xref: /illumos-gate/usr/src/lib/libzfs/common/libzfs_crypto.c (revision 6c24238b6748a460b462c0b48b263cef4a6cbcdd)
1 /*
2  * CDDL HEADER START
3  *
4  * This file and its contents are supplied under the terms of the
5  * Common Development and Distribution License ("CDDL"), version 1.0.
6  * You may only use this file in accordance with the terms of version
7  * 1.0 of the CDDL.
8  *
9  * A full copy of the text of the CDDL should have accompanied this
10  * source.  A copy of the CDDL is also available via the Internet at
11  * http://www.illumos.org/license/CDDL.
12  *
13  * CDDL HEADER END
14  */
15 
16 /*
17  * Copyright (c) 2017, Datto, Inc. All rights reserved.
18  * Copyright 2020 Joyent, Inc.
19  */
20 
21 #include <string.h>
22 #include <strings.h>
23 #include <ctype.h>
24 #include <unistd.h>
25 #include <sys/zfs_context.h>
26 #include <sys/fs/zfs.h>
27 #include <sys/dsl_crypt.h>
28 #ifdef sun
29 #include <stdlib.h>
30 #include <security/cryptoki.h>
31 #include <cryptoutil.h> /* for pkcs11_strerror */
32 #else
33 #include <sys/crypto/icp.h>
34 #endif
35 #include <libintl.h>
36 #include <termios.h>
37 #include <signal.h>
38 #include <errno.h>
39 #include <libzfs.h>
40 #include "libzfs_impl.h"
41 #include "zfeature_common.h"
42 
43 /*
44  * User keys are used to decrypt the master encryption keys of a dataset. This
45  * indirection allows a user to change his / her access key without having to
46  * re-encrypt the entire dataset. User keys can be provided in one of several
47  * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
48  * are converted to binary and passed into the kernel. Password based keys are
49  * a bit more complicated. Passwords alone do not provide suitable entropy for
50  * encryption and may be too short or too long to be used. In order to derive
51  * a more appropriate key we use a PBKDF2 function. This function is designed
52  * to take a (relatively) long time to calculate in order to discourage
53  * attackers from guessing from a list of common passwords. PBKDF2 requires
54  * 2 additional parameters. The first is the number of iterations to run, which
55  * will ultimately determine how long it takes to derive the resulting key from
56  * the password. The second parameter is a salt that is randomly generated for
57  * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
58  * attackers cannot reasonably generate a table of commonly known passwords to
59  * their output keys and expect it work for all past and future PBKDF2 users.
60  * We store the salt as a hidden property of the dataset (although it is
61  * technically ok if the salt is known to the attacker).
62  */
63 
64 typedef enum key_locator {
65 	KEY_LOCATOR_NONE,
66 	KEY_LOCATOR_PROMPT,
67 	KEY_LOCATOR_URI
68 } key_locator_t;
69 
70 #define	MIN_PASSPHRASE_LEN 8
71 #define	MAX_PASSPHRASE_LEN 512
72 #define	MAX_KEY_PROMPT_ATTEMPTS 3
73 
74 static int caught_interrupt;
75 
76 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
77     zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
78 
79 static zfs_uri_handler_t uri_handlers[] = {
80 	{ "file", get_key_material_file },
81 	{ NULL, NULL }
82 };
83 
84 static int
zfs_prop_parse_keylocation(libzfs_handle_t * restrict hdl,const char * str,zfs_keylocation_t * restrict locp,char ** restrict schemep)85 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
86     zfs_keylocation_t *restrict locp, char **restrict schemep)
87 {
88 	int ret;
89 
90 	*locp = ZFS_KEYLOCATION_NONE;
91 	*schemep = NULL;
92 
93 	if (strcmp("prompt", str) == 0) {
94 		*locp = ZFS_KEYLOCATION_PROMPT;
95 		return (0);
96 	}
97 
98 	regmatch_t pmatch[URI_NMATCH];
99 	regmatch_t *smatch = &pmatch[URI_SCHEMESUBEXP];
100 
101 	ret = regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch), pmatch, 0);
102 	switch (ret) {
103 	case 0:
104 		break;
105 	case REG_ESPACE:
106 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory"));
107 		return (ENOMEM);
108 	case REG_NOMATCH:
109 		goto invalid;
110 	default:
111 		/*
112 		 * Any other errors from regexec are a programming bug,
113 		 * so consider them a fatal error.
114 		 */
115 		(void) fprintf(stderr, "regexec failed: %d\n", ret);
116 		abort();
117 	}
118 
119 	if (smatch->rm_so == -1)
120 		goto invalid;
121 
122 	*schemep = strndup(str + smatch->rm_so, smatch->rm_eo - smatch->rm_so);
123 	if (*schemep == NULL) {
124 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory"));
125 		return (ENOMEM);
126 	}
127 
128 	*locp = ZFS_KEYLOCATION_URI;
129 	return (0);
130 
131 invalid:
132 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
133 	return (EINVAL);
134 }
135 
136 static int
hex_key_to_raw(char * hex,int hexlen,uint8_t * out)137 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
138 {
139 	int ret, i;
140 	unsigned int c;
141 
142 	for (i = 0; i < hexlen; i += 2) {
143 		if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
144 			ret = EINVAL;
145 			goto error;
146 		}
147 
148 		ret = sscanf(&hex[i], "%02x", &c);
149 		if (ret != 1) {
150 			ret = EINVAL;
151 			goto error;
152 		}
153 
154 		out[i / 2] = c;
155 	}
156 
157 	return (0);
158 
159 error:
160 	return (ret);
161 }
162 
163 
164 static void
catch_signal(int sig)165 catch_signal(int sig)
166 {
167 	caught_interrupt = sig;
168 }
169 
170 static char *
get_format_prompt_string(zfs_keyformat_t format)171 get_format_prompt_string(zfs_keyformat_t format)
172 {
173 	switch (format) {
174 	case ZFS_KEYFORMAT_RAW:
175 		return ("raw key");
176 	case ZFS_KEYFORMAT_HEX:
177 		return ("hex key");
178 	case ZFS_KEYFORMAT_PASSPHRASE:
179 		return ("passphrase");
180 	default:
181 		/* shouldn't happen */
182 		return (NULL);
183 	}
184 }
185 
186 /* do basic validation of the key material */
187 static int
validate_key(libzfs_handle_t * hdl,zfs_keyformat_t keyformat,const char * key,size_t keylen)188 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
189     const char *key, size_t keylen)
190 {
191 	switch (keyformat) {
192 	case ZFS_KEYFORMAT_RAW:
193 		/* verify the key length is correct */
194 		if (keylen < WRAPPING_KEY_LEN) {
195 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
196 			    "Raw key too short (expected %u)."),
197 			    WRAPPING_KEY_LEN);
198 			return (EINVAL);
199 		}
200 
201 		if (keylen > WRAPPING_KEY_LEN) {
202 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
203 			    "Raw key too long (expected %u)."),
204 			    WRAPPING_KEY_LEN);
205 			return (EINVAL);
206 		}
207 		break;
208 	case ZFS_KEYFORMAT_HEX:
209 		/* verify the key length is correct */
210 		if (keylen < WRAPPING_KEY_LEN * 2) {
211 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
212 			    "Hex key too short (expected %u)."),
213 			    WRAPPING_KEY_LEN * 2);
214 			return (EINVAL);
215 		}
216 
217 		if (keylen > WRAPPING_KEY_LEN * 2) {
218 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
219 			    "Hex key too long (expected %u)."),
220 			    WRAPPING_KEY_LEN * 2);
221 			return (EINVAL);
222 		}
223 
224 		/* check for invalid hex digits */
225 		for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
226 			if (!isxdigit(key[i])) {
227 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
228 				    "Invalid hex character detected."));
229 				return (EINVAL);
230 			}
231 		}
232 		break;
233 	case ZFS_KEYFORMAT_PASSPHRASE:
234 		/* verify the length is within bounds */
235 		if (keylen > MAX_PASSPHRASE_LEN) {
236 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
237 			    "Passphrase too long (max %u)."),
238 			    MAX_PASSPHRASE_LEN);
239 			return (EINVAL);
240 		}
241 
242 		if (keylen < MIN_PASSPHRASE_LEN) {
243 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
244 			    "Passphrase too short (min %u)."),
245 			    MIN_PASSPHRASE_LEN);
246 			return (EINVAL);
247 		}
248 		break;
249 	default:
250 		/* can't happen, checked above */
251 		break;
252 	}
253 
254 	return (0);
255 }
256 
257 static int
libzfs_getpassphrase(zfs_keyformat_t keyformat,boolean_t is_reenter,boolean_t new_key,const char * fsname,char ** restrict res,size_t * restrict reslen)258 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
259     boolean_t new_key, const char *fsname,
260     char **restrict res, size_t *restrict reslen)
261 {
262 	FILE *f = stdin;
263 	size_t buflen = 0;
264 	ssize_t bytes;
265 	int ret = 0;
266 	struct termios old_term, new_term;
267 	struct sigaction act, osigint, osigtstp;
268 
269 	*res = NULL;
270 	*reslen = 0;
271 
272 	/*
273 	 * handle SIGINT and ignore SIGSTP. This is necessary to
274 	 * restore the state of the terminal.
275 	 */
276 	caught_interrupt = 0;
277 	act.sa_flags = 0;
278 	(void) sigemptyset(&act.sa_mask);
279 	act.sa_handler = catch_signal;
280 
281 	(void) sigaction(SIGINT, &act, &osigint);
282 	act.sa_handler = SIG_IGN;
283 	(void) sigaction(SIGTSTP, &act, &osigtstp);
284 
285 	(void) printf("%s %s%s",
286 	    is_reenter ? "Re-enter" : "Enter",
287 	    new_key ? "new " : "",
288 	    get_format_prompt_string(keyformat));
289 	if (fsname != NULL)
290 		(void) printf(" for '%s'", fsname);
291 	(void) fputc(':', stdout);
292 	(void) fflush(stdout);
293 
294 	/* disable the terminal echo for key input */
295 	(void) tcgetattr(fileno(f), &old_term);
296 
297 	new_term = old_term;
298 	new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
299 
300 	ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
301 	if (ret != 0) {
302 		ret = errno;
303 		errno = 0;
304 		goto out;
305 	}
306 
307 	bytes = getline(res, &buflen, f);
308 	if (bytes < 0) {
309 		ret = errno;
310 		errno = 0;
311 		goto out;
312 	}
313 
314 	/* trim the ending newline if it exists */
315 	if (bytes > 0 && (*res)[bytes - 1] == '\n') {
316 		(*res)[bytes - 1] = '\0';
317 		bytes--;
318 	}
319 
320 	*reslen = bytes;
321 
322 out:
323 	/* reset the teminal */
324 	(void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
325 	(void) sigaction(SIGINT, &osigint, NULL);
326 	(void) sigaction(SIGTSTP, &osigtstp, NULL);
327 
328 	/* if we caught a signal, re-throw it now */
329 	if (caught_interrupt != 0)
330 		(void) kill(getpid(), caught_interrupt);
331 
332 	/* print the newline that was not echo'd */
333 	(void) printf("\n");
334 
335 	return (ret);
336 }
337 
338 static int
get_key_interactive(libzfs_handle_t * restrict hdl,const char * fsname,zfs_keyformat_t keyformat,boolean_t confirm_key,boolean_t newkey,uint8_t ** restrict outbuf,size_t * restrict len_out)339 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
340     zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
341     uint8_t **restrict outbuf, size_t *restrict len_out)
342 {
343 	char *buf = NULL, *buf2 = NULL;
344 	size_t buflen = 0, buf2len = 0;
345 	int ret = 0;
346 
347 	ASSERT(isatty(fileno(stdin)));
348 
349 	/* raw keys cannot be entered on the terminal */
350 	if (keyformat == ZFS_KEYFORMAT_RAW) {
351 		ret = EINVAL;
352 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
353 		    "Cannot enter raw keys on the terminal"));
354 		goto out;
355 	}
356 
357 	/* prompt for the key */
358 	if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
359 	    &buf, &buflen)) != 0) {
360 		freezero(buf, buflen);
361 		buf = NULL;
362 		buflen = 0;
363 		goto out;
364 	}
365 
366 	if (!confirm_key)
367 		goto out;
368 
369 	if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) {
370 		freezero(buf, buflen);
371 		return (ret);
372 	}
373 
374 	ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
375 	    &buf2len);
376 	if (ret != 0) {
377 		freezero(buf, buflen);
378 		freezero(buf2, buf2len);
379 		buf = buf2 = NULL;
380 		buflen = buf2len = 0;
381 		goto out;
382 	}
383 
384 	if (buflen != buf2len || strcmp(buf, buf2) != 0) {
385 		freezero(buf, buflen);
386 		buf = NULL;
387 		buflen = 0;
388 
389 		ret = EINVAL;
390 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
391 		    "Provided keys do not match."));
392 	}
393 
394 	freezero(buf2, buf2len);
395 
396 out:
397 	*outbuf = (uint8_t *)buf;
398 	*len_out = buflen;
399 	return (ret);
400 }
401 
402 static int
get_key_material_raw(FILE * fd,zfs_keyformat_t keyformat,uint8_t ** buf,size_t * len_out)403 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
404     uint8_t **buf, size_t *len_out)
405 {
406 	int ret = 0;
407 	size_t buflen = 0;
408 
409 	*len_out = 0;
410 
411 	/* read the key material */
412 	if (keyformat != ZFS_KEYFORMAT_RAW) {
413 		ssize_t bytes;
414 
415 		bytes = getline((char **)buf, &buflen, fd);
416 		if (bytes < 0) {
417 			ret = errno;
418 			errno = 0;
419 			goto out;
420 		}
421 
422 		/* trim the ending newline if it exists */
423 		if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
424 			(*buf)[bytes - 1] = '\0';
425 			bytes--;
426 		}
427 
428 		*len_out = bytes;
429 	} else {
430 		size_t n;
431 
432 		/*
433 		 * Raw keys may have newline characters in them and so can't
434 		 * use getline(). Here we attempt to read 33 bytes so that we
435 		 * can properly check the key length (the file should only have
436 		 * 32 bytes).
