4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
20 #include <sys/zfs_context.h>
21 #include <sys/fs/zfs.h>
22 #include <sys/dsl_crypt.h>
27 #include <openssl/evp.h>
29 #include "libzfs_impl.h"
30 #include "zfeature_common.h"
33 * User keys are used to decrypt the master encryption keys of a dataset. This
34 * indirection allows a user to change his / her access key without having to
35 * re-encrypt the entire dataset. User keys can be provided in one of several
36 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
37 * are converted to binary and passed into the kernel. Password based keys are
38 * a bit more complicated. Passwords alone do not provide suitable entropy for
39 * encryption and may be too short or too long to be used. In order to derive
40 * a more appropriate key we use a PBKDF2 function. This function is designed
41 * to take a (relatively) long time to calculate in order to discourage
42 * attackers from guessing from a list of common passwords. PBKDF2 requires
43 * 2 additional parameters. The first is the number of iterations to run, which
44 * will ultimately determine how long it takes to derive the resulting key from
45 * the password. The second parameter is a salt that is randomly generated for
46 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
47 * attackers cannot reasonably generate a table of commonly known passwords to
48 * their output keys and expect it work for all past and future PBKDF2 users.
49 * We store the salt as a hidden property of the dataset (although it is
50 * technically ok if the salt is known to the attacker).
53 typedef enum key_locator
{
59 #define MIN_PASSPHRASE_LEN 8
60 #define MAX_PASSPHRASE_LEN 512
61 #define MAX_KEY_PROMPT_ATTEMPTS 3
63 static int caught_interrupt
;
66 pkcs11_get_urandom(uint8_t *buf
, size_t bytes
)
69 ssize_t bytes_read
= 0;
71 rand
= open("/dev/urandom", O_RDONLY
);
76 while (bytes_read
< bytes
) {
77 ssize_t rc
= read(rand
, buf
+ bytes_read
, bytes
- bytes_read
);
88 static zfs_keylocation_t
89 zfs_prop_parse_keylocation(const char *str
)
91 if (strcmp("prompt", str
) == 0)
92 return (ZFS_KEYLOCATION_PROMPT
);
93 else if (strlen(str
) > 8 && strncmp("file:///", str
, 8) == 0)
94 return (ZFS_KEYLOCATION_URI
);
96 return (ZFS_KEYLOCATION_NONE
);
100 hex_key_to_raw(char *hex
, int hexlen
, uint8_t *out
)
105 for (i
= 0; i
< hexlen
; i
+= 2) {
106 if (!isxdigit(hex
[i
]) || !isxdigit(hex
[i
+ 1])) {
111 ret
= sscanf(&hex
[i
], "%02x", &c
);
128 catch_signal(int sig
)
130 caught_interrupt
= sig
;
134 get_format_prompt_string(zfs_keyformat_t format
)
137 case ZFS_KEYFORMAT_RAW
:
139 case ZFS_KEYFORMAT_HEX
:
141 case ZFS_KEYFORMAT_PASSPHRASE
:
142 return ("passphrase");
144 /* shouldn't happen */
150 get_key_material_raw(FILE *fd
, const char *fsname
, zfs_keyformat_t keyformat
,
151 boolean_t again
, boolean_t newkey
, uint8_t **buf
, size_t *len_out
)
155 struct termios old_term
, new_term
;
156 struct sigaction act
, osigint
, osigtstp
;
160 if (isatty(fileno(fd
))) {
162 * handle SIGINT and ignore SIGSTP. This is necessary to
163 * restore the state of the terminal.
165 caught_interrupt
= 0;
167 (void) sigemptyset(&act
.sa_mask
);
168 act
.sa_handler
= catch_signal
;
170 (void) sigaction(SIGINT
, &act
, &osigint
);
171 act
.sa_handler
= SIG_IGN
;
172 (void) sigaction(SIGTSTP
, &act
, &osigtstp
);
174 /* prompt for the key */
175 if (fsname
!= NULL
) {
176 (void) printf("%s %s%s for '%s': ",
177 (again
) ? "Re-enter" : "Enter",
178 (newkey
) ? "new " : "",
179 get_format_prompt_string(keyformat
), fsname
);
181 (void) printf("%s %s%s: ",
182 (again
) ? "Re-enter" : "Enter",
183 (newkey
) ? "new " : "",
184 get_format_prompt_string(keyformat
));
187 (void) fflush(stdout
);
189 /* disable the terminal echo for key input */
190 (void) tcgetattr(fileno(fd
), &old_term
);
193 new_term
.c_lflag
&= ~(ECHO
| ECHOE
| ECHOK
| ECHONL
);
195 ret
= tcsetattr(fileno(fd
), TCSAFLUSH
, &new_term
);
203 /* read the key material */
204 if (keyformat
!= ZFS_KEYFORMAT_RAW
) {
205 bytes
= getline((char **)buf
, &buflen
, fd
);
212 /* trim the ending newline if it exists */
213 if ((*buf
)[bytes
- 1] == '\n') {
214 (*buf
)[bytes
- 1] = '\0';
219 * Raw keys may have newline characters in them and so can't
220 * use getline(). Here we attempt to read 33 bytes so that we
221 * can properly check the key length (the file should only have
224 *buf
= malloc((WRAPPING_KEY_LEN
+ 1) * sizeof (char));
230 bytes
= fread(*buf
, 1, WRAPPING_KEY_LEN
+ 1, fd
);
232 /* size errors are handled by the calling function */
244 if (isatty(fileno(fd
))) {
245 /* reset the teminal */
246 (void) tcsetattr(fileno(fd
), TCSAFLUSH
, &old_term
);
247 (void) sigaction(SIGINT
, &osigint
, NULL
);
248 (void) sigaction(SIGTSTP
, &osigtstp
, NULL
);
250 /* if we caught a signal, re-throw it now */
251 if (caught_interrupt
!= 0) {
252 (void) kill(getpid(), caught_interrupt
);
255 /* print the newline that was not echo'd */
264 * Attempts to fetch key material, no matter where it might live. The key
265 * material is allocated and returned in km_out. *can_retry_out will be set
266 * to B_TRUE if the user is providing the key material interactively, allowing
267 * for re-entry attempts.
