1 /*
2 * CDDL HEADER START
3 *
4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
7 * 1.0 of the CDDL.
8 *
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
12 *
13 * CDDL HEADER END
14 */
15
16 /*
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
18 * Copyright 2020 Joyent, Inc.
19 */
20
21 #include <string.h>
22 #include <strings.h>
23 #include <ctype.h>
24 #include <unistd.h>
25 #include <sys/zfs_context.h>
26 #include <sys/fs/zfs.h>
27 #include <sys/dsl_crypt.h>
28 #ifdef sun
29 #include <stdlib.h>
30 #include <security/cryptoki.h>
31 #include <cryptoutil.h> /* for pkcs11_strerror */
32 #else
33 #include <sys/crypto/icp.h>
34 #endif
35 #include <libintl.h>
36 #include <termios.h>
37 #include <signal.h>
38 #include <errno.h>
39 #include <libzfs.h>
40 #include "libzfs_impl.h"
41 #include "zfeature_common.h"
42
43 /*
44 * User keys are used to decrypt the master encryption keys of a dataset. This
45 * indirection allows a user to change his / her access key without having to
46 * re-encrypt the entire dataset. User keys can be provided in one of several
47 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
48 * are converted to binary and passed into the kernel. Password based keys are
49 * a bit more complicated. Passwords alone do not provide suitable entropy for
50 * encryption and may be too short or too long to be used. In order to derive
51 * a more appropriate key we use a PBKDF2 function. This function is designed
52 * to take a (relatively) long time to calculate in order to discourage
53 * attackers from guessing from a list of common passwords. PBKDF2 requires
54 * 2 additional parameters. The first is the number of iterations to run, which
55 * will ultimately determine how long it takes to derive the resulting key from
56 * the password. The second parameter is a salt that is randomly generated for
57 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
58 * attackers cannot reasonably generate a table of commonly known passwords to
59 * their output keys and expect it work for all past and future PBKDF2 users.
60 * We store the salt as a hidden property of the dataset (although it is
61 * technically ok if the salt is known to the attacker).
62 */
63
64 typedef enum key_locator {
65 KEY_LOCATOR_NONE,
66 KEY_LOCATOR_PROMPT,
67 KEY_LOCATOR_URI
68 } key_locator_t;
69
70 #define MIN_PASSPHRASE_LEN 8
71 #define MAX_PASSPHRASE_LEN 512
72 #define MAX_KEY_PROMPT_ATTEMPTS 3
73
74 static int caught_interrupt;
75
76 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
77 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
78
79 static zfs_uri_handler_t uri_handlers[] = {
80 { "file", get_key_material_file },
81 { NULL, NULL }
82 };
83
84 static int
zfs_prop_parse_keylocation(libzfs_handle_t * restrict hdl,const char * str,zfs_keylocation_t * restrict locp,char ** restrict schemep)85 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
86 zfs_keylocation_t *restrict locp, char **restrict schemep)
87 {
88 int ret;
89
90 *locp = ZFS_KEYLOCATION_NONE;
91 *schemep = NULL;
92
93 if (strcmp("prompt", str) == 0) {
94 *locp = ZFS_KEYLOCATION_PROMPT;
95 return (0);
96 }
97
98 regmatch_t pmatch[URI_NMATCH];
99 regmatch_t *smatch = &pmatch[URI_SCHEMESUBEXP];
100
101 ret = regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch), pmatch, 0);
102 switch (ret) {
103 case 0:
104 break;
105 case REG_ESPACE:
106 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory"));
107 return (ENOMEM);
108 case REG_NOMATCH:
109 goto invalid;
110 default:
111 /*
112 * Any other errors from regexec are a programming bug,
113 * so consider them a fatal error.
114 */
115 (void) fprintf(stderr, "regexec failed: %d\n", ret);
116 abort();
117 }
118
119 if (smatch->rm_so == -1)
120 goto invalid;
121
122 *schemep = strndup(str + smatch->rm_so, smatch->rm_eo - smatch->rm_so);
123 if (*schemep == NULL) {
124 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory"));
125 return (ENOMEM);
126 }
127
128 *locp = ZFS_KEYLOCATION_URI;
129 return (0);
130
131 invalid:
132 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
133 return (EINVAL);
134 }
135
136 static int
hex_key_to_raw(char * hex,int hexlen,uint8_t * out)137 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
138 {
139 int ret, i;
140 unsigned int c;
141
142 for (i = 0; i < hexlen; i += 2) {
143 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
144 ret = EINVAL;
145 goto error;
146 }
147
148 ret = sscanf(&hex[i], "%02x", &c);
149 if (ret != 1) {
150 ret = EINVAL;
151 goto error;
152 }
153
154 out[i / 2] = c;
155 }
156
157 return (0);
158
159 error:
160 return (ret);
161 }
162
163
164 static void
catch_signal(int sig)165 catch_signal(int sig)
166 {
167 caught_interrupt = sig;
168 }
169
170 static char *
get_format_prompt_string(zfs_keyformat_t format)171 get_format_prompt_string(zfs_keyformat_t format)
172 {
173 switch (format) {
174 case ZFS_KEYFORMAT_RAW:
175 return ("raw key");
176 case ZFS_KEYFORMAT_HEX:
177 return ("hex key");
178 case ZFS_KEYFORMAT_PASSPHRASE:
179 return ("passphrase");
180 default:
181 /* shouldn't happen */
182 return (NULL);
183 }
184 }
185
186 /* do basic validation of the key material */
187 static int
validate_key(libzfs_handle_t * hdl,zfs_keyformat_t keyformat,const char * key,size_t keylen)188 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
189 const char *key, size_t keylen)
190 {
191 switch (keyformat) {
192 case ZFS_KEYFORMAT_RAW:
193 /* verify the key length is correct */
194 if (keylen < WRAPPING_KEY_LEN) {
195 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
196 "Raw key too short (expected %u)."),
197 WRAPPING_KEY_LEN);
198 return (EINVAL);
199 }
200
201 if (keylen > WRAPPING_KEY_LEN) {
202 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
203 "Raw key too long (expected %u)."),
204 WRAPPING_KEY_LEN);
205 return (EINVAL);
206 }
207 break;
208 case ZFS_KEYFORMAT_HEX:
209 /* verify the key length is correct */
210 if (keylen < WRAPPING_KEY_LEN * 2) {
