1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * This file and its contents are supplied under the terms of the 6 * Common Development and Distribution License ("CDDL"), version 1.0. 7 * You may only use this file in accordance with the terms of version 8 * 1.0 of the CDDL. 9 * 10 * A full copy of the text of the CDDL should have accompanied this 11 * source. A copy of the CDDL is also available via the Internet at 12 * http://www.illumos.org/license/CDDL. 13 * 14 * CDDL HEADER END 15 */ 16 17 /* 18 * Copyright (c) 2017, Datto, Inc. All rights reserved. 19 */ 20 21 #ifndef _SYS_ZIO_CRYPT_H 22 #define _SYS_ZIO_CRYPT_H 23 24 #include <sys/dmu.h> 25 #include <sys/zfs_refcount.h> 26 #if defined(__FreeBSD__) && defined(_KERNEL) 27 #include <sys/freebsd_crypto.h> 28 #else 29 #include <sys/crypto/api.h> 30 #endif /* __FreeBSD__ */ 31 #include <sys/nvpair.h> 32 #include <sys/avl.h> 33 #include <sys/zio.h> 34 35 /* forward declarations */ 36 struct zbookmark_phys; 37 38 #define WRAPPING_KEY_LEN 32 39 #define WRAPPING_IV_LEN ZIO_DATA_IV_LEN 40 #define WRAPPING_MAC_LEN ZIO_DATA_MAC_LEN 41 #define MASTER_KEY_MAX_LEN 32 42 #define SHA512_HMAC_KEYLEN 64 43 44 #define ZIO_CRYPT_KEY_CURRENT_VERSION 1ULL 45 46 typedef enum zio_crypt_type { 47 ZC_TYPE_NONE = 0, 48 ZC_TYPE_CCM, 49 ZC_TYPE_GCM 50 } zio_crypt_type_t; 51 52 /* table of supported crypto algorithms, modes and keylengths. */ 53 typedef struct zio_crypt_info { 54 /* mechanism name, needed by ICP */ 55 #if defined(__FreeBSD__) && defined(_KERNEL) 56 /* 57 * I've deliberately used a different name here, to catch 58 * ICP-using code. 59 */ 60 const char *ci_algname; 61 #else 62 crypto_mech_name_t ci_mechname; 63 #endif 64 /* cipher mode type (GCM, CCM) */ 65 zio_crypt_type_t ci_crypt_type; 66 67 /* length of the encryption key */ 68 size_t ci_keylen; 69 70 /* human-readable name of the encryption algorithm */ 71 const char *ci_name; 72 } zio_crypt_info_t; 73 74 extern const zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS]; 75 76 /* in memory representation of an unwrapped key that is loaded into memory */ 77 typedef struct zio_crypt_key { 78 /* encryption algorithm */ 79 uint64_t zk_crypt; 80 81 /* on-disk format version */ 82 uint64_t zk_version; 83 84 /* GUID for uniquely identifying this key. Not encrypted on disk. */ 85 uint64_t zk_guid; 86 87 /* buffer for master key */ 88 uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN]; 89 90 /* buffer for hmac key */ 91 uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN]; 92 93 /* buffer for current encryption key derived from master key */ 94 uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN]; 95 96 /* current 64 bit salt for deriving an encryption key */ 97 uint8_t zk_salt[ZIO_DATA_SALT_LEN]; 98 99 /* count of how many times the current salt has been used */ 100 uint64_t zk_salt_count; 101 102 /* illumos crypto api current encryption key */ 103 crypto_key_t zk_current_key; 104 105 #if defined(__FreeBSD__) && defined(_KERNEL) 106 /* Session for current encryption key. Must always be set */ 107 freebsd_crypt_session_t zk_session; 108 #else 109 /* template of current encryption key for illumos crypto api */ 110 crypto_ctx_template_t zk_current_tmpl; 111 #endif 112 113 /* illumos crypto api current hmac key */ 114 crypto_key_t zk_hmac_key; 115 116 /* template of hmac key for illumos crypto api */ 117 crypto_ctx_template_t zk_hmac_tmpl; 118 119 /* lock for changing the salt and dependent values */ 120 krwlock_t zk_salt_lock; 121 } zio_crypt_key_t; 122 123 void zio_crypt_key_destroy(zio_crypt_key_t *key); 124 int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key); 125 int zio_crypt_key_get_salt(zio_crypt_key_t *key, uint8_t *salt_out); 126 127 int zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv, 128 uint8_t *mac, uint8_t *keydata_out, uint8_t *hmac_keydata_out); 129 int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version, 130 uint64_t guid, uint8_t *keydata, uint8_t *hmac_keydata, uint8_t *iv, 131 uint8_t *mac, zio_crypt_key_t *key); 132 int zio_crypt_generate_iv(uint8_t *ivbuf); 133 int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t *key, uint8_t *data, 134 uint_t datalen, uint8_t *ivbuf, uint8_t *salt); 135 136 void zio_crypt_encode_params_bp(blkptr_t *bp, uint8_t *salt, uint8_t *iv); 137 void zio_crypt_decode_params_bp(const blkptr_t *bp, uint8_t *salt, uint8_t *iv); 138 void zio_crypt_encode_mac_bp(blkptr_t *bp, uint8_t *mac); 139 void zio_crypt_decode_mac_bp(const blkptr_t *bp, uint8_t *mac); 140 void zio_crypt_encode_mac_zil(void *data, uint8_t *mac); 141 void zio_crypt_decode_mac_zil(const void *data, uint8_t *mac); 142 void zio_crypt_copy_dnode_bonus(abd_t *src_abd, uint8_t *dst, uint_t datalen); 143 144 int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf, 145 uint_t datalen, boolean_t byteswap, uint8_t *cksum); 146 int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd, 147 uint_t datalen, boolean_t byteswap, uint8_t *cksum); 148 int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen, 149 uint8_t *digestbuf, uint_t digestlen); 150 int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen, 151 boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac); 152 int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, 153 dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv, 154 uint8_t *mac, uint_t datalen, uint8_t *plainbuf, uint8_t *cipherbuf, 155 boolean_t *no_crypt); 156 int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t *key, 157 dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv, 158 uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd, 159 boolean_t *no_crypt); 160 161 #endif 162