270 get_key_material(libzfs_handle_t
*hdl
, boolean_t do_verify
, boolean_t newkey
,
271 zfs_keyformat_t keyformat
, char *keylocation
, const char *fsname
,
272 uint8_t **km_out
, size_t *kmlen_out
, boolean_t
*can_retry_out
)
275 zfs_keylocation_t keyloc
= ZFS_KEYLOCATION_NONE
;
277 uint8_t *km
= NULL
, *km2
= NULL
;
278 size_t kmlen
, kmlen2
;
279 boolean_t can_retry
= B_FALSE
;
281 /* verify and parse the keylocation */
282 keyloc
= zfs_prop_parse_keylocation(keylocation
);
284 /* open the appropriate file descriptor */
286 case ZFS_KEYLOCATION_PROMPT
:
288 if (isatty(fileno(fd
))) {
291 /* raw keys cannot be entered on the terminal */
292 if (keyformat
== ZFS_KEYFORMAT_RAW
) {
294 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
295 "Cannot enter raw keys on the terminal"));
300 case ZFS_KEYLOCATION_URI
:
301 fd
= fopen(&keylocation
[7], "r");
305 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
306 "Failed to open key material file"));
312 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
313 "Invalid keylocation."));
317 /* fetch the key material into the buffer */
318 ret
= get_key_material_raw(fd
, fsname
, keyformat
, B_FALSE
, newkey
,
323 /* do basic validation of the key material */
325 case ZFS_KEYFORMAT_RAW
:
326 /* verify the key length is correct */
327 if (kmlen
< WRAPPING_KEY_LEN
) {
329 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
330 "Raw key too short (expected %u)."),
335 if (kmlen
> WRAPPING_KEY_LEN
) {
337 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
338 "Raw key too long (expected %u)."),
343 case ZFS_KEYFORMAT_HEX
:
344 /* verify the key length is correct */
345 if (kmlen
< WRAPPING_KEY_LEN
* 2) {
347 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
348 "Hex key too short (expected %u)."),
349 WRAPPING_KEY_LEN
* 2);
353 if (kmlen
> WRAPPING_KEY_LEN
* 2) {
355 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
356 "Hex key too long (expected %u)."),
357 WRAPPING_KEY_LEN
* 2);
361 /* check for invalid hex digits */
362 for (i
= 0; i
< WRAPPING_KEY_LEN
* 2; i
++) {
363 if (!isxdigit((char)km
[i
])) {
365 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
366 "Invalid hex character detected."));
371 case ZFS_KEYFORMAT_PASSPHRASE
:
372 /* verify the length is within bounds */
373 if (kmlen
> MAX_PASSPHRASE_LEN
) {
375 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
376 "Passphrase too long (max %u)."),
381 if (kmlen
< MIN_PASSPHRASE_LEN
) {
383 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
384 "Passphrase too short (min %u)."),
390 /* can't happen, checked above */
394 if (do_verify
&& isatty(fileno(fd
))) {
395 ret
= get_key_material_raw(fd
, fsname
, keyformat
, B_TRUE
,
396 newkey
, &km2
, &kmlen2
);
400 if (kmlen2
!= kmlen
||
401 (memcmp((char *)km
, (char *)km2
, kmlen
) != 0)) {
403 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
404 "Provided keys do not match."));
417 if (can_retry_out
!= NULL
)
418 *can_retry_out
= can_retry
;
429 if (fd
!= NULL
&& fd
!= stdin
)
434 if (can_retry_out
!= NULL
)
435 *can_retry_out
= can_retry
;
441 derive_key(libzfs_handle_t
*hdl
, zfs_keyformat_t format
, uint64_t iters
,
442 uint8_t *key_material
, size_t key_material_len
, uint64_t salt
,
450 key
= zfs_alloc(hdl
, WRAPPING_KEY_LEN
);
455 case ZFS_KEYFORMAT_RAW
:
456 bcopy(key_material
, key
, WRAPPING_KEY_LEN
);
458 case ZFS_KEYFORMAT_HEX
:
459 ret
= hex_key_to_raw((char *)key_material
,
460 WRAPPING_KEY_LEN
* 2, key
);
462 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
463 "Invalid hex key provided."));
467 case ZFS_KEYFORMAT_PASSPHRASE
:
470 ret
= PKCS5_PBKDF2_HMAC_SHA1((char *)key_material
,
471 strlen((char *)key_material
), ((uint8_t *)&salt
),
472 sizeof (uint64_t), iters
, WRAPPING_KEY_LEN
, key
);
475 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