211 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
212 "Hex key too short (expected %u)."),
213 WRAPPING_KEY_LEN * 2);
214 return (EINVAL);
215 }
216
217 if (keylen > WRAPPING_KEY_LEN * 2) {
218 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
219 "Hex key too long (expected %u)."),
220 WRAPPING_KEY_LEN * 2);
221 return (EINVAL);
222 }
223
224 /* check for invalid hex digits */
225 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
226 if (!isxdigit(key[i])) {
227 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
228 "Invalid hex character detected."));
229 return (EINVAL);
230 }
231 }
232 break;
233 case ZFS_KEYFORMAT_PASSPHRASE:
234 /* verify the length is within bounds */
235 if (keylen > MAX_PASSPHRASE_LEN) {
236 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
237 "Passphrase too long (max %u)."),
238 MAX_PASSPHRASE_LEN);
239 return (EINVAL);
240 }
241
242 if (keylen < MIN_PASSPHRASE_LEN) {
243 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
244 "Passphrase too short (min %u)."),
245 MIN_PASSPHRASE_LEN);
246 return (EINVAL);
247 }
248 break;
249 default:
250 /* can't happen, checked above */
251 break;
252 }
253
254 return (0);
255 }
256
257 static int
libzfs_getpassphrase(zfs_keyformat_t keyformat,boolean_t is_reenter,boolean_t new_key,const char * fsname,char ** restrict res,size_t * restrict reslen)258 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
259 boolean_t new_key, const char *fsname,
260 char **restrict res, size_t *restrict reslen)
261 {
262 FILE *f = stdin;
263 size_t buflen = 0;
264 ssize_t bytes;
265 int ret = 0;
266 struct termios old_term, new_term;
267 struct sigaction act, osigint, osigtstp;
268
269 *res = NULL;
270 *reslen = 0;
271
272 /*
273 * handle SIGINT and ignore SIGSTP. This is necessary to
274 * restore the state of the terminal.
275 */
276 caught_interrupt = 0;
277 act.sa_flags = 0;
278 (void) sigemptyset(&act.sa_mask);
279 act.sa_handler = catch_signal;
280
281 (void) sigaction(SIGINT, &act, &osigint);
282 act.sa_handler = SIG_IGN;
283 (void) sigaction(SIGTSTP, &act, &osigtstp);
284
285 (void) printf("%s %s%s",
286 is_reenter ? "Re-enter" : "Enter",
287 new_key ? "new " : "",
288 get_format_prompt_string(keyformat));
289 if (fsname != NULL)
290 (void) printf(" for '%s'", fsname);
291 (void) fputc(':', stdout);
292 (void) fflush(stdout);
293
294 /* disable the terminal echo for key input */
295 (void) tcgetattr(fileno(f), &old_term);
296
297 new_term = old_term;
298 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
299
300 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
301 if (ret != 0) {
302 ret = errno;
303 errno = 0;
304 goto out;
305 }
306
307 bytes = getline(res, &buflen, f);
308 if (bytes < 0) {
309 ret = errno;
310 errno = 0;
311 goto out;
312 }
313
314 /* trim the ending newline if it exists */
315 if (bytes > 0 && (*res)[bytes - 1] == '\n') {
316 (*res)[bytes - 1] = '\0';
317 bytes--;
318 }
319
320 *reslen = bytes;
321
322 out:
323 /* reset the teminal */
324 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
325 (void) sigaction(SIGINT, &osigint, NULL);
326 (void) sigaction(SIGTSTP, &osigtstp, NULL);
327
328 /* if we caught a signal, re-throw it now */
329 if (caught_interrupt != 0)
330 (void) kill(getpid(), caught_interrupt);
331
332 /* print the newline that was not echo'd */
333 (void) printf("\n");
334
335 return (ret);
336 }
337
338 static int
get_key_interactive(libzfs_handle_t * restrict hdl,const char * fsname,zfs_keyformat_t keyformat,boolean_t confirm_key,boolean_t newkey,uint8_t ** restrict outbuf,size_t * restrict len_out)339 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
340 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
341 uint8_t **restrict outbuf, size_t *restrict len_out)
342 {
343 char *buf = NULL, *buf2 = NULL;
344 size_t buflen = 0, buf2len = 0;
345 int ret = 0;
346
347 ASSERT(isatty(fileno(stdin)));
348
349 /* raw keys cannot be entered on the terminal */
350 if (keyformat == ZFS_KEYFORMAT_RAW) {
351 ret = EINVAL;
352 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
353 "Cannot enter raw keys on the terminal"));
354 goto out;
355 }
356
357 /* prompt for the key */
358 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
359 &buf, &buflen)) != 0) {
360 freezero(buf, buflen);
361 buf = NULL;
362 buflen = 0;
363 goto out;
364 }
365
366 if (!confirm_key)
367 goto out;
368
369 if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) {
370 freezero(buf, buflen);
371 return (ret);
372 }
373
374 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
375 &buf2len);
376 if (ret != 0) {
377 freezero(buf, buflen);
378 freezero(buf2, buf2len);
379 buf = buf2 = NULL;
380 buflen = buf2len = 0;
381 goto out;
382 }
383
384 if (buflen != buf2len || strcmp(buf, buf2) != 0) {
385 freezero(buf, buflen);
386 buf = NULL;
387 buflen = 0;
388
389 ret = EINVAL;
390 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
391 "Provided keys do not match."));
392 }
393
394 freezero(buf2, buf2len);
395
396 out:
397 *outbuf = (uint8_t *)buf;
398 *len_out = buflen;
399 return (ret);
400 }
401
402 static int
get_key_material_raw(FILE * fd,zfs_keyformat_t keyformat,uint8_t ** buf,size_t * len_out)403 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
404 uint8_t **buf, size_t *len_out)
405 {
406 int ret = 0;
407 size_t buflen = 0;
408
409 *len_out = 0;
410
411 /* read the key material */
412 if (keyformat != ZFS_KEYFORMAT_RAW) {
413 ssize_t bytes;
414
415 bytes = getline((char **)buf, &buflen, fd);
416 if (bytes < 0) {
417 ret = errno;
418 errno = 0;
419 goto out;
420 }
421
422 /* trim the ending newline if it exists */
423 if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
424 (*buf)[bytes - 1] = '\0';
425 bytes--;
426 }
427
428 *len_out = bytes;
429 } else {
430 size_t n;
431
432 /*
433 * Raw keys may have newline characters in them and so can't
434 * use getline(). Here we attempt to read 33 bytes so that we
435 * can properly check the key length (the file should only have
436 * 32 bytes).
