 goto error;
1680 }
1681 }
1682
1683 if (keylocation == NULL) {
1684 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1685 prop_keylocation, sizeof (prop_keylocation),
1686 NULL, NULL, 0, B_TRUE);
1687 if (ret != 0) {
1688 zfs_error_aux(zhp->zfs_hdl,
1689 dgettext(TEXT_DOMAIN, "Failed to "
1690 "get existing keylocation "
1691 "property."));
1692 goto error;
1693 }
1694
1695 keylocation = prop_keylocation;
1696 }
1697 } else {
1698 /* need a new key for non-encryption roots */
1699 if (keyformat == ZFS_KEYFORMAT_NONE) {
1700 ret = EINVAL;
1701 zfs_error_aux(zhp->zfs_hdl,
1702 dgettext(TEXT_DOMAIN, "Keyformat required "
1703 "for new encryption root."));
1704 goto error;
1705 }
1706
1707 /* default to prompt if no keylocation is specified */
1708 if (keylocation == NULL) {
1709 keylocation = "prompt";
1710 ret = nvlist_add_string(props,
1711 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1712 keylocation);
1713 if (ret != 0)
1714 goto error;
1715 }
1716 }
1717
1718 /* fetch the new wrapping key and associated properties */
1719 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1720 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1721 &wkeylen);
1722 if (ret != 0)
1723 goto error;
1724 } else {
1725 /* check that zhp is an encryption root */
1726 if (!is_encroot) {
1727 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1728 "Key inheritting can only be performed on "
1729 "encryption roots."));
1730 ret = EINVAL;
1731 goto error;
1732 }
1733
1734 /* get the parent's name */
1735 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1736 if (ret != 0) {
1737 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1738 "Root dataset cannot inherit key."));
1739 ret = EINVAL;
1740 goto error;
1741 }
1742
1743 /* get a handle to the parent */
1744 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1745 if (pzhp == NULL) {
1746 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1747 "Failed to lookup parent."));
1748 ret = ENOENT;
1749 goto error;
1750 }
1751
1752 /* parent must be encrypted */
1753 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1754 if (pcrypt == ZIO_CRYPT_OFF) {
1755 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1756 "Parent must be encrypted."));
1757 ret = EINVAL;
1758 goto error;
1759 }
1760
1761 /* check that the parent's key is loaded */
1762 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1763 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1764 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1765 "Parent key must be loaded."));
1766 ret = EACCES;
1767 goto error;
1768 }
1769 }
1770
1771 /* check that the key is loaded */
1772 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1773 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1774 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1775 "Key must be loaded."));
1776 ret = EACCES;
1777 goto error;
1778 }
1779
1780 /* call the ioctl */
1781 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1782 if (ret != 0) {
1783 switch (ret) {
1784 case EPERM:
1785 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1786 "Permission denied."));
1787 break;
1788 case EINVAL:
1789 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1790 "Invalid properties for key change."));
1791 break;
1792 case EACCES:
1793 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1794 "Key is not currently loaded."));
1795 break;
1796 }
1797 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1798 }
1799
1800 if (pzhp != NULL)
1801 zfs_close(pzhp);
1802 if (props != NULL)
1803 nvlist_free(props);
1804 if (wkeydata != NULL)
1805 free(wkeydata);
1806
1807 return (ret);
1808
1809 error:
1810 if (pzhp != NULL)
1811 zfs_close(pzhp);
1812 if (props != NULL)
1813 nvlist_free(props);
1814 if (wkeydata != NULL)
1815 free(wkeydata);
1816
1817 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1818 return (ret);
1819 }
OpenZFS on Linux and FreeBSD