1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * This file and its contents are supplied under the terms of the 6 * Common Development and Distribution License ("CDDL"), version 1.0. 7 * You may only use this file in accordance with the terms of version 8 * 1.0 of the CDDL. 9 * 10 * A full copy of the text of the CDDL should have accompanied this 11 * source. A copy of the CDDL is also available via the Internet at 12 * http://www.illumos.org/license/CDDL. 13 * 14 * CDDL HEADER END 15 */ 16 17 /* 18 * Copyright (c) 2017, Datto, Inc. All rights reserved. 19 * Copyright 2020 Joyent, Inc. 20 */ 21 22 #include <sys/fs/zfs.h> 23 #include <sys/dsl_crypt.h> 24 #include <libintl.h> 25 #include <termios.h> 26 #include <signal.h> 27 #include <errno.h> 28 #include <openssl/evp.h> 29 #if LIBFETCH_DYNAMIC 30 #include <dlfcn.h> 31 #endif 32 #if LIBFETCH_IS_FETCH 33 #include <sys/param.h> 34 #include <stdio.h> 35 #include <fetch.h> 36 #elif LIBFETCH_IS_LIBCURL 37 #include <curl/curl.h> 38 #endif 39 #include <libzfs.h> 40 #include <libzutil.h> 41 #include "libzfs_impl.h" 42 #include "zfeature_common.h" 43 44 /* 45 * User keys are used to decrypt the master encryption keys of a dataset. This 46 * indirection allows a user to change his / her access key without having to 47 * re-encrypt the entire dataset. User keys can be provided in one of several 48 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys 49 * are converted to binary and passed into the kernel. Password based keys are 50 * a bit more complicated. Passwords alone do not provide suitable entropy for 51 * encryption and may be too short or too long to be used. In order to derive 52 * a more appropriate key we use a PBKDF2 function. This function is designed 53 * to take a (relatively) long time to calculate in order to discourage 54 * attackers from guessing from a list of common passwords. PBKDF2 requires 55 * 2 additional parameters. The first is the number of iterations to run, which 56 * will ultimately determine how long it takes to derive the resulting key from 57 * the password. The second parameter is a salt that is randomly generated for 58 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of 59 * attackers cannot reasonably generate a table of commonly known passwords to 60 * their output keys and expect it work for all past and future PBKDF2 users. 61 * We store the salt as a hidden property of the dataset (although it is 62 * technically ok if the salt is known to the attacker). 63 */ 64 65 #define MIN_PASSPHRASE_LEN 8 66 #define MAX_PASSPHRASE_LEN 512 67 #define MAX_KEY_PROMPT_ATTEMPTS 3 68 69 static int caught_interrupt; 70 71 static int get_key_material_file(libzfs_handle_t *, const char *, const char *, 72 zfs_keyformat_t, boolean_t, uint8_t **, size_t *); 73 static int get_key_material_https(libzfs_handle_t *, const char *, const char *, 74 zfs_keyformat_t, boolean_t, uint8_t **, size_t *); 75 76 static zfs_uri_handler_t uri_handlers[] = { 77 { "file", get_key_material_file }, 78 { "https", get_key_material_https }, 79 { "http", get_key_material_https }, 80 { NULL, NULL } 81 }; 82 83 static int 84 pkcs11_get_urandom(uint8_t *buf, size_t bytes) 85 { 86 int rand; 87 ssize_t bytes_read = 0; 88 89 rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC); 90 91 if (rand < 0) 92 return (rand); 93 94 while (bytes_read < bytes) { 95 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read); 96 if (rc < 0) 97 break; 98 bytes_read += rc; 99 } 100 101 (void) close(rand); 102 103 return (bytes_read); 104 } 105 106 static int 107 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str, 108 zfs_keylocation_t *restrict locp, char **restrict schemep) 109 { 110 *locp = ZFS_KEYLOCATION_NONE; 111 *schemep = NULL; 112 113 if (strcmp("prompt", str) == 0) { 114 *locp = ZFS_KEYLOCATION_PROMPT; 115 return (0); 116 } 117 118 regmatch_t pmatch[2]; 119 120 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch), 121 pmatch, 0) == 0) { 122 size_t scheme_len; 123 124 if (pmatch[1].rm_so == -1) { 125 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 126 "Invalid URI")); 127 return (EINVAL); 128 } 129 130 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so; 131 132 *schemep = calloc(1, scheme_len + 1); 133 if (*schemep == NULL) { 134 int ret = errno; 135 136 errno = 0; 137 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 138 "Invalid URI")); 139 return (ret); 140 } 141 142 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len); 143 *locp = ZFS_KEYLOCATION_URI; 144 return (0); 145 } 146 147 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation")); 148 return (EINVAL); 149 } 150 151 static int 152 hex_key_to_raw(char *hex, int hexlen, uint8_t *out) 153 { 154 int ret, i; 155 unsigned int c; 156 157 for (i = 0; i < hexlen; i += 2) { 158 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) { 159 ret = EINVAL; 160 goto error; 161 } 162 163 ret = sscanf(&hex[i], "%02x", &c); 164 if (ret != 1) { 165 ret = EINVAL; 166 goto error; 167 } 168 169 out[i / 2] = c; 170 } 171 172 return (0); 173 174 error: 175 return (ret); 176 } 177 178 179 static void 180 catch_signal(int sig) 181 { 182 caught_interrupt = sig; 183 } 184 185 static const char * 186 get_format_prompt_string(zfs_keyformat_t format) 187 { 188 switch (format) { 189 case ZFS_KEYFORMAT_RAW: 190 return ("raw key"); 191 case ZFS_KEYFORMAT_HEX: 192 return ("hex key"); 193 case ZFS_KEYFORMAT_PASSPHRASE: 194 return ("passphrase"); 195 default: 196 /* shouldn't happen */ 197 return (NULL); 198 } 199 } 200 201 /* do basic validation of the key material */ 202 static int 203 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat, 204 const char *key, size_t keylen, boolean_t do_verify) 205 { 206 switch (keyformat) { 207 case ZFS_KEYFORMAT_RAW: 208 /* verify the key length is correct */ 209 if (keylen < WRAPPING_KEY_LEN) { 210 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 211 "Raw key too short (expected %u)."), 212 WRAPPING_KEY_LEN); 213 return (EINVAL); 214 } 215 216 if (keylen > WRAPPING_KEY_LEN) { 217 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 218 "Raw key too long (expected %u)."), 219 WRAPPING_KEY_LEN); 220 return (EINVAL); 221 } 222 break; 223 case ZFS_KEYFORMAT_HEX: 224 /* verify the key length is correct */ 225 if (keylen < WRAPPING_KEY_LEN * 2) { 226 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 227 "Hex key too short (expected %u)."), 228 WRAPPING_KEY_LEN * 2); 