437 */
438 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
439 if (*buf == NULL) {
440 ret = ENOMEM;
441 goto out;
442 }
443
444 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
445 if (n == 0 || ferror(fd)) {
446 /* size errors are handled by the calling function */
447 free(*buf);
448 *buf = NULL;
449 ret = errno;
450 errno = 0;
451 goto out;
452 }
453
454 *len_out = n;
455 }
456
457 out:
458 return (ret);
459 }
460
461 static int
get_key_material_file(libzfs_handle_t * hdl,const char * uri,const char * fsname,zfs_keyformat_t keyformat,boolean_t newkey,uint8_t ** restrict buf,size_t * restrict len_out)462 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
463 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
464 uint8_t **restrict buf, size_t *restrict len_out)
465 {
466 const char *path;
467 FILE *f = NULL;
468 int ret = 0;
469
470 /*
471 * get_key_material() should guarantee we're only called for a file
472 * URI.
473 */
474 VERIFY0(strncmp(uri, "file://", 7));
475 path = uri + 7;
476
477 if ((f = fopen(path, "r")) == NULL) {
478 ret = errno;
479 errno = 0;
480 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
481 "Failed to open key material file"));
482 return (ret);
483 }
484
485 ret = get_key_material_raw(f, keyformat, buf, len_out);
486
487 (void) fclose(f);
488
489 return (ret);
490 }
491
492 /*
493 * Attempts to fetch key material, no matter where it might live. The key
494 * material is allocated and returned in km_out. *can_retry_out will be set
495 * to B_TRUE if the user is providing the key material interactively, allowing
496 * for re-entry attempts.
497 */
498 static int
get_key_material(libzfs_handle_t * hdl,boolean_t do_verify,boolean_t newkey,zfs_keyformat_t keyformat,char * keylocation,const char * fsname,uint8_t ** km_out,size_t * kmlen_out,boolean_t * can_retry_out)499 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
500 zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
501 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
502 {
503 int ret;
504 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
505 uint8_t *km = NULL;
506 size_t kmlen = 0;
507 char *scheme = NULL;
508 zfs_uri_handler_t *handler = NULL;
509 boolean_t can_retry = B_FALSE;
510
511 /* verify and parse the keylocation */
512 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc, &scheme);
513 if (ret != 0)
514 goto error;
515
516 /* open the appropriate file descriptor */
517 switch (keyloc) {
518 case ZFS_KEYLOCATION_PROMPT:
519 if (isatty(fileno(stdin))) {
520 can_retry = B_TRUE;
521
522 ret = get_key_interactive(hdl, fsname, keyformat,
523 do_verify, newkey, &km, &kmlen);
524 } else {
525 /* fetch the key material into the buffer */
526 ret = get_key_material_raw(stdin, keyformat, &km,
527 &kmlen);
528 }
529 if (ret != 0)
530 goto error;
531 break;
532 case ZFS_KEYLOCATION_URI:
533 for (handler = uri_handlers; handler->zuh_scheme != NULL;
534 handler++) {
535 if (strcmp(handler->zuh_scheme, scheme) != 0)
536 continue;
537 if ((ret = handler->zuh_handler(hdl, keylocation,
538 fsname, keyformat, newkey, &km, &kmlen)) != 0)
539 goto error;
540 }
541 ret = ENOTSUP;
542 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
543 "URI scheme is not supported"));
544 break;
545 default:
546 ret = EINVAL;
547 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
548 "Invalid keylocation."));
549 goto error;
550 }
551
552 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0)
553 goto error;
554
555 *km_out = km;
556 *kmlen_out = kmlen;
557 if (can_retry_out != NULL)
558 *can_retry_out = can_retry;
559
560 free(scheme);
561 return (0);
562
563 error:
564 freezero(km, kmlen);
565 free(scheme);
566
567 *km_out = NULL;
568 *kmlen_out = 0;
569
570 return (ret);
571 }
572
573 /* This needs to be fixed to be compatible with other platforms */
574
575 static int
pbkdf2(uint8_t * passphrase,size_t passphraselen,uint8_t * salt,size_t saltlen,uint64_t iterations,uint8_t * output,size_t outputlen)576 pbkdf2(uint8_t *passphrase, size_t passphraselen, uint8_t *salt,
577 size_t saltlen, uint64_t iterations, uint8_t *output,
578 size_t outputlen)
579 {
580 int ret = 0;
581 CK_SESSION_HANDLE session;
582 char *tmpkeydata = NULL;
583 size_t tmpkeydatalen = 0;
584 CK_OBJECT_HANDLE obj;
585
586 /* initialize output */
587 (void) memset(output, 0, outputlen);
588
589 ret = SUNW_C_GetMechSession(CKM_PKCS5_PBKD2, &session);
590 if (ret) {
591 (void) fprintf(stderr, "failed to connect to pkcs5: %s\n",
