[mirror_zfs.git] / include / sys / zio_crypt.h

/*
 * CDDL HEADER START
 *
 * This file and its contents are supplied under the terms of the
 * Common Development and Distribution License ("CDDL"), version 1.0.
 * You may only use this file in accordance with the terms of version
 * 1.0 of the CDDL.
 *
 * A full copy of the text of the CDDL should have accompanied this
 * source.  A copy of the CDDL is also available via the Internet at
 * http://www.illumos.org/license/CDDL.
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 2017, Datto, Inc. All rights reserved.
 */

#ifndef	_SYS_ZIO_CRYPT_H
#define	_SYS_ZIO_CRYPT_H

#include <sys/dmu.h>
#include <sys/refcount.h>
#include <sys/crypto/api.h>
#include <sys/nvpair.h>
#include <sys/avl.h>
#include <sys/zio.h>

/* forward declarations */
struct zbookmark_phys;

#define	WRAPPING_KEY_LEN	32
#define	WRAPPING_IV_LEN		ZIO_DATA_IV_LEN
#define	WRAPPING_MAC_LEN	16

#define	SHA1_DIGEST_LEN		20
#define	SHA512_DIGEST_LEN	64
#define	SHA512_HMAC_KEYLEN	64

#define	MASTER_KEY_MAX_LEN	32
#define	L2ARC_DEFAULT_CRYPT ZIO_CRYPT_AES_256_CCM

/* utility macros */
#define	BITS_TO_BYTES(x) ((x + NBBY - 1) / NBBY)
#define	BYTES_TO_BITS(x) (x * NBBY)

typedef enum zio_crypt_type {
	ZC_TYPE_NONE = 0,
	ZC_TYPE_CCM,
	ZC_TYPE_GCM
} zio_crypt_type_t;

/* table of supported crypto algorithms, modes and keylengths. */
typedef struct zio_crypt_info {
	/* mechanism name, needed by ICP */
	crypto_mech_name_t ci_mechname;

	/* cipher mode type (GCM, CCM) */
	zio_crypt_type_t ci_crypt_type;

	/* length of the encryption key */
	size_t ci_keylen;

	/* human-readable name of the encryption alforithm */
	char *ci_name;
} zio_crypt_info_t;

extern zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];

/* in memory representation of an unwrapped key that is loaded into memory */
typedef struct zio_crypt_key {
	/* encryption algorithm */
	uint64_t zk_crypt;

	/* GUID for uniquely identifying this key. Not encrypted on disk. */
	uint64_t zk_guid;

	/* buffer for master key */
	uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];

	/* buffer for hmac key */
	uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];

	/* buffer for currrent encryption key derived from master key */
	uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];

	/* current 64 bit salt for deriving an encryption key */
	uint8_t zk_salt[ZIO_DATA_SALT_LEN];

	/* count of how many times the current salt has been used */
	uint64_t zk_salt_count;

	/* illumos crypto api current encryption key */
	crypto_key_t zk_current_key;

	/* template of current encryption key for illumos crypto api */
	crypto_ctx_template_t zk_current_tmpl;

	/* illumos crypto api current hmac key */
	crypto_key_t zk_hmac_key;

	/* template of hmac key for illumos crypto api */
	crypto_ctx_template_t zk_hmac_tmpl;

	/* lock for changing the salt and dependant values */
	krwlock_t zk_salt_lock;
} zio_crypt_key_t;

void zio_crypt_key_destroy(zio_crypt_key_t *key);
int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
int zio_crypt_key_get_salt(zio_crypt_key_t *key, uint8_t *salt_out);

int zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
    uint8_t *mac, uint8_t *keydata_out, uint8_t *hmac_keydata_out);
int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t guid,
    uint8_t *keydata, uint8_t *hmac_keydata, uint8_t *iv, uint8_t *mac,
    zio_crypt_key_t *key);
int zio_crypt_generate_iv(uint8_t *ivbuf);
int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t *key, uint8_t *data,
    uint_t datalen, uint8_t *ivbuf, uint8_t *salt);