229 return (EINVAL); 230 } 231 232 if (keylen > WRAPPING_KEY_LEN * 2) { 233 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 234 "Hex key too long (expected %u)."), 235 WRAPPING_KEY_LEN * 2); 236 return (EINVAL); 237 } 238 239 /* check for invalid hex digits */ 240 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) { 241 if (!isxdigit(key[i])) { 242 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 243 "Invalid hex character detected.")); 244 return (EINVAL); 245 } 246 } 247 break; 248 case ZFS_KEYFORMAT_PASSPHRASE: 249 /* 250 * Verify the length is within bounds when setting a new key, 251 * but not when loading an existing key. 252 */ 253 if (!do_verify) 254 break; 255 if (keylen > MAX_PASSPHRASE_LEN) { 256 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 257 "Passphrase too long (max %u)."), 258 MAX_PASSPHRASE_LEN); 259 return (EINVAL); 260 } 261 262 if (keylen < MIN_PASSPHRASE_LEN) { 263 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 264 "Passphrase too short (min %u)."), 265 MIN_PASSPHRASE_LEN); 266 return (EINVAL); 267 } 268 break; 269 default: 270 /* can't happen, checked above */ 271 break; 272 } 273 274 return (0); 275 } 276 277 static int 278 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter, 279 boolean_t new_key, const char *fsname, 280 char **restrict res, size_t *restrict reslen) 281 { 282 FILE *f = stdin; 283 size_t buflen = 0; 284 ssize_t bytes; 285 int ret = 0; 286 struct termios old_term, new_term; 287 struct sigaction act, osigint, osigtstp; 288 289 *res = NULL; 290 *reslen = 0; 291 292 /* 293 * handle SIGINT and ignore SIGSTP. This is necessary to 294 * restore the state of the terminal. 295 */ 296 caught_interrupt = 0; 297 act.sa_flags = 0; 298 (void) sigemptyset(&act.sa_mask); 299 act.sa_handler = catch_signal; 300 301 (void) sigaction(SIGINT, &act, &osigint); 302 act.sa_handler = SIG_IGN; 303 (void) sigaction(SIGTSTP, &act, &osigtstp); 304 305 (void) printf("%s %s%s", 306 is_reenter ? "Re-enter" : "Enter", 307 new_key ? "new " : "", 308 get_format_prompt_string(keyformat)); 309 if (fsname != NULL) 310 (void) printf(" for '%s'", fsname); 311 (void) fputc(':', stdout); 312 (void) fflush(stdout); 313 314 /* disable the terminal echo for key input */ 315 (void) tcgetattr(fileno(f), &old_term); 316 317 new_term = old_term; 318 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); 319 320 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term); 321 if (ret != 0) { 322 ret = errno; 323 errno = 0; 324 goto out; 325 } 326 327 bytes = getline(res, &buflen, f); 328 if (bytes < 0) { 329 ret = errno; 330 errno = 0; 331 goto out; 332 } 333 334 /* trim the ending newline if it exists */ 335 if (bytes > 0 && (*res)[bytes - 1] == '\n') { 336 (*res)[bytes - 1] = '\0'; 337 bytes--; 338 } 339 340 *reslen = bytes; 341 342 out: 343 /* reset the terminal */ 344 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term); 345 (void) sigaction(SIGINT, &osigint, NULL); 346 (void) sigaction(SIGTSTP, &osigtstp, NULL); 347 348 /* if we caught a signal, re-throw it now */ 349 if (caught_interrupt != 0) 350 (void) kill(getpid(), caught_interrupt); 351 352 /* print the newline that was not echo'd */ 353 (void) printf("\n"); 354 355 return (ret); 356 } 357 358 static int 359 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname, 360 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey, 361 uint8_t **restrict outbuf, size_t *restrict len_out) 362 { 363 char *buf = NULL, *buf2 = NULL; 364 size_t buflen = 0, buf2len = 0; 365 int ret = 0; 366 367 ASSERT(isatty(fileno(stdin))); 368 369 /* raw keys cannot be entered on the terminal */ 370 if (keyformat == ZFS_KEYFORMAT_RAW) { 371 ret = EINVAL; 372 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 373 "Cannot enter raw keys on the terminal")); 374 goto out; 375 } 376 377 /* prompt for the key */ 378 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname, 379 &buf, &buflen)) != 0) { 380 free(buf); 381 buf = NULL; 382 buflen = 0; 383 goto out; 384 } 385 386 if (!confirm_key) 387 goto out; 388 389 if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) != 390 0) { 391 free(buf); 392 return (ret); 393 } 394 395 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2, 396 &buf2len); 397 if (ret != 0) { 398 free(buf); 399 free(buf2); 400 buf = buf2 = NULL; 401 buflen = buf2len = 0; 402 goto out; 403 } 404 405 if (buflen != buf2len || strcmp(buf, buf2) != 0) { 406 free(buf); 407 buf = NULL; 408 buflen = 0; 409 410 ret = EINVAL; 411 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 412 "Provided keys do not match.")); 413 } 414 415 free(buf2); 416 417 out: 418 *outbuf = (uint8_t *)buf; 419 *len_out = buflen; 420 return (ret); 421 } 422 423 static int 424 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat, 425 uint8_t **buf, size_t *len_out) 426 { 427 int ret = 0; 428 size_t buflen = 0; 429 430 *len_out = 0; 431 432 /* read the key material */ 433 if (keyformat != ZFS_KEYFORMAT_RAW) { 434 ssize_t bytes; 435 436 bytes = getline((char **)buf, &buflen, fd); 437 if (bytes < 0) { 438 ret = errno; 439 errno = 0; 440 goto out; 441 } 442 443 /* trim the ending newline if it exists */ 444 if (bytes > 0 && (*buf)[bytes - 1] == '\n') { 445 (*buf)[bytes - 1] = '\0'; 446 bytes--; 447 } 448 449 *len_out = bytes; 450 } else { 451 size_t n; 452 453 /* 454 * Raw keys may have newline characters in them and so can't 455 * use getline(). Here we attempt to read 33 bytes so that we 456 * can properly check the key length (the file should only have 457 * 32 bytes). 458 */ 459 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t)); 460 if (*buf == NULL) { 461 ret = ENOMEM; 462 goto out; 463 } 464 465 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd); 466 if (n == 0 || ferror(fd)) { 467 /* size errors are handled by the calling function */ 468 free(*buf); 469 *buf = NULL; 470 ret = errno; 471 errno = 0; 472 goto out; 473 } 474 475 *len_out = n; 476 } 477 out: 478 return (ret); 479 } 480 481 static int 482 get_key_material_file(libzfs_handle_t *hdl, const char *uri, 483 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey, 484 uint8_t **restrict buf, size_t *restrict len_out) 485 { 486 (void) fsname, (void) newkey; 487 FILE *f = NULL; 488 int ret = 0; 489 490 if (strlen(uri) < 7) 491 return (EINVAL); 492 493 if ((f = fopen(uri + 7, "re")) == NULL) { 494 ret = errno; 495 errno = 0; 496 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 497 "Failed to open key material file: %s"), zfs_strerror(ret)); 498 return (ret); 499 } 500 501 ret = get_key_material_raw(f, keyformat, buf, len_out); 502 503 (void) fclose(f); 504 505 return (ret); 506 } 507 508 static int 509 get_key_material_https(libzfs_handle_t *hdl, const char *uri, 510 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey, 511 uint8_t **restrict buf, size_t *restrict len_out) 512 { 513 (void) fsname, (void) newkey; 514 int ret = 0; 515 FILE *key = NULL; 516 boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0; 517 518 if (strlen(uri) < (is_http ? 