592 pkcs11_strerror(ret));
593 return (ret);
594 }
595
596 ret = pkcs11_PasswdToPBKD2Object(session, (char *)passphrase,
597 passphraselen, salt, saltlen, iterations, CKK_AES, outputlen, 0,
598 &obj);
599
600 if (ret == CKR_OK)
601 ret = pkcs11_ObjectToKey(session, obj, (void **)&tmpkeydata,
602 &tmpkeydatalen, B_TRUE);
603
604 (void) C_CloseSession(session);
605 if (ret) {
606 (void) fprintf(stderr, "unable to generate key: %s\n",
607 pkcs11_strerror(ret));
608 return (ret);
609 }
610
611 /*
612 * Because it allocates an area for the passphrase, we copy it out
613 * then zero the original
614 */
615 (void) memcpy(output, tmpkeydata, tmpkeydatalen);
616 (void) memset(tmpkeydata, 0, tmpkeydatalen);
617 free(tmpkeydata);
618
619 return (ret);
620 }
621
622 /* ARGSUSED */
623 static int
derive_key(libzfs_handle_t * hdl,zfs_keyformat_t format,uint64_t iters,uint8_t * key_material,size_t key_material_len,uint64_t salt,uint8_t ** key_out)624 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
625 uint8_t *key_material, size_t key_material_len, uint64_t salt,
626 uint8_t **key_out)
627 {
628 int ret;
629 uint8_t *key;
630
631 *key_out = NULL;
632
633 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
634 if (!key)
635 return (ENOMEM);
636
637 switch (format) {
638 case ZFS_KEYFORMAT_RAW:
639 bcopy(key_material, key, WRAPPING_KEY_LEN);
640 break;
641 case ZFS_KEYFORMAT_HEX:
642 ret = hex_key_to_raw((char *)key_material,
643 WRAPPING_KEY_LEN * 2, key);
644 if (ret != 0) {
645 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
646 "Invalid hex key provided."));
647 goto error;
648 }
649 break;
650 case ZFS_KEYFORMAT_PASSPHRASE:
651 salt = LE_64(salt);
652 ret = pbkdf2(key_material, strlen((char *)key_material),
653 ((uint8_t *)&salt), sizeof (uint64_t), iters,
654 key, WRAPPING_KEY_LEN);
655 if (ret != 0) {
656 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
657 "Failed to generate key from passphrase."));
658 goto error;
659 }
660 break;
661 default:
662 ret = EINVAL;
663 goto error;
664 }
665
666 *key_out = key;
667 return (0);
668
669 error:
670 free(key);
671
672 *key_out = NULL;
673 return (ret);
674 }
675
676 static boolean_t
encryption_feature_is_enabled(zpool_handle_t * zph)677 encryption_feature_is_enabled(zpool_handle_t *zph)
678 {
679 nvlist_t *features;
680 uint64_t feat_refcount;
681
682 /* check that features can be enabled */
683 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
684 < SPA_VERSION_FEATURES)
685 return (B_FALSE);
686
687 /* check for crypto feature */
688 features = zpool_get_features(zph);
689 if (!features || nvlist_lookup_uint64(features,
690 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
691 &feat_refcount) != 0)
692 return (B_FALSE);
693
694 return (B_TRUE);
695 }
696
697 static int
populate_create_encryption_params_nvlists(libzfs_handle_t * hdl,zfs_handle_t * zhp,boolean_t newkey,zfs_keyformat_t keyformat,char * keylocation,nvlist_t * props,uint8_t ** wkeydata,uint_t * wkeylen)698 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
699 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
700 char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
701 {
702 int ret;
703 uint64_t iters = 0, salt = 0;
704 uint8_t *key_material = NULL;
705 size_t key_material_len = 0;
706 uint8_t *key_data = NULL;
707 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
708
709 /* get key material from keyformat and keylocation */
710 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
711 fsname, &key_material, &key_material_len, NULL);
712 if (ret != 0)
713 goto error;
714
715 /* passphrase formats require a salt and pbkdf2 iters property */
716 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
717 #ifdef sun
718 arc4random_buf(&salt, sizeof (salt));
719 #else
720 random_init();
721
722 ret = random_get_bytes((uint8_t *)&salt, sizeof (uint64_t));
723 if (ret != 0) {
724 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
725 "Failed to generate salt."));
726 goto error;
727 }
728
729 random_fini();
730 #endif
731
732 ret = nvlist_add_uint64(props,
733 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
734 if (ret != 0) {
735 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
736 "Failed to add salt to properties."));
737 goto error;
738 }
739
740 /*
741 * If not otherwise specified, use the default number of
742 * pbkdf2 iterations. If specified, we have already checked
743 * that the given value is greater than MIN_PBKDF2_ITERATIONS
744 * during zfs_valid_proplist().
