xref: /freebsd/sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c (revision 3ff01b231dfa83d518854c63e7c9cd1debd1139e)
1 /*
2  * CDDL HEADER START
3  *
4  * This file and its contents are supplied under the terms of the
5  * Common Development and Distribution License ("CDDL"), version 1.0.
6  * You may only use this file in accordance with the terms of version
7  * 1.0 of the CDDL.
8  *
9  * A full copy of the text of the CDDL should have accompanied this
10  * source.  A copy of the CDDL is also available via the Internet at
11  * http://www.illumos.org/license/CDDL.
12  *
13  * CDDL HEADER END
14  */
15 
16 /*
17  * Copyright (c) 2017, Datto, Inc. All rights reserved.
18  * Copyright 2020 Joyent, Inc.
19  */
20 
21 #include <sys/zfs_context.h>
22 #include <sys/fs/zfs.h>
23 #include <sys/dsl_crypt.h>
24 #include <libintl.h>
25 #include <termios.h>
26 #include <signal.h>
27 #include <errno.h>
28 #include <openssl/evp.h>
29 #if LIBFETCH_DYNAMIC
30 #include <dlfcn.h>
31 #endif
32 #if LIBFETCH_IS_FETCH
33 #include <sys/param.h>
34 #include <stdio.h>
35 #include <fetch.h>
36 #elif LIBFETCH_IS_LIBCURL
37 #include <curl/curl.h>
38 #endif
39 #include <libzfs.h>
40 #include "libzfs_impl.h"
41 #include "zfeature_common.h"
42 
43 /*
44  * User keys are used to decrypt the master encryption keys of a dataset. This
45  * indirection allows a user to change his / her access key without having to
46  * re-encrypt the entire dataset. User keys can be provided in one of several
47  * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
48  * are converted to binary and passed into the kernel. Password based keys are
49  * a bit more complicated. Passwords alone do not provide suitable entropy for
50  * encryption and may be too short or too long to be used. In order to derive
51  * a more appropriate key we use a PBKDF2 function. This function is designed
52  * to take a (relatively) long time to calculate in order to discourage
53  * attackers from guessing from a list of common passwords. PBKDF2 requires
54  * 2 additional parameters. The first is the number of iterations to run, which
55  * will ultimately determine how long it takes to derive the resulting key from
56  * the password. The second parameter is a salt that is randomly generated for
57  * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
58  * attackers cannot reasonably generate a table of commonly known passwords to
59  * their output keys and expect it work for all past and future PBKDF2 users.
60  * We store the salt as a hidden property of the dataset (although it is
61  * technically ok if the salt is known to the attacker).
62  */
63 
64 #define	MIN_PASSPHRASE_LEN 8
65 #define	MAX_PASSPHRASE_LEN 512
66 #define	MAX_KEY_PROMPT_ATTEMPTS 3
67 
68 static int caught_interrupt;
69 
70 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
71     zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
72 static int get_key_material_https(libzfs_handle_t *, const char *, const char *,
73     zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
74 
75 static zfs_uri_handler_t uri_handlers[] = {
76 	{ "file", get_key_material_file },
77 	{ "https", get_key_material_https },
78 	{ "http", get_key_material_https },
79 	{ NULL, NULL }
80 };
81 
82 static int
83 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
84 {
85 	int rand;
86 	ssize_t bytes_read = 0;
87 
88 	rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
89 
90 	if (rand < 0)
91 		return (rand);
92 
93 	while (bytes_read < bytes) {
94 		ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
95 		if (rc < 0)
96 			break;
97 		bytes_read += rc;
98 	}
99 
100 	(void) close(rand);
101 
102 	return (bytes_read);
103 }
104 
105 static int
106 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
107     zfs_keylocation_t *restrict locp, char **restrict schemep)
108 {
109 	*locp = ZFS_KEYLOCATION_NONE;
110 	*schemep = NULL;
111 
112 	if (strcmp("prompt", str) == 0) {
113 		*locp = ZFS_KEYLOCATION_PROMPT;
114 		return (0);
115 	}
116 
117 	regmatch_t pmatch[2];
118 
119 	if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),
120 	    pmatch, 0) == 0) {
121 		size_t scheme_len;
122 
123 		if (pmatch[1].rm_so == -1) {
124 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
125 			    "Invalid URI"));
126 			return (EINVAL);
127 		}
128 
129 		scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;
130 
131 		*schemep = calloc(1, scheme_len + 1);
132 		if (*schemep == NULL) {
133 			int ret = errno;
134 
135 			errno = 0;
136 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
137 			    "Invalid URI"));
138 			return (ret);
139 		}
140 
141 		(void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);
142 		*locp = ZFS_KEYLOCATION_URI;
143 		return (0);
144 	}
145 
146 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
147 	return (EINVAL);
148 }
149 
150 static int
151 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
152 {
153 	int ret, i;
154 	unsigned int c;
155 
156 	for (i = 0; i < hexlen; i += 2) {
157 		if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
158 			ret = EINVAL;
159 			goto error;
160 		}
161 
162 		ret = sscanf(&hex[i], "%02x", &c);
163 		if (ret != 1) {
164 			ret = EINVAL;
165 			goto error;
166 		}
167 
168 		out[i / 2] = c;
169 	}
170 
171 	return (0);
172 
173 error:
174 	return (ret);
175 }
176 
177 
178 static void
179 catch_signal(int sig)
180 {
181 	caught_interrupt = sig;
182 }
183 
184 static const char *
185 get_format_prompt_string(zfs_keyformat_t format)
186 {
187 	switch (format) {
188 	case ZFS_KEYFORMAT_RAW:
189 		return ("raw key");
190 	case ZFS_KEYFORMAT_HEX:
191 		return ("hex key");
192 	case ZFS_KEYFORMAT_PASSPHRASE:
193 		return ("passphrase");
194 	default:
195 		/* shouldn't happen */
196 		return (NULL);
197 	}
198 }
199 
200 /* do basic validation of the key material */
201 static int
202 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
203     const char *key, size_t keylen)
204 {
205 	switch (keyformat) {
206 	case ZFS_KEYFORMAT_RAW:
207 		/* verify the key length is correct */
208 		if (keylen < WRAPPING_KEY_LEN) {
209 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
210 			    "Raw key too short (expected %u)."),
211 			    WRAPPING_KEY_LEN);
212 			return (EINVAL);
