1 // SPDX-License-Identifier: CDDL-1.0
2 /*
3 * CDDL HEADER START
4 *
5 * This file and its contents are supplied under the terms of the
6 * Common Development and Distribution License ("CDDL"), version 1.0.
7 * You may only use this file in accordance with the terms of version
8 * 1.0 of the CDDL.
9 *
10 * A full copy of the text of the CDDL should have accompanied this
11 * source. A copy of the CDDL is also available via the Internet at
12 * http://www.illumos.org/license/CDDL.
13 *
14 * CDDL HEADER END
15 */
16
17 /*
18 * Copyright (c) 2017, Datto, Inc. All rights reserved.
19 * Copyright 2020 Joyent, Inc.
20 */
21
22 #include <sys/zfs_context.h>
23 #include <sys/fs/zfs.h>
24 #include <sys/dsl_crypt.h>
25 #include <libintl.h>
26 #include <termios.h>
27 #include <signal.h>
28 #include <errno.h>
29 #include <openssl/evp.h>
30 #if LIBFETCH_DYNAMIC
31 #include <dlfcn.h>
32 #endif
33 #if LIBFETCH_IS_FETCH
34 #include <sys/param.h>
35 #include <stdio.h>
36 #include <fetch.h>
37 #elif LIBFETCH_IS_LIBCURL
38 #include <curl/curl.h>
39 #endif
40 #include <libzfs.h>
41 #include <libzutil.h>
42 #include "libzfs_impl.h"
43 #include "zfeature_common.h"
44
45 /*
46 * User keys are used to decrypt the master encryption keys of a dataset. This
47 * indirection allows a user to change his / her access key without having to
48 * re-encrypt the entire dataset. User keys can be provided in one of several
49 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
50 * are converted to binary and passed into the kernel. Password based keys are
51 * a bit more complicated. Passwords alone do not provide suitable entropy for
52 * encryption and may be too short or too long to be used. In order to derive
53 * a more appropriate key we use a PBKDF2 function. This function is designed
54 * to take a (relatively) long time to calculate in order to discourage
55 * attackers from guessing from a list of common passwords. PBKDF2 requires
56 * 2 additional parameters. The first is the number of iterations to run, which
57 * will ultimately determine how long it takes to derive the resulting key from
58 * the password. The second parameter is a salt that is randomly generated for
59 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
60 * attackers cannot reasonably generate a table of commonly known passwords to
61 * their output keys and expect it work for all past and future PBKDF2 users.
62 * We store the salt as a hidden property of the dataset (although it is
63 * technically ok if the salt is known to the attacker).
64 */
65
66 #define MIN_PASSPHRASE_LEN 8
67 #define MAX_PASSPHRASE_LEN 512
68 #define MAX_KEY_PROMPT_ATTEMPTS 3
69
70 static int caught_interrupt;
71
72 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
73 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
74 static int get_key_material_https(libzfs_handle_t *, const char *, const char *,
75 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
76
77 static zfs_uri_handler_t uri_handlers[] = {
78 { "file", get_key_material_file },
79 { "https", get_key_material_https },
80 { "http", get_key_material_https },
81 { NULL, NULL }
82 };
83
84 static int
pkcs11_get_urandom(uint8_t * buf,size_t bytes)85 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
86 {
87 int rand;
88 ssize_t bytes_read = 0;
89
90 rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
91
92 if (rand < 0)
93 return (rand);
94
95 while (bytes_read < bytes) {
96 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
97 if (rc < 0)
98 break;
99 bytes_read += rc;
100 }
101
102 (void) close(rand);
103
104 return (bytes_read);
105 }
106
107 static int
zfs_prop_parse_keylocation(libzfs_handle_t * restrict hdl,const char * str,zfs_keylocation_t * restrict locp,char ** restrict schemep)108 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
109 zfs_keylocation_t *restrict locp, char **restrict schemep)
110 {
111 *locp = ZFS_KEYLOCATION_NONE;
112 *schemep = NULL;
113
114 if (strcmp("prompt", str) == 0) {
115 *locp = ZFS_KEYLOCATION_PROMPT;
116 return (0);
117 }
118
119 regmatch_t pmatch[2];
120
121 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),
122 pmatch, 0) == 0) {
123 size_t scheme_len;
124
125 if (pmatch[1].rm_so == -1) {
126 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
127 "Invalid URI"));
128 return (EINVAL);
129 }
130
131 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;
132
133 *schemep = calloc(1, scheme_len + 1);
134 if (*schemep == NULL) {
135 int ret = errno;
136
137 errno = 0;
138 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
139 "Invalid URI"));
140 return (ret);
141 }
142
143 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);
144 *locp = ZFS_KEYLOCATION_URI;
145 return (0);
146 }
147
148 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
149 return (EINVAL);
150 }
151
152 static int
hex_key_to_raw(char * hex,int hexlen,uint8_t * out)153 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
154 {
155 int ret, i;
156 unsigned int c;
157
158 for (i = 0; i < hexlen; i += 2) {
159 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
160 ret = EINVAL;
161 goto error;
162 }
163
164 ret = sscanf(&hex[i], "%02x", &c);
165 if (ret != 1) {
166 ret = EINVAL;
167 goto error;
168 }
169
170 out[i / 2] = c;
171 }
172
173 return (0);
174
175 error:
176 return (ret);
177 }
178
179
180 static void
catch_signal(int sig)181 catch_signal(int sig)
182 {
183 caught_interrupt = sig;
184 }
185
186 static const char *
get_format_prompt_string(zfs_keyformat_t format)187 get_format_prompt_string(zfs_keyformat_t format)
188 {
189 switch (format) {
190 case ZFS_KEYFORMAT_RAW:
191 return ("raw key");
192 case ZFS_KEYFORMAT_HEX:
193 return ("hex key");
194 case ZFS_KEYFORMAT_PASSPHRASE:
195 return ("passphrase");
196 default:
197 /* shouldn't happen */
198 return (NULL);
199 }
200 }
201
202 /* do basic validation of the key material */
203 static int
validate_key(libzfs_handle_t * hdl,zfs_keyformat_t keyformat,const char * key,size_t keylen,boolean_t do_verify)204 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
205 const char *key, size_t keylen, boolean_t do_verify)
206 {
207 switch (keyformat) {
208 case ZFS_KEYFORMAT_RAW:
209 /* verify the key length is correct */
210 if (keylen < WRAPPING_KEY_LEN) {
211 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
212 "Raw key too short (expected %u)."),
213 WRAPPING_KEY_LEN);
214 return (EINVAL);
215 }
216
217 if (keylen > WRAPPING_KEY_LEN) {
218 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
219 "Raw key too long (expected %u)."),
220 WRAPPING_KEY_LEN);
221 return (EINVAL);
222 }
223 break;
224 case ZFS_KEYFORMAT_HEX:
225 /* verify the key length is correct */
226 if (keylen < WRAPPING_KEY_LEN * 2) {
227 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
228 "Hex key too short (expected %u)."),
229 WRAPPING_KEY_LEN * 2);
230 return (EINVAL);
231 }
232
233 if (keylen > WRAPPING_KEY_LEN * 2) {
234 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
235 "Hex key too long (expected %u)."),
236 WRAPPING_KEY_LEN * 2);
237 return (EINVAL);
238 }
239
240 /* check for invalid hex digits */
241 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
242 if (!isxdigit(key[i])) {
243 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
244 "Invalid hex character detected."));
245 return (EINVAL);
246 }
247 }
248 break;
249 case ZFS_KEYFORMAT_PASSPHRASE:
250 /*
251 * Verify the length is within bounds when setting a new key,
252 * but not when loading an existing key.