745 */
746 ret = nvlist_lookup_uint64(props,
747 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
748 if (ret == ENOENT) {
749 iters = DEFAULT_PBKDF2_ITERATIONS;
750 ret = nvlist_add_uint64(props,
751 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
752 if (ret != 0)
753 goto error;
754 } else if (ret != 0) {
755 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
756 "Failed to get pbkdf2 iterations."));
757 goto error;
758 }
759 } else {
760 /* check that pbkdf2iters was not specified by the user */
761 ret = nvlist_lookup_uint64(props,
762 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
763 if (ret == 0) {
764 ret = EINVAL;
765 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
766 "Cannot specify pbkdf2iters with a non-passphrase "
767 "keyformat."));
768 goto error;
769 }
770 }
771
772 /* derive a key from the key material */
773 ret = derive_key(hdl, (zfs_keyformat_t)keyformat, iters, key_material,
774 key_material_len, salt, &key_data);
775 if (ret != 0)
776 goto error;
777
778 free(key_material);
779
780 *wkeydata = key_data;
781 *wkeylen = WRAPPING_KEY_LEN;
782 return (0);
783
784 error:
785 if (key_material != NULL)
786 free(key_material);
787 if (key_data != NULL)
788 free(key_data);
789
790 *wkeydata = NULL;
791 *wkeylen = 0;
792 return (ret);
793 }
794
795 static boolean_t
proplist_has_encryption_props(nvlist_t * props)796 proplist_has_encryption_props(nvlist_t *props)
797 {
798 int ret;
799 uint64_t intval;
800 char *strval;
801
802 ret = nvlist_lookup_uint64(props,
803 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
804 if (ret == 0 && intval != ZIO_CRYPT_OFF)
805 return (B_TRUE);
806
807 ret = nvlist_lookup_string(props,
808 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
809 if (ret == 0 && strcmp(strval, "none") != 0)
810 return (B_TRUE);
811
812 ret = nvlist_lookup_uint64(props,
813 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
814 if (ret == 0)
815 return (B_TRUE);
816
817 ret = nvlist_lookup_uint64(props,
818 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
819 if (ret == 0)
820 return (B_TRUE);
821
822 return (B_FALSE);
823 }
824
825 int
zfs_crypto_get_encryption_root(zfs_handle_t * zhp,boolean_t * is_encroot,char * buf)826 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
827 char *buf)
828 {
829 int ret;
830 char prop_encroot[MAXNAMELEN];
831
832 /* if the dataset isn't encrypted, just return */
833 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
834 *is_encroot = B_FALSE;
835 if (buf != NULL)
836 buf[0] = '\0';
837 return (0);
838 }
839
840 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
841 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
842 if (ret != 0) {
843 *is_encroot = B_FALSE;
844 if (buf != NULL)
845 buf[0] = '\0';
846 return (ret);
847 }
848
849 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
850 if (buf != NULL)
851 (void) strcpy(buf, prop_encroot);
852
853 return (0);
854 }
855
856 int
zfs_crypto_create(libzfs_handle_t * hdl,char * parent_name,nvlist_t * props,nvlist_t * pool_props,boolean_t stdin_available,uint8_t ** wkeydata_out,uint_t * wkeylen_out)857 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
858 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
859 uint_t *wkeylen_out)
860 {
861 int ret;
862 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
863 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
864 char *keylocation = NULL;
865 zfs_handle_t *pzhp = NULL;
866 uint8_t *wkeydata = NULL;
867 uint_t wkeylen = 0;
868 boolean_t local_crypt = B_TRUE;
869
870 /* lookup crypt from props */
871 ret = nvlist_lookup_uint64(props,
872 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
873 if (ret != 0)
874 local_crypt = B_FALSE;
875
876 /* lookup key location and format from props */
877 (void) nvlist_lookup_uint64(props,
878 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
879 (void) nvlist_lookup_string(props,
880 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
881
882 if (parent_name != NULL) {
883 /* get a reference to parent dataset */
884 pzhp = make_dataset_handle(hdl, parent_name);
885 if (pzhp == NULL) {
886 ret = ENOENT;
887 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
888 "Failed to lookup parent."));
889 goto out;
890 }
891
892 /* Lookup parent's crypt */
893 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
894
895 /* Params require the encryption feature */
896 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
897 if (proplist_has_encryption_props(props)) {
898 ret = EINVAL;
899 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
900 "Encryption feature not enabled."));
901 goto out;
902 }
903
904 ret = 0;
905 goto out;
906 }
907 } else {
908 /*
909 * special case for root dataset where encryption feature
910 * feature won't be on disk yet
911 */
912 if (!nvlist_exists(pool_props, "feature@encryption")) {
913 if (proplist_has_encryption_props(props)) {
914 ret = EINVAL;
915 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
916 "Encryption feature not enabled."));
917 goto out;
918 }
919
920 ret = 0;
921 goto out;
922 }
923
924 pcrypt = ZIO_CRYPT_OFF;
925 }
926
927 /* Get the inherited encryption property if we don't have it locally */
928 if (!local_crypt)
929 crypt = pcrypt;
930
931 /*
932 * At this point crypt should be the actual encryption value. If
933 * encryption is off just verify that no encryption properties have
934 * been specified and return.
935 */
936 if (crypt == ZIO_CRYPT_OFF) {
937 if (proplist_has_encryption_props(props)) {
938 ret = EINVAL;
939 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
940 "Encryption must be turned on to set encryption "
941 "properties."));
942 goto out;
943 }
944
945 ret = 0;
946 goto out;
947 }
948
949 /*
950 * If we have a parent crypt it is valid to specify encryption alone.
951 * This will result in a child that is encrypted with the chosen
952 * encryption suite that will also inherit the parent's key. If
953 * the parent is not encrypted we need an encryption suite provided.
954 */
955 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
956 keyformat == ZFS_KEYFORMAT_NONE) {
957 ret = EINVAL;
958 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
959 "Keyformat required for new encryption root."));
960 goto out;
961 }
962
963 /*
964 * Specifying a keylocation implies this will be a new encryption root.
965 * Check that a keyformat is also specified.
966 */
967 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
968 ret = EINVAL;
969 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
970 "Keyformat required for new encryption root."));
971 goto out;
972 }
973
974 /* default to prompt if no keylocation is specified */
975 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
976 keylocation = "prompt";
977 ret = nvlist_add_string(props,
978 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
979 if (ret != 0)
980 goto out;
981 }
982
983 /*
984 * If a local key is provided, this dataset will be a new
985 * encryption root. Populate the encryption params.
986 */
987 if (keylocation != NULL) {
988 /*
989 * 'zfs recv -o keylocation=prompt' won't work because stdin
990 * is being used by the send stream, so we disallow it.