213 		}
214 
215 		if (keylen > WRAPPING_KEY_LEN) {
216 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
217 			    "Raw key too long (expected %u)."),
218 			    WRAPPING_KEY_LEN);
219 			return (EINVAL);
220 		}
221 		break;
222 	case ZFS_KEYFORMAT_HEX:
223 		/* verify the key length is correct */
224 		if (keylen < WRAPPING_KEY_LEN * 2) {
225 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
226 			    "Hex key too short (expected %u)."),
227 			    WRAPPING_KEY_LEN * 2);
228 			return (EINVAL);
229 		}
230 
231 		if (keylen > WRAPPING_KEY_LEN * 2) {
232 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
233 			    "Hex key too long (expected %u)."),
234 			    WRAPPING_KEY_LEN * 2);
235 			return (EINVAL);
236 		}
237 
238 		/* check for invalid hex digits */
239 		for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
240 			if (!isxdigit(key[i])) {
241 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
242 				    "Invalid hex character detected."));
243 				return (EINVAL);
244 			}
245 		}
246 		break;
247 	case ZFS_KEYFORMAT_PASSPHRASE:
248 		/* verify the length is within bounds */
249 		if (keylen > MAX_PASSPHRASE_LEN) {
250 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
251 			    "Passphrase too long (max %u)."),
252 			    MAX_PASSPHRASE_LEN);
253 			return (EINVAL);
254 		}
255 
256 		if (keylen < MIN_PASSPHRASE_LEN) {
257 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
258 			    "Passphrase too short (min %u)."),
259 			    MIN_PASSPHRASE_LEN);
260 			return (EINVAL);
261 		}
262 		break;
263 	default:
264 		/* can't happen, checked above */
265 		break;
266 	}
267 
268 	return (0);
269 }
270 
271 static int
272 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
273     boolean_t new_key, const char *fsname,
274     char **restrict res, size_t *restrict reslen)
275 {
276 	FILE *f = stdin;
277 	size_t buflen = 0;
278 	ssize_t bytes;
279 	int ret = 0;
280 	struct termios old_term, new_term;
281 	struct sigaction act, osigint, osigtstp;
282 
283 	*res = NULL;
284 	*reslen = 0;
285 
286 	/*
287 	 * handle SIGINT and ignore SIGSTP. This is necessary to
288 	 * restore the state of the terminal.
289 	 */
290 	caught_interrupt = 0;
291 	act.sa_flags = 0;
292 	(void) sigemptyset(&act.sa_mask);
293 	act.sa_handler = catch_signal;
294 
295 	(void) sigaction(SIGINT, &act, &osigint);
296 	act.sa_handler = SIG_IGN;
297 	(void) sigaction(SIGTSTP, &act, &osigtstp);
298 
299 	(void) printf("%s %s%s",
300 	    is_reenter ? "Re-enter" : "Enter",
301 	    new_key ? "new " : "",
302 	    get_format_prompt_string(keyformat));
303 	if (fsname != NULL)
304 		(void) printf(" for '%s'", fsname);
305 	(void) fputc(':', stdout);
306 	(void) fflush(stdout);
307 
308 	/* disable the terminal echo for key input */
309 	(void) tcgetattr(fileno(f), &old_term);
310 
311 	new_term = old_term;
312 	new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
313 
314 	ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
315 	if (ret != 0) {
316 		ret = errno;
317 		errno = 0;
318 		goto out;
319 	}
320 
321 	bytes = getline(res, &buflen, f);
322 	if (bytes < 0) {
323 		ret = errno;
324 		errno = 0;
325 		goto out;
326 	}
327 
328 	/* trim the ending newline if it exists */
329 	if (bytes > 0 && (*res)[bytes - 1] == '\n') {
330 		(*res)[bytes - 1] = '\0';
331 		bytes--;
332 	}
333 
334 	*reslen = bytes;
335 
336 out:
337 	/* reset the terminal */
338 	(void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
339 	(void) sigaction(SIGINT, &osigint, NULL);
340 	(void) sigaction(SIGTSTP, &osigtstp, NULL);
341 
342 	/* if we caught a signal, re-throw it now */
343 	if (caught_interrupt != 0)
344 		(void) kill(getpid(), caught_interrupt);
345 
346 	/* print the newline that was not echo'd */
347 	(void) printf("\n");
348 
349 	return (ret);
350 }
351 
352 static int
353 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
354     zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
355     uint8_t **restrict outbuf, size_t *restrict len_out)
356 {
357 	char *buf = NULL, *buf2 = NULL;
358 	size_t buflen = 0, buf2len = 0;
359 	int ret = 0;
360 
361 	ASSERT(isatty(fileno(stdin)));
362 
363 	/* raw keys cannot be entered on the terminal */
364 	if (keyformat == ZFS_KEYFORMAT_RAW) {
365 		ret = EINVAL;
366 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
367 		    "Cannot enter raw keys on the terminal"));
368 		goto out;
369 	}
370 
371 	/* prompt for the key */
372 	if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
373 	    &buf, &buflen)) != 0) {
374 		free(buf);
375 		buf = NULL;
376 		buflen = 0;
377 		goto out;
378 	}
379 
380 	if (!confirm_key)
381 		goto out;
382 
383 	if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) {
384 		free(buf);
385 		return (ret);
386 	}
387 
388 	ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
389 	    &buf2len);
390 	if (ret != 0) {
391 		free(buf);
392 		free(buf2);
393 		buf = buf2 = NULL;
394 		buflen = buf2len = 0;
395 		goto out;
396 	}
397 
398 	if (buflen != buf2len || strcmp(buf, buf2) != 0) {
399 		free(buf);
400 		buf = NULL;
401 		buflen = 0;
402 
403 		ret = EINVAL;
404 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
405 		    "Provided keys do not match."));
406 	}
407 
408 	free(buf2);
409 
410 out:
411 	*outbuf = (uint8_t *)buf;
412 	*len_out = buflen;
413 	return (ret);
414 }
415 
416 static int
417 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
418     uint8_t **buf, size_t *len_out)
419 {
420 	int ret = 0;
421 	size_t buflen = 0;
422 
423 	*len_out = 0;
424 
425 	/* read the key material */
426 	if (keyformat != ZFS_KEYFORMAT_RAW) {
427 		ssize_t bytes;
428 
429 		bytes = getline((char **)buf, &buflen, fd);
430 		if (bytes < 0) {
431 			ret = errno;
432 			errno = 0;
433 			goto out;
434 		}
435 
436 		/* trim the ending newline if it exists */
437 		if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
438 			(*buf)[bytes - 1] = '\0';
439 			bytes--;
440 		}
441 
442 		*len_out = bytes;
443 	} else {
444 		size_t n;
445 
446 		/*
447 		 * Raw keys may have newline characters in them and so can't
448 		 * use getline(). Here we attempt to read 33 bytes so that we
449 		 * can properly check the key length (the file should only have
450 		 * 32 bytes).