476 "Failed to generate key from passphrase."));
496 encryption_feature_is_enabled(zpool_handle_t
*zph
)
499 uint64_t feat_refcount
;
501 /* check that features can be enabled */
502 if (zpool_get_prop_int(zph
, ZPOOL_PROP_VERSION
, NULL
)
503 < SPA_VERSION_FEATURES
)
506 /* check for crypto feature */
507 features
= zpool_get_features(zph
);
508 if (!features
|| nvlist_lookup_uint64(features
,
509 spa_feature_table
[SPA_FEATURE_ENCRYPTION
].fi_guid
,
510 &feat_refcount
) != 0)
517 populate_create_encryption_params_nvlists(libzfs_handle_t
*hdl
,
518 zfs_handle_t
*zhp
, boolean_t newkey
, zfs_keyformat_t keyformat
,
519 char *keylocation
, nvlist_t
*props
, uint8_t **wkeydata
, uint_t
*wkeylen
)
522 uint64_t iters
= 0, salt
= 0;
523 uint8_t *key_material
= NULL
;
524 size_t key_material_len
= 0;
525 uint8_t *key_data
= NULL
;
526 const char *fsname
= (zhp
) ? zfs_get_name(zhp
) : NULL
;
528 /* get key material from keyformat and keylocation */
529 ret
= get_key_material(hdl
, B_TRUE
, newkey
, keyformat
, keylocation
,
530 fsname
, &key_material
, &key_material_len
, NULL
);
534 /* passphrase formats require a salt and pbkdf2 iters property */
535 if (keyformat
== ZFS_KEYFORMAT_PASSPHRASE
) {
536 /* always generate a new salt */
537 ret
= pkcs11_get_urandom((uint8_t *)&salt
, sizeof (uint64_t));
538 if (ret
!= sizeof (uint64_t)) {
539 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
540 "Failed to generate salt."));
544 ret
= nvlist_add_uint64(props
,
545 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT
), salt
);
547 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
548 "Failed to add salt to properties."));
553 * If not otherwise specified, use the default number of
554 * pbkdf2 iterations. If specified, we have already checked
555 * that the given value is greater than MIN_PBKDF2_ITERATIONS
556 * during zfs_valid_proplist().
558 ret
= nvlist_lookup_uint64(props
,
559 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS
), &iters
);
561 iters
= DEFAULT_PBKDF2_ITERATIONS
;
562 ret
= nvlist_add_uint64(props
,
563 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS
), iters
);
566 } else if (ret
!= 0) {
567 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
568 "Failed to get pbkdf2 iterations."));
572 /* check that pbkdf2iters was not specified by the user */
573 ret
= nvlist_lookup_uint64(props
,
574 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS
), &iters
);
577 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
578 "Cannot specify pbkdf2iters with a non-passphrase "
584 /* derive a key from the key material */
585 ret
= derive_key(hdl
, keyformat
, iters
, key_material
, key_material_len
,
592 *wkeydata
= key_data
;
593 *wkeylen
= WRAPPING_KEY_LEN
;
597 if (key_material
!= NULL
)
599 if (key_data
!= NULL
)
608 proplist_has_encryption_props(nvlist_t
*props
)
614 ret
= nvlist_lookup_uint64(props
,
615 zfs_prop_to_name(ZFS_PROP_ENCRYPTION
), &intval
);
616 if (ret
== 0 && intval
!= ZIO_CRYPT_OFF
)
619 ret
= nvlist_lookup_string(props
,
620 zfs_prop_to_name(ZFS_PROP_KEYLOCATION
), &strval
);
621 if (ret
== 0 && strcmp(strval
, "none") != 0)
624 ret
= nvlist_lookup_uint64(props
,
625 zfs_prop_to_name(ZFS_PROP_KEYFORMAT
), &intval
);
629 ret
= nvlist_lookup_uint64(props
,
630 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS
), &intval
);
638 zfs_crypto_get_encryption_root(zfs_handle_t
*zhp
, boolean_t
*is_encroot
,
642 char prop_encroot
[MAXNAMELEN
];
644 /* if the dataset isn't encrypted, just return */
645 if (zfs_prop_get_int(zhp
, ZFS_PROP_ENCRYPTION
) == ZIO_CRYPT_OFF
) {
646 *is_encroot
= B_FALSE
;
652 ret
= zfs_prop_get(zhp
, ZFS_PROP_ENCRYPTION_ROOT
, prop_encroot
,
653 sizeof (prop_encroot
), NULL
, NULL
, 0, B_TRUE
);
655 *is_encroot
= B_FALSE
;
661 *is_encroot
= strcmp(prop_encroot
, zfs_get_name(zhp
)) == 0;
663 strcpy(buf