253 */
254 if (!do_verify)
255 break;
256 if (keylen > MAX_PASSPHRASE_LEN) {
257 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
258 "Passphrase too long (max %u)."),
259 MAX_PASSPHRASE_LEN);
260 return (EINVAL);
261 }
262
263 if (keylen < MIN_PASSPHRASE_LEN) {
264 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
265 "Passphrase too short (min %u)."),
266 MIN_PASSPHRASE_LEN);
267 return (EINVAL);
268 }
269 break;
270 default:
271 /* can't happen, checked above */
272 break;
273 }
274
275 return (0);
276 }
277
278 static int
libzfs_getpassphrase(zfs_keyformat_t keyformat,boolean_t is_reenter,boolean_t new_key,const char * fsname,char ** restrict res,size_t * restrict reslen)279 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
280 boolean_t new_key, const char *fsname,
281 char **restrict res, size_t *restrict reslen)
282 {
283 FILE *f = stdin;
284 size_t buflen = 0;
285 ssize_t bytes;
286 int ret = 0;
287 struct termios old_term, new_term;
288 struct sigaction act, osigint, osigtstp;
289
290 *res = NULL;
291 *reslen = 0;
292
293 /*
294 * handle SIGINT and ignore SIGSTP. This is necessary to
295 * restore the state of the terminal.
296 */
297 caught_interrupt = 0;
298 act.sa_flags = 0;
299 (void) sigemptyset(&act.sa_mask);
300 act.sa_handler = catch_signal;
301
302 (void) sigaction(SIGINT, &act, &osigint);
303 act.sa_handler = SIG_IGN;
304 (void) sigaction(SIGTSTP, &act, &osigtstp);
305
306 (void) printf("%s %s%s",
307 is_reenter ? "Re-enter" : "Enter",
308 new_key ? "new " : "",
309 get_format_prompt_string(keyformat));
310 if (fsname != NULL)
311 (void) printf(" for '%s'", fsname);
312 (void) fputc(':', stdout);
313 (void) fflush(stdout);
314
315 /* disable the terminal echo for key input */
316 (void) tcgetattr(fileno(f), &old_term);
317
318 new_term = old_term;
319 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
320
321 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
322 if (ret != 0) {
323 ret = errno;
324 errno = 0;
325 goto out;
326 }
327
328 bytes = getline(res, &buflen, f);
329 if (bytes < 0) {
330 ret = errno;
331 errno = 0;
332 goto out;
333 }
334
335 /* trim the ending newline if it exists */
336 if (bytes > 0 && (*res)[bytes - 1] == '\n') {
337 (*res)[bytes - 1] = '\0';
338 bytes--;
339 }
340
341 *reslen = bytes;
342
343 out:
344 /* reset the terminal */
345 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
346 (void) sigaction(SIGINT, &osigint, NULL);
347 (void) sigaction(SIGTSTP, &osigtstp, NULL);
348
349 /* if we caught a signal, re-throw it now */
350 if (caught_interrupt != 0)
351 (void) kill(getpid(), caught_interrupt);
352
353 /* print the newline that was not echo'd */
354 (void) printf("\n");
355
356 return (ret);
357 }
358
359 static int
get_key_interactive(libzfs_handle_t * restrict hdl,const char * fsname,zfs_keyformat_t keyformat,boolean_t confirm_key,boolean_t newkey,uint8_t ** restrict outbuf,size_t * restrict len_out)360 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
361 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
362 uint8_t **restrict outbuf, size_t *restrict len_out)
363 {
364 char *buf = NULL, *buf2 = NULL;
365 size_t buflen = 0, buf2len = 0;
366 int ret = 0;
367
368 ASSERT(isatty(fileno(stdin)));
369
370 /* raw keys cannot be entered on the terminal */
371 if (keyformat == ZFS_KEYFORMAT_RAW) {
372 ret = EINVAL;
373 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
374 "Cannot enter raw keys on the terminal"));
375 goto out;
376 }
377
378 /* prompt for the key */
379 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
380 &buf, &buflen)) != 0) {
381 free(buf);
382 buf = NULL;
383 buflen = 0;
384 goto out;
385 }
386
387 if (!confirm_key)
388 goto out;
389
390 if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) !=
391 0) {
392 free(buf);
393 return (ret);
394 }
395
396 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
397 &buf2len);
398 if (ret != 0) {
399 free(buf);
400 free(buf2);
401 buf = buf2 = NULL;
402 buflen = buf2len = 0;
403 goto out;
404 }
405
406 if (buflen != buf2len || strcmp(buf, buf2) != 0) {
407 free(buf);
408 buf = NULL;
409 buflen = 0;
410
411 ret = EINVAL;
412 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
413 "Provided keys do not match."));
414 }
415
416 free(buf2);
417
418 out:
419 *outbuf = (uint8_t *)buf;
420 *len_out = buflen;
421 return (ret);
422 }
423
424 static int
get_key_material_raw(FILE * fd,zfs_keyformat_t keyformat,uint8_t ** buf,size_t * len_out)425 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
426 uint8_t **buf, size_t *len_out)
427 {
428 int ret = 0;
429 size_t buflen = 0;
430
431 *len_out = 0;
432
433 /* read the key material */
434 if (keyformat != ZFS_KEYFORMAT_RAW) {
435 ssize_t bytes;
436
437 bytes = getline((char **)buf, &buflen, fd);
438 if (bytes < 0) {
439 ret = errno;
440 errno = 0;
441 goto out;
442 }
443
444 /* trim the ending newline if it exists */
445 if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
446 (*buf)[bytes - 1] = '\0';
447 bytes--;
448 }
449
450 *len_out = bytes;
451 } else {
452 size_t n;
453
454 /*
455 * Raw keys may have newline characters in them and so can't
456 * use getline(). Here we attempt to read 33 bytes so that we
457 * can properly check the key length (the file should only have
458 * 32 bytes).