437 		 */
438 		*buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
439 		if (*buf == NULL) {
440 			ret = ENOMEM;
441 			goto out;
442 		}
443 
444 		n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
445 		if (n == 0 || ferror(fd)) {
446 			/* size errors are handled by the calling function */
447 			free(*buf);
448 			*buf = NULL;
449 			ret = errno;
450 			errno = 0;
451 			goto out;
452 		}
453 
454 		*len_out = n;
455 	}
456 
457 out:
458 	return (ret);
459 }
460 
461 static int
get_key_material_file(libzfs_handle_t * hdl,const char * uri,const char * fsname,zfs_keyformat_t keyformat,boolean_t newkey,uint8_t ** restrict buf,size_t * restrict len_out)462 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
463     const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
464     uint8_t **restrict buf, size_t *restrict len_out)
465 {
466 	const char *path;
467 	FILE *f = NULL;
468 	int ret = 0;
469 
470 	/*
471 	 * get_key_material() should guarantee we're only called for a file
472 	 * URI.
473 	 */
474 	VERIFY0(strncmp(uri, "file://", 7));
475 	path = uri + 7;
476 
477 	if ((f = fopen(path, "r")) == NULL) {
478 		ret = errno;
479 		errno = 0;
480 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
481 		    "Failed to open key material file"));
482 		return (ret);
483 	}
484 
485 	ret = get_key_material_raw(f, keyformat, buf, len_out);
486 
487 	(void) fclose(f);
488 
489 	return (ret);
490 }
491 
492 /*
493  * Attempts to fetch key material, no matter where it might live. The key
494  * material is allocated and returned in km_out. *can_retry_out will be set
495  * to B_TRUE if the user is providing the key material interactively, allowing
496  * for re-entry attempts.
497  */
498 static int
get_key_material(libzfs_handle_t * hdl,boolean_t do_verify,boolean_t newkey,zfs_keyformat_t keyformat,char * keylocation,const char * fsname,uint8_t ** km_out,size_t * kmlen_out,boolean_t * can_retry_out)499 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
500     zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
501     uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
502 {
503 	int ret;
504 	zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
505 	uint8_t *km = NULL;
506 	size_t kmlen = 0;
507 	char *scheme = NULL;
508 	zfs_uri_handler_t *handler = NULL;
509 	boolean_t can_retry = B_FALSE;
510 
511 	/* verify and parse the keylocation */
512 	ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc, &scheme);
513 	if (ret != 0)
514 		goto error;
515 
516 	/* open the appropriate file descriptor */
517 	switch (keyloc) {
518 	case ZFS_KEYLOCATION_PROMPT:
519 		if (isatty(fileno(stdin))) {
520 			can_retry = B_TRUE;
521 
522 			ret = get_key_interactive(hdl, fsname, keyformat,
523 			    do_verify, newkey, &km, &kmlen);
524 		} else {
525 			/* fetch the key material into the buffer */
526 			ret = get_key_material_raw(stdin, keyformat, &km,
527 			    &kmlen);
528 		}
529 		if (ret != 0)
530 			goto error;
531 		break;
532 	case ZFS_KEYLOCATION_URI:
533 		for (handler = uri_handlers; handler->zuh_scheme != NULL;
534 		    handler++) {
535 			if (strcmp(handler->zuh_scheme, scheme) != 0)
536 				continue;
537 			if ((ret = handler->zuh_handler(hdl, keylocation,
538 			    fsname, keyformat, newkey, &km, &kmlen)) != 0)
539 				goto error;
540 		}
541 		ret = ENOTSUP;
542 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
543 		    "URI scheme is not supported"));
544 		break;
545 	default:
546 		ret = EINVAL;
547 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
548 		    "Invalid keylocation."));
549 		goto error;
550 	}
551 
552 	if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0)
553 		goto error;
554 
555 	*km_out = km;
556 	*kmlen_out = kmlen;
557 	if (can_retry_out != NULL)
558 		*can_retry_out = can_retry;
559 
560 	free(scheme);
561 	return (0);
562 
563 error:
564 	freezero(km, kmlen);
565 	free(scheme);
566 
567 	*km_out = NULL;
568 	*kmlen_out = 0;
569 
570 	return (ret);
571 }
572 
573 /* This needs to be fixed to be compatible with other platforms */
574 
575 static int
pbkdf2(uint8_t * passphrase,size_t passphraselen,uint8_t * salt,size_t saltlen,uint64_t iterations,uint8_t * output,size_t outputlen)576 pbkdf2(uint8_t *passphrase, size_t passphraselen, uint8_t *salt,
577     size_t saltlen, uint64_t iterations, uint8_t *output,
578     size_t outputlen)
579 {
580 	int ret = 0;
581 	CK_SESSION_HANDLE session;
582 	char *tmpkeydata = NULL;
583 	size_t tmpkeydatalen = 0;
584 	CK_OBJECT_HANDLE obj;
585 
586 	/* initialize output */
587 	(void) memset(output, 0, outputlen);
588 
589 	ret = SUNW_C_GetMechSession(CKM_PKCS5_PBKD2, &session);
590 	if (ret) {
591 		(void) fprintf(stderr, "failed to connect to pkcs5: %s\n",
592 		    pkcs11_strerror(ret));