451 		 */
452 		*buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
453 		if (*buf == NULL) {
454 			ret = ENOMEM;
455 			goto out;
456 		}
457 
458 		n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
459 		if (n == 0 || ferror(fd)) {
460 			/* size errors are handled by the calling function */
461 			free(*buf);
462 			*buf = NULL;
463 			ret = errno;
464 			errno = 0;
465 			goto out;
466 		}
467 
468 		*len_out = n;
469 	}
470 out:
471 	return (ret);
472 }
473 
474 static int
475 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
476     const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
477     uint8_t **restrict buf, size_t *restrict len_out)
478 {
479 	FILE *f = NULL;
480 	int ret = 0;
481 
482 	if (strlen(uri) < 7)
483 		return (EINVAL);
484 
485 	if ((f = fopen(uri + 7, "re")) == NULL) {
486 		ret = errno;
487 		errno = 0;
488 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
489 		    "Failed to open key material file"));
490 		return (ret);
491 	}
492 
493 	ret = get_key_material_raw(f, keyformat, buf, len_out);
494 
495 	(void) fclose(f);
496 
497 	return (ret);
498 }
499 
500 static int
501 get_key_material_https(libzfs_handle_t *hdl, const char *uri,
502     const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
503     uint8_t **restrict buf, size_t *restrict len_out)
504 {
505 	int ret = 0;
506 	FILE *key = NULL;
507 	boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0;
508 
509 	if (strlen(uri) < (is_http ? 7 : 8)) {
510 		ret = EINVAL;
511 		goto end;
512 	}
513 
514 #if LIBFETCH_DYNAMIC
515 #define	LOAD_FUNCTION(func) \
516 	__typeof__(func) *func = dlsym(hdl->libfetch, #func);
517 
518 	if (hdl->libfetch == NULL)
519 		hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY);
520 
521 	if (hdl->libfetch == NULL) {
522 		hdl->libfetch = (void *)-1;
523 		char *err = dlerror();
524 		if (err)
525 			hdl->libfetch_load_error = strdup(err);
526 	}
527 
528 	if (hdl->libfetch == (void *)-1) {
529 		ret = ENOSYS;
530 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
531 		    "Couldn't load %s: %s"),
532 		    LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)");
533 		goto end;
534 	}
535 
536 	boolean_t ok;
537 #if LIBFETCH_IS_FETCH
538 	LOAD_FUNCTION(fetchGetURL);
539 	char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString");
540 
541 	ok = fetchGetURL && fetchLastErrString;
542 #elif LIBFETCH_IS_LIBCURL
543 	LOAD_FUNCTION(curl_easy_init);
544 	LOAD_FUNCTION(curl_easy_setopt);
545 	LOAD_FUNCTION(curl_easy_perform);
546 	LOAD_FUNCTION(curl_easy_cleanup);
547 	LOAD_FUNCTION(curl_easy_strerror);
548 	LOAD_FUNCTION(curl_easy_getinfo);
549 
550 	ok = curl_easy_init && curl_easy_setopt && curl_easy_perform &&
551 	    curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo;
552 #endif
553 	if (!ok) {
554 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
555 		    "keylocation=%s back-end %s missing symbols."),
556 		    is_http ? "http://" : "https://", LIBFETCH_SONAME);
557 		ret = ENOSYS;
558 		goto end;
559 	}
560 #endif
561 
562 #if LIBFETCH_IS_FETCH
563 	key = fetchGetURL(uri, "");
564 	if (key == NULL) {
565 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
566 		    "Couldn't GET %s: %s"),
567 		    uri, fetchLastErrString);
568 		ret = ENETDOWN;
569 	}
570 #elif LIBFETCH_IS_LIBCURL
571 	CURL *curl = curl_easy_init();
572 	if (curl == NULL) {
573 		ret = ENOTSUP;
574 		goto end;
575 	}
576 
577 	int kfd = -1;
578 #ifdef O_TMPFILE
579 	kfd = open(getenv("TMPDIR") ?: "/tmp",
580 	    O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600);
581 	if (kfd != -1)
582 		goto kfdok;
583 #endif
584 
585 	char *path;
586 	if (asprintf(&path,
587 	    "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) {
588 		ret = ENOMEM;
589 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"),
590 		    strerror(ret));
591 		goto end;
592 	}
593 
594 	kfd = mkostemps(path, strlen(".https"), O_CLOEXEC);
595 	if (kfd == -1) {
596 		ret = errno;
597 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
598 		    "Couldn't create temporary file %s: %s"),
599 		    path, strerror(ret));
600 		free(path);
601 		goto end;
602 	}
603 	(void) unlink(path);
604 	free(path);
605 
606 kfdok:
607 	if ((key = fdopen(kfd, "r+")) == NULL) {
608 		ret = errno;
609 		free(path);
610 		(void) close(kfd);
611 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
612 		    "Couldn't reopen temporary file: %s"), strerror(ret));
613 		goto end;
614 	}
615 
616 	char errbuf[CURL_ERROR_SIZE] = "";
617 	char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */
618 	char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */
619 	char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */
620 	char *clkey  = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */
621 	(void) curl_easy_setopt(curl, CURLOPT_URL, uri);
622 	(void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
623 	(void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L);
624 	(void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key);
625 	(void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
626 	if (cainfo != NULL)
627 		(void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
628 	if (capath != NULL)
629 		(void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
630 	if (clcert != NULL)
631 		(void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert);
632 	if (clkey != NULL)
633 		(void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey);
634 
635 	CURLcode res = curl_easy_perform(curl);
636 
637 	if (res != CURLE_OK) {
638 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
639 		    "Failed to connect to %s: %s"),
640 		    uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res));
641 		ret = ENETDOWN;
642 	} else {
643 		long resp = 200;
644 		(void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp);
645 
646 		if (resp < 200 || resp >= 300) {
647 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
648 			    "Couldn't GET %s: %ld"),
649 			    uri, resp);
650 			ret = ENOENT;
651 		} else
652 			rewind(key);
653 	}
654 
655 	curl_easy_cleanup(curl);
656 #else
657 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
658 	    "No keylocation=%s back-end."), is_http ? "http://" : "https://");
659 	ret = ENOSYS;
660 #endif
661 
662 end:
663 	if (ret == 0)
664 		ret = get_key_material_raw(key, keyformat, buf, len_out);
665 
666 	if (key != NULL)
667 		fclose(key);
668 
669 	return (ret);
670 }
671 
672 /*
673  * Attempts to fetch key material, no matter where it might live. The key
674  * material is allocated and returned in km_out. *can_retry_out will be set
675  * to B_TRUE if the user is providing the key material interactively, allowing
676  * for re-entry attempts.