, prop_encroot
);
669 zfs_crypto_create(libzfs_handle_t
*hdl
, char *parent_name
, nvlist_t
*props
,
670 nvlist_t
*pool_props
, boolean_t stdin_available
, uint8_t **wkeydata_out
,
675 uint64_t crypt
= ZIO_CRYPT_INHERIT
, pcrypt
= ZIO_CRYPT_INHERIT
;
676 uint64_t keyformat
= ZFS_KEYFORMAT_NONE
;
677 char *keylocation
= NULL
;
678 zfs_handle_t
*pzhp
= NULL
;
679 uint8_t *wkeydata
= NULL
;
681 boolean_t local_crypt
= B_TRUE
;
683 (void) snprintf(errbuf
, sizeof (errbuf
),
684 dgettext(TEXT_DOMAIN
, "Encryption create error"));
686 /* lookup crypt from props */
687 ret
= nvlist_lookup_uint64(props
,
688 zfs_prop_to_name(ZFS_PROP_ENCRYPTION
), &crypt
);
690 local_crypt
= B_FALSE
;
692 /* lookup key location and format from props */
693 (void) nvlist_lookup_uint64(props
,
694 zfs_prop_to_name(ZFS_PROP_KEYFORMAT
), &keyformat
);
695 (void) nvlist_lookup_string(props
,
696 zfs_prop_to_name(ZFS_PROP_KEYLOCATION
), &keylocation
);
698 if (parent_name
!= NULL
) {
699 /* get a reference to parent dataset */
700 pzhp
= make_dataset_handle(hdl
, parent_name
);
703 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
704 "Failed to lookup parent."));
708 /* Lookup parent's crypt */
709 pcrypt
= zfs_prop_get_int(pzhp
, ZFS_PROP_ENCRYPTION
);
711 /* Params require the encryption feature */
712 if (!encryption_feature_is_enabled(pzhp
->zpool_hdl
)) {
713 if (proplist_has_encryption_props(props
)) {
715 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
716 "Encryption feature not enabled."));
725 * special case for root dataset where encryption feature
726 * feature won't be on disk yet
728 if (!nvlist_exists(pool_props
, "feature@encryption")) {
729 if (proplist_has_encryption_props(props
)) {
731 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
732 "Encryption feature not enabled."));
740 pcrypt
= ZIO_CRYPT_OFF
;
743 /* Check for encryption being explicitly truned off */
744 if (crypt
== ZIO_CRYPT_OFF
&& pcrypt
!= ZIO_CRYPT_OFF
) {
746 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
747 "Invalid encryption value. Dataset must be encrypted."));
751 /* Get the inherited encryption property if we don't have it locally */
756 * At this point crypt should be the actual encryption value. If
757 * encryption is off just verify that no encryption properties have
758 * been specified and return.
760 if (crypt
== ZIO_CRYPT_OFF
) {
761 if (proplist_has_encryption_props(props
)) {
763 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
764 "Encryption must be turned on to set encryption "
774 * If we have a parent crypt it is valid to specify encryption alone.
775 * This will result in a child that is encrypted with the chosen
776 * encryption suite that will also inherit the parent's key. If
777 * the parent is not encrypted we need an encryption suite provided.
779 if (pcrypt
== ZIO_CRYPT_OFF
&& keylocation
== NULL
&&
780 keyformat
== ZFS_KEYFORMAT_NONE
) {
782 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
783 "Keyformat required for new encryption root."));
788 * Specifying a keylocation implies this will be a new encryption root.
789 * Check that a keyformat is also specified.
791 if (keylocation
!= NULL
&& keyformat
== ZFS_KEYFORMAT_NONE
) {
793 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
794 "Keyformat required for new encryption root."));
798 /* default to prompt if no keylocation is specified */
799 if (keyformat
!= ZFS_KEYFORMAT_NONE
&& keylocation
== NULL
) {
800 keylocation
= "prompt";
801 ret
= nvlist_add_string(props
,
802 zfs_prop_to_name(ZFS_PROP_KEYLOCATION
), keylocation
);
808 * If a local key is provided, this dataset will be a new
809 * encryption root. Populate the encryption params.
811 if (keylocation
!= NULL
) {
813 * 'zfs recv -o keylocation=prompt' won't work because stdin
814 * is being used by the send stream, so we disallow it.