459 */
460 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
461 if (*buf == NULL) {
462 ret = ENOMEM;
463 goto out;
464 }
465
466 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
467 if (n == 0 || ferror(fd)) {
468 /* size errors are handled by the calling function */
469 free(*buf);
470 *buf = NULL;
471 ret = errno;
472 errno = 0;
473 goto out;
474 }
475
476 *len_out = n;
477 }
478 out:
479 return (ret);
480 }
481
482 static int
get_key_material_file(libzfs_handle_t * hdl,const char * uri,const char * fsname,zfs_keyformat_t keyformat,boolean_t newkey,uint8_t ** restrict buf,size_t * restrict len_out)483 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
484 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
485 uint8_t **restrict buf, size_t *restrict len_out)
486 {
487 (void) fsname, (void) newkey;
488 FILE *f = NULL;
489 int ret = 0;
490
491 if (strlen(uri) < 7)
492 return (EINVAL);
493
494 if ((f = fopen(uri + 7, "re")) == NULL) {
495 ret = errno;
496 errno = 0;
497 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
498 "Failed to open key material file: %s"), zfs_strerror(ret));
499 return (ret);
500 }
501
502 ret = get_key_material_raw(f, keyformat, buf, len_out);
503
504 (void) fclose(f);
505
506 return (ret);
507 }
508
509 static int
get_key_material_https(libzfs_handle_t * hdl,const char * uri,const char * fsname,zfs_keyformat_t keyformat,boolean_t newkey,uint8_t ** restrict buf,size_t * restrict len_out)510 get_key_material_https(libzfs_handle_t *hdl, const char *uri,
511 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
512 uint8_t **restrict buf, size_t *restrict len_out)
513 {
514 (void) fsname, (void) newkey;
515 int ret = 0;
516 FILE *key = NULL;
517 boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0;
518
519 if (strlen(uri) < (is_http ? 7 : 8)) {
520 ret = EINVAL;
521 goto end;
522 }
523
524 #if LIBFETCH_DYNAMIC
525 #define LOAD_FUNCTION(func) \
526 __typeof__(func) *func = dlsym(hdl->libfetch, #func);
527
528 if (hdl->libfetch == NULL)
529 hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY);
530
531 if (hdl->libfetch == NULL) {
532 hdl->libfetch = (void *)-1;
533 char *err = dlerror();
534 if (err)
535 hdl->libfetch_load_error = strdup(err);
536 }
537
538 if (hdl->libfetch == (void *)-1) {
539 ret = ENOSYS;
540 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
541 "Couldn't load %s: %s"),
542 LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)");
543 goto end;
544 }
545
546 boolean_t ok;
547 #if LIBFETCH_IS_FETCH
548 LOAD_FUNCTION(fetchGetURL);
549 char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString");
550
551 ok = fetchGetURL && fetchLastErrString;
552 #elif LIBFETCH_IS_LIBCURL
553 LOAD_FUNCTION(curl_easy_init);
554 LOAD_FUNCTION(curl_easy_setopt);
555 LOAD_FUNCTION(curl_easy_perform);
556 LOAD_FUNCTION(curl_easy_cleanup);
557 LOAD_FUNCTION(curl_easy_strerror);
558 LOAD_FUNCTION(curl_easy_getinfo);
559
560 ok = curl_easy_init && curl_easy_setopt && curl_easy_perform &&
561 curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo;
562 #endif
563 if (!ok) {
564 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
565 "keylocation=%s back-end %s missing symbols."),
566 is_http ? "http://" : "https://", LIBFETCH_SONAME);
567 ret = ENOSYS;
568 goto end;
569 }
570 #endif
571
572 #if LIBFETCH_IS_FETCH
573 key = fetchGetURL(uri, "");
574 if (key == NULL) {
575 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
576 "Couldn't GET %s: %s"),
577 uri, fetchLastErrString);
578 ret = ENETDOWN;
579 }
580 #elif LIBFETCH_IS_LIBCURL
581 CURL *curl = curl_easy_init();
582 if (curl == NULL) {
583 ret = ENOTSUP;
584 goto end;
585 }
586
587 int kfd = -1;
588 #ifdef O_TMPFILE
589 kfd = open(getenv("TMPDIR") ?: "/tmp",
590 O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600);
591 if (kfd != -1)
592 goto kfdok;
593 #endif
594
595 char *path;
596 if (asprintf(&path,
597 "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) {
598 ret = ENOMEM;
599 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"),
600 zfs_strerror(ret));
601 goto end;
602 }
603
604 kfd = mkostemps(path, strlen(".https"), O_CLOEXEC);
605 if (kfd == -1) {
606 ret = errno;
607 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
608 "Couldn't create temporary file %s: %s"),
609 path, zfs_strerror(ret));
610 free(path);
611 goto end;
612 }
613 (void) unlink(path);
614 free(path);
615
616 kfdok:
617 if ((key = fdopen(kfd, "r+")) == NULL) {
618 ret = errno;
619 (void) close(kfd);
620 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
621 "Couldn't reopen temporary file: %s"), zfs_strerror(ret));
622 goto end;
623 }
624
625 char errbuf[CURL_ERROR_SIZE] = "";
626 char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */
627 char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */
628 char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */
629 char *clkey = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */
630 (void) curl_easy_setopt(curl, CURLOPT_URL, uri);
631 (void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
632 (void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L);
633 (void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key);
634 (void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
635 if (cainfo != NULL)
636 (void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
637 if (capath != NULL)
638 (void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
639 if (clcert != NULL)
640 (void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert);
641 if (clkey != NULL)
642 (void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey);
643
644 CURLcode res = curl_easy_perform(curl);
645
646 if (res != CURLE_OK) {
647 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
648 "Failed to connect to %s: %s"),
649 uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res));
650 ret = ENETDOWN;
651 } else {
652 long resp = 200;
653 (void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp);
654
655 if (resp < 200 || resp >= 300) {
656 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
657 "Couldn't GET %s: %ld"),
658 uri, resp);
659 ret = ENOENT;
660 } else
661 rewind(key);
662 }
663
664 curl_easy_cleanup(curl);
665 #else
666 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
667 "No keylocation=%s back-end."), is_http ? "http://" : "https://");
668 ret = ENOSYS;
669 #endif
670
671 end:
672 if (ret == 0)
673 ret = get_key_material_raw(key, keyformat, buf, len_out);
674
675 if (key != NULL)
676 fclose(key);
677
678 return (ret);
679 }
680
681 /*
682 * Attempts to fetch key material, no matter where it might live. The key
683 * material is allocated and returned in km_out. *can_retry_out will be set
684 * to B_TRUE if the user is providing the key material interactively, allowing
685 * for re-entry attempts.