677  */
678 static int
679 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
680     zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
681     uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
682 {
683 	int ret;
684 	zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
685 	uint8_t *km = NULL;
686 	size_t kmlen = 0;
687 	char *uri_scheme = NULL;
688 	zfs_uri_handler_t *handler = NULL;
689 	boolean_t can_retry = B_FALSE;
690 
691 	/* verify and parse the keylocation */
692 	ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,
693 	    &uri_scheme);
694 	if (ret != 0)
695 		goto error;
696 
697 	/* open the appropriate file descriptor */
698 	switch (keyloc) {
699 	case ZFS_KEYLOCATION_PROMPT:
700 		if (isatty(fileno(stdin))) {
701 			can_retry = keyformat != ZFS_KEYFORMAT_RAW;
702 			ret = get_key_interactive(hdl, fsname, keyformat,
703 			    do_verify, newkey, &km, &kmlen);
704 		} else {
705 			/* fetch the key material into the buffer */
706 			ret = get_key_material_raw(stdin, keyformat, &km,
707 			    &kmlen);
708 		}
709 
710 		if (ret != 0)
711 			goto error;
712 
713 		break;
714 	case ZFS_KEYLOCATION_URI:
715 		ret = ENOTSUP;
716 
717 		for (handler = uri_handlers; handler->zuh_scheme != NULL;
718 		    handler++) {
719 			if (strcmp(handler->zuh_scheme, uri_scheme) != 0)
720 				continue;
721 
722 			if ((ret = handler->zuh_handler(hdl, keylocation,
723 			    fsname, keyformat, newkey, &km, &kmlen)) != 0)
724 				goto error;
725 
726 			break;
727 		}
728 
729 		if (ret == ENOTSUP) {
730 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
731 			    "URI scheme is not supported"));
732 			goto error;
733 		}
734 
735 		break;
736 	default:
737 		ret = EINVAL;
738 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
739 		    "Invalid keylocation."));
740 		goto error;
741 	}
742 
743 	if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0)
744 		goto error;
745 
746 	*km_out = km;
747 	*kmlen_out = kmlen;
748 	if (can_retry_out != NULL)
749 		*can_retry_out = can_retry;
750 
751 	free(uri_scheme);
752 	return (0);
753 
754 error:
755 	free(km);
756 
757 	*km_out = NULL;
758 	*kmlen_out = 0;
759 
760 	if (can_retry_out != NULL)
761 		*can_retry_out = can_retry;
762 
763 	free(uri_scheme);
764 	return (ret);
765 }
766 
767 static int
768 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
769     uint8_t *key_material, size_t key_material_len, uint64_t salt,
770     uint8_t **key_out)
771 {
772 	int ret;
773 	uint8_t *key;
774 
775 	*key_out = NULL;
776 
777 	key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
778 	if (!key)
779 		return (ENOMEM);
780 
781 	switch (format) {
782 	case ZFS_KEYFORMAT_RAW:
783 		bcopy(key_material, key, WRAPPING_KEY_LEN);
784 		break;
785 	case ZFS_KEYFORMAT_HEX:
786 		ret = hex_key_to_raw((char *)key_material,
787 		    WRAPPING_KEY_LEN * 2, key);
788 		if (ret != 0) {
789 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
790 			    "Invalid hex key provided."));
791 			goto error;
792 		}
793 		break;
794 	case ZFS_KEYFORMAT_PASSPHRASE:
795 		salt = LE_64(salt);
796 
797 		ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
798 		    strlen((char *)key_material), ((uint8_t *)&salt),
799 		    sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
800 		if (ret != 1) {
801 			ret = EIO;
802 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
803 			    "Failed to generate key from passphrase."));
804 			goto error;
805 		}
806 		break;
807 	default:
808 		ret = EINVAL;
809 		goto error;
810 	}
811 
812 	*key_out = key;
813 	return (0);
814 
815 error:
816 	free(key);
817 
818 	*key_out = NULL;
819 	return (ret);
820 }
821 
822 static boolean_t
823 encryption_feature_is_enabled(zpool_handle_t *zph)
824 {
825 	nvlist_t *features;
826 	uint64_t feat_refcount;
827 
828 	/* check that features can be enabled */
829 	if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
830 	    < SPA_VERSION_FEATURES)
831 		return (B_FALSE);
832 
833 	/* check for crypto feature */
834 	features = zpool_get_features(zph);
835 	if (!features || nvlist_lookup_uint64(features,
836 	    spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
837 	    &feat_refcount) != 0)
838 		return (B_FALSE);
839 
840 	return (B_TRUE);
841 }
842 
843 static int
844 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
845     zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
846     char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
847 {
848 	int ret;
849 	uint64_t iters = 0, salt = 0;
850 	uint8_t *key_material = NULL;
851 	size_t key_material_len = 0;
852 	uint8_t *key_data = NULL;
853 	const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
854 
855 	/* get key material from keyformat and keylocation */
856 	ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
857 	    fsname, &key_material, &key_material_len, NULL);
858 	if (ret != 0)
859 		goto error;
860 
861 	/* passphrase formats require a salt and pbkdf2 iters property */
862 	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
863 		/* always generate a new salt */
864 		ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
865 		if (ret != sizeof (uint64_t)) {
866 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
867 			    "Failed to generate salt."));
868 			goto error;
869 		}
870 
871 		ret = nvlist_add_uint64(props,
872 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
873 		if (ret != 0) {
874 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
875 			    "Failed to add salt to properties."));
876 			goto error;
877 		}
878 
879 		/*
880 		 * If not otherwise specified, use the default number of
881 		 * pbkdf2 iterations. If specified, we have already checked
882 		 * that the given value is greater than MIN_PBKDF2_ITERATIONS
883 		 * during zfs_valid_proplist().
