4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
20 #ifndef _SYS_DSL_CRYPT_H
21 #define _SYS_DSL_CRYPT_H
23 #include <sys/dmu_tx.h>
25 #include <sys/zio_crypt.h>
27 #include <sys/dsl_dataset.h>
30 * ZAP entry keys for DSL Crypto Keys stored on disk. In addition,
31 * ZFS_PROP_KEYFORMAT, ZFS_PROP_PBKDF2_SALT, and ZFS_PROP_PBKDF2_ITERS are
32 * also maintained here using their respective property names.
34 #define DSL_CRYPTO_KEY_CRYPTO_SUITE "DSL_CRYPTO_SUITE"
35 #define DSL_CRYPTO_KEY_GUID "DSL_CRYPTO_GUID"
36 #define DSL_CRYPTO_KEY_IV "DSL_CRYPTO_IV"
37 #define DSL_CRYPTO_KEY_MAC "DSL_CRYPTO_MAC"
38 #define DSL_CRYPTO_KEY_MASTER_KEY "DSL_CRYPTO_MASTER_KEY_1"
39 #define DSL_CRYPTO_KEY_HMAC_KEY "DSL_CRYPTO_HMAC_KEY_1"
40 #define DSL_CRYPTO_KEY_ROOT_DDOBJ "DSL_CRYPTO_ROOT_DDOBJ"
41 #define DSL_CRYPTO_KEY_REFCOUNT "DSL_CRYPTO_REFCOUNT"
42 #define DSL_CRYPTO_KEY_VERSION "DSL_CRYPTO_VERSION"
45 * In-memory representation of a wrapping key. One of these structs will exist
46 * for each encryption root with its key loaded.
48 typedef struct dsl_wrapping_key
{
49 /* link on spa_keystore_t:sk_wkeys */
50 avl_node_t wk_avl_link
;
52 /* keyformat property enum */
53 zfs_keyformat_t wk_keyformat
;
55 /* the pbkdf2 salt, if the keyformat is of type passphrase */
58 /* the pbkdf2 iterations, if the keyformat is of type passphrase */
61 /* actual wrapping key */
64 /* refcount of number of dsl_crypto_key_t's holding this struct */
65 zfs_refcount_t wk_refcnt
;
67 /* dsl directory object that owns this wrapping key */
71 /* enum of commands indicating special actions that should be run */
72 typedef enum dcp_cmd
{
73 /* key creation commands */
74 DCP_CMD_NONE
= 0, /* no specific command */
75 DCP_CMD_RAW_RECV
, /* raw receive */
77 /* key changing commands */
78 DCP_CMD_NEW_KEY
, /* rewrap key as an encryption root */
79 DCP_CMD_INHERIT
, /* rewrap key with parent's wrapping key */
80 DCP_CMD_FORCE_NEW_KEY
, /* change to encryption root without rewrap */
81 DCP_CMD_FORCE_INHERIT
, /* inherit parent's key without rewrap */
87 * This struct is a simple wrapper around all the parameters that are usually
88 * required to setup encryption. It exists so that all of the params can be
89 * passed around the kernel together for convenience.
91 typedef struct dsl_crypto_params
{
92 /* command indicating intended action */
95 /* the encryption algorithm */
96 enum zio_encrypt cp_crypt
;
98 /* keylocation property string */
101 /* the wrapping key */
102 dsl_wrapping_key_t
*cp_wkey
;
103 } dsl_crypto_params_t
;
106 * In-memory representation of a DSL Crypto Key object. One of these structs
107 * (and corresponding on-disk ZAP object) will exist for each encrypted
108 * clone family that is mounted or otherwise reading protected data.
110 typedef struct dsl_crypto_key
{
111 /* link on spa_keystore_t:sk_dsl_keys */
112 avl_node_t dck_avl_link
;
114 /* refcount of holders of this key */
115 zfs_refcount_t dck_holds
;
117 /* master key used to derive encryption keys */
118 zio_crypt_key_t dck_key
;
120 /* wrapping key for syncing this structure to disk */
121 dsl_wrapping_key_t
*dck_wkey
;
123 /* on-disk object id */
128 * In-memory mapping of a dataset object id to a DSL Crypto Key. This is used
129 * to look up the corresponding dsl_crypto_key_t from the zio layer for
130 * performing data encryption and decryption.