816 if (!stdin_available
&& strcmp(keylocation
, "prompt") == 0) {
818 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
, "Cannot use "
819 "'prompt' keylocation because stdin is in use."));
823 ret
= populate_create_encryption_params_nvlists(hdl
, NULL
,
824 B_FALSE
, keyformat
, keylocation
, props
, &wkeydata
,
833 *wkeydata_out
= wkeydata
;
834 *wkeylen_out
= wkeylen
;
840 if (wkeydata
!= NULL
)
843 *wkeydata_out
= NULL
;
849 zfs_crypto_clone_check(libzfs_handle_t
*hdl
, zfs_handle_t
*origin_zhp
,
850 char *parent_name
, nvlist_t
*props
)
854 zfs_handle_t
*pzhp
= NULL
;
855 uint64_t pcrypt
, ocrypt
;
857 (void) snprintf(errbuf
, sizeof (errbuf
),
858 dgettext(TEXT_DOMAIN
, "Encryption clone error"));
861 * No encryption properties should be specified. They will all be
862 * inherited from the origin dataset.
864 if (nvlist_exists(props
, zfs_prop_to_name(ZFS_PROP_KEYFORMAT
)) ||
865 nvlist_exists(props
, zfs_prop_to_name(ZFS_PROP_KEYLOCATION
)) ||
866 nvlist_exists(props
, zfs_prop_to_name(ZFS_PROP_ENCRYPTION
)) ||
867 nvlist_exists(props
, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS
))) {
869 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
870 "Encryption properties must inherit from origin dataset."));
874 /* get a reference to parent dataset, should never be NULL */
875 pzhp
= make_dataset_handle(hdl
, parent_name
);
877 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
878 "Failed to lookup parent."));
882 /* Lookup parent's crypt */
883 pcrypt
= zfs_prop_get_int(pzhp
, ZFS_PROP_ENCRYPTION
);
884 ocrypt
= zfs_prop_get_int(origin_zhp
, ZFS_PROP_ENCRYPTION
);
886 /* all children of encrypted parents must be encrypted */
887 if (pcrypt
!= ZIO_CRYPT_OFF
&& ocrypt
== ZIO_CRYPT_OFF
) {
889 zfs_error_aux(hdl
, dgettext(TEXT_DOMAIN
,
890 "Cannot create unencrypted clone as a child "
891 "of encrypted parent."));
904 typedef struct loadkeys_cbdata
{
905 uint64_t cb_numfailed
;
906 uint64_t cb_numattempted
;
910 load_keys_cb(zfs_handle_t
*zhp
, void *arg
)
913 boolean_t is_encroot
;
914 loadkey_cbdata_t
*cb
= arg
;
915 uint64_t keystatus
= zfs_prop_get_int(zhp
, ZFS_PROP_KEYSTATUS
);
917 /* only attempt to load keys for encryption roots */
918 ret
= zfs_crypto_get_encryption_root(zhp
, &is_encroot
, NULL
);
919 if (ret
!= 0 || !is_encroot
)
922 /* don't attempt to load already loaded keys */
923 if (keystatus
== ZFS_KEYSTATUS_AVAILABLE
)
926 /* Attempt to load the key. Record status in cb. */
927 cb
->cb_numattempted
++;
929 ret
= zfs_crypto_load_key(zhp
, B_FALSE
, NULL
);
934 (void) zfs_iter_filesystems(zhp
, load_keys_cb
, cb
);
937 /* always return 0, since this function is best effort */
942 * This function is best effort. It attempts to load all the keys for the given
943 * filesystem and all of its children.
