1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * This file and its contents are supplied under the terms of the 6 * Common Development and Distribution License ("CDDL"), version 1.0. 7 * You may only use this file in accordance with the terms of version 8 * 1.0 of the CDDL. 9 * 10 * A full copy of the text of the CDDL should have accompanied this 11 * source. A copy of the CDDL is also available via the Internet at 12 * http://www.illumos.org/license/CDDL. 13 * 14 * CDDL HEADER END 15 */ 16 17 /* 18 * Copyright (c) 2017, Datto, Inc. All rights reserved. 19 * Copyright 2020 Joyent, Inc. 20 */ 21 22 #include <sys/zfs_context.h> 23 #include <sys/fs/zfs.h> 24 #include <sys/dsl_crypt.h> 25 #include <libintl.h> 26 #include <termios.h> 27 #include <signal.h> 28 #include <errno.h> 29 #include <openssl/evp.h> 30 #if LIBFETCH_DYNAMIC 31 #include <dlfcn.h> 32 #endif 33 #if LIBFETCH_IS_FETCH 34 #include <sys/param.h> 35 #include <stdio.h> 36 #include <fetch.h> 37 #elif LIBFETCH_IS_LIBCURL 38 #include <curl/curl.h> 39 #endif 40 #include <libzfs.h> 41 #include <libzutil.h> 42 #include "libzfs_impl.h" 43 #include "zfeature_common.h" 44 45 /* 46 * User keys are used to decrypt the master encryption keys of a dataset. This 47 * indirection allows a user to change his / her access key without having to 48 * re-encrypt the entire dataset. User keys can be provided in one of several 49 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys 50 * are converted to binary and passed into the kernel. Password based keys are 51 * a bit more complicated. Passwords alone do not provide suitable entropy for 52 * encryption and may be too short or too long to be used. In order to derive 53 * a more appropriate key we use a PBKDF2 function. This function is designed 54 * to take a (relatively) long time to calculate in order to discourage 55 * attackers from guessing from a list of common passwords. PBKDF2 requires 56 * 2 additional parameters. The first is the number of iterations to run, which 57 * will ultimately determine how long it takes to derive the resulting key from 58 * the password. The second parameter is a salt that is randomly generated for 59 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of 60 * attackers cannot reasonably generate a table of commonly known passwords to 61 * their output keys and expect it work for all past and future PBKDF2 users. 62 * We store the salt as a hidden property of the dataset (although it is 63 * technically ok if the salt is known to the attacker). 64 */ 65 66 #define MIN_PASSPHRASE_LEN 8 67 #define MAX_PASSPHRASE_LEN 512 68 #define MAX_KEY_PROMPT_ATTEMPTS 3 69 70 static int caught_interrupt; 71 72 static int get_key_material_file(libzfs_handle_t *, const char *, const char *, 73 zfs_keyformat_t, boolean_t, uint8_t **, size_t *); 74 static int get_key_material_https(libzfs_handle_t *, const char *, const char *, 75 zfs_keyformat_t, boolean_t, uint8_t **, size_t *); 76 77 static zfs_uri_handler_t uri_handlers[] = { 78 { "file", get_key_material_file }, 79 { "https", get_key_material_https }, 80 { "http", get_key_material_https }, 81 { NULL, NULL } 82 }; 83 84 static int 85 pkcs11_get_urandom(uint8_t *buf, size_t bytes) 86 { 87 int rand; 88 ssize_t bytes_read = 0; 89 90 rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC); 91 92 if (rand < 0) 93 return (rand); 94 95 while (bytes_read < bytes) { 96 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read); 97 if (rc < 0) 98 break; 99 bytes_read += rc; 100 } 101 102 (void) close(rand); 103 104 return (bytes_read); 105 } 106 107 static int 108 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str, 109 zfs_keylocation_t *restrict locp, char **restrict schemep) 110 { 111 *locp = ZFS_KEYLOCATION_NONE; 112 *schemep = NULL; 113 114 if (strcmp("prompt", str) == 0) { 115 *locp = ZFS_KEYLOCATION_PROMPT; 116 return (0); 117 } 118 119 regmatch_t pmatch[2]; 120 121 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch), 122 pmatch, 0) == 0) { 123 size_t scheme_len; 124 125 if (pmatch[1].rm_so == -1) { 126 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 127 "Invalid URI")); 128 return (EINVAL); 129 } 130 131 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so; 132 133 *schemep = calloc(1, scheme_len + 1); 134 if (*schemep == NULL) { 135 int ret = errno; 136 137 errno = 0; 138 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 139 "Invalid URI")); 140 return (ret); 141 } 142 143 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len); 144 *locp = ZFS_KEYLOCATION_URI; 145 return (0); 146 } 147 148 