593 		return (ret);
594 	}
595 
596 	ret = pkcs11_PasswdToPBKD2Object(session, (char *)passphrase,
597 	    passphraselen, salt, saltlen, iterations, CKK_AES, outputlen, 0,
598 	    &obj);
599 
600 	if (ret == CKR_OK)
601 		ret = pkcs11_ObjectToKey(session, obj, (void **)&tmpkeydata,
602 		    &tmpkeydatalen, B_TRUE);
603 
604 	(void) C_CloseSession(session);
605 	if (ret) {
606 		(void) fprintf(stderr, "unable to generate key: %s\n",
607 		    pkcs11_strerror(ret));
608 		return (ret);
609 	}
610 
611 	/*
612 	 * Because it allocates an area for the passphrase, we copy it out
613 	 * then zero the original
614 	 */
615 	(void) memcpy(output, tmpkeydata, tmpkeydatalen);
616 	(void) memset(tmpkeydata, 0, tmpkeydatalen);
617 	free(tmpkeydata);
618 
619 	return (ret);
620 }
621 
622 /* ARGSUSED */
623 static int
derive_key(libzfs_handle_t * hdl,zfs_keyformat_t format,uint64_t iters,uint8_t * key_material,size_t key_material_len,uint64_t salt,uint8_t ** key_out)624 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
625     uint8_t *key_material, size_t key_material_len, uint64_t salt,
626     uint8_t **key_out)
627 {
628 	int ret;
629 	uint8_t *key;
630 
631 	*key_out = NULL;
632 
633 	key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
634 	if (!key)
635 		return (ENOMEM);
636 
637 	switch (format) {
638 	case ZFS_KEYFORMAT_RAW:
639 		bcopy(key_material, key, WRAPPING_KEY_LEN);
640 		break;
641 	case ZFS_KEYFORMAT_HEX:
642 		ret = hex_key_to_raw((char *)key_material,
643 		    WRAPPING_KEY_LEN * 2, key);
644 		if (ret != 0) {
645 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
646 			    "Invalid hex key provided."));
647 			goto error;
648 		}
649 		break;
650 	case ZFS_KEYFORMAT_PASSPHRASE:
651 		salt = LE_64(salt);
652 		ret = pbkdf2(key_material, strlen((char *)key_material),
653 		    ((uint8_t *)&salt), sizeof (uint64_t), iters,
654 		    key, WRAPPING_KEY_LEN);
655 		if (ret != 0) {
656 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
657 			    "Failed to generate key from passphrase."));
658 			goto error;
659 		}
660 		break;
661 	default:
662 		ret = EINVAL;
663 		goto error;
664 	}
665 
666 	*key_out = key;
667 	return (0);
668 
669 error:
670 	free(key);
671 
672 	*key_out = NULL;
673 	return (ret);
674 }
675 
676 static boolean_t
encryption_feature_is_enabled(zpool_handle_t * zph)677 encryption_feature_is_enabled(zpool_handle_t *zph)
678 {
679 	nvlist_t *features;
680 	uint64_t feat_refcount;
681 
682 	/* check that features can be enabled */
683 	if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
684 	    < SPA_VERSION_FEATURES)
685 		return (B_FALSE);
686 
687 	/* check for crypto feature */
688 	features = zpool_get_features(zph);
689 	if (!features || nvlist_lookup_uint64(features,
690 	    spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
691 	    &feat_refcount) != 0)
692 		return (B_FALSE);
693 
694 	return (B_TRUE);
695 }
696 
697 static int
populate_create_encryption_params_nvlists(libzfs_handle_t * hdl,zfs_handle_t * zhp,boolean_t newkey,zfs_keyformat_t keyformat,char * keylocation,nvlist_t * props,uint8_t ** wkeydata,uint_t * wkeylen)698 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
699     zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
700     char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
701 {
702 	int ret;
703 	uint64_t iters = 0, salt = 0;
704 	uint8_t *key_material = NULL;
705 	size_t key_material_len = 0;
706 	uint8_t *key_data = NULL;
707 	const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
708 
709 	/* get key material from keyformat and keylocation */
710 	ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
711 	    fsname, &key_material, &key_material_len, NULL);
712 	if (ret != 0)
713 		goto error;
714 
715 	/* passphrase formats require a salt and pbkdf2 iters property */
716 	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
717 #ifdef sun
718 		arc4random_buf(&salt, sizeof (salt));
719 #else
720 		random_init();
721 
722 		ret = random_get_bytes((uint8_t *)&salt, sizeof (uint64_t));
723 		if (ret != 0) {
724 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
725 			    "Failed to generate salt."));
726 			goto error;
727 		}
728 
729 		random_fini();
730 #endif
731 
732 		ret = nvlist_add_uint64(props,
733 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
734 		if (ret != 0) {
735 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
736 			    "Failed to add salt to properties."));
737 			goto error;
738 		}
739 
740 		/*
741 		 * If not otherwise specified, use the default number of
742 		 * pbkdf2 iterations. If specified, we have already checked
743 		 * that the given value is greater than MIN_PBKDF2_ITERATIONS
744 		 * during zfs_valid_proplist().