7 : 8)) { 519 ret = EINVAL; 520 goto end; 521 } 522 523 #if LIBFETCH_DYNAMIC 524 #define LOAD_FUNCTION(func) \ 525 __typeof__(func) *func = dlsym(hdl->libfetch, #func); 526 527 if (hdl->libfetch == NULL) 528 hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY); 529 530 if (hdl->libfetch == NULL) { 531 hdl->libfetch = (void *)-1; 532 char *err = dlerror(); 533 if (err) 534 hdl->libfetch_load_error = strdup(err); 535 } 536 537 if (hdl->libfetch == (void *)-1) { 538 ret = ENOSYS; 539 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 540 "Couldn't load %s: %s"), 541 LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)"); 542 goto end; 543 } 544 545 boolean_t ok; 546 #if LIBFETCH_IS_FETCH 547 LOAD_FUNCTION(fetchGetURL); 548 char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString"); 549 550 ok = fetchGetURL && fetchLastErrString; 551 #elif LIBFETCH_IS_LIBCURL 552 LOAD_FUNCTION(curl_easy_init); 553 LOAD_FUNCTION(curl_easy_setopt); 554 LOAD_FUNCTION(curl_easy_perform); 555 LOAD_FUNCTION(curl_easy_cleanup); 556 LOAD_FUNCTION(curl_easy_strerror); 557 LOAD_FUNCTION(curl_easy_getinfo); 558 559 ok = curl_easy_init && curl_easy_setopt && curl_easy_perform && 560 curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo; 561 #endif 562 if (!ok) { 563 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 564 "keylocation=%s back-end %s missing symbols."), 565 is_http ? "http://" : "https://", LIBFETCH_SONAME); 566 ret = ENOSYS; 567 goto end; 568 } 569 #endif 570 571 #if LIBFETCH_IS_FETCH 572 key = fetchGetURL(uri, ""); 573 if (key == NULL) { 574 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 575 "Couldn't GET %s: %s"), 576 uri, fetchLastErrString); 577 ret = ENETDOWN; 578 } 579 #elif LIBFETCH_IS_LIBCURL 580 CURL *curl = curl_easy_init(); 581 if (curl == NULL) { 582 ret = ENOTSUP; 583 goto end; 584 } 585 586 int kfd; 587 #ifdef O_TMPFILE 588 kfd = open(getenv("TMPDIR") ?: "/tmp", 589 O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600); 590 if (kfd != -1) 591 goto kfdok; 592 #endif 593 594 char *path; 595 if (asprintf(&path, 596 "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) { 597 ret = ENOMEM; 598 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"), 599 zfs_strerror(ret)); 600 goto end; 601 } 602 603 kfd = mkostemps(path, strlen(".https"), O_CLOEXEC); 604 if (kfd == -1) { 605 ret = errno; 606 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 607 "Couldn't create temporary file %s: %s"), 608 path, zfs_strerror(ret)); 609 free(path); 610 goto end; 611 } 612 (void) unlink(path); 613 free(path); 614 615 #ifdef O_TMPFILE 616 kfdok: 617 #endif 618 if ((key = fdopen(kfd, "r+")) == NULL) { 619 ret = errno; 620 (void) close(kfd); 621 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 622 "Couldn't reopen temporary file: %s"), zfs_strerror(ret)); 623 goto end; 624 } 625 626 char errbuf[CURL_ERROR_SIZE] = ""; 627 char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */ 628 char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */ 629 char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */ 630 char *clkey = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */ 631 (void) curl_easy_setopt(curl, CURLOPT_URL, uri); 632 (void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); 633 (void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L); 634 (void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key); 635 (void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf); 636 if (cainfo != NULL) 637 (void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); 638 if (capath != NULL) 639 (void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath); 640 if (clcert != NULL) 641 (void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert); 642 if (clkey != NULL) 643 (void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey); 644 645 CURLcode res = curl_easy_perform(curl); 646 647 if (res != CURLE_OK) { 648 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 649 "Failed to connect to %s: %s"), 650 uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res)); 651 ret = ENETDOWN; 652 } else { 653 long resp = 200; 654 (void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp); 655 656 if (resp < 200 || resp >= 300) { 657 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 658 "Couldn't GET %s: %ld"), 659 uri, resp); 660 ret = ENOENT; 661 } else 662 rewind(key); 663 } 664 665 curl_easy_cleanup(curl); 666 #else 667 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 668 "No keylocation=%s back-end."), is_http ? "http://" : "https://"); 669 ret = ENOSYS; 670 #endif 671 672 end: 673 if (ret == 0) 674 ret = get_key_material_raw(key, keyformat, buf, len_out); 675 676 if (key != NULL) 677 fclose(key); 678 679 return (ret); 680 } 681 682 /* 683 * Attempts to fetch key material, no matter where it might live. The key 684 * material is allocated and returned in km_out. *can_retry_out will be set 685 * to B_TRUE if the user is providing the key material interactively, allowing 686 * for re-entry attempts. 