686 */
687 static int
get_key_material(libzfs_handle_t * hdl,boolean_t do_verify,boolean_t newkey,zfs_keyformat_t keyformat,const char * keylocation,const char * fsname,uint8_t ** km_out,size_t * kmlen_out,boolean_t * can_retry_out)688 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
689 zfs_keyformat_t keyformat, const char *keylocation, const char *fsname,
690 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
691 {
692 int ret;
693 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
694 uint8_t *km = NULL;
695 size_t kmlen = 0;
696 char *uri_scheme = NULL;
697 zfs_uri_handler_t *handler = NULL;
698 boolean_t can_retry = B_FALSE;
699
700 /* verify and parse the keylocation */
701 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,
702 &uri_scheme);
703 if (ret != 0)
704 goto error;
705
706 /* open the appropriate file descriptor */
707 switch (keyloc) {
708 case ZFS_KEYLOCATION_PROMPT:
709 if (isatty(fileno(stdin))) {
710 can_retry = keyformat != ZFS_KEYFORMAT_RAW;
711 ret = get_key_interactive(hdl, fsname, keyformat,
712 do_verify, newkey, &km, &kmlen);
713 } else {
714 /* fetch the key material into the buffer */
715 ret = get_key_material_raw(stdin, keyformat, &km,
716 &kmlen);
717 }
718
719 if (ret != 0)
720 goto error;
721
722 break;
723 case ZFS_KEYLOCATION_URI:
724 ret = ENOTSUP;
725
726 for (handler = uri_handlers; handler->zuh_scheme != NULL;
727 handler++) {
728 if (strcmp(handler->zuh_scheme, uri_scheme) != 0)
729 continue;
730
731 if ((ret = handler->zuh_handler(hdl, keylocation,
732 fsname, keyformat, newkey, &km, &kmlen)) != 0)
733 goto error;
734
735 break;
736 }
737
738 if (ret == ENOTSUP) {
739 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
740 "URI scheme is not supported"));
741 goto error;
742 }
743
744 break;
745 default:
746 ret = EINVAL;
747 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
748 "Invalid keylocation."));
749 goto error;
750 }
751
752 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen,
753 do_verify)) != 0)
754 goto error;
755
756 *km_out = km;
757 *kmlen_out = kmlen;
758 if (can_retry_out != NULL)
759 *can_retry_out = can_retry;
760
761 free(uri_scheme);
762 return (0);
763
764 error:
765 free(km);
766
767 *km_out = NULL;
768 *kmlen_out = 0;
769
770 if (can_retry_out != NULL)
771 *can_retry_out = can_retry;
772
773 free(uri_scheme);
774 return (ret);
775 }
776
777 static int
derive_key(libzfs_handle_t * hdl,zfs_keyformat_t format,uint64_t iters,uint8_t * key_material,uint64_t salt,uint8_t ** key_out)778 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
779 uint8_t *key_material, uint64_t salt,
780 uint8_t **key_out)
781 {
782 int ret;
783 uint8_t *key;
784
785 *key_out = NULL;
786
787 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
788
789 switch (format) {
790 case ZFS_KEYFORMAT_RAW:
791 memcpy(key, key_material, WRAPPING_KEY_LEN);
792 break;
793 case ZFS_KEYFORMAT_HEX:
794 ret = hex_key_to_raw((char *)key_material,
795 WRAPPING_KEY_LEN * 2, key);
796 if (ret != 0) {
797 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
798 "Invalid hex key provided."));
799 goto error;
800 }
801 break;
802 case ZFS_KEYFORMAT_PASSPHRASE:
803 salt = LE_64(salt);
804
805 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
806 strlen((char *)key_material), ((uint8_t *)&salt),
807 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
808 if (ret != 1) {
809 ret = EIO;
810 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
811 "Failed to generate key from passphrase."));
812 goto error;
813 }
814 break;
815 default:
816 ret = EINVAL;
817 goto error;
818 }
819
820 *key_out = key;
821 return (0);
822
823 error:
824 free(key);
825
826 *key_out = NULL;
827 return (ret);
828 }
829
830 static boolean_t
encryption_feature_is_enabled(zpool_handle_t * zph)831 encryption_feature_is_enabled(zpool_handle_t *zph)
832 {
833 nvlist_t *features;
834 uint64_t feat_refcount;
835
836 /* check that features can be enabled */
837 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
838 < SPA_VERSION_FEATURES)
839 return (B_FALSE);
840
841 /* check for crypto feature */
842 features = zpool_get_features(zph);
843 if (!features || nvlist_lookup_uint64(features,
844 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
845 &feat_refcount) != 0)
846 return (B_FALSE);
847
848 return (B_TRUE);
849 }
850
851 static int
populate_create_encryption_params_nvlists(libzfs_handle_t * hdl,zfs_handle_t * zhp,boolean_t newkey,zfs_keyformat_t keyformat,const char * keylocation,nvlist_t * props,uint8_t ** wkeydata,uint_t * wkeylen)852 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
853 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
854 const char *keylocation, nvlist_t *props, uint8_t **wkeydata,
855 uint_t *wkeylen)
856 {
857 int ret;
858 uint64_t iters = 0, salt = 0;
859 uint8_t *key_material = NULL;
860 size_t key_material_len = 0;
861 uint8_t *key_data = NULL;
862 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
863
864 /* get key material from keyformat and keylocation */
865 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
866 fsname, &key_material, &key_material_len, NULL);
867 if (ret != 0)
868 goto error;
869
870 /* passphrase formats require a salt and pbkdf2 iters property */
871 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
872 /* always generate a new salt */
873 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
874 if (ret != sizeof (uint64_t)) {
875 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
876 "Failed to generate salt."));
877 goto error;
878 }
879
880 ret = nvlist_add_uint64(props,
881 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
882 if (ret != 0) {
883 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
884 "Failed to add salt to properties."));
885 goto error;
886 }
887
888 /*
889 * If not otherwise specified, use the default number of
890 * pbkdf2 iterations. If specified, we have already checked
891 * that the given value is greater than MIN_PBKDF2_ITERATIONS
892 * during zfs_valid_proplist().