991 */
992 if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
993 ret = EINVAL;
994 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
995 "'prompt' keylocation because stdin is in use."));
996 goto out;
997 }
998
999 ret = populate_create_encryption_params_nvlists(hdl, NULL,
1000 B_FALSE, keyformat, keylocation, props, &wkeydata,
1001 &wkeylen);
1002 if (ret != 0)
1003 goto out;
1004 }
1005
1006 if (pzhp != NULL)
1007 zfs_close(pzhp);
1008
1009 *wkeydata_out = wkeydata;
1010 *wkeylen_out = wkeylen;
1011 return (0);
1012
1013 out:
1014 if (pzhp != NULL)
1015 zfs_close(pzhp);
1016 if (wkeydata != NULL)
1017 free(wkeydata);
1018
1019 *wkeydata_out = NULL;
1020 *wkeylen_out = 0;
1021 return (ret);
1022 }
1023
1024 int
zfs_crypto_clone_check(libzfs_handle_t * hdl,zfs_handle_t * origin_zhp,char * parent_name,nvlist_t * props)1025 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1026 char *parent_name, nvlist_t *props)
1027 {
1028 /*
1029 * No encryption properties should be specified. They will all be
1030 * inherited from the origin dataset.
1031 */
1032 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1033 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1034 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1035 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1036 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1037 "Encryption properties must inherit from origin dataset."));
1038 return (EINVAL);
1039 }
1040
1041 return (0);
1042 }
1043
1044 typedef struct loadkeys_cbdata {
1045 uint64_t cb_numfailed;
1046 uint64_t cb_numattempted;
1047 } loadkey_cbdata_t;
1048
1049 static int
load_keys_cb(zfs_handle_t * zhp,void * arg)1050 load_keys_cb(zfs_handle_t *zhp, void *arg)
1051 {
1052 int ret;
1053 boolean_t is_encroot;
1054 loadkey_cbdata_t *cb = arg;
1055 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1056
1057 /* only attempt to load keys for encryption roots */
1058 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1059 if (ret != 0 || !is_encroot)
1060 goto out;
1061
1062 /* don't attempt to load already loaded keys */
1063 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1064 goto out;
1065
1066 /* Attempt to load the key. Record status in cb. */
1067 cb->cb_numattempted++;
1068
1069 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1070 if (ret)
1071 cb->cb_numfailed++;
1072
1073 out:
1074 (void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
1075 zfs_close(zhp);
1076
1077 /* always return 0, since this function is best effort */
1078 return (0);
1079 }
1080
1081 /*
1082 * This function is best effort. It attempts to load all the keys for the given
1083 * filesystem and all of its children.
1084 */
1085 int
zfs_crypto_attempt_load_keys(libzfs_handle_t * hdl,char * fsname)1086 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
1087 {
1088 int ret;
1089 zfs_handle_t *zhp = NULL;
1090 loadkey_cbdata_t cb = { 0 };
1091
1092 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1093 if (zhp == NULL) {
1094 ret = ENOENT;
1095 goto error;
1096 }
1097
1098 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1099 if (ret)
1100 goto error;
1101
1102 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1103 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1104 (u_longlong_t)cb.cb_numattempted);
1105
1106 if (cb.cb_numfailed != 0) {
1107 ret = -1;
1108 goto error;
1109 }
1110
1111 zfs_close(zhp);
1112 return (0);
1113
1114 error:
1115 if (zhp != NULL)
1116 zfs_close(zhp);
1117 return (ret);
1118 }
1119
1120 int
zfs_crypto_load_key(zfs_handle_t * zhp,boolean_t noop,char * alt_keylocation)1121 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
1122 {
1123 int ret, attempts = 0;
1124 char errbuf[1024];
1125 uint64_t keystatus, iters = 0, salt = 0;
1126 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1127 char prop_keylocation[MAXNAMELEN];
1128 char prop_encroot[MAXNAMELEN];
1129 char *keylocation = NULL;
1130 uint8_t *key_material = NULL, *key_data = NULL;
1131 size_t key_material_len;
1132 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1133
1134 (void) snprintf(errbuf, sizeof (errbuf),
1135 dgettext(TEXT_DOMAIN, "Key load error"));
1136
1137 /* check that encryption is enabled for the pool */
1138 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1139 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1140 "Encryption feature not enabled."));
1141 ret = EINVAL;
1142 goto error;
1143 }
1144
1145 /* Fetch the keyformat. Check that the dataset is encrypted. */
1146 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1147 if (keyformat == ZFS_KEYFORMAT_NONE) {
1148 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1149 "'%s' is not encrypted."), zfs_get_name(zhp));
1150 ret = EINVAL;
1151 goto error;
1152 }
1153
1154 /*
1155 * Fetch the key location. Check that we are working with an
1156 * encryption root.
