xref: /illumos-gate/usr/src/uts/common/fs/zfs/sys/dsl_crypt.h (revision aecc710ab066150d47e5e9e7269e2e0d69107b4e) 
1 /*
2  * CDDL HEADER START
3  *
4  * This file and its contents are supplied under the terms of the
5  * Common Development and Distribution License ("CDDL"), version 1.0.
6  * You may only use this file in accordance with the terms of version
7  * 1.0 of the CDDL.
8  *
9  * A full copy of the text of the CDDL should have accompanied this
10  * source.  A copy of the CDDL is also available via the Internet at
11  * http://www.illumos.org/license/CDDL.
12  *
13  * CDDL HEADER END
14  */
15 
16 /*
17  * Copyright (c) 2017, Datto, Inc. All rights reserved.
18  * Copyright 2026 Oxide Computer Company
19  */
20 
21 #ifndef	_SYS_DSL_CRYPT_H
22 #define	_SYS_DSL_CRYPT_H
23 
24 #include <sys/dmu_tx.h>
25 #include <sys/dmu.h>
26 #include <sys/zio_crypt.h>
27 #include <sys/spa.h>
28 #include <sys/dsl_dataset.h>
29 
30 /*
31  * ZAP entry keys for DSL Crypto Keys stored on disk. In addition,
32  * ZFS_PROP_KEYFORMAT, ZFS_PROP_PBKDF2_SALT, and ZFS_PROP_PBKDF2_ITERS are
33  * also maintained here using their respective property names.
34  */
35 #define	DSL_CRYPTO_KEY_CRYPTO_SUITE	"DSL_CRYPTO_SUITE"
36 #define	DSL_CRYPTO_KEY_GUID		"DSL_CRYPTO_GUID"
37 #define	DSL_CRYPTO_KEY_IV		"DSL_CRYPTO_IV"
38 #define	DSL_CRYPTO_KEY_MAC		"DSL_CRYPTO_MAC"
39 #define	DSL_CRYPTO_KEY_MASTER_KEY	"DSL_CRYPTO_MASTER_KEY_1"
40 #define	DSL_CRYPTO_KEY_HMAC_KEY		"DSL_CRYPTO_HMAC_KEY_1"
41 #define	DSL_CRYPTO_KEY_ROOT_DDOBJ	"DSL_CRYPTO_ROOT_DDOBJ"
42 #define	DSL_CRYPTO_KEY_REFCOUNT		"DSL_CRYPTO_REFCOUNT"
43 #define	DSL_CRYPTO_KEY_VERSION		"DSL_CRYPTO_VERSION"
44 
45 /*
46  * In-memory representation of a wrapping key. One of these structs will exist
47  * for each encryption root with its key loaded.
48  */
49 typedef struct dsl_wrapping_key {
50 	/* link on spa_keystore_t:sk_wkeys */
51 	avl_node_t wk_avl_link;
52 
53 	/* keyformat property enum */
54 	zfs_keyformat_t wk_keyformat;
55 
56 	/* the pbkdf2 salt, if the keyformat is of type passphrase */
57 	uint64_t wk_salt;
58 
59 	/* the pbkdf2 iterations, if the keyformat is of type passphrase */
60 	uint64_t wk_iters;
61 
62 	/* actual wrapping key */
63 	crypto_key_t wk_key;
64 
65 	/* refcount of holders of this key */
66 	zfs_refcount_t wk_refcnt;
67 
68 	/* dsl directory object that owns this wrapping key */
69 	uint64_t wk_ddobj;
70 } dsl_wrapping_key_t;
71 
72 /* enum of commands indicating special actions that should be run */
73 typedef enum dcp_cmd {
74 	/* key creation commands */
75 	DCP_CMD_NONE = 0,	/* no specific command */
76 	DCP_CMD_RAW_RECV,	/* raw receive */
77 
78 	/* key changing commands */
79 	DCP_CMD_NEW_KEY,	/* rewrap key as an encryption root */
80 	DCP_CMD_INHERIT,	/* rewrap key with parent's wrapping key */
81 	DCP_CMD_FORCE_NEW_KEY,	/* change to encryption root without rewrap */
82 	DCP_CMD_FORCE_INHERIT,	/* inherit parent's key without rewrap */
83 
84 	DCP_CMD_MAX
85 } dcp_cmd_t;
86 
87 /*
88  * This struct is a simple wrapper around all the parameters that are usually
89  * required to setup encryption. It exists so that all of the params can be
90  * passed around the kernel together for convenience.