946 zfs_crypto_attempt_load_keys(libzfs_handle_t
*hdl
, char *fsname
)
949 zfs_handle_t
*zhp
= NULL
;
950 loadkey_cbdata_t cb
= { 0 };
952 zhp
= zfs_open(hdl
, fsname
, ZFS_TYPE_FILESYSTEM
| ZFS_TYPE_VOLUME
);
958 ret
= load_keys_cb(zfs_handle_dup(zhp
), &cb
);
962 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
963 (u_longlong_t
)(cb
.cb_numattempted
- cb
.cb_numfailed
),
964 (u_longlong_t
)cb
.cb_numattempted
);
966 if (cb
.cb_numfailed
!= 0) {
981 zfs_crypto_load_key(zfs_handle_t
*zhp
, boolean_t noop
, char *alt_keylocation
)
983 int ret
, attempts
= 0;
985 uint64_t keystatus
, iters
= 0, salt
= 0;
986 uint64_t keyformat
= ZFS_KEYFORMAT_NONE
;
987 char prop_keylocation
[MAXNAMELEN
];
988 char prop_encroot
[MAXNAMELEN
];
989 char *keylocation
= NULL
;
990 uint8_t *key_material
= NULL
, *key_data
= NULL
;
991 size_t key_material_len
;
992 boolean_t is_encroot
, can_retry
= B_FALSE
, correctible
= B_FALSE
;
994 (void) snprintf(errbuf
, sizeof (errbuf
),
995 dgettext(TEXT_DOMAIN
, "Key load error"));
997 /* check that encryption is enabled for the pool */
998 if (!encryption_feature_is_enabled(zhp
->zpool_hdl
)) {
999 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1000 "Encryption feature not enabled."));
1005 /* Fetch the keyformat. Check that the dataset is encrypted. */
1006 keyformat
= zfs_prop_get_int(zhp
, ZFS_PROP_KEYFORMAT
);
1007 if (keyformat
== ZFS_KEYFORMAT_NONE
) {
1008 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1009 "'%s' is not encrypted."), zfs_get_name(zhp
));
1015 * Fetch the key location. Check that we are working with an
1018 ret
= zfs_crypto_get_encryption_root(zhp
, &is_encroot
, prop_encroot
);
1020 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1021 "Failed to get encryption root for '%s'."),
1024 } else if (!is_encroot
) {
1025 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1026 "Keys must be loaded for encryption root of '%s' (%s)."),
1027 zfs_get_name(zhp
), prop_encroot
);
1033 * if the caller has elected to override the keylocation property
1036 if (alt_keylocation
!= NULL
) {
1037 keylocation
= alt_keylocation
;
1039 ret
= zfs_prop_get(zhp
, ZFS_PROP_KEYLOCATION
, prop_keylocation
,
1040 sizeof (prop_keylocation
), NULL
, NULL
, 0, B_TRUE
);
1042 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1043 "Failed to get keylocation for '%s'."),
1048 keylocation
= prop_keylocation
;
1051 /* check that the key is unloaded unless this is a noop */
1053 keystatus
= zfs_prop_get_int(zhp
, ZFS_PROP_KEYSTATUS
);
1054 if (keystatus
== ZFS_KEYSTATUS_AVAILABLE
) {
1055 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1056 "Key already loaded for '%s'."), zfs_get_name(zhp
));
1062 /* passphrase formats require a salt and pbkdf2_iters property */
1063 if (keyformat
== ZFS_KEYFORMAT_PASSPHRASE
) {
1064 salt
= zfs_prop_get_int(zhp
, ZFS_PROP_PBKDF2_SALT
);
1065 iters
= zfs_prop_get_int(zhp
, ZFS_PROP_PBKDF2_ITERS
);
1069 /* fetching and deriving the key are correctable errors. set the flag */
1070 correctible
= B_TRUE
;
1072 /* get key material from key format and location */
1073 ret
= get_key_material(zhp
->zfs_hdl
, B_FALSE
, B_FALSE
, keyformat
,
1074 keylocation
, zfs_get_name(zhp
), &key_material
, &key_material_len
,
1079 /* derive a key from the key material */
1080 ret
= derive_key(zhp
->zfs_hdl
, keyformat
, iters
, key_material
,
1081 key_material_len
, salt
, &key_data
);
1085 correctible
= B_FALSE
;
1087 /* pass the wrapping key and noop flag to the ioctl */
1088 ret
= lzc_load_key(zhp
->zfs_name
, noop
, key_data
, WRAPPING_KEY_LEN
);
1092 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1093 "Permission denied."));
1096 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1097 "Invalid parameters provided for dataset %s."),
1101 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1102 "Key already loaded for '%s'."), zfs_get_name(zhp
));
1105 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1106 "'%s' is busy."), zfs_get_name(zhp
));
1109 correctible
= B_TRUE
;
1110 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1111 "Incorrect key provided for '%s'."),
1124 zfs_error(zhp
->zfs_hdl
, EZFS_CRYPTOFAILED
, errbuf
);
1125 if (key_material
!= NULL
) {
1127 key_material
= NULL
;
1129 if (key_data
!= NULL
) {
1135 * Here we decide if it is ok to allow the user to retry entering their
1136 * key. The can_retry flag will be set if the user is entering their
1137 * key from an interactive prompt. The correctable flag will only be
1138 * set if an error that occurred could be corrected by retrying. Both
1139 * flags are needed to allow the user to attempt key entry again
1142 if (can_retry
&& correctible
&& attempts
< MAX_KEY_PROMPT_ATTEMPTS
)
1149 zfs_crypto_unload_key(zfs_handle_t