1157 */
1158 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1159 if (ret != 0) {
1160 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1161 "Failed to get encryption root for '%s'."),
1162 zfs_get_name(zhp));
1163 goto error;
1164 } else if (!is_encroot) {
1165 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1166 "Keys must be loaded for encryption root of '%s' (%s)."),
1167 zfs_get_name(zhp), prop_encroot);
1168 ret = EINVAL;
1169 goto error;
1170 }
1171
1172 /*
1173 * if the caller has elected to override the keylocation property
1174 * use that instead
1175 */
1176 if (alt_keylocation != NULL) {
1177 keylocation = alt_keylocation;
1178 } else {
1179 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1180 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1181 if (ret != 0) {
1182 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1183 "Failed to get keylocation for '%s'."),
1184 zfs_get_name(zhp));
1185 goto error;
1186 }
1187
1188 keylocation = prop_keylocation;
1189 }
1190
1191 /* check that the key is unloaded unless this is a noop */
1192 if (!noop) {
1193 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1194 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1195 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1196 "Key already loaded for '%s'."), zfs_get_name(zhp));
1197 ret = EEXIST;
1198 goto error;
1199 }
1200 }
1201
1202 /* passphrase formats require a salt and pbkdf2_iters property */
1203 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1204 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1205 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1206 }
1207
1208 try_again:
1209 /* fetching and deriving the key are correctible errors. set the flag */
1210 correctible = B_TRUE;
1211
1212 /* get key material from key format and location */
1213 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1214 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1215 &can_retry);
1216 if (ret != 0)
1217 goto error;
1218
1219 /* derive a key from the key material */
1220 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1221 key_material_len, salt, &key_data);
1222 if (ret != 0)
1223 goto error;
1224
1225 correctible = B_FALSE;
1226
1227 /* pass the wrapping key and noop flag to the ioctl */
1228 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1229 if (ret != 0) {
1230 switch (ret) {
1231 case EINVAL:
1232 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1233 "Invalid parameters provided for %s."),
1234 zfs_get_name(zhp));
1235 break;
1236 case EEXIST:
1237 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1238 "Key already loaded for '%s'."), zfs_get_name(zhp));
1239 break;
1240 case EBUSY:
1241 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1242 "'%s' is busy."), zfs_get_name(zhp));
1243 break;
1244 case EACCES:
1245 correctible = B_TRUE;
1246 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1247 "Incorrect key provided for '%s'."),
1248 zfs_get_name(zhp));
1249 break;
1250 }
1251 goto error;
1252 }
1253
1254 free(key_material);
1255 free(key_data);
1256
1257 return (0);
1258
1259 error:
1260 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1261 if (key_material != NULL) {
1262 free(key_material);
1263 key_material = NULL;
1264 }
1265 if (key_data != NULL) {
1266 free(key_data);
1267 key_data = NULL;
1268 }
1269
1270 /*
1271 * Here we decide if it is ok to allow the user to retry entering their
1272 * key. The can_retry flag will be set if the user is entering their
1273 * key from an interactive prompt. The correctible flag will only be
1274 * set if an error that occured could be corrected by retrying. Both
1275 * flags are needed to allow the user to attempt key entry again
1276 */
1277 if (can_retry && correctible && attempts <= MAX_KEY_PROMPT_ATTEMPTS) {
1278 attempts++;
1279 goto try_again;
1280 }
1281
1282 return (ret);
1283 }
1284
1285 int
zfs_crypto_unload_key(zfs_handle_t * zhp)1286 zfs_crypto_unload_key(zfs_handle_t *zhp)
1287 {
1288 int ret;
1289 char errbuf[1024];
1290 char prop_encroot[MAXNAMELEN];
1291 uint64_t keystatus, keyformat;
1292 boolean_t is_encroot;
1293
1294 (void) snprintf(errbuf, sizeof (errbuf),
1295 dgettext(TEXT_DOMAIN, "Key unload error"));
1296
1297 /* check that encryption is enabled for the pool */
1298 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1299 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1300 "Encryption feature not enabled."));
1301 ret = EINVAL;
1302 goto error;
1303 }
1304
1305 /* Fetch the keyformat. Check that the dataset is encrypted. */
1306 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1307 if (keyformat == ZFS_KEYFORMAT_NONE) {
1308 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1309 "'%s' is not encrypted."), zfs_get_name(zhp));
1310 ret = EINVAL;
1311 goto error;
1312 }
1313
1314 /*
1315 * Fetch the key location. Check that we are working with an
1316 * encryption root.
1317 */
1318 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1319 if (ret != 0) {
1320 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1321 "Failed to get encryption root for '%s'."),
1322 zfs_get_name(zhp));
1323 goto error;
1324 } else if (!is_encroot) {
1325 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1326 "Keys must be unloaded for encryption root of '%s' (%s)."),
1327 zfs_get_name(zhp), prop_encroot);
1328 ret = EINVAL;
1329 goto error;
1330 }
1331
1332 /* check that the key is loaded */
1333 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1334 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1335 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1336 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1337 ret = EACCES;
1338 goto error;
1339 }
1340
1341 /* call the ioctl */
1342 ret = lzc_unload_key(zhp->zfs_name);
1343
1344 if (ret != 0) {
1345 switch (ret) {
1346 case EACCES:
1347 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1348 "Key already unloaded for '%s'."),
1349 zfs_get_name(zhp));
1350 break;
1351 case EBUSY:
1352 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1353 "'%s' is busy."), zfs_get_name(zhp));
1354 break;
1355 }
1356 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1357 }
1358
1359 return (ret);
1360
1361 error:
1362 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1363 return (ret);
1364 }
1365
1366 static int
zfs_crypto_verify_rewrap_nvlist(zfs_handle_t * zhp,nvlist_t * props,nvlist_t ** props_out,char * errbuf)1367 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1368 nvlist_t **props_out, char *errbuf)
1369 {
1370 int ret;
1371 nvpair_t *elem = NULL;
1372 zfs_prop_t prop;
1373 nvlist_t *new_props = NULL;
1374
1375 new_props = fnvlist_alloc();
1376
1377 /*
1378 * loop through all provided properties, we should only have
1379 * keyformat, keylocation and pbkdf2iters. The actual validation of
1380 * values is done by zfs_valid_proplist().