884 		 */
885 		ret = nvlist_lookup_uint64(props,
886 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
887 		if (ret == ENOENT) {
888 			iters = DEFAULT_PBKDF2_ITERATIONS;
889 			ret = nvlist_add_uint64(props,
890 			    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
891 			if (ret != 0)
892 				goto error;
893 		} else if (ret != 0) {
894 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
895 			    "Failed to get pbkdf2 iterations."));
896 			goto error;
897 		}
898 	} else {
899 		/* check that pbkdf2iters was not specified by the user */
900 		ret = nvlist_lookup_uint64(props,
901 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
902 		if (ret == 0) {
903 			ret = EINVAL;
904 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
905 			    "Cannot specify pbkdf2iters with a non-passphrase "
906 			    "keyformat."));
907 			goto error;
908 		}
909 	}
910 
911 	/* derive a key from the key material */
912 	ret = derive_key(hdl, keyformat, iters, key_material, key_material_len,
913 	    salt, &key_data);
914 	if (ret != 0)
915 		goto error;
916 
917 	free(key_material);
918 
919 	*wkeydata = key_data;
920 	*wkeylen = WRAPPING_KEY_LEN;
921 	return (0);
922 
923 error:
924 	if (key_material != NULL)
925 		free(key_material);
926 	if (key_data != NULL)
927 		free(key_data);
928 
929 	*wkeydata = NULL;
930 	*wkeylen = 0;
931 	return (ret);
932 }
933 
934 static boolean_t
935 proplist_has_encryption_props(nvlist_t *props)
936 {
937 	int ret;
938 	uint64_t intval;
939 	char *strval;
940 
941 	ret = nvlist_lookup_uint64(props,
942 	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
943 	if (ret == 0 && intval != ZIO_CRYPT_OFF)
944 		return (B_TRUE);
945 
946 	ret = nvlist_lookup_string(props,
947 	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
948 	if (ret == 0 && strcmp(strval, "none") != 0)
949 		return (B_TRUE);
950 
951 	ret = nvlist_lookup_uint64(props,
952 	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
953 	if (ret == 0)
954 		return (B_TRUE);
955 
956 	ret = nvlist_lookup_uint64(props,
957 	    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
958 	if (ret == 0)
959 		return (B_TRUE);
960 
961 	return (B_FALSE);
962 }
963 
964 int
965 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
966     char *buf)
967 {
968 	int ret;
969 	char prop_encroot[MAXNAMELEN];
970 
971 	/* if the dataset isn't encrypted, just return */
972 	if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
973 		*is_encroot = B_FALSE;
974 		if (buf != NULL)
975 			buf[0] = '\0';
976 		return (0);
977 	}
978 
979 	ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
980 	    sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
981 	if (ret != 0) {
982 		*is_encroot = B_FALSE;
983 		if (buf != NULL)
984 			buf[0] = '\0';
985 		return (ret);
986 	}
987 
988 	*is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
989 	if (buf != NULL)
990 		strcpy(buf, prop_encroot);
991 
992 	return (0);
993 }
994 
995 int
996 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
997     nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
998     uint_t *wkeylen_out)
999 {
1000 	int ret;
1001 	char errbuf[1024];
1002 	uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
1003 	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1004 	char *keylocation = NULL;
1005 	zfs_handle_t *pzhp = NULL;
1006 	uint8_t *wkeydata = NULL;
1007 	uint_t wkeylen = 0;
1008 	boolean_t local_crypt = B_TRUE;
1009 
1010 	(void) snprintf(errbuf, sizeof (errbuf),
1011 	    dgettext(TEXT_DOMAIN, "Encryption create error"));
1012 
1013 	/* lookup crypt from props */
1014 	ret = nvlist_lookup_uint64(props,
1015 	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
1016 	if (ret != 0)
1017 		local_crypt = B_FALSE;
1018 
1019 	/* lookup key location and format from props */
1020 	(void) nvlist_lookup_uint64(props,
1021 	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1022 	(void) nvlist_lookup_string(props,
1023 	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1024 
1025 	if (parent_name != NULL) {
1026 		/* get a reference to parent dataset */
1027 		pzhp = make_dataset_handle(hdl, parent_name);
1028 		if (pzhp == NULL) {
1029 			ret = ENOENT;
1030 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1031 			    "Failed to lookup parent."));
1032 			goto out;
1033 		}
1034 
1035 		/* Lookup parent's crypt */
1036 		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1037 
1038 		/* Params require the encryption feature */
1039 		if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
1040 			if (proplist_has_encryption_props(props)) {
1041 				ret = EINVAL;
1042 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1043 				    "Encryption feature not enabled."));
1044 				goto out;
1045 			}
1046 
1047 			ret = 0;
1048 			goto out;
1049 		}
1050 	} else {
1051 		/*
1052 		 * special case for root dataset where encryption feature
1053 		 * feature won't be on disk yet
1054 		 */
1055 		if (!nvlist_exists(pool_props, "feature@encryption")) {
1056 			if (proplist_has_encryption_props(props)) {
1057 				ret = EINVAL;
1058 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1059 				    "Encryption feature not enabled."));
1060 				goto out;
1061 			}
1062 
1063 			ret = 0;
1064 			goto out;
1065 		}
1066 
1067 		pcrypt = ZIO_CRYPT_OFF;
1068 	}
1069 
1070 	/* Get the inherited encryption property if we don't have it locally */
1071 	if (!local_crypt)
1072 		crypt = pcrypt;
1073 
1074 	/*
1075 	 * At this point crypt should be the actual encryption value. If
1076 	 * encryption is off just verify that no encryption properties have
1077 	 * been specified and return.
1078 	 */
1079 	if (crypt == ZIO_CRYPT_OFF) {
1080 		if (proplist_has_encryption_props(props)) {
1081 			ret = EINVAL;
1082 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1083 			    "Encryption must be turned on to set encryption "
1084 			    "properties."));
1085 			goto out;
1086 		}
1087 
1088 		ret = 0;
1089 		goto out;
1090 	}
1091 
1092 	/*
1093 	 * If we have a parent crypt it is valid to specify encryption alone.
1094 	 * This will result in a child that is encrypted with the chosen
1095 	 * encryption suite that will also inherit the parent's key. If
1096 	 * the parent is not encrypted we need an encryption suite provided.
1097 	 */
1098 	if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
1099 	    keyformat == ZFS_KEYFORMAT_NONE) {
1100 		ret = EINVAL;
1101 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1102 		    "Keyformat required for new encryption root."));
1103 		goto out;
1104 	}
1105 
1106 	/*
1107 	 * Specifying a keylocation implies this will be a new encryption root.
1108 	 * Check that a keyformat is also specified.
1109 	 */
1110 	if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
1111 		ret = EINVAL;
1112 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1113 		    "Keyformat required for new encryption root."));
1114 		goto out;
1115 	}
1116 
1117 	/* default to prompt if no keylocation is specified */
1118 	if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
1119 		keylocation = "prompt";
1120 		ret = nvlist_add_string(props,
1121 		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
1122 		if (ret != 0)
1123 			goto out;
1124 	}
1125 
1126 	/*
1127 	 * If a local key is provided, this dataset will be a new
1128 	 * encryption root. Populate the encryption params.
1129 	 */
1130 	if (keylocation != NULL) {
1131 		/*
1132 		 * 'zfs recv -o keylocation=prompt' won't work because stdin
1133 		 * is being used by the send stream, so we disallow it.