745 		 */
746 		ret = nvlist_lookup_uint64(props,
747 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
748 		if (ret == ENOENT) {
749 			iters = DEFAULT_PBKDF2_ITERATIONS;
750 			ret = nvlist_add_uint64(props,
751 			    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
752 			if (ret != 0)
753 				goto error;
754 		} else if (ret != 0) {
755 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
756 			    "Failed to get pbkdf2 iterations."));
757 			goto error;
758 		}
759 	} else {
760 		/* check that pbkdf2iters was not specified by the user */
761 		ret = nvlist_lookup_uint64(props,
762 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
763 		if (ret == 0) {
764 			ret = EINVAL;
765 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
766 			    "Cannot specify pbkdf2iters with a non-passphrase "
767 			    "keyformat."));
768 			goto error;
769 		}
770 	}
771 
772 	/* derive a key from the key material */
773 	ret = derive_key(hdl, (zfs_keyformat_t)keyformat, iters, key_material,
774 	    key_material_len, salt, &key_data);
775 	if (ret != 0)
776 		goto error;
777 
778 	free(key_material);
779 
780 	*wkeydata = key_data;
781 	*wkeylen = WRAPPING_KEY_LEN;
782 	return (0);
783 
784 error:
785 	if (key_material != NULL)
786 		free(key_material);
787 	if (key_data != NULL)
788 		free(key_data);
789 
790 	*wkeydata = NULL;
791 	*wkeylen = 0;
792 	return (ret);
793 }
794 
795 static boolean_t
proplist_has_encryption_props(nvlist_t * props)796 proplist_has_encryption_props(nvlist_t *props)
797 {
798 	int ret;
799 	uint64_t intval;
800 	char *strval;
801 
802 	ret = nvlist_lookup_uint64(props,
803 	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
804 	if (ret == 0 && intval != ZIO_CRYPT_OFF)
805 		return (B_TRUE);
806 
807 	ret = nvlist_lookup_string(props,
808 	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
809 	if (ret == 0 && strcmp(strval, "none") != 0)
810 		return (B_TRUE);
811 
812 	ret = nvlist_lookup_uint64(props,
813 	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
814 	if (ret == 0)
815 		return (B_TRUE);
816 
817 	ret = nvlist_lookup_uint64(props,
818 	    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
819 	if (ret == 0)
820 		return (B_TRUE);
821 
822 	return (B_FALSE);
823 }
824 
825 int
zfs_crypto_get_encryption_root(zfs_handle_t * zhp,boolean_t * is_encroot,char * buf)826 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
827     char *buf)
828 {
829 	int ret;
830 	char prop_encroot[MAXNAMELEN];
831 
832 	/* if the dataset isn't encrypted, just return */
833 	if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
834 		*is_encroot = B_FALSE;
835 		if (buf != NULL)
836 			buf[0] = '\0';
837 		return (0);
838 	}
839 
840 	ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
841 	    sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
842 	if (ret != 0) {
843 		*is_encroot = B_FALSE;
844 		if (buf != NULL)
845 			buf[0] = '\0';
846 		return (ret);
847 	}
848 
849 	*is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
850 	if (buf != NULL)
851 		(void) strcpy(buf, prop_encroot);
852 
853 	return (0);
854 }
855 
856 int
zfs_crypto_create(libzfs_handle_t * hdl,char * parent_name,nvlist_t * props,nvlist_t * pool_props,boolean_t stdin_available,uint8_t ** wkeydata_out,uint_t * wkeylen_out)857 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
858     nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
859     uint_t *wkeylen_out)
860 {
861 	int ret;
862 	uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
863 	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
864 	char *keylocation = NULL;
865 	zfs_handle_t *pzhp = NULL;
866 	uint8_t *wkeydata = NULL;
867 	uint_t wkeylen = 0;
868 	boolean_t local_crypt = B_TRUE;
869 
870 	/* lookup crypt from props */
871 	ret = nvlist_lookup_uint64(props,
872 	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
873 	if (ret != 0)
874 		local_crypt = B_FALSE;
875 
876 	/* lookup key location and format from props */
877 	(void) nvlist_lookup_uint64(props,
878 	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
879 	(void) nvlist_lookup_string(props,
880 	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
881 
882 	if (parent_name != NULL) {
883 		/* get a reference to parent dataset */
884 		pzhp = make_dataset_handle(hdl, parent_name);
885 		if (pzhp == NULL) {
886 			ret = ENOENT;
887 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
888 			    "Failed to lookup parent."));
889 			goto out;
890 		}
891 
892 		/* Lookup parent's crypt */
893 		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
894 
895 		/* Params require the encryption feature */
896 		if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
897 			if (proplist_has_encryption_props(props)) {
898 				ret = EINVAL;
899 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
900 				    "Encryption feature not enabled."));
901 				goto out;
902 			}
903 
904 			ret = 0;
905 			goto out;
906 		}
907 	} else {
908 		/*
909 		 * special case for root dataset where encryption feature
910 		 * feature won't be on disk yet
911 		 */
912 		if (!nvlist_exists(pool_props, "feature@encryption")) {
913 			if (proplist_has_encryption_props(props)) {
914 				ret = EINVAL;
915 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
916 				    "Encryption feature not enabled."));
917 				goto out;
918 			}
919 
920 			ret = 0;
921 			goto out;
922 		}
923 
924 		pcrypt = ZIO_CRYPT_OFF;
925 	}
926 
927 	/* Get the inherited encryption property if we don't have it locally */
928 	if (!local_crypt)
929 		crypt = pcrypt;
930 
931 	/*
932 	 * At this point crypt should be the actual encryption value. If
933 	 * encryption is off just verify that no encryption properties have
934 	 * been specified and return.
935 	 */
936 	if (crypt == ZIO_CRYPT_OFF) {
937 		if (proplist_has_encryption_props(props)) {
938 			ret = EINVAL;
939 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
940 			    "Encryption must be turned on to set encryption "
941 			    "properties."));
942 			goto out;
943 		}
944 
945 		ret = 0;
946 		goto out;
947 	}
948 
949 	/*
950 	 * If we have a parent crypt it is valid to specify encryption alone.
951 	 * This will result in a child that is encrypted with the chosen
952 	 * encryption suite that will also inherit the parent's key. If
953 	 * the parent is not encrypted we need an encryption suite provided.
954 	 */
955 	if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
956 	    keyformat == ZFS_KEYFORMAT_NONE) {
957 		ret = EINVAL;
958 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
959 		    "Keyformat required for new encryption root."));
960 		goto out;
961 	}
962 
963 	/*
964 	 * Specifying a keylocation implies this will be a new encryption root.
965 	 * Check that a keyformat is also specified.
966 	 */
967 	if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
968 		ret = EINVAL;
969 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
970 		    "Keyformat required for new encryption root."));
971 		goto out;
972 	}
973 
974 	/* default to prompt if no keylocation is specified */
975 	if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
976 		keylocation = "prompt";
977 		ret = nvlist_add_string(props,
978 		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
979 		if (ret != 0)
980 			goto out;
981 	}
982 
983 	/*
984 	 * If a local key is provided, this dataset will be a new
985 	 * encryption root. Populate the encryption params.
986 	 */
987 	if (keylocation != NULL) {
988 		/*
989 		 * 'zfs recv -o keylocation=prompt' won't work because stdin
990 		 * is being used by the send stream, so we disallow it.