687 */ 688 static int 689 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey, 690 zfs_keyformat_t keyformat, const char *keylocation, const char *fsname, 691 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out) 692 { 693 int ret; 694 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE; 695 uint8_t *km = NULL; 696 size_t kmlen = 0; 697 char *uri_scheme = NULL; 698 zfs_uri_handler_t *handler = NULL; 699 boolean_t can_retry = B_FALSE; 700 701 /* verify and parse the keylocation */ 702 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc, 703 &uri_scheme); 704 if (ret != 0) 705 goto error; 706 707 /* open the appropriate file descriptor */ 708 switch (keyloc) { 709 case ZFS_KEYLOCATION_PROMPT: 710 if (isatty(fileno(stdin))) { 711 can_retry = keyformat != ZFS_KEYFORMAT_RAW; 712 ret = get_key_interactive(hdl, fsname, keyformat, 713 do_verify, newkey, &km, &kmlen); 714 } else { 715 /* fetch the key material into the buffer */ 716 ret = get_key_material_raw(stdin, keyformat, &km, 717 &kmlen); 718 } 719 720 if (ret != 0) 721 goto error; 722 723 break; 724 case ZFS_KEYLOCATION_URI: 725 ret = ENOTSUP; 726 727 for (handler = uri_handlers; handler->zuh_scheme != NULL; 728 handler++) { 729 if (strcmp(handler->zuh_scheme, uri_scheme) != 0) 730 continue; 731 732 if ((ret = handler->zuh_handler(hdl, keylocation, 733 fsname, keyformat, newkey, &km, &kmlen)) != 0) 734 goto error; 735 736 break; 737 } 738 739 if (ret == ENOTSUP) { 740 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 741 "URI scheme is not supported")); 742 goto error; 743 } 744 745 break; 746 default: 747 ret = EINVAL; 748 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 749 "Invalid keylocation.")); 750 goto error; 751 } 752 753 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen, 754 do_verify)) != 0) 755 goto error; 756 757 *km_out = km; 758 *kmlen_out = kmlen; 759 if (can_retry_out != NULL) 760 *can_retry_out = can_retry; 761 762 free(uri_scheme); 763 return (0); 764 765 error: 766 free(km); 767 768 *km_out = NULL; 769 *kmlen_out = 0; 770 771 if (can_retry_out != NULL) 772 *can_retry_out = can_retry; 773 774 free(uri_scheme); 775 return (ret); 776 } 777 778 static int 779 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters, 780 uint8_t *key_material, uint64_t salt, 781 uint8_t **key_out) 782 { 783 int ret; 784 uint8_t *key; 785 786 *key_out = NULL; 787 788 key = zfs_alloc(hdl, WRAPPING_KEY_LEN); 789 790 switch (format) { 791 case ZFS_KEYFORMAT_RAW: 792 memcpy(key, key_material, WRAPPING_KEY_LEN); 793 break; 794 case ZFS_KEYFORMAT_HEX: 795 ret = hex_key_to_raw((char *)key_material, 796 WRAPPING_KEY_LEN * 2, key); 797 if (ret != 0) { 798 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 799 "Invalid hex key provided.")); 800 goto error; 801 } 802 break; 803 case ZFS_KEYFORMAT_PASSPHRASE: 804 salt = LE_64(salt); 805 806 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material, 807 strlen((char *)key_material), ((uint8_t *)&salt), 808 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key); 809 if (ret != 1) { 810 ret = EIO; 811 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 812 "Failed to generate key from passphrase.")); 813 goto error; 814 } 815 break; 816 default: 817 ret = EINVAL; 818 goto error; 819 } 820 821 *key_out = key; 822 return (0); 823 824 error: 825 free(key); 826 827 *key_out = NULL; 828 return (ret); 829 } 830 831 static boolean_t 832 encryption_feature_is_enabled(zpool_handle_t *zph) 833 { 834 nvlist_t *features; 835 uint64_t feat_refcount; 836 837 /* check that features can be enabled */ 838 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL) 839 < SPA_VERSION_FEATURES) 840 return (B_FALSE); 841 842 /* check for crypto feature */ 843 features = zpool_get_features(zph); 844 if (!features || nvlist_lookup_uint64(features, 845 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid, 846 &feat_refcount) != 0) 847 return (B_FALSE); 848 849 return (B_TRUE); 850 } 851 852 static int 853 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl, 854 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat, 855 const char *keylocation, nvlist_t *props, uint8_t **wkeydata, 856 uint_t *wkeylen) 857 { 858 int ret; 859 uint64_t iters = 0, salt = 0; 860 uint8_t *key_material = NULL; 861 size_t key_material_len = 0; 862 uint8_t *key_data = NULL; 863 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL; 864 865 /* get key material from keyformat and keylocation */ 866 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation, 867 fsname, &key_material, &key_material_len, NULL); 868 if (ret != 0) 869 goto error; 870 871 /* passphrase formats require a salt and pbkdf2 iters property */ 872 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) { 873 /* always generate a new salt */ 874 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t)); 875 if (ret != sizeof (uint64_t)) { 876 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 877 "Failed to generate salt.")); 878 goto error; 879 } 880 881 ret = nvlist_add_uint64(props, 882 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt); 883 if (ret != 0) { 884 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 885 "Failed to add salt to properties.")); 886 goto error; 887 } 888 889 /* 890 * If not otherwise specified, use the default number of 891 * pbkdf2 iterations. If specified, we have already checked 892 * that the given value is greater than MIN_PBKDF2_ITERATIONS 893 * during zfs_valid_proplist(). 894 */ 895 ret = nvlist_lookup_uint64(props, 896 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters); 897 if (ret == ENOENT) { 898 iters = DEFAULT_PBKDF2_ITERATIONS; 899 ret = nvlist_add_uint64(props, 900 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters); 901 if (ret != 0) 902 goto error; 903 } else if (ret != 0) { 904 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 905 "Failed to get pbkdf2 iterations.")); 906 goto error; 907 } 908 } else { 909 /* check that pbkdf2iters was not specified by the user */ 910 ret = nvlist_lookup_uint64(props, 911 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters); 912 if (ret == 0) { 913 ret = EINVAL; 914 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 915 "Cannot specify pbkdf2iters with a non-passphrase " 916 "keyformat.")); 917 goto error; 918 } 919 } 920 921 /* derive a key from the key material */ 922 ret = derive_key(hdl, keyformat, iters, key_material, salt, &key_data); 923 if (ret != 0) 924 goto error; 925 926 free(key_material); 927 928 *wkeydata = key_data; 929 *wkeylen = WRAPPING_KEY_LEN; 930 return (0); 931 932 error: 933 if (key_material != NULL) 934 free(key_material); 935 if (key_data != NULL) 936 free(key_data); 937 938 *wkeydata = NULL; 939 *wkeylen = 0; 940 return (ret); 941 } 942 943 static boolean_t 944 proplist_has_encryption_props(nvlist_t *props) 945 { 946 int ret; 947 uint64_t intval; 948 const char *strval; 949 950 ret = nvlist_lookup_uint64(props, 951 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval); 952 if (ret == 0 && intval != ZIO_CRYPT_OFF) 953 return (B_TRUE); 954 955 ret = nvlist_lookup_string(props, 956 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval); 957 if (ret == 0 && strcmp(strval, "none") != 0) 958 return (B_TRUE); 959 960 ret = nvlist_lookup_uint64(props, 961 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval); 962 if (ret == 0) 963 return (B_TRUE); 964 965 ret = nvlist_lookup_uint64(props, 966 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval); 967 if (ret == 0) 968 return (B_TRUE); 969 970 return (B_FALSE); 971 } 972 973 int 974 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot, 975 char *buf) 976 { 977 int ret; 978 char prop_encroot[MAXNAMELEN]; 979 980 /* if the dataset isn't encrypted, just return */ 981 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) { 982 *is_encroot = B_FALSE; 983 if (buf != NULL) 984 buf[0] = '\0'; 985 return (0); 986 } 987 988 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot, 989 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE); 990 if (ret != 0) { 991 *is_encroot = B_FALSE; 992 if (buf != NULL) 993 buf[0] = '\0'; 994 return (ret); 995 } 996 997 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0; 998 if (buf != NULL) 999 strcpy(buf, prop_encroot); 1000 1001 return (0); 1002 } 1003 1004 int 1005 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props, 1006 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out, 1007 uint_t *wkeylen_out) 1008 { 1009 int ret; 1010 char errbuf[ERRBUFLEN]; 1011 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT; 1012 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1013 const char *keylocation = NULL; 1014 zfs_handle_t *pzhp = NULL; 1015 uint8_t *wkeydata = NULL; 1016 uint_t wkeylen = 0; 1017 boolean_t local_crypt = B_TRUE; 1018 1019 (void) snprintf(errbuf, sizeof (errbuf), 1020 dgettext(TEXT_DOMAIN, "Encryption create error")); 1021 1022 /* lookup crypt from props */ 1023 ret = nvlist_lookup_uint64(props, 1024 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt); 1025 if (ret != 0) 1026 local_crypt = B_FALSE; 1027 1028 /* lookup key location and format from props */ 1029 (void) nvlist_lookup_uint64(props, 1030 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat); 1031 (void) nvlist_lookup_string(props, 1032 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 1033 1034 if (parent_name != NULL) { 1035 /* get a reference to parent dataset */ 1036 pzhp = make_dataset_handle(hdl, parent_name); 1037 if (pzhp == NULL) { 1038 ret = ENOENT; 1039 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1040 "Failed to lookup parent.")); 1041 goto out; 1042 } 1043 1044 /* Lookup parent's crypt */ 1045 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION); 1046 1047 /* Params require the encryption feature */ 1048 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) { 1049 if (proplist_has_encryption_props(props)) { 1050 ret = EINVAL; 1051 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1052 "Encryption feature not enabled.")); 1053 goto out; 1054 } 1055 1056 ret = 0; 1057 goto out; 1058 } 1059 } else { 1060 /* 1061 * special case for root dataset where encryption feature 1062 * feature won't be on disk yet 1063 */ 1064 if (!nvlist_exists(pool_props, "feature@encryption")) { 1065 if (proplist_has_encryption_props(props)) { 1066 ret = EINVAL; 1067 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1068 "Encryption feature not enabled.")); 1069 goto out; 1070 } 1071 1072 ret = 0; 1073 goto out; 1074 } 1075 1076 pcrypt = ZIO_CRYPT_OFF; 1077 } 1078 1079 /* Get the inherited encryption property if we don't have it locally */ 1080 if (!local_crypt) 1081 crypt = pcrypt; 1082 1083 /* 1084 * At this point crypt should be the actual encryption value. If 1085 * encryption is off just verify that no encryption properties have 1086 * been specified and return. 1087 */ 1088 if (crypt == ZIO_CRYPT_OFF) { 1089 if (proplist_has_encryption_props(props)) { 1090 ret = EINVAL; 1091 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1092 "Encryption must be turned on to set encryption " 1093 "properties.")); 1094 goto out; 1095 } 1096 1097 ret = 0; 1098 goto out; 1099 } 1100 1101 /* 1102 * If we have a parent crypt it is valid to specify encryption alone. 1103 * This will result in a child that is encrypted with the chosen 1104 * encryption suite that will also inherit the parent's key. If 1105 * the parent is not encrypted we need an encryption suite provided. 1106 */ 1107 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL && 1108 keyformat == ZFS_KEYFORMAT_NONE) { 1109 ret = EINVAL; 1110 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1111 "Keyformat required for new encryption root.")); 1112 goto out; 1113 } 1114 1115 /* 1116 * Specifying a keylocation implies this will be a new encryption root. 1117 * Check that a keyformat is also specified. 1118 */ 1119 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) { 1120 ret = EINVAL; 1121 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1122 "Keyformat required for new encryption root.")); 1123 goto out; 1124 } 1125 1126 /* default to prompt if no keylocation is specified */ 1127 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) { 1128 keylocation = (char *)"prompt"; 1129 ret = nvlist_add_string(props, 1130 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation); 1131 if (ret != 0) 1132 goto out; 1133 } 1134 1135 /* 1136 * If a local key is provided, this dataset will be a new 1137 * encryption root. Populate the encryption params. 1138 */ 1139 if (keylocation != NULL) { 1140 /* 1141 * 'zfs recv -o keylocation=prompt' won't work because stdin 1142 * is being used by the send stream, so we disallow it. 1143 */ 1144 if (!stdin_available && strcmp(keylocation, "prompt") == 0) { 1145 ret = EINVAL; 1146 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use " 1147 "'prompt' keylocation because stdin is in use.")); 1148 goto out; 1149 } 1150 1151 ret = populate_create_encryption_params_nvlists(hdl, NULL, 1152 B_TRUE, keyformat, keylocation, props, &wkeydata, 1153 &wkeylen); 1154 if (ret != 0) 1155 goto out; 1156 } 1157 1158 if (pzhp != NULL) 1159 zfs_close(pzhp); 1160 1161 *wkeydata_out = wkeydata; 1162 *wkeylen_out = wkeylen; 1163 return (0); 1164 1165 out: 1166 if (pzhp != NULL) 1167 zfs_close(pzhp); 1168 if (wkeydata != NULL) 1169 free(wkeydata); 1170 1171 *wkeydata_out = NULL; 1172 *wkeylen_out = 0; 1173 return (ret); 1174 } 1175 1176 int 1177 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp, 1178 char *parent_name, nvlist_t *props) 1179 { 1180 (void) origin_zhp, (void) parent_name; 1181 char errbuf[ERRBUFLEN]; 1182 1183 (void) snprintf(errbuf, sizeof (errbuf), 1184 dgettext(TEXT_DOMAIN, "Encryption clone error")); 1185 1186 /* 1187 * No encryption properties should be specified. They will all be 1188 * inherited from the origin dataset. 