1134 		 */
1135 		if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
1136 			ret = EINVAL;
1137 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
1138 			    "'prompt' keylocation because stdin is in use."));
1139 			goto out;
1140 		}
1141 
1142 		ret = populate_create_encryption_params_nvlists(hdl, NULL,
1143 		    B_TRUE, keyformat, keylocation, props, &wkeydata,
1144 		    &wkeylen);
1145 		if (ret != 0)
1146 			goto out;
1147 	}
1148 
1149 	if (pzhp != NULL)
1150 		zfs_close(pzhp);
1151 
1152 	*wkeydata_out = wkeydata;
1153 	*wkeylen_out = wkeylen;
1154 	return (0);
1155 
1156 out:
1157 	if (pzhp != NULL)
1158 		zfs_close(pzhp);
1159 	if (wkeydata != NULL)
1160 		free(wkeydata);
1161 
1162 	*wkeydata_out = NULL;
1163 	*wkeylen_out = 0;
1164 	return (ret);
1165 }
1166 
1167 int
1168 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1169     char *parent_name, nvlist_t *props)
1170 {
1171 	char errbuf[1024];
1172 
1173 	(void) snprintf(errbuf, sizeof (errbuf),
1174 	    dgettext(TEXT_DOMAIN, "Encryption clone error"));
1175 
1176 	/*
1177 	 * No encryption properties should be specified. They will all be
1178 	 * inherited from the origin dataset.
1179 	 */
1180 	if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1181 	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1182 	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1183 	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1184 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1185 		    "Encryption properties must inherit from origin dataset."));
1186 		return (EINVAL);
1187 	}
1188 
1189 	return (0);
1190 }
1191 
1192 typedef struct loadkeys_cbdata {
1193 	uint64_t cb_numfailed;
1194 	uint64_t cb_numattempted;
1195 } loadkey_cbdata_t;
1196 
1197 static int
1198 load_keys_cb(zfs_handle_t *zhp, void *arg)
1199 {
1200 	int ret;
1201 	boolean_t is_encroot;
1202 	loadkey_cbdata_t *cb = arg;
1203 	uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1204 
1205 	/* only attempt to load keys for encryption roots */
1206 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1207 	if (ret != 0 || !is_encroot)
1208 		goto out;
1209 
1210 	/* don't attempt to load already loaded keys */
1211 	if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1212 		goto out;
1213 
1214 	/* Attempt to load the key. Record status in cb. */
1215 	cb->cb_numattempted++;
1216 
1217 	ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1218 	if (ret)
1219 		cb->cb_numfailed++;
1220 
1221 out:
1222 	(void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
1223 	zfs_close(zhp);
1224 
1225 	/* always return 0, since this function is best effort */
1226 	return (0);
1227 }
1228 
1229 /*
1230  * This function is best effort. It attempts to load all the keys for the given
1231  * filesystem and all of its children.
1232  */
1233 int
1234 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
1235 {
1236 	int ret;
1237 	zfs_handle_t *zhp = NULL;
1238 	loadkey_cbdata_t cb = { 0 };
1239 
1240 	zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1241 	if (zhp == NULL) {
1242 		ret = ENOENT;
1243 		goto error;
1244 	}
1245 
1246 	ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1247 	if (ret)
1248 		goto error;
1249 
1250 	(void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1251 	    (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1252 	    (u_longlong_t)cb.cb_numattempted);
1253 
1254 	if (cb.cb_numfailed != 0) {
1255 		ret = -1;
1256 		goto error;
1257 	}
1258 
1259 	zfs_close(zhp);
1260 	return (0);
1261 
1262 error:
1263 	if (zhp != NULL)
1264 		zfs_close(zhp);
1265 	return (ret);
1266 }
1267 
1268 int
1269 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
1270 {
1271 	int ret, attempts = 0;
1272 	char errbuf[1024];
1273 	uint64_t keystatus, iters = 0, salt = 0;
1274 	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1275 	char prop_keylocation[MAXNAMELEN];
1276 	char prop_encroot[MAXNAMELEN];
1277 	char *keylocation = NULL;
1278 	uint8_t *key_material = NULL, *key_data = NULL;
1279 	size_t key_material_len;
1280 	boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1281 
1282 	(void) snprintf(errbuf, sizeof (errbuf),
1283 	    dgettext(TEXT_DOMAIN, "Key load error"));
1284 
1285 	/* check that encryption is enabled for the pool */
1286 	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1287 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1288 		    "Encryption feature not enabled."));
1289 		ret = EINVAL;
1290 		goto error;
1291 	}
1292 
1293 	/* Fetch the keyformat. Check that the dataset is encrypted. */
1294 	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1295 	if (keyformat == ZFS_KEYFORMAT_NONE) {
1296 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1297 		    "'%s' is not encrypted."), zfs_get_name(zhp));
1298 		ret = EINVAL;
1299 		goto error;
1300 	}
1301 
1302 	/*
1303 	 * Fetch the key location. Check that we are working with an
1304 	 * encryption root.