991 		 */
992 		if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
993 			ret = EINVAL;
994 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
995 			    "'prompt' keylocation because stdin is in use."));
996 			goto out;
997 		}
998 
999 		ret = populate_create_encryption_params_nvlists(hdl, NULL,
1000 		    B_FALSE, keyformat, keylocation, props, &wkeydata,
1001 		    &wkeylen);
1002 		if (ret != 0)
1003 			goto out;
1004 	}
1005 
1006 	if (pzhp != NULL)
1007 		zfs_close(pzhp);
1008 
1009 	*wkeydata_out = wkeydata;
1010 	*wkeylen_out = wkeylen;
1011 	return (0);
1012 
1013 out:
1014 	if (pzhp != NULL)
1015 		zfs_close(pzhp);
1016 	if (wkeydata != NULL)
1017 		free(wkeydata);
1018 
1019 	*wkeydata_out = NULL;
1020 	*wkeylen_out = 0;
1021 	return (ret);
1022 }
1023 
1024 int
zfs_crypto_clone_check(libzfs_handle_t * hdl,zfs_handle_t * origin_zhp,char * parent_name,nvlist_t * props)1025 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1026     char *parent_name, nvlist_t *props)
1027 {
1028 	/*
1029 	 * No encryption properties should be specified. They will all be
1030 	 * inherited from the origin dataset.
1031 	 */
1032 	if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1033 	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1034 	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1035 	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1036 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1037 		    "Encryption properties must inherit from origin dataset."));
1038 		return (EINVAL);
1039 	}
1040 
1041 	return (0);
1042 }
1043 
1044 typedef struct loadkeys_cbdata {
1045 	uint64_t cb_numfailed;
1046 	uint64_t cb_numattempted;
1047 } loadkey_cbdata_t;
1048 
1049 static int
load_keys_cb(zfs_handle_t * zhp,void * arg)1050 load_keys_cb(zfs_handle_t *zhp, void *arg)
1051 {
1052 	int ret;
1053 	boolean_t is_encroot;
1054 	loadkey_cbdata_t *cb = arg;
1055 	uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1056 
1057 	/* only attempt to load keys for encryption roots */
1058 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1059 	if (ret != 0 || !is_encroot)
1060 		goto out;
1061 
1062 	/* don't attempt to load already loaded keys */
1063 	if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1064 		goto out;
1065 
1066 	/* Attempt to load the key. Record status in cb. */
1067 	cb->cb_numattempted++;
1068 
1069 	ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1070 	if (ret)
1071 		cb->cb_numfailed++;
1072 
1073 out:
1074 	(void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
1075 	zfs_close(zhp);
1076 
1077 	/* always return 0, since this function is best effort */
1078 	return (0);
1079 }
1080 
1081 /*
1082  * This function is best effort. It attempts to load all the keys for the given
1083  * filesystem and all of its children.
1084  */
1085 int
zfs_crypto_attempt_load_keys(libzfs_handle_t * hdl,char * fsname)1086 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
1087 {
1088 	int ret;
1089 	zfs_handle_t *zhp = NULL;
1090 	loadkey_cbdata_t cb = { 0 };
1091 
1092 	zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1093 	if (zhp == NULL) {
1094 		ret = ENOENT;
1095 		goto error;
1096 	}
1097 
1098 	ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1099 	if (ret)
1100 		goto error;
1101 
1102 	(void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1103 	    (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1104 	    (u_longlong_t)cb.cb_numattempted);
1105 
1106 	if (cb.cb_numfailed != 0) {
1107 		ret = -1;
1108 		goto error;
1109 	}
1110 
1111 	zfs_close(zhp);
1112 	return (0);
1113 
1114 error:
1115 	if (zhp != NULL)
1116 		zfs_close(zhp);
1117 	return (ret);
1118 }
1119 
1120 int
zfs_crypto_load_key(zfs_handle_t * zhp,boolean_t noop,char * alt_keylocation)1121 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
1122 {
1123 	int ret, attempts = 0;
1124 	char errbuf[1024];
1125 	uint64_t keystatus, iters = 0, salt = 0;
1126 	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1127 	char prop_keylocation[MAXNAMELEN];
1128 	char prop_encroot[MAXNAMELEN];
1129 	char *keylocation = NULL;
1130 	uint8_t *key_material = NULL, *key_data = NULL;
1131 	size_t key_material_len;
1132 	boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1133 
1134 	(void) snprintf(errbuf, sizeof (errbuf),
1135 	    dgettext(TEXT_DOMAIN, "Key load error"));
1136 
1137 	/* check that encryption is enabled for the pool */
1138 	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1139 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1140 		    "Encryption feature not enabled."));
1141 		ret = EINVAL;
1142 		goto error;
1143 	}
1144 
1145 	/* Fetch the keyformat. Check that the dataset is encrypted. */
1146 	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1147 	if (keyformat == ZFS_KEYFORMAT_NONE) {
1148 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1149 		    "'%s' is not encrypted."), zfs_get_name(zhp));
1150 		ret = EINVAL;
1151 		goto error;
1152 	}
1153 
1154 	/*
1155 	 * Fetch the key location. Check that we are working with an
1156 	 * encryption root.