1189 */ 1190 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) || 1191 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) || 1192 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) || 1193 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) { 1194 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1195 "Encryption properties must inherit from origin dataset.")); 1196 return (EINVAL); 1197 } 1198 1199 return (0); 1200 } 1201 1202 typedef struct loadkeys_cbdata { 1203 uint64_t cb_numfailed; 1204 uint64_t cb_numattempted; 1205 } loadkey_cbdata_t; 1206 1207 static int 1208 load_keys_cb(zfs_handle_t *zhp, void *arg) 1209 { 1210 int ret; 1211 boolean_t is_encroot; 1212 loadkey_cbdata_t *cb = arg; 1213 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1214 1215 /* only attempt to load keys for encryption roots */ 1216 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 1217 if (ret != 0 || !is_encroot) 1218 goto out; 1219 1220 /* don't attempt to load already loaded keys */ 1221 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) 1222 goto out; 1223 1224 /* Attempt to load the key. Record status in cb. */ 1225 cb->cb_numattempted++; 1226 1227 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL); 1228 if (ret) 1229 cb->cb_numfailed++; 1230 1231 out: 1232 (void) zfs_iter_filesystems_v2(zhp, 0, load_keys_cb, cb); 1233 zfs_close(zhp); 1234 1235 /* always return 0, since this function is best effort */ 1236 return (0); 1237 } 1238 1239 /* 1240 * This function is best effort. It attempts to load all the keys for the given 1241 * filesystem and all of its children. 1242 */ 1243 int 1244 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, const char *fsname) 1245 { 1246 int ret; 1247 zfs_handle_t *zhp = NULL; 1248 loadkey_cbdata_t cb = { 0 }; 1249 1250 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME); 1251 if (zhp == NULL) { 1252 ret = ENOENT; 1253 goto error; 1254 } 1255 1256 ret = load_keys_cb(zfs_handle_dup(zhp), &cb); 1257 if (ret) 1258 goto error; 1259 1260 (void) printf(gettext("%llu / %llu keys successfully loaded\n"), 1261 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed), 1262 (u_longlong_t)cb.cb_numattempted); 1263 1264 if (cb.cb_numfailed != 0) { 1265 ret = -1; 1266 goto error; 1267 } 1268 1269 zfs_close(zhp); 1270 return (0); 1271 1272 error: 1273 if (zhp != NULL) 1274 zfs_close(zhp); 1275 return (ret); 1276 } 1277 1278 int 1279 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, 1280 const char *alt_keylocation) 1281 { 1282 int ret, attempts = 0; 1283 char errbuf[ERRBUFLEN]; 1284 uint64_t keystatus, iters = 0, salt = 0; 1285 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1286 char prop_keylocation[MAXNAMELEN]; 1287 char prop_encroot[MAXNAMELEN]; 1288 const char *keylocation = NULL; 1289 uint8_t *key_material = NULL, *key_data = NULL; 1290 size_t key_material_len; 1291 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE; 1292 1293 (void) snprintf(errbuf, sizeof (errbuf), 1294 dgettext(TEXT_DOMAIN, "Key load error")); 1295 1296 /* check that encryption is enabled for the pool */ 1297 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1298 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1299 "Encryption feature not enabled.")); 1300 ret = EINVAL; 1301 goto error; 1302 } 1303 1304 /* Fetch the keyformat. Check that the dataset is encrypted. */ 1305 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT); 1306 if (keyformat == ZFS_KEYFORMAT_NONE) { 1307 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1308 "'%s' is not encrypted."), zfs_get_name(zhp)); 1309 ret = EINVAL; 1310 goto error; 1311 } 1312 1313 /* 1314 * Fetch the key location. Check that we are working with an 1315 * encryption root. 1316 */ 1317 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot); 1318 if (ret != 0) { 1319 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1320 "Failed to get encryption root for '%s'."), 1321 zfs_get_name(zhp)); 1322 goto error; 1323 } else if (!is_encroot) { 1324 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1325 "Keys must be loaded for encryption root of '%s' (%s)."), 1326 zfs_get_name(zhp), prop_encroot); 1327 ret = EINVAL; 1328 goto error; 1329 } 1330 1331 /* 1332 * if the caller has elected to override the keylocation property 1333 * use that instead 1334 */ 1335 if (alt_keylocation != NULL) { 1336 keylocation = alt_keylocation; 1337 } else { 1338 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation, 1339 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE); 1340 if (ret != 0) { 1341 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1342 "Failed to get keylocation for '%s'."), 1343 zfs_get_name(zhp)); 1344 goto error; 1345 } 1346 1347 keylocation = prop_keylocation; 1348 } 1349 1350 /* check that the key is unloaded unless this is a noop */ 1351 if (!noop) { 1352 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1353 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) { 1354 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1355 "Key already loaded for '%s'."), zfs_get_name(zhp)); 1356 ret = EEXIST; 1357 goto error; 1358 } 1359 } 1360 1361 /* passphrase formats require a salt and pbkdf2_iters property */ 1362 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) { 1363 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT); 1364 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS); 1365 } 1366 1367 try_again: 1368 /* fetching and deriving the key are correctable errors. set the flag */ 1369 correctible = B_TRUE; 1370 1371 /* get key material from key format and location */ 1372 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat, 1373 keylocation, zfs_get_name(zhp), &key_material, &key_material_len, 1374 &can_retry); 1375 if (ret != 0) 1376 goto error; 1377 1378 /* derive a key from the key material */ 1379 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, salt, 1380 &key_data); 1381 if (ret != 0) 1382 goto error; 1383 1384 correctible = B_FALSE; 1385 1386 /* pass the wrapping key and noop flag to the ioctl */ 1387 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN); 1388 if (ret != 0) { 1389 switch (ret) { 1390 case EPERM: 1391 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1392 "Permission denied.")); 