1305 	 */
1306 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1307 	if (ret != 0) {
1308 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1309 		    "Failed to get encryption root for '%s'."),
1310 		    zfs_get_name(zhp));
1311 		goto error;
1312 	} else if (!is_encroot) {
1313 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1314 		    "Keys must be loaded for encryption root of '%s' (%s)."),
1315 		    zfs_get_name(zhp), prop_encroot);
1316 		ret = EINVAL;
1317 		goto error;
1318 	}
1319 
1320 	/*
1321 	 * if the caller has elected to override the keylocation property
1322 	 * use that instead
1323 	 */
1324 	if (alt_keylocation != NULL) {
1325 		keylocation = alt_keylocation;
1326 	} else {
1327 		ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1328 		    sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1329 		if (ret != 0) {
1330 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1331 			    "Failed to get keylocation for '%s'."),
1332 			    zfs_get_name(zhp));
1333 			goto error;
1334 		}
1335 
1336 		keylocation = prop_keylocation;
1337 	}
1338 
1339 	/* check that the key is unloaded unless this is a noop */
1340 	if (!noop) {
1341 		keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1342 		if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1343 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1344 			    "Key already loaded for '%s'."), zfs_get_name(zhp));
1345 			ret = EEXIST;
1346 			goto error;
1347 		}
1348 	}
1349 
1350 	/* passphrase formats require a salt and pbkdf2_iters property */
1351 	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1352 		salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1353 		iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1354 	}
1355 
1356 try_again:
1357 	/* fetching and deriving the key are correctable errors. set the flag */
1358 	correctible = B_TRUE;
1359 
1360 	/* get key material from key format and location */
1361 	ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1362 	    keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1363 	    &can_retry);
1364 	if (ret != 0)
1365 		goto error;
1366 
1367 	/* derive a key from the key material */
1368 	ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1369 	    key_material_len, salt, &key_data);
1370 	if (ret != 0)
1371 		goto error;
1372 
1373 	correctible = B_FALSE;
1374 
1375 	/* pass the wrapping key and noop flag to the ioctl */
1376 	ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1377 	if (ret != 0) {
1378 		switch (ret) {
1379 		case EPERM:
1380 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1381 			    "Permission denied."));
1382 			break;
1383 		case EINVAL:
1384 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1385 			    "Invalid parameters provided for dataset %s."),
1386 			    zfs_get_name(zhp));
1387 			break;
1388 		case EEXIST:
1389 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1390 			    "Key already loaded for '%s'."), zfs_get_name(zhp));
1391 			break;
1392 		case EBUSY:
1393 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1394 			    "'%s' is busy."), zfs_get_name(zhp));
1395 			break;
1396 		case EACCES:
1397 			correctible = B_TRUE;
1398 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1399 			    "Incorrect key provided for '%s'."),
1400 			    zfs_get_name(zhp));
1401 			break;
1402 		}
1403 		goto error;
1404 	}
1405 
1406 	free(key_material);
1407 	free(key_data);
1408 
1409 	return (0);
1410 
1411 error:
1412 	zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1413 	if (key_material != NULL) {
1414 		free(key_material);
1415 		key_material = NULL;
1416 	}
1417 	if (key_data != NULL) {
1418 		free(key_data);
1419 		key_data = NULL;
1420 	}
1421 
1422 	/*
1423 	 * Here we decide if it is ok to allow the user to retry entering their
1424 	 * key. The can_retry flag will be set if the user is entering their
1425 	 * key from an interactive prompt. The correctable flag will only be
1426 	 * set if an error that occurred could be corrected by retrying. Both
1427 	 * flags are needed to allow the user to attempt key entry again
1428 	 */
1429 	attempts++;
1430 	if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1431 		goto try_again;
1432 
1433 	return (ret);
1434 }
1435 
1436 int
1437 zfs_crypto_unload_key(zfs_handle_t *zhp)
1438 {
1439 	int ret;
1440 	char errbuf[1024];
1441 	char prop_encroot[MAXNAMELEN];
1442 	uint64_t keystatus, keyformat;
1443 	boolean_t is_encroot;
1444 
1445 	(void) snprintf(errbuf, sizeof (errbuf),
1446 	    dgettext(TEXT_DOMAIN, "Key unload error"));
1447 
1448 	/* check that encryption is enabled for the pool */
1449 	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1450 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1451 		    "Encryption feature not enabled."));
1452 		ret = EINVAL;
1453 		goto error;
1454 	}
1455 
1456 	/* Fetch the keyformat. Check that the dataset is encrypted. */
1457 	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1458 	if (keyformat == ZFS_KEYFORMAT_NONE) {
1459 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1460 		    "'%s' is not encrypted."), zfs_get_name(zhp));
1461 		ret = EINVAL;
1462 		goto error;
1463 	}
1464 
1465 	/*
1466 	 * Fetch the key location. Check that we are working with an
1467 	 * encryption root.
1468 	 */
1469 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1470 	if (ret != 0) {
1471 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1472 		    "Failed to get encryption root for '%s'."),
1473 		    zfs_get_name(zhp));
1474 		goto error;
1475 	} else if (!is_encroot) {
1476 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1477 		    "Keys must be unloaded for encryption root of '%s' (%s)."),
1478 		    zfs_get_name(zhp), prop_encroot);
1479 		ret = EINVAL;
1480 		goto error;
1481 	}
1482 
1483 	/* check that the key is loaded */
1484 	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1485 	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1486 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1487 		    "Key already unloaded for '%s'."), zfs_get_name(zhp));
1488 		ret = EACCES;
1489 		goto error;
1490 	}
1491 
1492 	/* call the ioctl */
1493 	ret = lzc_unload_key(zhp->zfs_name);
1494 
1495 	if (ret != 0) {
1496 		switch (ret) {
1497 		case EPERM:
1498 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1499 			    "Permission denied."));
1500 			break;
1501 		case EACCES:
1502 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1503 			    "Key already unloaded for '%s'."),
1504 			    zfs_get_name(zhp));
1505 			break;
1506 		case EBUSY:
1507 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1508 			    "'%s' is busy."), zfs_get_name(zhp));
1509 			break;
1510 		}
1511 		zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1512 	}
1513 
1514 	return (ret);
1515 
1516 error:
1517 	zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1518 	return (ret);
1519 }
1520 
1521 static int
1522 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1523     nvlist_t **props_out, char *errbuf)
1524 {
1525 	int ret;
1526 	nvpair_t *elem = NULL;
1527 	zfs_prop_t prop;
1528 	nvlist_t *new_props = NULL;
1529 
1530 	new_props = fnvlist_alloc();
1531 
1532 	/*
1533 	 * loop through all provided properties, we should only have
1534 	 * keyformat, keylocation and pbkdf2iters. The actual validation of
1535 	 * values is done by zfs_valid_proplist().