*zhp
)
1153 char prop_encroot
[MAXNAMELEN
];
1154 uint64_t keystatus
, keyformat
;
1155 boolean_t is_encroot
;
1157 (void) snprintf(errbuf
, sizeof (errbuf
),
1158 dgettext(TEXT_DOMAIN
, "Key unload error"));
1160 /* check that encryption is enabled for the pool */
1161 if (!encryption_feature_is_enabled(zhp
->zpool_hdl
)) {
1162 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1163 "Encryption feature not enabled."));
1168 /* Fetch the keyformat. Check that the dataset is encrypted. */
1169 keyformat
= zfs_prop_get_int(zhp
, ZFS_PROP_KEYFORMAT
);
1170 if (keyformat
== ZFS_KEYFORMAT_NONE
) {
1171 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1172 "'%s' is not encrypted."), zfs_get_name(zhp
));
1178 * Fetch the key location. Check that we are working with an
1181 ret
= zfs_crypto_get_encryption_root(zhp
, &is_encroot
, prop_encroot
);
1183 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1184 "Failed to get encryption root for '%s'."),
1187 } else if (!is_encroot
) {
1188 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1189 "Keys must be unloaded for encryption root of '%s' (%s)."),
1190 zfs_get_name(zhp
), prop_encroot
);
1195 /* check that the key is loaded */
1196 keystatus
= zfs_prop_get_int(zhp
, ZFS_PROP_KEYSTATUS
);
1197 if (keystatus
== ZFS_KEYSTATUS_UNAVAILABLE
) {
1198 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1199 "Key already unloaded for '%s'."), zfs_get_name(zhp
));
1204 /* call the ioctl */
1205 ret
= lzc_unload_key(zhp
->zfs_name
);
1210 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1211 "Permission denied."));
1214 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1215 "Key already unloaded for '%s'."),
1219 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1220 "'%s' is busy."), zfs_get_name(zhp
));
1223 zfs_error(zhp
->zfs_hdl
, EZFS_CRYPTOFAILED
, errbuf
);
1229 zfs_error(zhp
->zfs_hdl
, EZFS_CRYPTOFAILED
, errbuf
);
1234 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t
*zhp
, nvlist_t
*props
,
1235 nvlist_t
**props_out
, char *errbuf
)
1238 nvpair_t
*elem
= NULL
;
1240 nvlist_t
*new_props
= NULL
;
1242 new_props
= fnvlist_alloc();
1245 * loop through all provided properties, we should only have
1246 * keyformat, keylocation and pbkdf2iters. The actual validation of
1247 * values is done by zfs_valid_proplist().
1249 while ((elem
= nvlist_next_nvpair(props
, elem
)) != NULL
) {
1250 const char *propname
= nvpair_name(elem
);
1251 prop
= zfs_name_to_prop(propname
);
1254 case ZFS_PROP_PBKDF2_ITERS
:
1255 case ZFS_PROP_KEYFORMAT
:
1256 case ZFS_PROP_KEYLOCATION
:
1260 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1261 "Only keyformat, keylocation and pbkdf2iters may "
1262 "be set with this command."));
1267 new_props
= zfs_valid_proplist(zhp
->zfs_hdl
, zhp
->zfs_type
, props
,
1268 zfs_prop_get_int(zhp
, ZFS_PROP_ZONED
), NULL
, zhp
->zpool_hdl
,
1270 if (new_props
== NULL
) {
1275 *props_out
= new_props
;
1279 nvlist_free(new_props
);
1285 zfs_crypto_rewrap(zfs_handle_t
*zhp
, nvlist_t
*raw_props
, boolean_t inheritkey
)
1289 boolean_t is_encroot
;
1290 nvlist_t
*props
= NULL
;
1291 uint8_t *wkeydata
= NULL
;
1293 dcp_cmd_t cmd
= (inheritkey
) ? DCP_CMD_INHERIT
: DCP_CMD_NEW_KEY
;
1294 uint64_t crypt
, pcrypt
, keystatus
, pkeystatus
;
1295 uint64_t keyformat
= ZFS_KEYFORMAT_NONE
;
1296 zfs_handle_t
*pzhp
= NULL
;
1297 char *keylocation
= NULL
;
1298 char origin_name
[MAXNAMELEN
];
1299 char prop_keylocation
[MAXNAMELEN
];
1300 char parent_name
[ZFS_MAX_DATASET_NAME_LEN
];
1302 (void) snprintf(errbuf
, sizeof (errbuf
),
1303 dgettext(TEXT_DOMAIN
, "Key change error"));
1305 /* check that encryption is enabled for the pool */
1306 if (!encryption_feature_is_enabled(zhp
->zpool_hdl
)) {
1307 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1308 "Encryption feature not enabled."));
1313 /* get crypt from dataset */
1314 crypt
= zfs_prop_get_int(zhp
, ZFS_PROP_ENCRYPTION
);
1315 if (crypt
== ZIO_CRYPT_OFF
) {
1316 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1317 "Dataset not encrypted."));
1322 /* get the encryption root of the dataset */
1323 ret
= zfs_crypto_get_encryption_root(zhp
, &is_encroot
, NULL
);
1325 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1326 "Failed to get encryption root for '%s'."),
1331 /* Clones use their origin's key and cannot rewrap it */
1332 ret
= zfs_prop_get(zhp
, ZFS_PROP_ORIGIN
, origin_name
,
1333 sizeof (origin_name
), NULL
, NULL
, 0, B_TRUE
);
1334 if (ret
== 0 && strcmp(origin_name
, "") != 0) {
1335 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1336 "Keys cannot be changed on clones."));
1342 * If the user wants to use the inheritkey variant of this function
1343 * we don't need to collect any crypto arguments.