void zio_crypt_encode_params_bp(blkptr_t *bp, uint8_t *salt, uint8_t *iv);
void zio_crypt_decode_params_bp(const blkptr_t *bp, uint8_t *salt, uint8_t *iv);
void zio_crypt_encode_mac_bp(blkptr_t *bp, uint8_t *mac);
void zio_crypt_decode_mac_bp(const blkptr_t *bp, uint8_t *mac);
void zio_crypt_encode_mac_zil(void *data, uint8_t *mac);
void zio_crypt_decode_mac_zil(const void *data, uint8_t *mac);
void zio_crypt_copy_dnode_bonus(abd_t *src_abd, uint8_t *dst, uint_t datalen);

int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
    uint_t datalen, boolean_t byteswap, uint8_t *cksum);
int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
    uint_t datalen, boolean_t byteswap, uint8_t *cksum);
int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
    uint8_t *digestbuf);
int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
    boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac);
int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt,
    dmu_object_type_t ot, uint8_t *iv, uint8_t *mac, uint_t datalen,
    boolean_t byteswap, uint8_t *plainbuf, uint8_t *cipherbuf,
    boolean_t *no_crypt);
int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt,
    dmu_object_type_t ot, uint8_t *iv, uint8_t *mac, uint_t datalen,
    boolean_t byteswap, abd_t *pabd, abd_t *cabd, boolean_t *no_crypt);