1381 */
1382 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1383 const char *propname = nvpair_name(elem);
1384 prop = zfs_name_to_prop(propname);
1385
1386 switch (prop) {
1387 case ZFS_PROP_PBKDF2_ITERS:
1388 case ZFS_PROP_KEYFORMAT:
1389 case ZFS_PROP_KEYLOCATION:
1390 break;
1391 default:
1392 ret = EINVAL;
1393 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1394 "Only keyformat, keylocation and pbkdf2iters may "
1395 "be set with this command."));
1396 goto error;
1397 }
1398 }
1399
1400 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1401 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1402 B_TRUE, errbuf);
1403 if (new_props == NULL)
1404 goto error;
1405
1406 *props_out = new_props;
1407 return (0);
1408
1409 error:
1410 nvlist_free(new_props);
1411 *props_out = NULL;
1412 return (ret);
1413 }
1414
1415 int
zfs_crypto_rewrap(zfs_handle_t * zhp,nvlist_t * raw_props,boolean_t inheritkey)1416 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1417 {
1418 int ret;
1419 char errbuf[1024];
1420 boolean_t is_encroot;
1421 nvlist_t *props = NULL;
1422 uint8_t *wkeydata = NULL;
1423 uint_t wkeylen = 0;
1424 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1425 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1426 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1427 zfs_handle_t *pzhp = NULL;
1428 char *keylocation = NULL;
1429 char origin_name[MAXNAMELEN];
1430 char prop_keylocation[MAXNAMELEN];
1431 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1432
1433 (void) snprintf(errbuf, sizeof (errbuf),
1434 dgettext(TEXT_DOMAIN, "Key change error"));
1435
1436 /* check that encryption is enabled for the pool */
1437 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1438 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1439 "Encryption feature not enabled."));
1440 ret = EINVAL;
1441 goto error;
1442 }
1443
1444 /* get crypt from dataset */
1445 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1446 if (crypt == ZIO_CRYPT_OFF) {
1447 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1448 "Dataset not encrypted."));
1449 ret = EINVAL;
1450 goto error;
1451 }
1452
1453 /* get the encryption root of the dataset */
1454 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1455 if (ret != 0) {
1456 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1457 "Failed to get encryption root for '%s'."),
1458 zfs_get_name(zhp));
1459 goto error;
1460 }
1461
1462 /* Clones use their origin's key and cannot rewrap it */
1463 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1464 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1465 if (ret == 0 && strcmp(origin_name, "") != 0) {
1466 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1467 "Keys cannot be changed on clones."));
1468 ret = EINVAL;
1469 goto error;
1470 }
1471
1472 /*
1473 * If the user wants to use the inheritkey variant of this function
1474 * we don't need to collect any crypto arguments.
1475 */
1476 if (!inheritkey) {
1477 /* validate the provided properties */
1478 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1479 errbuf);
1480 if (ret != 0)
1481 goto error;
1482
1483 /*
1484 * Load keyformat and keylocation from the nvlist. Fetch from
1485 * the dataset properties if not specified.
1486 */
1487 (void) nvlist_lookup_uint64(props,
1488 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1489 (void) nvlist_lookup_string(props,
1490 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1491
1492 if (is_encroot) {
1493 /*
1494 * If this is already an ecryption root, just keep
1495 * any properties not set by the user.
1496 */
1497 if (keyformat == ZFS_KEYFORMAT_NONE) {
1498 keyformat = zfs_prop_get_int(zhp,
1499 ZFS_PROP_KEYFORMAT);
1500 ret = nvlist_add_uint64(props,
1501 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1502 keyformat);
1503 }
1504
1505 if (keylocation == NULL) {
1506 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1507 prop_keylocation, sizeof (prop_keylocation),
1508 NULL, NULL, 0, B_TRUE);
1509 if (ret != 0) {
1510 zfs_error_aux(zhp->zfs_hdl,
1511 dgettext(TEXT_DOMAIN, "Failed to "
1512 "get existing keylocation "
1513 "property."));
1514 goto error;
1515 }
1516
1517 keylocation = prop_keylocation;
1518 }
1519 } else {
1520 /* need a new key for non-encryption roots */
1521 if (keyformat == ZFS_KEYFORMAT_NONE) {
1522 ret = EINVAL;
1523 zfs_error_aux(zhp->zfs_hdl,
1524 dgettext(TEXT_DOMAIN, "Keyformat required "
1525 "for new encryption root."));
1526 goto error;
1527 }
1528
1529 /* default to prompt if no keylocation is specified */
1530 if (keylocation == NULL) {
1531 keylocation = "prompt";
1532 ret = nvlist_add_string(props,
1533 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1534 keylocation);
1535 if (ret != 0)
1536 goto error;
1537 }
1538 }
1539
1540 /* fetch the new wrapping key and associated properties */
1541 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1542 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1543 &wkeylen);
1544 if (ret != 0)
1545 goto error;
1546 } else {
1547 /* check that zhp is an encryption root */
1548 if (!is_encroot) {
1549 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1550 "Key inheriting can only be performed on "
1551 "encryption roots."));
1552 ret = EINVAL;
1553 goto error;
1554 }
1555
1556 /* get the parent's name */
1557 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1558 if (ret != 0) {
1559 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1560 "Root dataset cannot inherit key."));
1561 ret = EINVAL;
1562 goto error;
1563 }
1564
1565 /* get a handle to the parent */
1566 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1567 if (pzhp == NULL) {
1568 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1569 "Failed to lookup parent."));
1570 ret = ENOENT;
1571 goto error;
1572 }
1573
1574 /* parent must be encrypted */
1575 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1576 if (pcrypt == ZIO_CRYPT_OFF) {
1577 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1578 "Parent must be encrypted."));
1579 ret = EINVAL;
1580 goto error;
1581 }
1582
1583 /* check that the parent's key is loaded */
1584 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1585 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1586 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1587 "Parent key must be loaded."));
1588 ret = EACCES;
1589 goto error;
1590 }
1591 }
1592
1593 /* check that the key is loaded */
1594 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1595 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1596 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1597 "Key must be loaded."));
1598 ret = EACCES;
1599 goto error;
1600 }
1601
1602 /* call the ioctl */
1603 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1604 if (ret != 0) {
1605 switch (ret) {
1606 case EINVAL:
1607 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1608 "Invalid properties for key change."));
1609 break;
1610 case EACCES:
1611 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1612 "Key is not currently loaded."));
1613 break;
1614 }
1615 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1616 }
1617
1618 if (pzhp != NULL)
1619 zfs_close(pzhp);
1620 if (props != NULL)
1621 nvlist_free(props);
1622 if (wkeydata != NULL)
1623 free(wkeydata);
1624
1625 return (ret);
1626
1627 error:
1628 if (pzhp != NULL)
1629 zfs_close(pzhp);
1630 if (props != NULL)
1631 nvlist_free(props);
1632 if (wkeydata != NULL)
1633 free(wkeydata);
1634
1635 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1636 return (ret);
1637 }
1638