1393 break; 1394 case EINVAL: 1395 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1396 "Invalid parameters provided for dataset %s."), 1397 zfs_get_name(zhp)); 1398 break; 1399 case EEXIST: 1400 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1401 "Key already loaded for '%s'."), zfs_get_name(zhp)); 1402 break; 1403 case EBUSY: 1404 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1405 "'%s' is busy."), zfs_get_name(zhp)); 1406 break; 1407 case EACCES: 1408 correctible = B_TRUE; 1409 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1410 "Incorrect key provided for '%s'."), 1411 zfs_get_name(zhp)); 1412 break; 1413 case ZFS_ERR_CRYPTO_NOTSUP: 1414 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1415 "'%s' uses an unsupported encryption suite."), 1416 zfs_get_name(zhp)); 1417 break; 1418 } 1419 goto error; 1420 } 1421 1422 free(key_material); 1423 free(key_data); 1424 1425 return (0); 1426 1427 error: 1428 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1429 if (key_material != NULL) { 1430 free(key_material); 1431 key_material = NULL; 1432 } 1433 if (key_data != NULL) { 1434 free(key_data); 1435 key_data = NULL; 1436 } 1437 1438 /* 1439 * Here we decide if it is ok to allow the user to retry entering their 1440 * key. The can_retry flag will be set if the user is entering their 1441 * key from an interactive prompt. The correctable flag will only be 1442 * set if an error that occurred could be corrected by retrying. Both 1443 * flags are needed to allow the user to attempt key entry again 1444 */ 1445 attempts++; 1446 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS) 1447 goto try_again; 1448 1449 return (ret); 1450 } 1451 1452 int 1453 zfs_crypto_unload_key(zfs_handle_t *zhp) 1454 { 1455 int ret; 1456 char errbuf[ERRBUFLEN]; 1457 char prop_encroot[MAXNAMELEN]; 1458 uint64_t keystatus, keyformat; 1459 boolean_t is_encroot; 1460 1461 (void) snprintf(errbuf, sizeof (errbuf), 1462 dgettext(TEXT_DOMAIN, "Key unload error")); 1463 1464 /* check that encryption is enabled for the pool */ 1465 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1466 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1467 "Encryption feature not enabled.")); 1468 ret = EINVAL; 1469 goto error; 1470 } 1471 1472 /* Fetch the keyformat. Check that the dataset is encrypted. */ 1473 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT); 1474 if (keyformat == ZFS_KEYFORMAT_NONE) { 1475 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1476 "'%s' is not encrypted."), zfs_get_name(zhp)); 1477 ret = EINVAL; 1478 goto error; 1479 } 1480 1481 /* 1482 * Fetch the key location. Check that we are working with an 1483 * encryption root. 1484 */ 1485 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot); 1486 if (ret != 0) { 1487 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1488 "Failed to get encryption root for '%s'."), 1489 zfs_get_name(zhp)); 1490 goto error; 1491 } else if (!is_encroot) { 1492 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1493 "Keys must be unloaded for encryption root of '%s' (%s)."), 1494 zfs_get_name(zhp), prop_encroot); 1495 ret = EINVAL; 1496 goto error; 1497 } 1498 1499 /* check that the key is loaded */ 1500 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1501 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1502 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1503 "Key already unloaded for '%s'."), zfs_get_name(zhp)); 1504 ret = EACCES; 1505 goto error; 1506 } 1507 1508 /* call the ioctl */ 1509 ret = lzc_unload_key(zhp->zfs_name); 1510 1511 if (ret != 0) { 1512 switch (ret) { 1513 case EPERM: 1514 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1515 "Permission denied.")); 1516 break; 1517 case EACCES: 1518 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1519 "Key already unloaded for '%s'."), 1520 zfs_get_name(zhp)); 1521 break; 1522 case EBUSY: 1523 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1524 "'%s' is busy."), zfs_get_name(zhp)); 1525 break; 1526 } 1527 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1528 } 1529 1530 return (ret); 1531 1532 error: 1533 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1534 return (ret); 1535 } 1536 1537 static int 1538 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props, 1539 nvlist_t **props_out, char *errbuf) 1540 { 1541 int ret; 1542 nvpair_t *elem = NULL; 1543 zfs_prop_t prop; 1544 nvlist_t *new_props = NULL; 1545 1546 new_props = fnvlist_alloc(); 1547 1548 /* 1549 * loop through all provided properties, we should only have 1550 * keyformat, keylocation and pbkdf2iters. The actual validation of 1551 * values is done by zfs_valid_proplist(). 1552 */ 1553 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) { 1554 const char *propname = nvpair_name(elem); 1555 prop = zfs_name_to_prop(propname); 1556 1557 switch (prop) { 1558 case ZFS_PROP_PBKDF2_ITERS: 1559 case ZFS_PROP_KEYFORMAT: 1560 case ZFS_PROP_KEYLOCATION: 1561 break; 1562 default: 1563 ret = EINVAL; 1564 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1565 "Only keyformat, keylocation and pbkdf2iters may " 1566 "be set with this command.")); 1567 goto error; 1568 } 1569 } 1570 1571 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props, 1572 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl, 1573 B_TRUE, errbuf); 1574 if (new_props == NULL) { 1575 ret = EINVAL; 1576 goto error; 1577 } 1578 1579 *props_out = new_props; 1580 return (0); 1581 1582 error: 1583 nvlist_free(new_props); 1584 *props_out = NULL; 1585 return (ret); 1586 } 1587 1588 int 1589 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey) 1590 { 1591 int ret; 1592 char errbuf[ERRBUFLEN]; 1593 boolean_t is_encroot; 1594 nvlist_t *props = NULL; 1595 uint8_t *wkeydata = NULL; 1596 uint_t wkeylen = 0; 1597 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY; 1598 uint64_t crypt, pcrypt, keystatus, pkeystatus; 1599 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1600 zfs_handle_t *pzhp = NULL; 1601 const char *keylocation = NULL; 1602 char origin_name[MAXNAMELEN]; 1603 char prop_keylocation[MAXNAMELEN]; 1604 char parent_name[ZFS_MAX_DATASET_NAME_LEN]; 1605 1606 (void) snprintf(errbuf, sizeof (errbuf), 1607 dgettext(TEXT_DOMAIN, "Key change error")); 1608 1609 /* check that encryption is enabled for the pool */ 1610 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1611 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1612 "Encryption feature not enabled.")); 1613 ret = EINVAL; 1614 goto error; 1615 } 1616 1617 /* get crypt from dataset */ 1618 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION); 1619 if (crypt == ZIO_CRYPT_OFF) { 1620 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1621 "Dataset not encrypted.")); 1622 ret = EINVAL; 1623 goto error; 1624 } 1625 1626 /* get the encryption root of the dataset */ 1627 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 1628 if (ret != 0) { 1629 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1630 "Failed to get encryption root for '%s'."), 1631 zfs_get_name(zhp)); 1632 goto error; 1633 } 1634 1635 /* Clones use their origin's key and cannot rewrap it */ 1636 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name, 1637 sizeof (origin_name), NULL, NULL, 0, B_TRUE); 1638 if (ret == 0 && strcmp(origin_name, "") != 0) { 1639 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1640 "Keys cannot be changed on clones.")); 1641 ret = EINVAL; 1642 goto error; 1643 } 1644 1645 /* 1646 * If the user wants to use the inheritkey variant of this function 1647 * we don't need to collect any crypto arguments. 1648 */ 1649 if (!inheritkey) { 1650 /* validate the provided properties */ 1651 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props, 1652 errbuf); 1653 if (ret != 0) 1654 goto error; 1655 1656 /* 1657 * Load keyformat and keylocation from the nvlist. Fetch from 1658 * the dataset properties if not specified. 1659 */ 1660 (void) nvlist_lookup_uint64(props, 1661 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat); 1662 (void) nvlist_lookup_string(props, 1663 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 1664 1665 if (is_encroot) { 1666 /* 1667 * If this is already an encryption root, just keep 1668 * any properties not set by the user. 1669 */ 1670 if (keyformat == ZFS_KEYFORMAT_NONE) { 1671 keyformat = zfs_prop_get_int(zhp, 1672 ZFS_PROP_KEYFORMAT); 1673 ret = nvlist_add_uint64(props, 1674 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), 1675 keyformat); 1676 if (ret != 0) { 1677 zfs_error_aux(zhp->zfs_hdl, 1678 dgettext(TEXT_DOMAIN, "Failed to " 1679 "get existing keyformat " 1680 "property.")); 1681 goto error; 1682 } 1683 } 1684 1685 if (keylocation == NULL) { 1686 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, 1687 prop_keylocation, sizeof (prop_keylocation), 1688 NULL, NULL, 0, B_TRUE); 1689 if (ret != 0) { 1690 zfs_error_aux(zhp->zfs_hdl, 1691 dgettext(TEXT_DOMAIN, "Failed to " 1692 "get existing keylocation " 1693 "property.")); 1694 goto error; 1695 } 1696 1697 keylocation = prop_keylocation; 1698 } 1699 } else { 1700 /* need a new key for non-encryption roots */ 1701 if (keyformat == ZFS_KEYFORMAT_NONE) { 1702 ret = EINVAL; 1703 zfs_error_aux(zhp->zfs_hdl, 1704 dgettext(TEXT_DOMAIN, "Keyformat required " 1705 "for new encryption root.")); 1706 goto error; 1707 } 1708 1709 /* default to prompt if no keylocation is specified */ 1710 if (keylocation == NULL) { 1711 keylocation = "prompt"; 1712 ret = nvlist_add_string(props, 1713 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), 1714 keylocation); 1715 if (ret != 0) 1716 goto error; 1717 } 1718 } 1719 1720 /* fetch the new wrapping key and associated properties */ 1721 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl, 1722 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata, 1723 &wkeylen); 1724 if (ret != 0) 1725 goto error; 1726 } else { 1727 /* check that zhp is an encryption root */ 1728 if (!is_encroot) { 1729 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1730 "Key inheritting can only be performed on " 1731 "encryption roots.")); 1732 ret = EINVAL; 1733 goto error; 1734 } 1735 1736 /* get the parent's name */ 1737 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name)); 1738 if (ret != 0) { 1739 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1740 "Root dataset cannot inherit key.")); 1741 ret = EINVAL; 1742 goto error; 1743 } 1744 1745 /* get a handle to the parent */ 1746 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name); 1747 if (pzhp == NULL) { 1748 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1749 "Failed to lookup parent.")); 1750 ret = ENOENT; 1751 goto error; 1752 } 1753 1754 /* parent must be encrypted */ 1755 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION); 1756 if (pcrypt == ZIO_CRYPT_OFF) { 1757 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1758 "Parent must be encrypted.")); 1759 ret = EINVAL; 1760 goto error; 1761 } 1762 1763 /* check that the parent's key is loaded */ 1764 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS); 1765 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1766 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1767 "Parent key must be loaded.")); 1768 ret = EACCES; 1769 goto error; 1770 } 1771 } 1772 1773 /* check that the key is loaded */ 1774 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1775 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1776 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1777 "Key must be loaded.")); 1778 ret = EACCES; 1779 goto error; 1780 } 1781 1782 /* call the ioctl */ 1783 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen); 1784 if (ret != 0) { 1785 switch (ret) { 1786 case EPERM: 1787 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1788 "Permission denied.")); 1789 break; 1790 case EINVAL: 1791 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1792 "Invalid properties for key change.")); 1793 break; 1794 case EACCES: 1795 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1796 "Key is not currently loaded.")); 1797 break; 1798 } 1799 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1800 } 1801 1802 if (pzhp != NULL) 1803 zfs_close(pzhp); 1804 if (props != NULL) 1805 nvlist_free(props); 1806 if (wkeydata != NULL) 1807 free(wkeydata); 1808 1809 return (ret); 1810 1811 error: 1812 if (pzhp != NULL) 1813 zfs_close(pzhp); 1814 if (props != NULL) 1815 nvlist_free(props); 1816 if (wkeydata != NULL) 1817 free(wkeydata); 1818 1819 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1820 return (ret); 1821 } 1822 1823 boolean_t 1824 zfs_is_encrypted(zfs_handle_t *zhp) 1825 { 1826 uint8_t flags = zhp->zfs_dmustats.dds_flags; 1827 1828 if (flags & DDS_FLAG_HAS_ENCRYPTED) 1829 return ((flags & DDS_FLAG_ENCRYPTED) != 0); 1830 1831 return (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF); 1832 } 1833