1157 	 */
1158 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1159 	if (ret != 0) {
1160 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1161 		    "Failed to get encryption root for '%s'."),
1162 		    zfs_get_name(zhp));
1163 		goto error;
1164 	} else if (!is_encroot) {
1165 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1166 		    "Keys must be loaded for encryption root of '%s' (%s)."),
1167 		    zfs_get_name(zhp), prop_encroot);
1168 		ret = EINVAL;
1169 		goto error;
1170 	}
1171 
1172 	/*
1173 	 * if the caller has elected to override the keylocation property
1174 	 * use that instead
1175 	 */
1176 	if (alt_keylocation != NULL) {
1177 		keylocation = alt_keylocation;
1178 	} else {
1179 		ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1180 		    sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1181 		if (ret != 0) {
1182 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1183 			    "Failed to get keylocation for '%s'."),
1184 			    zfs_get_name(zhp));
1185 			goto error;
1186 		}
1187 
1188 		keylocation = prop_keylocation;
1189 	}
1190 
1191 	/* check that the key is unloaded unless this is a noop */
1192 	if (!noop) {
1193 		keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1194 		if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1195 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1196 			    "Key already loaded for '%s'."), zfs_get_name(zhp));
1197 			ret = EEXIST;
1198 			goto error;
1199 		}
1200 	}
1201 
1202 	/* passphrase formats require a salt and pbkdf2_iters property */
1203 	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1204 		salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1205 		iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1206 	}
1207 
1208 try_again:
1209 	/* fetching and deriving the key are correctible errors. set the flag */
1210 	correctible = B_TRUE;
1211 
1212 	/* get key material from key format and location */
1213 	ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1214 	    keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1215 	    &can_retry);
1216 	if (ret != 0)
1217 		goto error;
1218 
1219 	/* derive a key from the key material */
1220 	ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1221 	    key_material_len, salt, &key_data);
1222 	if (ret != 0)
1223 		goto error;
1224 
1225 	correctible = B_FALSE;
1226 
1227 	/* pass the wrapping key and noop flag to the ioctl */
1228 	ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1229 	if (ret != 0) {
1230 		switch (ret) {
1231 		case EINVAL:
1232 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1233 			    "Invalid parameters provided for %s."),
1234 			    zfs_get_name(zhp));
1235 			break;
1236 		case EEXIST:
1237 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1238 			    "Key already loaded for '%s'."), zfs_get_name(zhp));
1239 			break;
1240 		case EBUSY:
1241 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1242 			    "'%s' is busy."), zfs_get_name(zhp));
1243 			break;
1244 		case EACCES:
1245 			correctible = B_TRUE;
1246 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1247 			    "Incorrect key provided for '%s'."),
1248 			    zfs_get_name(zhp));
1249 			break;
1250 		}
1251 		goto error;
1252 	}
1253 
1254 	free(key_material);
1255 	free(key_data);
1256 
1257 	return (0);
1258 
1259 error:
1260 	(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1261 	if (key_material != NULL) {
1262 		free(key_material);
1263 		key_material = NULL;
1264 	}
1265 	if (key_data != NULL) {
1266 		free(key_data);
1267 		key_data  = NULL;
1268 	}
1269 
1270 	/*
1271 	 * Here we decide if it is ok to allow the user to retry entering their
1272 	 * key. The can_retry flag will be set if the user is entering their
1273 	 * key from an interactive prompt. The correctible flag will only be
1274 	 * set if an error that occured could be corrected by retrying. Both
1275 	 * flags are needed to allow the user to attempt key entry again
1276 	 */
1277 	if (can_retry && correctible && attempts <= MAX_KEY_PROMPT_ATTEMPTS) {
1278 		attempts++;
1279 		goto try_again;
1280 	}
1281 
1282 	return (ret);
1283 }
1284 
1285 int
zfs_crypto_unload_key(zfs_handle_t * zhp)1286 zfs_crypto_unload_key(zfs_handle_t *zhp)
1287 {
1288 	int ret;
1289 	char errbuf[1024];
1290 	char prop_encroot[MAXNAMELEN];
1291 	uint64_t keystatus, keyformat;
1292 	boolean_t is_encroot;
1293 
1294 	(void) snprintf(errbuf, sizeof (errbuf),
1295 	    dgettext(TEXT_DOMAIN, "Key unload error"));
1296 
1297 	/* check that encryption is enabled for the pool */
1298 	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1299 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1300 		    "Encryption feature not enabled."));
1301 		ret = EINVAL;
1302 		goto error;
1303 	}
1304 
1305 	/* Fetch the keyformat. Check that the dataset is encrypted. */
1306 	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1307 	if (keyformat == ZFS_KEYFORMAT_NONE) {
1308 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1309 		    "'%s' is not encrypted."), zfs_get_name(zhp));
1310 		ret = EINVAL;
1311 		goto error;
1312 	}
1313 
1314 	/*
1315 	 * Fetch the key location. Check that we are working with an
1316 	 * encryption root.
1317 	 */
1318 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1319 	if (ret != 0) {
1320 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1321 		    "Failed to get encryption root for '%s'."),
1322 		    zfs_get_name(zhp));
1323 		goto error;
1324 	} else if (!is_encroot) {
1325 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1326 		    "Keys must be unloaded for encryption root of '%s' (%s)."),
1327 		    zfs_get_name(zhp), prop_encroot);
1328 		ret = EINVAL;
1329 		goto error;
1330 	}
1331 
1332 	/* check that the key is loaded */
1333 	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1334 	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1335 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1336 		    "Key already unloaded for '%s'."), zfs_get_name(zhp));
1337 		ret = EACCES;
1338 		goto error;
1339 	}
1340 
1341 	/* call the ioctl */
1342 	ret = lzc_unload_key(zhp->zfs_name);
1343 
1344 	if (ret != 0) {
1345 		switch (ret) {
1346 		case EACCES:
1347 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1348 			    "Key already unloaded for '%s'."),
1349 			    zfs_get_name(zhp));
1350 			break;
1351 		case EBUSY:
1352 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1353 			    "'%s' is busy."), zfs_get_name(zhp));
1354 			break;
1355 		}
1356 		(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1357 	}
1358 
1359 	return (ret);
1360 
1361 error:
1362 	(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1363 	return (ret);
1364 }
1365 
1366 static int
zfs_crypto_verify_rewrap_nvlist(zfs_handle_t * zhp,nvlist_t * props,nvlist_t ** props_out,char * errbuf)1367 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1368     nvlist_t **props_out, char *errbuf)
1369 {
1370 	int ret;
1371 	nvpair_t *elem = NULL;
1372 	zfs_prop_t prop;
1373 	nvlist_t *new_props = NULL;
1374 
1375 	new_props = fnvlist_alloc();
1376 
1377 	/*
1378 	 * loop through all provided properties, we should only have
1379 	 * keyformat, keylocation and pbkdf2iters. The actual validation of
1380 	 * values is done by zfs_valid_proplist().