91  */
92 typedef struct dsl_crypto_params {
93 	/* command indicating intended action */
94 	dcp_cmd_t cp_cmd;
95 
96 	/* the encryption algorithm */
97 	enum zio_encrypt cp_crypt;
98 
99 	/* keylocation property string */
100 	char *cp_keylocation;
101 
102 	/* the wrapping key */
103 	dsl_wrapping_key_t *cp_wkey;
104 } dsl_crypto_params_t;
105 
106 /*
107  * In-memory representation of a DSL Crypto Key object. One of these structs
108  * (and corresponding on-disk ZAP object) will exist for each encrypted
109  * clone family that is mounted or otherwise reading protected data.
110  */
111 typedef struct dsl_crypto_key {
112 	/* link on spa_keystore_t:sk_dsl_keys */
113 	avl_node_t dck_avl_link;
114 
115 	/* refcount of dsl_key_mapping_t's holding this key */
116 	zfs_refcount_t dck_holds;
117 
118 	/* master key used to derive encryption keys */
119 	zio_crypt_key_t dck_key;
120 
121 	/* wrapping key for syncing this structure to disk */
122 	dsl_wrapping_key_t *dck_wkey;
123 
124 	/* on-disk object id */
125 	uint64_t dck_obj;
126 } dsl_crypto_key_t;
127 
128 /*
129  * In-memory mapping of a dataset object id to a DSL Crypto Key. This is used
130  * to look up the corresponding dsl_crypto_key_t from the zio layer for
131  * performing data encryption and decryption.
132  */
133 typedef struct dsl_key_mapping {
134 	/* link on spa_keystore_t:sk_key_mappings */
135 	avl_node_t km_avl_link;
136 
137 	/* refcount of how many users are depending on this mapping */
138 	zfs_refcount_t km_refcnt;
139 
140 	/* dataset this crypto key belongs to (index) */
141 	uint64_t km_dsobj;
142 
143 	/* crypto key (value) of this record */
144 	dsl_crypto_key_t *km_key;
145 } dsl_key_mapping_t;
146 
147 /* in memory structure for holding all wrapping and dsl keys */
148 typedef struct spa_keystore {
149 	/* lock for protecting sk_dsl_keys */
150 	krwlock_t sk_dk_lock;
151 
152 	/* tree of all dsl_crypto_key_t's */
153 	avl_tree_t sk_dsl_keys;
154 
155 	/* lock for protecting sk_key_mappings */
156 	krwlock_t sk_km_lock;
157 
158 	/* tree of all dsl_key_mapping_t's, indexed by dsobj */
159 	avl_tree_t sk_key_mappings;
160 
161 	/* lock for protecting the wrapping keys tree */
162 	krwlock_t sk_wkeys_lock;
163 
164 	/* tree of all dsl_wrapping_key_t's, indexed by ddobj */
165 	avl_tree_t sk_wkeys;
166 } spa_keystore_t;
167 
168 typedef struct spa_keystore_change_key_args {
169 	const char *skcka_dsname;
170 	dsl_crypto_params_t *skcka_cp;
171 	nvlist_t *skcka_userprops;
172 } spa_keystore_change_key_args_t;
173 
174 int dsl_crypto_params_create_nvlist(dcp_cmd_t cmd, nvlist_t *props,
175     nvlist_t *crypto_args, dsl_crypto_params_t **dcp_out);
176 void dsl_crypto_params_free(dsl_crypto_params_t *dcp, boolean_t unload);
177 void dsl_dataset_crypt_stats(struct dsl_dataset *ds, nvlist_t *nv);
178 int dsl_crypto_can_set_keylocation(const char *dsname, const char *keylocation);
179 boolean_t dsl_dir_incompatible_encryption_version(dsl_dir_t *dd);
180 