893 */
894 ret = nvlist_lookup_uint64(props,
895 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
896 if (ret == ENOENT) {
897 iters = DEFAULT_PBKDF2_ITERATIONS;
898 ret = nvlist_add_uint64(props,
899 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
900 if (ret != 0)
901 goto error;
902 } else if (ret != 0) {
903 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
904 "Failed to get pbkdf2 iterations."));
905 goto error;
906 }
907 } else {
908 /* check that pbkdf2iters was not specified by the user */
909 ret = nvlist_lookup_uint64(props,
910 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
911 if (ret == 0) {
912 ret = EINVAL;
913 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
914 "Cannot specify pbkdf2iters with a non-passphrase "
915 "keyformat."));
916 goto error;
917 }
918 }
919
920 /* derive a key from the key material */
921 ret = derive_key(hdl, keyformat, iters, key_material, salt, &key_data);
922 if (ret != 0)
923 goto error;
924
925 free(key_material);
926
927 *wkeydata = key_data;
928 *wkeylen = WRAPPING_KEY_LEN;
929 return (0);
930
931 error:
932 if (key_material != NULL)
933 free(key_material);
934 if (key_data != NULL)
935 free(key_data);
936
937 *wkeydata = NULL;
938 *wkeylen = 0;
939 return (ret);
940 }
941
942 static boolean_t
proplist_has_encryption_props(nvlist_t * props)943 proplist_has_encryption_props(nvlist_t *props)
944 {
945 int ret;
946 uint64_t intval;
947 const char *strval;
948
949 ret = nvlist_lookup_uint64(props,
950 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
951 if (ret == 0 && intval != ZIO_CRYPT_OFF)
952 return (B_TRUE);
953
954 ret = nvlist_lookup_string(props,
955 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
956 if (ret == 0 && strcmp(strval, "none") != 0)
957 return (B_TRUE);
958
959 ret = nvlist_lookup_uint64(props,
960 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
961 if (ret == 0)
962 return (B_TRUE);
963
964 ret = nvlist_lookup_uint64(props,
965 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
966 if (ret == 0)
967 return (B_TRUE);
968
969 return (B_FALSE);
970 }
971
972 int
zfs_crypto_get_encryption_root(zfs_handle_t * zhp,boolean_t * is_encroot,char * buf)973 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
974 char *buf)
975 {
976 int ret;
977 char prop_encroot[MAXNAMELEN];
978
979 /* if the dataset isn't encrypted, just return */
980 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
981 *is_encroot = B_FALSE;
982 if (buf != NULL)
983 buf[0] = '\0';
984 return (0);
985 }
986
987 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
988 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
989 if (ret != 0) {
990 *is_encroot = B_FALSE;
991 if (buf != NULL)
992 buf[0] = '\0';
993 return (ret);
994 }
995
996 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
997 if (buf != NULL)
998 strcpy(buf, prop_encroot);
999
1000 return (0);
1001 }
1002
1003 int
zfs_crypto_create(libzfs_handle_t * hdl,char * parent_name,nvlist_t * props,nvlist_t * pool_props,boolean_t stdin_available,uint8_t ** wkeydata_out,uint_t * wkeylen_out)1004 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
1005 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
1006 uint_t *wkeylen_out)
1007 {
1008 int ret;
1009 char errbuf[ERRBUFLEN];
1010 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
1011 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1012 const char *keylocation = NULL;
1013 zfs_handle_t *pzhp = NULL;
1014 uint8_t *wkeydata = NULL;
1015 uint_t wkeylen = 0;
1016 boolean_t local_crypt = B_TRUE;
1017
1018 (void) snprintf(errbuf, sizeof (errbuf),
1019 dgettext(TEXT_DOMAIN, "Encryption create error"));
1020
1021 /* lookup crypt from props */
1022 ret = nvlist_lookup_uint64(props,
1023 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
1024 if (ret != 0)
1025 local_crypt = B_FALSE;
1026
1027 /* lookup key location and format from props */
1028 (void) nvlist_lookup_uint64(props,
1029 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1030 (void) nvlist_lookup_string(props,
1031 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1032
1033 if (parent_name != NULL) {
1034 /* get a reference to parent dataset */
1035 pzhp = make_dataset_handle(hdl, parent_name);
1036 if (pzhp == NULL) {
1037 ret = ENOENT;
1038 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1039 "Failed to lookup parent."));
1040 goto out;
1041 }
1042
1043 /* Lookup parent's crypt */
1044 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1045
1046 /* Params require the encryption feature */
1047 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
1048 if (proplist_has_encryption_props(props)) {
1049 ret = EINVAL;
1050 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1051 "Encryption feature not enabled."));
1052 goto out;
1053 }
1054
1055 ret = 0;
1056 goto out;
1057 }
1058 } else {
1059 /*
1060 * special case for root dataset where encryption feature
1061 * feature won't be on disk yet
1062 */
1063 if (!nvlist_exists(pool_props, "feature@encryption")) {
1064 if (proplist_has_encryption_props(props)) {
1065 ret = EINVAL;
1066 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1067 "Encryption feature not enabled."));
1068 goto out;
1069 }
1070
1071 ret = 0;
1072 goto out;
1073 }
1074
1075 pcrypt = ZIO_CRYPT_OFF;
1076 }
1077
1078 /* Get the inherited encryption property if we don't have it locally */
1079 if (!local_crypt)
1080 crypt = pcrypt;
1081
1082 /*
1083 * At this point crypt should be the actual encryption value. If
1084 * encryption is off just verify that no encryption properties have
1085 * been specified and return.
1086 */
1087 if (crypt == ZIO_CRYPT_OFF) {
1088 if (proplist_has_encryption_props(props)) {
1089 ret = EINVAL;
1090 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1091 "Encryption must be turned on to set encryption "
1092 "properties."));
1093 goto out;
1094 }
1095
1096 ret = 0;
1097 goto out;
1098 }
1099
1100 /*
1101 * If we have a parent crypt it is valid to specify encryption alone.
1102 * This will result in a child that is encrypted with the chosen
1103 * encryption suite that will also inherit the parent's key. If
1104 * the parent is not encrypted we need an encryption suite provided.
1105 */
1106 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
1107 keyformat == ZFS_KEYFORMAT_NONE) {
1108 ret = EINVAL;
1109 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1110 "Keyformat required for new encryption root."));
1111 goto out;
1112 }
1113
1114 /*
1115 * Specifying a keylocation implies this will be a new encryption root.
1116 * Check that a keyformat is also specified.