1346 /* validate the provided properties */
1347 ret
= zfs_crypto_verify_rewrap_nvlist(zhp
, raw_props
, &props
,
1353 * Load keyformat and keylocation from the nvlist. Fetch from
1354 * the dataset properties if not specified.
1356 (void) nvlist_lookup_uint64(props
,
1357 zfs_prop_to_name(ZFS_PROP_KEYFORMAT
), &keyformat
);
1358 (void) nvlist_lookup_string(props
,
1359 zfs_prop_to_name(ZFS_PROP_KEYLOCATION
), &keylocation
);
1363 * If this is already an ecryption root, just keep
1364 * any properties not set by the user.
1366 if (keyformat
== ZFS_KEYFORMAT_NONE
) {
1367 keyformat
= zfs_prop_get_int(zhp
,
1368 ZFS_PROP_KEYFORMAT
);
1369 ret
= nvlist_add_uint64(props
,
1370 zfs_prop_to_name(ZFS_PROP_KEYFORMAT
),
1373 zfs_error_aux(zhp
->zfs_hdl
,
1374 dgettext(TEXT_DOMAIN
, "Failed to "
1375 "get existing keyformat "
1381 if (keylocation
== NULL
) {
1382 ret
= zfs_prop_get(zhp
, ZFS_PROP_KEYLOCATION
,
1383 prop_keylocation
, sizeof (prop_keylocation
),
1384 NULL
, NULL
, 0, B_TRUE
);
1386 zfs_error_aux(zhp
->zfs_hdl
,
1387 dgettext(TEXT_DOMAIN
, "Failed to "
1388 "get existing keylocation "
1393 keylocation
= prop_keylocation
;
1396 /* need a new key for non-encryption roots */
1397 if (keyformat
== ZFS_KEYFORMAT_NONE
) {
1399 zfs_error_aux(zhp
->zfs_hdl
,
1400 dgettext(TEXT_DOMAIN
, "Keyformat required "
1401 "for new encryption root."));
1405 /* default to prompt if no keylocation is specified */
1406 if (keylocation
== NULL
) {
1407 keylocation
= "prompt";
1408 ret
= nvlist_add_string(props
,
1409 zfs_prop_to_name(ZFS_PROP_KEYLOCATION
),
1416 /* fetch the new wrapping key and associated properties */
1417 ret
= populate_create_encryption_params_nvlists(zhp
->zfs_hdl
,
1418 zhp
, B_TRUE
, keyformat
, keylocation
, props
, &wkeydata
,
1423 /* check that zhp is an encryption root */
1425 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1426 "Key inheritting can only be performed on "
1427 "encryption roots."));
1432 /* get the parent's name */
1433 ret
= zfs_parent_name(zhp
, parent_name
, sizeof (parent_name
));
1435 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1436 "Root dataset cannot inherit key."));
1441 /* get a handle to the parent */
1442 pzhp
= make_dataset_handle(zhp
->zfs_hdl
, parent_name
);
1444 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1445 "Failed to lookup parent."));
1450 /* parent must be encrypted */
1451 pcrypt
= zfs_prop_get_int(pzhp
, ZFS_PROP_ENCRYPTION
);
1452 if (pcrypt
== ZIO_CRYPT_OFF
) {
1453 zfs_error_aux(pzhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1454 "Parent must be encrypted."));
1459 /* check that the parent's key is loaded */
1460 pkeystatus
= zfs_prop_get_int(pzhp
, ZFS_PROP_KEYSTATUS
);
1461 if (pkeystatus
== ZFS_KEYSTATUS_UNAVAILABLE
) {
1462 zfs_error_aux(pzhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1463 "Parent key must be loaded."));
1469 /* check that the key is loaded */
1470 keystatus
= zfs_prop_get_int(zhp
, ZFS_PROP_KEYSTATUS
);
1471 if (keystatus
== ZFS_KEYSTATUS_UNAVAILABLE
) {
1472 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1473 "Key must be loaded."));
1478 /* call the ioctl */
1479 ret
= lzc_change_key(zhp
->zfs_name
, cmd
, props
, wkeydata
, wkeylen
);
1483 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1484 "Permission denied."));
1487 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1488 "Invalid properties for key change."));
1491 zfs_error_aux(zhp
->zfs_hdl
, dgettext(TEXT_DOMAIN
,
1492 "Key is not currently loaded."));
1495 zfs_error(zhp
->zfs_hdl
, EZFS_CRYPTOFAILED
, errbuf
);
1502 if (wkeydata
!= NULL
)
1512 if (wkeydata
!= NULL
)
1515 zfs_error(zhp
->zfs_hdl
, EZFS_CRYPTOFAILED
, errbuf
);