181 void spa_keystore_init(spa_keystore_t *sk);
182 void spa_keystore_fini(spa_keystore_t *sk);
183 
184 void spa_keystore_dsl_key_rele(spa_t *spa, dsl_crypto_key_t *dck, void *tag);
185 int spa_keystore_load_wkey_impl(spa_t *spa, dsl_wrapping_key_t *wkey);
186 int spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp,
187     boolean_t noop);
188 int spa_keystore_unload_wkey_impl(spa_t *spa, uint64_t ddobj);
189 int spa_keystore_unload_wkey(const char *dsname);
190 
191 int spa_keystore_create_mapping(spa_t *spa, struct dsl_dataset *ds, void *tag,
192     dsl_key_mapping_t **km_out);
193 int spa_keystore_remove_mapping(spa_t *spa, uint64_t dsobj, void *tag);
194 void key_mapping_add_ref(dsl_key_mapping_t *km, void *tag);
195 void key_mapping_rele(spa_t *spa, dsl_key_mapping_t *km, void *tag);
196 int spa_keystore_lookup_key(spa_t *spa, uint64_t dsobj, void *tag,
197     dsl_crypto_key_t **dck_out);
198 
199 int dsl_crypto_populate_key_nvlist(struct dsl_dataset *ds,
200     uint64_t from_ivset_guid, nvlist_t **nvl_out);
201 int dsl_crypto_recv_raw_key_check(struct dsl_dataset *ds,
202     nvlist_t *nvl, dmu_tx_t *tx);
203 void dsl_crypto_recv_raw_key_sync(struct dsl_dataset *ds,
204     nvlist_t *nvl, dmu_tx_t *tx);
205 int dsl_crypto_recv_raw(const char *poolname, uint64_t dsobj, uint64_t fromobj,
206     dmu_objset_type_t ostype, nvlist_t *nvl, boolean_t do_key);
207 
208 int spa_keystore_change_key(const char *dsname, dsl_crypto_params_t *dcp,
209     nvlist_t *userprops);
210 int spa_keystore_change_key_check(void *arg, dmu_tx_t *tx);
211 void spa_keystore_change_key_sync(void *arg, dmu_tx_t *tx);
212 int dsl_dir_rename_crypt_check(dsl_dir_t *dd, dsl_dir_t *newparent);
213 int dsl_dataset_promote_crypt_check(dsl_dir_t *target, dsl_dir_t *origin);
214 void dsl_dataset_promote_crypt_sync(dsl_dir_t *target, dsl_dir_t *origin,
215     dmu_tx_t *tx);
216 int dmu_objset_create_crypt_check(dsl_dir_t *parentdd,
217     dsl_crypto_params_t *dcp, boolean_t *will_encrypt);
218 void dsl_dataset_create_crypt_sync(uint64_t dsobj, dsl_dir_t *dd,
219     struct dsl_dataset *origin, dsl_crypto_params_t *dcp, dmu_tx_t *tx);
220 uint64_t dsl_crypto_key_create_sync(uint64_t crypt, dsl_wrapping_key_t *wkey,
221     dmu_tx_t *tx);
222 uint64_t dsl_crypto_key_clone_sync(dsl_dir_t *origindd, dmu_tx_t *tx);
223 void dsl_crypto_key_destroy_sync(uint64_t dckobj, dmu_tx_t *tx);
224 
225 int spa_crypt_get_salt(spa_t *spa, uint64_t dsobj, uint8_t *salt);
226 int spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj,
227     abd_t *abd, uint_t datalen, uint8_t *mac);
228 int spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj,
229     abd_t *abd, uint_t datalen, boolean_t byteswap);
230 int spa_do_crypt_abd(boolean_t encrypt, spa_t *spa, const zbookmark_phys_t *zb,
231     dmu_object_type_t ot, boolean_t dedup, boolean_t bswap, uint8_t *salt,
232     uint8_t *iv, uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd,
233     boolean_t *no_crypt);
234 
235 #endif	/* _SYS_DSL_CRYPT_H */
236