1381 	 */
1382 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1383 		const char *propname = nvpair_name(elem);
1384 		prop = zfs_name_to_prop(propname);
1385 
1386 		switch (prop) {
1387 		case ZFS_PROP_PBKDF2_ITERS:
1388 		case ZFS_PROP_KEYFORMAT:
1389 		case ZFS_PROP_KEYLOCATION:
1390 			break;
1391 		default:
1392 			ret = EINVAL;
1393 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1394 			    "Only keyformat, keylocation and pbkdf2iters may "
1395 			    "be set with this command."));
1396 			goto error;
1397 		}
1398 	}
1399 
1400 	new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1401 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1402 	    B_TRUE, errbuf);
1403 	if (new_props == NULL)
1404 		goto error;
1405 
1406 	*props_out = new_props;
1407 	return (0);
1408 
1409 error:
1410 	nvlist_free(new_props);
1411 	*props_out = NULL;
1412 	return (ret);
1413 }
1414 
1415 int
zfs_crypto_rewrap(zfs_handle_t * zhp,nvlist_t * raw_props,boolean_t inheritkey)1416 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1417 {
1418 	int ret;
1419 	char errbuf[1024];
1420 	boolean_t is_encroot;
1421 	nvlist_t *props = NULL;
1422 	uint8_t *wkeydata = NULL;
1423 	uint_t wkeylen = 0;
1424 	dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1425 	uint64_t crypt, pcrypt, keystatus, pkeystatus;
1426 	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1427 	zfs_handle_t *pzhp = NULL;
1428 	char *keylocation = NULL;
1429 	char origin_name[MAXNAMELEN];
1430 	char prop_keylocation[MAXNAMELEN];
1431 	char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1432 
1433 	(void) snprintf(errbuf, sizeof (errbuf),
1434 	    dgettext(TEXT_DOMAIN, "Key change error"));
1435 
1436 	/* check that encryption is enabled for the pool */
1437 	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1438 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1439 		    "Encryption feature not enabled."));
1440 		ret = EINVAL;
1441 		goto error;
1442 	}
1443 
1444 	/* get crypt from dataset */
1445 	crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1446 	if (crypt == ZIO_CRYPT_OFF) {
1447 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1448 		    "Dataset not encrypted."));
1449 		ret = EINVAL;
1450 		goto error;
1451 	}
1452 
1453 	/* get the encryption root of the dataset */
1454 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1455 	if (ret != 0) {
1456 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1457 		    "Failed to get encryption root for '%s'."),
1458 		    zfs_get_name(zhp));
1459 		goto error;
1460 	}
1461 
1462 	/* Clones use their origin's key and cannot rewrap it */
1463 	ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1464 	    sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1465 	if (ret == 0 && strcmp(origin_name, "") != 0) {
1466 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1467 		    "Keys cannot be changed on clones."));
1468 		ret = EINVAL;
1469 		goto error;
1470 	}
1471 
1472 	/*
1473 	 * If the user wants to use the inheritkey variant of this function
1474 	 * we don't need to collect any crypto arguments.
1475 	 */
1476 	if (!inheritkey) {
1477 		/* validate the provided properties */
1478 		ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1479 		    errbuf);
1480 		if (ret != 0)
1481 			goto error;
1482 
1483 		/*
1484 		 * Load keyformat and keylocation from the nvlist. Fetch from
1485 		 * the dataset properties if not specified.
1486 		 */
1487 		(void) nvlist_lookup_uint64(props,
1488 		    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1489 		(void) nvlist_lookup_string(props,
1490 		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1491 
1492 		if (is_encroot) {
1493 			/*
1494 			 * If this is already an ecryption root, just keep
1495 			 * any properties not set by the user.
1496 			 */
1497 			if (keyformat == ZFS_KEYFORMAT_NONE) {
1498 				keyformat = zfs_prop_get_int(zhp,
1499 				    ZFS_PROP_KEYFORMAT);
1500 				ret = nvlist_add_uint64(props,
1501 				    zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1502 				    keyformat);
1503 			}
1504 
1505 			if (keylocation == NULL) {
1506 				ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1507 				    prop_keylocation, sizeof (prop_keylocation),
1508 				    NULL, NULL, 0, B_TRUE);
1509 				if (ret != 0) {
1510 					zfs_error_aux(zhp->zfs_hdl,
1511 					    dgettext(TEXT_DOMAIN, "Failed to "
1512 					    "get existing keylocation "
1513 					    "property."));
1514 					goto error;
1515 				}
1516 
1517 				keylocation = prop_keylocation;
1518 			}
1519 		} else {
1520 			/* need a new key for non-encryption roots */
1521 			if (keyformat == ZFS_KEYFORMAT_NONE) {
1522 				ret = EINVAL;
1523 				zfs_error_aux(zhp->zfs_hdl,
1524 				    dgettext(TEXT_DOMAIN, "Keyformat required "
1525 				    "for new encryption root."));
1526 				goto error;
1527 			}
1528 
1529 			/* default to prompt if no keylocation is specified */
1530 			if (keylocation == NULL) {
1531 				keylocation = "prompt";
1532 				ret = nvlist_add_string(props,
1533 				    zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1534 				    keylocation);
1535 				if (ret != 0)
1536 					goto error;
1537 			}
1538 		}
1539 
1540 		/* fetch the new wrapping key and associated properties */
1541 		ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1542 		    zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1543 		    &wkeylen);
1544 		if (ret != 0)
1545 			goto error;
1546 	} else {
1547 		/* check that zhp is an encryption root */
1548 		if (!is_encroot) {
1549 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1550 			    "Key inheriting can only be performed on "
1551 			    "encryption roots."));
1552 			ret = EINVAL;
1553 			goto error;
1554 		}
1555 
1556 		/* get the parent's name */
1557 		ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1558 		if (ret != 0) {
1559 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1560 			    "Root dataset cannot inherit key."));
1561 			ret = EINVAL;
1562 			goto error;
1563 		}
1564 
1565 		/* get a handle to the parent */
1566 		pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1567 		if (pzhp == NULL) {
1568 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1569 			    "Failed to lookup parent."));
1570 			ret = ENOENT;
1571 			goto error;
1572 		}
1573 
1574 		/* parent must be encrypted */
1575 		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1576 		if (pcrypt == ZIO_CRYPT_OFF) {
1577 			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1578 			    "Parent must be encrypted."));
1579 			ret = EINVAL;
1580 			goto error;
1581 		}
1582 
1583 		/* check that the parent's key is loaded */
1584 		pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1585 		if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1586 			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1587 			    "Parent key must be loaded."));
1588 			ret = EACCES;
1589 			goto error;
1590 		}
1591 	}
1592 
1593 	/* check that the key is loaded */
1594 	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1595 	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1596 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1597 		    "Key must be loaded."));
1598 		ret = EACCES;
1599 		goto error;
1600 	}
1601 
1602 	/* call the ioctl */
1603 	ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1604 	if (ret != 0) {
1605 		switch (ret) {
1606 		case EINVAL:
1607 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1608 			    "Invalid properties for key change."));
1609 			break;
1610 		case EACCES:
1611 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1612 			    "Key is not currently loaded."));
1613 			break;
1614 		}
1615 		(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1616 	}
1617 
1618 	if (pzhp != NULL)
1619 		zfs_close(pzhp);
1620 	if (props != NULL)
1621 		nvlist_free(props);
1622 	if (wkeydata != NULL)
1623 		free(wkeydata);
1624 
1625 	return (ret);
1626 
1627 error:
1628 	if (pzhp != NULL)
1629 		zfs_close(pzhp);
1630 	if (props != NULL)
1631 		nvlist_free(props);
1632 	if (wkeydata != NULL)
1633 		free(wkeydata);
1634 
1635 	(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1636 	return (ret);
1637 }
1638