1536 	 */
1537 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1538 		const char *propname = nvpair_name(elem);
1539 		prop = zfs_name_to_prop(propname);
1540 
1541 		switch (prop) {
1542 		case ZFS_PROP_PBKDF2_ITERS:
1543 		case ZFS_PROP_KEYFORMAT:
1544 		case ZFS_PROP_KEYLOCATION:
1545 			break;
1546 		default:
1547 			ret = EINVAL;
1548 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1549 			    "Only keyformat, keylocation and pbkdf2iters may "
1550 			    "be set with this command."));
1551 			goto error;
1552 		}
1553 	}
1554 
1555 	new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1556 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1557 	    B_TRUE, errbuf);
1558 	if (new_props == NULL) {
1559 		ret = EINVAL;
1560 		goto error;
1561 	}
1562 
1563 	*props_out = new_props;
1564 	return (0);
1565 
1566 error:
1567 	nvlist_free(new_props);
1568 	*props_out = NULL;
1569 	return (ret);
1570 }
1571 
1572 int
1573 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1574 {
1575 	int ret;
1576 	char errbuf[1024];
1577 	boolean_t is_encroot;
1578 	nvlist_t *props = NULL;
1579 	uint8_t *wkeydata = NULL;
1580 	uint_t wkeylen = 0;
1581 	dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1582 	uint64_t crypt, pcrypt, keystatus, pkeystatus;
1583 	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1584 	zfs_handle_t *pzhp = NULL;
1585 	char *keylocation = NULL;
1586 	char origin_name[MAXNAMELEN];
1587 	char prop_keylocation[MAXNAMELEN];
1588 	char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1589 
1590 	(void) snprintf(errbuf, sizeof (errbuf),
1591 	    dgettext(TEXT_DOMAIN, "Key change error"));
1592 
1593 	/* check that encryption is enabled for the pool */
1594 	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1595 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1596 		    "Encryption feature not enabled."));
1597 		ret = EINVAL;
1598 		goto error;
1599 	}
1600 
1601 	/* get crypt from dataset */
1602 	crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1603 	if (crypt == ZIO_CRYPT_OFF) {
1604 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1605 		    "Dataset not encrypted."));
1606 		ret = EINVAL;
1607 		goto error;
1608 	}
1609 
1610 	/* get the encryption root of the dataset */
1611 	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1612 	if (ret != 0) {
1613 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1614 		    "Failed to get encryption root for '%s'."),
1615 		    zfs_get_name(zhp));
1616 		goto error;
1617 	}
1618 
1619 	/* Clones use their origin's key and cannot rewrap it */
1620 	ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1621 	    sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1622 	if (ret == 0 && strcmp(origin_name, "") != 0) {
1623 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1624 		    "Keys cannot be changed on clones."));
1625 		ret = EINVAL;
1626 		goto error;
1627 	}
1628 
1629 	/*
1630 	 * If the user wants to use the inheritkey variant of this function
1631 	 * we don't need to collect any crypto arguments.
1632 	 */
1633 	if (!inheritkey) {
1634 		/* validate the provided properties */
1635 		ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1636 		    errbuf);
1637 		if (ret != 0)
1638 			goto error;
1639 
1640 		/*
1641 		 * Load keyformat and keylocation from the nvlist. Fetch from
1642 		 * the dataset properties if not specified.
1643 		 */
1644 		(void) nvlist_lookup_uint64(props,
1645 		    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1646 		(void) nvlist_lookup_string(props,
1647 		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1648 
1649 		if (is_encroot) {
1650 			/*
1651 			 * If this is already an encryption root, just keep
1652 			 * any properties not set by the user.
1653 			 */
1654 			if (keyformat == ZFS_KEYFORMAT_NONE) {
1655 				keyformat = zfs_prop_get_int(zhp,
1656 				    ZFS_PROP_KEYFORMAT);
1657 				ret = nvlist_add_uint64(props,
1658 				    zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1659 				    keyformat);
1660 				if (ret != 0) {
1661 					zfs_error_aux(zhp->zfs_hdl,
1662 					    dgettext(TEXT_DOMAIN, "Failed to "
1663 					    "get existing keyformat "
1664 					    "property."));
1665 					goto error;
1666 				}
1667 			}
1668 
1669 			if (keylocation == NULL) {
1670 				ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1671 				    prop_keylocation, sizeof (prop_keylocation),
1672 				    NULL, NULL, 0, B_TRUE);
1673 				if (ret != 0) {
1674 					zfs_error_aux(zhp->zfs_hdl,
1675 					    dgettext(TEXT_DOMAIN, "Failed to "
1676 					    "get existing keylocation "
1677 					    "property."));
1678 					goto error;
1679 				}
1680 
1681 				keylocation = prop_keylocation;
1682 			}
1683 		} else {
1684 			/* need a new key for non-encryption roots */
1685 			if (keyformat == ZFS_KEYFORMAT_NONE) {
1686 				ret = EINVAL;
1687 				zfs_error_aux(zhp->zfs_hdl,
1688 				    dgettext(TEXT_DOMAIN, "Keyformat required "
1689 				    "for new encryption root."));
1690 				goto error;
1691 			}
1692 
1693 			/* default to prompt if no keylocation is specified */
1694 			if (keylocation == NULL) {
1695 				keylocation = "prompt";
1696 				ret = nvlist_add_string(props,
1697 				    zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1698 				    keylocation);
1699 				if (ret != 0)
1700 					goto error;
1701 			}
1702 		}
1703 
1704 		/* fetch the new wrapping key and associated properties */
1705 		ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1706 		    zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1707 		    &wkeylen);
1708 		if (ret != 0)
1709 			goto error;
1710 	} else {
1711 		/* check that zhp is an encryption root */
1712 		if (!is_encroot) {
1713 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1714 			    "Key inheritting can only be performed on "
1715 			    "encryption roots."));
1716 			ret = EINVAL;
1717 			goto error;
1718 		}
1719 
1720 		/* get the parent's name */
1721 		ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1722 		if (ret != 0) {
1723 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1724 			    "Root dataset cannot inherit key."));
1725 			ret = EINVAL;
1726 			goto error;
1727 		}
1728 
1729 		/* get a handle to the parent */
1730 		pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1731 		if (pzhp == NULL) {
1732 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1733 			    "Failed to lookup parent."));
1734 			ret = ENOENT;
1735 			goto error;
1736 		}
1737 
1738 		/* parent must be encrypted */
1739 		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1740 		if (pcrypt == ZIO_CRYPT_OFF) {
1741 			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1742 			    "Parent must be encrypted."));
1743 			ret = EINVAL;
1744 			goto error;
1745 		}
1746 
1747 		/* check that the parent's key is loaded */
1748 		pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1749 		if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1750 			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1751 			    "Parent key must be loaded."));
1752 			ret = EACCES;
1753 			goto error;
1754 		}
1755 	}
1756 
1757 	/* check that the key is loaded */
1758 	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1759 	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1760 		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1761 		    "Key must be loaded."));
1762 		ret = EACCES;
1763 		goto error;
1764 	}
1765 
1766 	/* call the ioctl */
1767 	ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1768 	if (ret != 0) {
1769 		switch (ret) {
1770 		case EPERM:
1771 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1772 			    "Permission denied."));
1773 			break;
1774 		case EINVAL:
1775 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1776 			    "Invalid properties for key change."));
1777 			break;
1778 		case EACCES:
1779 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1780 			    "Key is not currently loaded."));
1781 			break;
1782 		}
1783 		zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1784 	}
1785 
1786 	if (pzhp != NULL)
1787 		zfs_close(pzhp);
1788 	if (props != NULL)
1789 		nvlist_free(props);
1790 	if (wkeydata != NULL)
1791 		free(wkeydata);
1792 
1793 	return (ret);
1794 
1795 error:
1796 	if (pzhp != NULL)
1797 		zfs_close(pzhp);
1798 	if (props != NULL)
1799 		nvlist_free(props);
1800 	if (wkeydata != NULL)
1801 		free(wkeydata);
1802 
1803 	zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1804 	return (ret);
1805 }
1806