[mirror_zfs.git] / include / sys / zio_crypt.h

/*
 * CDDL HEADER START
 *
 * This file and its contents are supplied under the terms of the
 * Common Development and Distribution License ("CDDL"), version 1.0.
 * You may only use this file in accordance with the terms of version
 * 1.0 of the CDDL.
 *
 * A full copy of the text of the CDDL should have accompanied this
 * source.  A copy of the CDDL is also available via the Internet at
 * http://www.illumos.org/license/CDDL.
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 2017, Datto, Inc. All rights reserved.
 */

#ifndef	_SYS_ZIO_CRYPT_H
#define	_SYS_ZIO_CRYPT_H

#include <sys/dmu.h>
#include <sys/refcount.h>
#include <sys/crypto/api.h>
#include <sys/nvpair.h>
#include <sys/avl.h>
#include <sys/zio.h>

/* forward declarations */
struct zbookmark_phys;

#define	WRAPPING_KEY_LEN	32
#define	WRAPPING_IV_LEN		ZIO_DATA_IV_LEN
#define	WRAPPING_MAC_LEN	ZIO_DATA_MAC_LEN
#define	MASTER_KEY_MAX_LEN	32
#define	SHA512_HMAC_KEYLEN	64

typedef enum zio_crypt_type {
	ZC_TYPE_NONE = 0,
	ZC_TYPE_CCM,
	ZC_TYPE_GCM
} zio_crypt_type_t;

/* table of supported crypto algorithms, modes and keylengths. */
typedef struct zio_crypt_info {
	/* mechanism name, needed by ICP */
	crypto_mech_name_t ci_mechname;

	/* cipher mode type (GCM, CCM) */
	zio_crypt_type_t ci_crypt_type;

	/* length of the encryption key */
	size_t ci_keylen;

	/* human-readable name of the encryption alforithm */
	char *ci_name;
} zio_crypt_info_t;

extern zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];

/* in memory representation of an unwrapped key that is loaded into memory */
typedef struct zio_crypt_key {
	/* encryption algorithm */
	uint64_t zk_crypt;

	/* GUID for uniquely identifying this key. Not encrypted on disk. */
	uint64_t zk_guid;

	/* buffer for master key */
	uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];

	/* buffer for hmac key */
	uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];

	/* buffer for currrent encryption key derived from master key */
	uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];

	/* current 64 bit salt for deriving an encryption key */
	uint8_t zk_salt[ZIO_DATA_SALT_LEN];

	/* count of how many times the current salt has been used */
	uint64_t zk_salt_count;

	/* illumos crypto api current encryption key */
	crypto_key_t zk_current_key;

	/* template of current encryption key for illumos crypto api */
	crypto_ctx_template_t zk_current_tmpl;

	/* illumos crypto api current hmac key */
	crypto_key_t zk_hmac_key;

	/* template of hmac key for illumos crypto api */
	crypto_ctx_template_t zk_hmac_tmpl;

	/* lock for changing the salt and dependant values */
	krwlock_t zk_salt_lock;
} zio_crypt_key_t;

void zio_crypt_key_destroy(zio_crypt_key_t *key);
int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
int zio_crypt_key_get_salt(zio_crypt_key_t *key, uint8_t *salt_out);

int zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
    uint8_t *mac, uint8_t *keydata_out, uint8_t *hmac_keydata_out);
int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t guid,
    uint8_t *keydata, uint8_t *hmac_keydata, uint8_t *iv, uint8_t *mac,
    zio_crypt_key_t *key);
int zio_crypt_generate_iv(uint8_t *ivbuf);
int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t *key, uint8_t *data,
    uint_t datalen, uint8_t *ivbuf, uint8_t *salt);

void zio_crypt_encode_params_bp(blkptr_t *bp, uint8_t *salt, uint8_t *iv);
void zio_crypt_decode_params_bp(const blkptr_t *bp, uint8_t *salt, uint8_t *iv);
void zio_crypt_encode_mac_bp(blkptr_t *bp, uint8_t *mac);
void zio_crypt_decode_mac_bp(const blkptr_t *bp, uint8_t *mac);
void zio_crypt_encode_mac_zil(void *data, uint8_t *mac);
void zio_crypt_decode_mac_zil(const void *data, uint8_t *mac);
void zio_crypt_copy_dnode_bonus(abd_t *src_abd, uint8_t *dst, uint_t datalen);

int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
    uint_t datalen, boolean_t byteswap, uint8_t *cksum);
int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
    uint_t datalen, boolean_t byteswap, uint8_t *cksum);
int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
    uint8_t *digestbuf, uint_t digestlen);
int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
    boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac);
int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt,
    dmu_object_type_t ot, uint8_t *iv, uint8_t *mac, uint_t datalen,
    boolean_t byteswap, uint8_t *plainbuf, uint8_t *cipherbuf,
    boolean_t *no_crypt);
int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt,
    dmu_object_type_t ot, uint8_t *iv, uint8_t *mac, uint_t datalen,
    boolean_t byteswap, abd_t *pabd, abd_t *cabd, boolean_t *no_crypt);