1117 */
1118 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
1119 ret = EINVAL;
1120 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1121 "Keyformat required for new encryption root."));
1122 goto out;
1123 }
1124
1125 /* default to prompt if no keylocation is specified */
1126 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
1127 keylocation = (char *)"prompt";
1128 ret = nvlist_add_string(props,
1129 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
1130 if (ret != 0)
1131 goto out;
1132 }
1133
1134 /*
1135 * If a local key is provided, this dataset will be a new
1136 * encryption root. Populate the encryption params.
1137 */
1138 if (keylocation != NULL) {
1139 /*
1140 * 'zfs recv -o keylocation=prompt' won't work because stdin
1141 * is being used by the send stream, so we disallow it.
1142 */
1143 if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
1144 ret = EINVAL;
1145 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
1146 "'prompt' keylocation because stdin is in use."));
1147 goto out;
1148 }
1149
1150 ret = populate_create_encryption_params_nvlists(hdl, NULL,
1151 B_TRUE, keyformat, keylocation, props, &wkeydata,
1152 &wkeylen);
1153 if (ret != 0)
1154 goto out;
1155 }
1156
1157 if (pzhp != NULL)
1158 zfs_close(pzhp);
1159
1160 *wkeydata_out = wkeydata;
1161 *wkeylen_out = wkeylen;
1162 return (0);
1163
1164 out:
1165 if (pzhp != NULL)
1166 zfs_close(pzhp);
1167 if (wkeydata != NULL)
1168 free(wkeydata);
1169
1170 *wkeydata_out = NULL;
1171 *wkeylen_out = 0;
1172 return (ret);
1173 }
1174
1175 int
zfs_crypto_clone_check(libzfs_handle_t * hdl,zfs_handle_t * origin_zhp,char * parent_name,nvlist_t * props)1176 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1177 char *parent_name, nvlist_t *props)
1178 {
1179 (void) origin_zhp, (void) parent_name;
1180 char errbuf[ERRBUFLEN];
1181
1182 (void) snprintf(errbuf, sizeof (errbuf),
1183 dgettext(TEXT_DOMAIN, "Encryption clone error"));
1184
1185 /*
1186 * No encryption properties should be specified. They will all be
1187 * inherited from the origin dataset.
1188 */
1189 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1190 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1191 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1192 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1193 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1194 "Encryption properties must inherit from origin dataset."));
1195 return (EINVAL);
1196 }
1197
1198 return (0);
1199 }
1200
1201 typedef struct loadkeys_cbdata {
1202 uint64_t cb_numfailed;
1203 uint64_t cb_numattempted;
1204 } loadkey_cbdata_t;
1205
1206 static int
load_keys_cb(zfs_handle_t * zhp,void * arg)1207 load_keys_cb(zfs_handle_t *zhp, void *arg)
1208 {
1209 int ret;
1210 boolean_t is_encroot;
1211 loadkey_cbdata_t *cb = arg;
1212 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1213
1214 /* only attempt to load keys for encryption roots */
1215 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1216 if (ret != 0 || !is_encroot)
1217 goto out;
1218
1219 /* don't attempt to load already loaded keys */
1220 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1221 goto out;
1222
1223 /* Attempt to load the key. Record status in cb. */
1224 cb->cb_numattempted++;
1225
1226 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1227 if (ret)
1228 cb->cb_numfailed++;
1229
1230 out:
1231 (void) zfs_iter_filesystems_v2(zhp, 0, load_keys_cb, cb);
1232 zfs_close(zhp);
1233
1234 /* always return 0, since this function is best effort */
1235 return (0);
1236 }
1237
1238 /*
1239 * This function is best effort. It attempts to load all the keys for the given
1240 * filesystem and all of its children.
1241 */
1242 int
zfs_crypto_attempt_load_keys(libzfs_handle_t * hdl,const char * fsname)1243 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, const char *fsname)
1244 {
1245 int ret;
1246 zfs_handle_t *zhp = NULL;
1247 loadkey_cbdata_t cb = { 0 };
1248
1249 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1250 if (zhp == NULL) {
1251 ret = ENOENT;
1252 goto error;
1253 }
1254
1255 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1256 if (ret)
1257 goto error;
1258
1259 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1260 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1261 (u_longlong_t)cb.cb_numattempted);
1262
1263 if (cb.cb_numfailed != 0) {
1264 ret = -1;
1265 goto error;
1266 }
1267
1268 zfs_close(zhp);
1269 return (0);
1270
1271 error:
1272 if (zhp != NULL)
1273 zfs_close(zhp);
1274 return (ret);
1275 }
1276
1277 int
zfs_crypto_load_key(zfs_handle_t * zhp,boolean_t noop,const char * alt_keylocation)1278 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop,
1279 const char *alt_keylocation)
1280 {
1281 int ret, attempts = 0;
1282 char errbuf[ERRBUFLEN];
1283 uint64_t keystatus, iters = 0, salt = 0;
1284 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1285 char prop_keylocation[MAXNAMELEN];
1286 char prop_encroot[MAXNAMELEN];
1287 const char *keylocation = NULL;
1288 uint8_t *key_material = NULL, *key_data = NULL;
1289 size_t key_material_len;
1290 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1291
1292 (void) snprintf(errbuf, sizeof (errbuf),
1293 dgettext(TEXT_DOMAIN, "Key load error"));
1294
1295 /* check that encryption is enabled for the pool */
1296 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1297 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1298 "Encryption feature not enabled."));
1299 ret = EINVAL;
1300 goto error;
1301 }
1302
1303 /* Fetch the keyformat. Check that the dataset is encrypted. */
1304 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1305 if (keyformat == ZFS_KEYFORMAT_NONE) {
1306 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1307 "'%s' is not encrypted."), zfs_get_name(zhp));
1308 ret = EINVAL;
1309 goto error;
1310 }
1311
1312 /*
1313 * Fetch the key location. Check that we are working with an
1314 * encryption root.