132 typedef struct dsl_key_mapping
{
133 /* link on spa_keystore_t:sk_key_mappings */
134 avl_node_t km_avl_link
;
136 /* refcount of how many users are depending on this mapping */
137 zfs_refcount_t km_refcnt
;
139 /* dataset this crypto key belongs to (index) */
142 /* crypto key (value) of this record */
143 dsl_crypto_key_t
*km_key
;
146 /* in memory structure for holding all wrapping and dsl keys */
147 typedef struct spa_keystore
{
148 /* lock for protecting sk_dsl_keys */
149 krwlock_t sk_dk_lock
;
151 /* tree of all dsl_crypto_key_t's */
152 avl_tree_t sk_dsl_keys
;
154 /* lock for protecting sk_key_mappings */
155 krwlock_t sk_km_lock
;
157 /* tree of all dsl_key_mapping_t's, indexed by dsobj */
158 avl_tree_t sk_key_mappings
;
160 /* lock for protecting the wrapping keys tree */
161 krwlock_t sk_wkeys_lock
;
163 /* tree of all dsl_wrapping_key_t's, indexed by ddobj */
167 int dsl_crypto_params_create_nvlist(dcp_cmd_t cmd
, nvlist_t
*props
,
168 nvlist_t
*crypto_args
, dsl_crypto_params_t
**dcp_out
);
169 void dsl_crypto_params_free(dsl_crypto_params_t
*dcp
, boolean_t unload
);
170 void dsl_dataset_crypt_stats(struct dsl_dataset
*ds
, nvlist_t
*nv
);
171 int dsl_crypto_can_set_keylocation(const char *dsname
, const char *keylocation
);
172 boolean_t
dsl_dir_incompatible_encryption_version(dsl_dir_t
*dd
);
174 void spa_keystore_init(spa_keystore_t
*sk
);
175 void spa_keystore_fini(spa_keystore_t
*sk
);
177 void spa_keystore_dsl_key_rele(spa_t
*spa
, dsl_crypto_key_t
*dck
, void *tag
);
178 int spa_keystore_load_wkey_impl(spa_t
*spa
, dsl_wrapping_key_t
*wkey
);
179 int spa_keystore_load_wkey(const char *dsname
, dsl_crypto_params_t
*dcp
,
181 int spa_keystore_unload_wkey_impl(spa_t
*spa
, uint64_t ddobj
);
182 int spa_keystore_unload_wkey(const char *dsname
);
184 int spa_keystore_create_mapping(spa_t
*spa
, struct dsl_dataset
*ds
, void *tag
,
185 dsl_key_mapping_t
**km_out
);
186 int spa_keystore_remove_mapping(spa_t
*spa
, uint64_t dsobj
, void *tag
);
187 void key_mapping_add_ref(dsl_key_mapping_t
*km
, void *tag
);
188 void key_mapping_rele(spa_t
*spa
, dsl_key_mapping_t
*km
, void *tag
);
189 int spa_keystore_lookup_key(spa_t
*spa
, uint64_t dsobj
, void *tag
,
190 dsl_crypto_key_t
**dck_out
);
192 int dsl_crypto_populate_key_nvlist(struct objset
*os
,
193 uint64_t from_ivset_guid
, nvlist_t
**nvl_out
);
194 int dsl_crypto_recv_raw_key_check(struct dsl_dataset
*ds
,
195 nvlist_t
*nvl
, dmu_tx_t
*tx
);
196 void dsl_crypto_recv_raw_key_sync(struct dsl_dataset
*ds
,
197 nvlist_t
*nvl
, dmu_tx_t
*tx
);
198 int dsl_crypto_recv_raw(const char *poolname
, uint64_t dsobj
, uint64_t fromobj
,
199 dmu_objset_type_t ostype
, nvlist_t
*nvl
, boolean_t do_key
);
201 int spa_keystore_change_key(const char *dsname
, dsl_crypto_params_t
*dcp
);
202 int dsl_dir_rename_crypt_check(dsl_dir_t
*dd
, dsl_dir_t
*newparent
);
203 int dsl_dataset_promote_crypt_check(dsl_dir_t
*target
, dsl_dir_t
*origin
);
204 void dsl_dataset_promote_crypt_sync(dsl_dir_t
*target
, dsl_dir_t
*origin
,
206 int dmu_objset_create_crypt_check(dsl_dir_t
*parentdd
,
207 dsl_crypto_params_t
*dcp
, boolean_t
*will_encrypt
);
208 void dsl_dataset_create_crypt_sync(uint64_t dsobj
, dsl_dir_t
*dd
,
209 struct dsl_dataset
*origin
, dsl_crypto_params_t
*dcp
, dmu_tx_t
*tx
);
210 uint64_t dsl_crypto_key_create_sync(uint64_t crypt
, dsl_wrapping_key_t
*wkey
,
212 uint64_t dsl_crypto_key_clone_sync(dsl_dir_t
*origindd
, dmu_tx_t
*tx
);
213 void dsl_crypto_key_destroy_sync(uint64_t dckobj
, dmu_tx_t
*tx
);
215 int spa_crypt_get_salt(spa_t
*spa
, uint64_t dsobj
, uint8_t *salt
);
216 int spa_do_crypt_mac_abd(boolean_t generate
, spa_t
*spa
, uint64_t dsobj
,
217 abd_t
*abd
, uint_t datalen
, uint8_t *mac
);
218 int spa_do_crypt_objset_mac_abd(boolean_t generate
, spa_t
*spa
, uint64_t dsobj
,
219 abd_t
*abd
, uint_t datalen
, boolean_t byteswap
);
220 int spa_do_crypt_abd(boolean_t encrypt
, spa_t
*spa
, const zbookmark_phys_t
*zb
,
221 dmu_object_type_t ot
, boolean_t dedup
, boolean_t bswap
, uint8_t *salt
,
222 uint8_t *iv
, uint8_t *mac
, uint_t datalen
, abd_t
*pabd
, abd_t
*cabd
,
223 boolean_t
*no_crypt
);