#endif
Commit	Line	Data
b5256303 TC	1	/*
	2	* CDDL HEADER START
	3	*
	4	* This file and its contents are supplied under the terms of the
	5	* Common Development and Distribution License ("CDDL"), version 1.0.
	6	* You may only use this file in accordance with the terms of version
	7	* 1.0 of the CDDL.
	8	*
	9	* A full copy of the text of the CDDL should have accompanied this
	10	* source. A copy of the CDDL is also available via the Internet at
	11	* http://www.illumos.org/license/CDDL.
	12	*
	13	* CDDL HEADER END
	14	*/
	15
	16	/*
	17	* Copyright (c) 2017, Datto, Inc. All rights reserved.
	18	*/
	19
	20	#ifndef _SYS_ZIO_CRYPT_H
	21	#define _SYS_ZIO_CRYPT_H
	22
	23	#include <sys/dmu.h>
	24	#include <sys/refcount.h>
	25	#include <sys/crypto/api.h>
	26	#include <sys/nvpair.h>
	27	#include <sys/avl.h>
	28	#include <sys/zio.h>
	29
	30	/* forward declarations */
	31	struct zbookmark_phys;
	32
	33	#define WRAPPING_KEY_LEN 32
	34	#define WRAPPING_IV_LEN ZIO_DATA_IV_LEN
4807c0ba	35	#define WRAPPING_MAC_LEN ZIO_DATA_MAC_LEN
b5256303	36	#define MASTER_KEY_MAX_LEN 32
4807c0ba	37	#define SHA512_HMAC_KEYLEN 64
b5256303 TC	38
	39	typedef enum zio_crypt_type {
	40	ZC_TYPE_NONE = 0,
	41	ZC_TYPE_CCM,
	42	ZC_TYPE_GCM
	43	} zio_crypt_type_t;
	44
	45	/* table of supported crypto algorithms, modes and keylengths. */
	46	typedef struct zio_crypt_info {
	47	/* mechanism name, needed by ICP */
	48	crypto_mech_name_t ci_mechname;
	49
	50	/* cipher mode type (GCM, CCM) */
	51	zio_crypt_type_t ci_crypt_type;
	52
	53	/* length of the encryption key */
	54	size_t ci_keylen;
	55
	56	/* human-readable name of the encryption alforithm */
	57	char *ci_name;
	58	} zio_crypt_info_t;
	59
	60	extern zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];
	61
	62	/* in memory representation of an unwrapped key that is loaded into memory */
	63	typedef struct zio_crypt_key {
	64	/* encryption algorithm */
	65	uint64_t zk_crypt;
	66
	67	/* GUID for uniquely identifying this key. Not encrypted on disk. */
	68	uint64_t zk_guid;
	69
	70	/* buffer for master key */
	71	uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];
	72
	73	/* buffer for hmac key */
	74	uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];
	75
	76	/* buffer for currrent encryption key derived from master key */
	77	uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];
	78
	79	/* current 64 bit salt for deriving an encryption key */
	80	uint8_t zk_salt[ZIO_DATA_SALT_LEN];
	81
	82	/* count of how many times the current salt has been used */
	83	uint64_t zk_salt_count;
	84
	85	/* illumos crypto api current encryption key */
	86	crypto_key_t zk_current_key;
	87
	88	/* template of current encryption key for illumos crypto api */
	89	crypto_ctx_template_t zk_current_tmpl;
	90
	91	/* illumos crypto api current hmac key */
	92	crypto_key_t zk_hmac_key;
	93
	94	/* template of hmac key for illumos crypto api */
	95	crypto_ctx_template_t zk_hmac_tmpl;
	96
	97	/* lock for changing the salt and dependant values */
	98	krwlock_t zk_salt_lock;
	99	} zio_crypt_key_t;
	100
	101	void zio_crypt_key_destroy(zio_crypt_key_t *key);
102	int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
103	int zio_crypt_key_get_salt(zio_crypt_key_t key, uint8_t salt_out);
104
105	int zio_crypt_key_wrap(crypto_key_t cwkey, zio_crypt_key_t key, uint8_t *iv,
106	uint8_t mac, uint8_t keydata_out, uint8_t *hmac_keydata_out);
107	int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t guid,
108	uint8_t keydata, uint8_t hmac_keydata, uint8_t iv, uint8_t mac,
109	zio_crypt_key_t *key);
110	int zio_crypt_generate_iv(uint8_t *ivbuf);
111	int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t key, uint8_t data,
112	uint_t datalen, uint8_t ivbuf, uint8_t salt);
113
114	void zio_crypt_encode_params_bp(blkptr_t bp, uint8_t salt, uint8_t *iv);
115	void zio_crypt_decode_params_bp(const blkptr_t bp, uint8_t salt, uint8_t *iv);
116	void zio_crypt_encode_mac_bp(blkptr_t bp, uint8_t mac);
117	void zio_crypt_decode_mac_bp(const blkptr_t bp, uint8_t mac);
118	void zio_crypt_encode_mac_zil(void data, uint8_t mac);
119	void zio_crypt_decode_mac_zil(const void data, uint8_t mac);
120	void zio_crypt_copy_dnode_bonus(abd_t src_abd, uint8_t dst, uint_t datalen);
121
122	int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
123	uint_t datalen, boolean_t byteswap, uint8_t *cksum);
124	int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
125	uint_t datalen, boolean_t byteswap, uint8_t *cksum);
126	int zio_crypt_do_hmac(zio_crypt_key_t key, uint8_t data, uint_t datalen,
4807c0ba	127	uint8_t *digestbuf, uint_t digestlen);
b5256303 TC	128	int zio_crypt_do_objset_hmacs(zio_crypt_key_t key, void data, uint_t datalen,
	129	boolean_t byteswap, uint8_t portable_mac, uint8_t local_mac);
	130	int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t key, uint8_t salt,
	131	dmu_object_type_t ot, uint8_t iv, uint8_t mac, uint_t datalen,
	132	boolean_t byteswap, uint8_t plainbuf, uint8_t cipherbuf,
	133	boolean_t *no_crypt);
	134	int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t key, uint8_t salt,
	135	dmu_object_type_t ot, uint8_t iv, uint8_t mac, uint_t datalen,
	136	boolean_t byteswap, abd_t pabd, abd_t cabd, boolean_t *no_crypt);
	137
	138	#endif