1315 */
1316 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1317 if (ret != 0) {
1318 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1319 "Failed to get encryption root for '%s'."),
1320 zfs_get_name(zhp));
1321 goto error;
1322 } else if (!is_encroot) {
1323 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1324 "Keys must be loaded for encryption root of '%s' (%s)."),
1325 zfs_get_name(zhp), prop_encroot);
1326 ret = EINVAL;
1327 goto error;
1328 }
1329
1330 /*
1331 * if the caller has elected to override the keylocation property
1332 * use that instead
1333 */
1334 if (alt_keylocation != NULL) {
1335 keylocation = alt_keylocation;
1336 } else {
1337 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1338 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1339 if (ret != 0) {
1340 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1341 "Failed to get keylocation for '%s'."),
1342 zfs_get_name(zhp));
1343 goto error;
1344 }
1345
1346 keylocation = prop_keylocation;
1347 }
1348
1349 /* check that the key is unloaded unless this is a noop */
1350 if (!noop) {
1351 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1352 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1353 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1354 "Key already loaded for '%s'."), zfs_get_name(zhp));
1355 ret = EEXIST;
1356 goto error;
1357 }
1358 }
1359
1360 /* passphrase formats require a salt and pbkdf2_iters property */
1361 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1362 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1363 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1364 }
1365
1366 try_again:
1367 /* fetching and deriving the key are correctable errors. set the flag */
1368 correctible = B_TRUE;
1369
1370 /* get key material from key format and location */
1371 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1372 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1373 &can_retry);
1374 if (ret != 0)
1375 goto error;
1376
1377 /* derive a key from the key material */
1378 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, salt,
1379 &key_data);
1380 if (ret != 0)
1381 goto error;
1382
1383 correctible = B_FALSE;
1384
1385 /* pass the wrapping key and noop flag to the ioctl */
1386 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1387 if (ret != 0) {
1388 switch (ret) {
1389 case EPERM:
1390 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1391 "Permission denied."));
1392 break;
1393 case EINVAL:
1394 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1395 "Invalid parameters provided for dataset %s."),
1396 zfs_get_name(zhp));
1397 break;
1398 case EEXIST:
1399 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1400 "Key already loaded for '%s'."), zfs_get_name(zhp));
1401 break;
1402 case EBUSY:
1403 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1404 "'%s' is busy."), zfs_get_name(zhp));
1405 break;
1406 case EACCES:
1407 correctible = B_TRUE;
1408 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1409 "Incorrect key provided for '%s'."),
1410 zfs_get_name(zhp));
1411 break;
1412 case ZFS_ERR_CRYPTO_NOTSUP:
1413 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1414 "'%s' uses an unsupported encryption suite."),
1415 zfs_get_name(zhp));
1416 break;
1417 }
1418 goto error;
1419 }
1420
1421 free(key_material);
1422 free(key_data);
1423
1424 return (0);
1425
1426 error:
1427 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1428 if (key_material != NULL) {
1429 free(key_material);
1430 key_material = NULL;
1431 }
1432 if (key_data != NULL) {
1433 free(key_data);
1434 key_data = NULL;
1435 }
1436
1437 /*
1438 * Here we decide if it is ok to allow the user to retry entering their
1439 * key. The can_retry flag will be set if the user is entering their
1440 * key from an interactive prompt. The correctable flag will only be
1441 * set if an error that occurred could be corrected by retrying. Both
1442 * flags are needed to allow the user to attempt key entry again
1443 */
1444 attempts++;
1445 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1446 goto try_again;
1447
1448 return (ret);
1449 }
1450
1451 int
zfs_crypto_unload_key(zfs_handle_t * zhp)1452 zfs_crypto_unload_key(zfs_handle_t *zhp)
1453 {
1454 int ret;
1455 char errbuf[ERRBUFLEN];
1456 char prop_encroot[MAXNAMELEN];
1457 uint64_t keystatus, keyformat;
1458 boolean_t is_encroot;
1459
1460 (void) snprintf(errbuf, sizeof (errbuf),
1461 dgettext(TEXT_DOMAIN, "Key unload error"));
1462
1463 /* check that encryption is enabled for the pool */
1464 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1465 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1466 "Encryption feature not enabled."));
1467 ret = EINVAL;
1468 goto error;
1469 }
1470
1471 /* Fetch the keyformat. Check that the dataset is encrypted. */
1472 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1473 if (keyformat == ZFS_KEYFORMAT_NONE) {
1474 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1475 "'%s' is not encrypted."), zfs_get_name(zhp));
1476 ret = EINVAL;
1477 goto error;
1478 }
1479
1480 /*
1481 * Fetch the key location. Check that we are working with an
1482 * encryption root.
1483 */
1484 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1485 if (ret != 0) {
1486 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1487 "Failed to get encryption root for '%s'."),
1488 zfs_get_name(zhp));
1489 goto error;
1490 } else if (!is_encroot) {
1491 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1492 "Keys must be unloaded for encryption root of '%s' (%s)."),
1493 zfs_get_name(zhp), prop_encroot);
1494 ret = EINVAL;
1495 goto error;
1496 }
1497
1498 /* check that the key is loaded */
1499 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1500 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1501 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1502 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1503 ret = EACCES;
1504 goto error;
1505 }
1506
1507 /* call the ioctl */
1508 ret = lzc_unload_key(zhp->zfs_name);
1509
1510 if (ret != 0) {
1511 switch (ret) {
1512 case EPERM:
1513 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1514 "Permission denied."));
1515 break;
1516 case EACCES:
1517 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1518 "Key already unloaded for '%s'."),
1519 zfs_get_name(zhp));
1520 break;
1521 case EBUSY:
1522 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1523 "'%s' is busy."), zfs_get_name(zhp));
1524 break;
1525 }
1526 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1527 }
1528
1529 return (ret);
1530
1531 error:
1532 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1533 return (ret);
1534 }
1535
1536 static int
zfs_crypto_verify_rewrap_nvlist(zfs_handle_t * zhp,nvlist_t * props,nvlist_t ** props_out,char * errbuf)1537 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1538 nvlist_t **props_out, char *errbuf)
1539 {
1540 int ret;
1541 nvpair_t *elem = NULL;
1542 zfs_prop_t prop;
1543 nvlist_t *new_props = NULL;
1544
1545 new_props = fnvlist_alloc();
1546
1547 /*
1548 * loop through all provided properties, we should only have
1549 * keyformat, keylocation and pbkdf2iters. The actual validation of
1550 * values is done by zfs_valid_proplist().