#endif
Commit	Line	Data
b5256303 TC	1	/*
	2	* CDDL HEADER START
	3	*
	4	* This file and its contents are supplied under the terms of the
	5	* Common Development and Distribution License ("CDDL"), version 1.0.
	6	* You may only use this file in accordance with the terms of version
	7	* 1.0 of the CDDL.
	8	*
	9	* A full copy of the text of the CDDL should have accompanied this
	10	* source. A copy of the CDDL is also available via the Internet at
	11	* http://www.illumos.org/license/CDDL.
	12	*
	13	* CDDL HEADER END
	14	*/
	15
	16	/*
	17	* Copyright (c) 2017, Datto, Inc. All rights reserved.
	18	*/
	19
	20	#ifndef _SYS_ZIO_CRYPT_H
	21	#define _SYS_ZIO_CRYPT_H
	22
	23	#include <sys/dmu.h>
	24	#include <sys/refcount.h>
	25	#include <sys/crypto/api.h>
	26	#include <sys/nvpair.h>
	27	#include <sys/avl.h>
	28	#include <sys/zio.h>
	29
	30	/* forward declarations */
	31	struct zbookmark_phys;
	32
	33	#define WRAPPING_KEY_LEN 32
	34	#define WRAPPING_IV_LEN ZIO_DATA_IV_LEN
	35	#define WRAPPING_MAC_LEN 16
	36
	37	#define SHA1_DIGEST_LEN 20
	38	#define SHA512_DIGEST_LEN 64
	39	#define SHA512_HMAC_KEYLEN 64
	40
	41	#define MASTER_KEY_MAX_LEN 32
	42	#define L2ARC_DEFAULT_CRYPT ZIO_CRYPT_AES_256_CCM
	43
	44	/* utility macros */
	45	#define BITS_TO_BYTES(x) ((x + NBBY - 1) / NBBY)
	46	#define BYTES_TO_BITS(x) (x * NBBY)
	47
	48	typedef enum zio_crypt_type {
	49	ZC_TYPE_NONE = 0,
	50	ZC_TYPE_CCM,
	51	ZC_TYPE_GCM
	52	} zio_crypt_type_t;
	53
	54	/* table of supported crypto algorithms, modes and keylengths. */
	55	typedef struct zio_crypt_info {
	56	/* mechanism name, needed by ICP */
	57	crypto_mech_name_t ci_mechname;
	58
	59	/* cipher mode type (GCM, CCM) */
	60	zio_crypt_type_t ci_crypt_type;
	61
	62	/* length of the encryption key */
	63	size_t ci_keylen;
	64
65	/* human-readable name of the encryption alforithm */
66	char *ci_name;
67	} zio_crypt_info_t;
68
69	extern zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];
70
71	/* in memory representation of an unwrapped key that is loaded into memory */
72	typedef struct zio_crypt_key {
73	/* encryption algorithm */
74	uint64_t zk_crypt;
75
76	/* GUID for uniquely identifying this key. Not encrypted on disk. */
77	uint64_t zk_guid;
78
79	/* buffer for master key */
80	uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];
81
82	/* buffer for hmac key */
83	uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];
84
85	/* buffer for currrent encryption key derived from master key */
86	uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];
87
88	/* current 64 bit salt for deriving an encryption key */
89	uint8_t zk_salt[ZIO_DATA_SALT_LEN];
90
91	/* count of how many times the current salt has been used */
92	uint64_t zk_salt_count;
93
94	/* illumos crypto api current encryption key */
95	crypto_key_t zk_current_key;
96
97	/* template of current encryption key for illumos crypto api */
98	crypto_ctx_template_t zk_current_tmpl;
99
100	/* illumos crypto api current hmac key */
101	crypto_key_t zk_hmac_key;
102
103	/* template of hmac key for illumos crypto api */
104	crypto_ctx_template_t zk_hmac_tmpl;
105
106	/* lock for changing the salt and dependant values */
107	krwlock_t zk_salt_lock;
108	} zio_crypt_key_t;
109
110	void zio_crypt_key_destroy(zio_crypt_key_t *key);
111	int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
112	int zio_crypt_key_get_salt(zio_crypt_key_t key, uint8_t salt_out);
113
114	int zio_crypt_key_wrap(crypto_key_t cwkey, zio_crypt_key_t key, uint8_t *iv,
115	uint8_t mac, uint8_t keydata_out, uint8_t *hmac_keydata_out);
116	int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t guid,
117	uint8_t keydata, uint8_t hmac_keydata, uint8_t iv, uint8_t mac,
118	zio_crypt_key_t *key);
119	int zio_crypt_generate_iv(uint8_t *ivbuf);
120	int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t key, uint8_t data,
121	uint_t datalen, uint8_t ivbuf, uint8_t salt);
122
123	void zio_crypt_encode_params_bp(blkptr_t bp, uint8_t salt, uint8_t *iv);
124	void zio_crypt_decode_params_bp(const blkptr_t bp, uint8_t salt, uint8_t *iv);
125	void zio_crypt_encode_mac_bp(blkptr_t bp, uint8_t mac);
126	void zio_crypt_decode_mac_bp(const blkptr_t bp, uint8_t mac);
127	void zio_crypt_encode_mac_zil(void data, uint8_t mac);
128	void zio_crypt_decode_mac_zil(const void data, uint8_t mac);
129	void zio_crypt_copy_dnode_bonus(abd_t src_abd, uint8_t dst, uint_t datalen);
130
131	int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
132	uint_t datalen, boolean_t byteswap, uint8_t *cksum);
133	int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
134	uint_t datalen, boolean_t byteswap, uint8_t *cksum);
135	int zio_crypt_do_hmac(zio_crypt_key_t key, uint8_t data, uint_t datalen,
136	uint8_t *digestbuf);
137	int zio_crypt_do_objset_hmacs(zio_crypt_key_t key, void data, uint_t datalen,
138	boolean_t byteswap, uint8_t portable_mac, uint8_t local_mac);
139	int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t key, uint8_t salt,
140	dmu_object_type_t ot, uint8_t iv, uint8_t mac, uint_t datalen,
141	boolean_t byteswap, uint8_t plainbuf, uint8_t cipherbuf,
142	boolean_t *no_crypt);
143	int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t key, uint8_t salt,
144	dmu_object_type_t ot, uint8_t iv, uint8_t mac, uint_t datalen,
145	boolean_t byteswap, abd_t pabd, abd_t cabd, boolean_t *no_crypt);
146
147	#endif