1551 */
1552 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1553 const char *propname = nvpair_name(elem);
1554 prop = zfs_name_to_prop(propname);
1555
1556 switch (prop) {
1557 case ZFS_PROP_PBKDF2_ITERS:
1558 case ZFS_PROP_KEYFORMAT:
1559 case ZFS_PROP_KEYLOCATION:
1560 break;
1561 default:
1562 ret = EINVAL;
1563 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1564 "Only keyformat, keylocation and pbkdf2iters may "
1565 "be set with this command."));
1566 goto error;
1567 }
1568 }
1569
1570 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1571 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1572 B_TRUE, errbuf);
1573 if (new_props == NULL) {
1574 ret = EINVAL;
1575 goto error;
1576 }
1577
1578 *props_out = new_props;
1579 return (0);
1580
1581 error:
1582 nvlist_free(new_props);
1583 *props_out = NULL;
1584 return (ret);
1585 }
1586
1587 int
zfs_crypto_rewrap(zfs_handle_t * zhp,nvlist_t * raw_props,boolean_t inheritkey)1588 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1589 {
1590 int ret;
1591 char errbuf[ERRBUFLEN];
1592 boolean_t is_encroot;
1593 nvlist_t *props = NULL;
1594 uint8_t *wkeydata = NULL;
1595 uint_t wkeylen = 0;
1596 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1597 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1598 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1599 zfs_handle_t *pzhp = NULL;
1600 const char *keylocation = NULL;
1601 char origin_name[MAXNAMELEN];
1602 char prop_keylocation[MAXNAMELEN];
1603 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1604
1605 (void) snprintf(errbuf, sizeof (errbuf),
1606 dgettext(TEXT_DOMAIN, "Key change error"));
1607
1608 /* check that encryption is enabled for the pool */
1609 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1610 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1611 "Encryption feature not enabled."));
1612 ret = EINVAL;
1613 goto error;
1614 }
1615
1616 /* get crypt from dataset */
1617 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1618 if (crypt == ZIO_CRYPT_OFF) {
1619 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1620 "Dataset not encrypted."));
1621 ret = EINVAL;
1622 goto error;
1623 }
1624
1625 /* get the encryption root of the dataset */
1626 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1627 if (ret != 0) {
1628 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1629 "Failed to get encryption root for '%s'."),
1630 zfs_get_name(zhp));
1631 goto error;
1632 }
1633
1634 /* Clones use their origin's key and cannot rewrap it */
1635 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1636 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1637 if (ret == 0 && strcmp(origin_name, "") != 0) {
1638 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1639 "Keys cannot be changed on clones."));
1640 ret = EINVAL;
1641 goto error;
1642 }
1643
1644 /*
1645 * If the user wants to use the inheritkey variant of this function
1646 * we don't need to collect any crypto arguments.
1647 */
1648 if (!inheritkey) {
1649 /* validate the provided properties */
1650 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1651 errbuf);
1652 if (ret != 0)
1653 goto error;
1654
1655 /*
1656 * Load keyformat and keylocation from the nvlist. Fetch from
1657 * the dataset properties if not specified.
1658 */
1659 (void) nvlist_lookup_uint64(props,
1660 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1661 (void) nvlist_lookup_string(props,
1662 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1663
1664 if (is_encroot) {
1665 /*
1666 * If this is already an encryption root, just keep
1667 * any properties not set by the user.
1668 */
1669 if (keyformat == ZFS_KEYFORMAT_NONE) {
1670 keyformat = zfs_prop_get_int(zhp,
1671 ZFS_PROP_KEYFORMAT);
1672 ret = nvlist_add_uint64(props,
1673 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1674 keyformat);
1675 if (ret != 0) {
1676 zfs_error_aux(zhp->zfs_hdl,
1677 dgettext(TEXT_DOMAIN, "Failed to "
1678 "get existing keyformat "
1679 "property."));
1680 goto error;
1681 }
1682 }
1683
1684 if (keylocation == NULL) {
1685 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1686 prop_keylocation, sizeof (prop_keylocation),
1687 NULL, NULL, 0, B_TRUE);
1688 if (ret != 0) {
1689 zfs_error_aux(zhp->zfs_hdl,
1690 dgettext(TEXT_DOMAIN, "Failed to "
1691 "get existing keylocation "
1692 "property."));
1693 goto error;
1694 }
1695
1696 keylocation = prop_keylocation;
1697 }
1698 } else {
1699 /* need a new key for non-encryption roots */
1700 if (keyformat == ZFS_KEYFORMAT_NONE) {
1701 ret = EINVAL;
1702 zfs_error_aux(zhp->zfs_hdl,
1703 dgettext(TEXT_DOMAIN, "Keyformat required "
1704 "for new encryption root."));
1705 goto error;
1706 }
1707
1708 /* default to prompt if no keylocation is specified */
1709 if (keylocation == NULL) {
1710 keylocation = "prompt";
1711 ret = nvlist_add_string(props,
1712 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1713 keylocation);
1714 if (ret != 0)
1715 goto error;
1716 }
1717 }
1718
1719 /* fetch the new wrapping key and associated properties */
1720 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1721 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1722 &wkeylen);
1723 if (ret != 0)
1724 goto error;
1725 } else {
1726 /* check that zhp is an encryption root */
1727 if (!is_encroot) {
1728 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1729 "Key inheritting can only be performed on "
1730 "encryption roots."));
1731 ret = EINVAL;
1732 goto error;
1733 }
1734
1735 /* get the parent's name */
1736 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1737 if (ret != 0) {
1738 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1739 "Root dataset cannot inherit key."));
1740 ret = EINVAL;
1741 goto error;
1742 }
1743
1744 /* get a handle to the parent */
1745 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1746 if (pzhp == NULL) {
1747 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1748 "Failed to lookup parent."));
1749 ret = ENOENT;
1750 goto error;
1751 }
1752
1753 /* parent must be encrypted */
1754 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1755 if (pcrypt == ZIO_CRYPT_OFF) {
1756 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1757 "Parent must be encrypted."));
1758 ret = EINVAL;
1759 goto error;
1760 }
1761
1762 /* check that the parent's key is loaded */
1763 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1764 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1765 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1766 "Parent key must be loaded."));
1767 ret = EACCES;
1768 goto error;
1769 }
1770 }
1771
1772 /* check that the key is loaded */
1773 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1774 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1775 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1776 "Key must be loaded."));
1777 ret = EACCES;
1778 goto error;
1779 }
1780
1781 /* call the ioctl */
1782 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1783 if (ret != 0) {
1784 switch (ret) {
1785 case EPERM:
1786 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1787 "Permission denied."));
1788 break;
1789 case EINVAL:
1790 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1791 "Invalid properties for key change."));
1792 break;
1793 case EACCES:
1794 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1795 "Key is not currently loaded."));
1796 break;
1797 }
1798 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1799 }
1800
1801 if (pzhp != NULL)
1802 zfs_close(pzhp);
1803 if (props != NULL)
1804 nvlist_free(props);
1805 if (wkeydata != NULL)
1806 free(wkeydata);
1807
1808 return (ret);
1809
1810 error:
1811 if (pzhp != NULL)
1812 zfs_close(pzhp);
1813 if (props != NULL)
1814 nvlist_free(props);
1815 if (wkeydata != NULL)
1816 free(wkeydata);
1817
1818 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1819 return (ret);
1820 }
1821