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation")); 149 return (EINVAL); 150 } 151 152 static int 153 hex_key_to_raw(char *hex, int hexlen, uint8_t *out) 154 { 155 int ret, i; 156 unsigned int c; 157 158 for (i = 0; i < hexlen; i += 2) { 159 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) { 160 ret = EINVAL; 161 goto error; 162 } 163 164 ret = sscanf(&hex[i], "%02x", &c); 165 if (ret != 1) { 166 ret = EINVAL; 167 goto error; 168 } 169 170 out[i / 2] = c; 171 } 172 173 return (0); 174 175 error: 176 return (ret); 177 } 178 179 180 static void 181 catch_signal(int sig) 182 { 183 caught_interrupt = sig; 184 } 185 186 static const char * 187 get_format_prompt_string(zfs_keyformat_t format) 188 { 189 switch (format) { 190 case ZFS_KEYFORMAT_RAW: 191 return ("raw key"); 192 case ZFS_KEYFORMAT_HEX: 193 return ("hex key"); 194 case ZFS_KEYFORMAT_PASSPHRASE: 195 return ("passphrase"); 196 default: 197 /* shouldn't happen */ 198 return (NULL); 199 } 200 } 201 202 /* do basic validation of the key material */ 203 static int 204 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat, 205 const char *key, size_t keylen, boolean_t do_verify) 206 { 207 switch (keyformat) { 208 case ZFS_KEYFORMAT_RAW: 209 /* verify the key length is correct */ 210 if (keylen < WRAPPING_KEY_LEN) { 211 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 212 "Raw key too short (expected %u)."), 213 WRAPPING_KEY_LEN); 214 return (EINVAL); 215 } 216 217 if (keylen > WRAPPING_KEY_LEN) { 218 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 219 "Raw key too long (expected %u)."), 220 WRAPPING_KEY_LEN); 221 return (EINVAL); 222 } 223 break; 224 case ZFS_KEYFORMAT_HEX: 225 /* verify the key length is correct */ 226 if (keylen < WRAPPING_KEY_LEN * 2) { 227 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 228 "Hex key too short (expected %u)."), 229 WRAPPING_KEY_LEN * 2); 230 return (EINVAL); 231 } 232 233 if (keylen > WRAPPING_KEY_LEN * 2) { 234 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 235 "Hex key too long (expected %u)."), 236 WRAPPING_KEY_LEN * 2); 237 return (EINVAL); 238 } 239 240 /* check for invalid hex digits */ 241 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) { 242 if (!isxdigit(key[i])) { 243 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 244 "Invalid hex character detected.")); 245 return (EINVAL); 246 } 247 } 248 break; 249 case ZFS_KEYFORMAT_PASSPHRASE: 250 /* 251 * Verify the length is within bounds when setting a new key, 252 * but not when loading an existing key. 253 */ 254 if (!do_verify) 255 break; 256 if (keylen > MAX_PASSPHRASE_LEN) { 257 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 258 "Passphrase too long (max %u)."), 259 MAX_PASSPHRASE_LEN); 260 return (EINVAL); 261 } 262 263 if (keylen < MIN_PASSPHRASE_LEN) { 264 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 265 "Passphrase too short (min %u)."), 266 MIN_PASSPHRASE_LEN); 267 return (EINVAL); 268 } 269 break; 270 default: 271 /* can't happen, checked above */ 272 break; 273 } 274 275 return (0); 276 } 277 278 static int 279 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter, 280 boolean_t new_key, const char *fsname, 281 char **restrict res, size_t *restrict reslen) 282 { 283 FILE *f = stdin; 284 size_t buflen = 0; 285 ssize_t bytes; 286 int ret = 0; 287 struct termios old_term, new_term; 288 struct sigaction act, osigint, osigtstp; 289 290 *res = NULL; 291 *reslen = 0; 292 293 /* 294 * handle SIGINT and ignore SIGSTP. This is necessary to 295 * restore the state of the terminal. 296 */ 297 caught_interrupt = 0; 298 act.sa_flags = 0; 299 (void) sigemptyset(&act.sa_mask); 300 act.sa_handler = catch_signal; 301 302 (void) sigaction(SIGINT, &act, &osigint); 303 act.sa_handler = SIG_IGN; 304 (void) sigaction(SIGTSTP, &act, &osigtstp); 305 306 (void) printf("%s %s%s", 307 is_reenter ? "Re-enter" : "Enter", 308 new_key ? "new " : "", 309 get_format_prompt_string(keyformat)); 310 if (fsname != NULL) 311 (void) printf(" for '%s'", fsname); 312 (void) fputc(':', stdout); 313 (void) fflush(stdout); 314 315 /* disable the terminal echo for key input */ 316 (void) tcgetattr(fileno(f), &old_term); 317 318 new_term = old_term; 319 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); 320 321 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term); 322 if (ret != 0) { 323 ret = errno; 324 errno = 0; 325 goto out; 326 } 327 328 bytes = getline(res, &buflen, f); 329 if (bytes < 0) { 330 ret = errno; 331 errno = 0; 332 goto out; 333 } 334 335 /* trim the ending newline if it exists */ 336 if (bytes > 0 && (*res)[bytes - 1] == '\n') { 337 (*res)[bytes - 1] = '\0'; 338 bytes--; 339 } 340 341 *reslen = bytes; 342 343 out: 344 /* reset the terminal */ 345 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term); 346 (void) sigaction(SIGINT, &osigint, NULL); 347 (void) sigaction(SIGTSTP, &osigtstp, NULL); 348 349 /* if we caught a signal, re-throw it now */ 350 if (caught_interrupt != 0) 351 (void) kill(getpid(), caught_interrupt); 352 353 /* print the newline that was not echo'd */ 354 (void) printf("\n"); 355 356 return (ret); 357 } 358 359 static int 360 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname, 361 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey, 362 uint8_t **restrict outbuf, size_t *restrict len_out) 363 { 364 char *buf = NULL, *buf2 = NULL; 365 size_t buflen = 0, buf2len = 0; 366 int ret = 0; 367 368 ASSERT(isatty(fileno(stdin))); 369 370 /* raw keys cannot be entered on the terminal */ 371 if (keyformat == ZFS_KEYFORMAT_RAW) { 372 ret = EINVAL; 373 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 374 "Cannot enter raw keys on the terminal")); 375 goto out; 376 } 377 378 /* prompt for the key */ 379 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname, 380 &buf, &buflen)) != 0) { 381 free(buf); 382 buf = NULL; 383 buflen = 0; 384 goto out; 385 } 386 387 if (!confirm_key) 388 goto out; 389 390 if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) != 391 0) { 392 free(buf); 393 return (ret); 394 } 395 396 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2, 397 &buf2len); 398 if (ret != 0) { 399 free(buf); 400 free(buf2); 401 buf = buf2 = NULL; 402 buflen = buf2len = 0; 403 goto out; 404 } 405 406 if (buflen != buf2len || strcmp(buf, buf2) != 0) { 407 free(buf); 408 buf = NULL; 409 buflen = 0; 410 411 ret = EINVAL; 412 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 413 "Provided keys do not match.")); 414 } 415 416 free(buf2); 417 418 out: 419 *outbuf = (uint8_t *)buf; 420 *len_out = buflen; 421 return (ret); 422 } 423 424 static int 425 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat, 426 uint8_t **buf, size_t *len_out) 427 { 428 int ret = 0; 429 size_t buflen = 0; 430 431 *len_out = 0; 432 433 /* read the key material */ 434 if (keyformat != ZFS_KEYFORMAT_RAW) { 435 ssize_t bytes; 436 437 bytes = getline((char **)buf, &buflen, fd); 438 if (bytes < 0) { 439 ret = errno; 440 errno = 0; 441 goto out; 442 } 443 444 /* trim the ending newline if it exists */ 445 if (bytes > 0 && (*buf)[bytes - 1] == '\n') { 446 (*buf)[bytes - 1] = '\0'; 447 bytes--; 448 } 449 450 *len_out = bytes; 451 } else { 452 size_t n; 453 454 /* 455 * Raw keys may have newline characters in them and so can't 456 * use getline(). Here we attempt to read 33 bytes so that we 457 * can properly check the key length (the file should only have 458 * 32 bytes). 459 */ 460 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t)); 461 if (*buf == NULL) { 462 ret = ENOMEM; 463 goto out; 464 } 465 466 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd); 467 if (n == 0 || ferror(fd)) { 468 /* size errors are handled by the calling function */ 469 free(*buf); 470 *buf = NULL; 471 ret = errno; 472 errno = 0; 473 goto out; 474 } 475 476 *len_out = n; 477 } 478 out: 479 return (ret); 480 } 481 482 static int 483 get_key_material_file(libzfs_handle_t *hdl, const char *uri, 484 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey, 485 uint8_t **restrict buf, size_t *restrict len_out) 486 { 487 (void) fsname, (void) newkey; 488 FILE *f = NULL; 489 int ret = 0; 490 491 if (strlen(uri) < 7) 492 return (EINVAL); 493 494 if ((f = fopen(uri + 7, "re")) == NULL) { 495 ret = errno; 496 errno = 0; 497 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 498 "Failed to open key material file: %s"), zfs_strerror(ret)); 499 return (ret); 500 } 501 502 ret = get_key_material_raw(f, keyformat, buf, len_out); 503 504 (void) fclose(f); 505 506 return (ret); 507 } 508 509 static int 510 get_key_material_https(libzfs_handle_t *hdl, const char *uri, 511 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey, 512 uint8_t **restrict buf, size_t *restrict len_out) 513 { 514 (void) fsname, (void) newkey; 515 int ret = 0; 516 FILE *key = NULL; 517 boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0; 518 519 if (strlen(uri) < (is_http ? 7 : 8)) { 520 ret = EINVAL; 521 goto end; 522 } 523 524 #if LIBFETCH_DYNAMIC 525 #define LOAD_FUNCTION(func) \ 526 __typeof__(func) *func = dlsym(hdl->libfetch, #func); 527 528 if (hdl->libfetch == NULL) 529 hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY); 530 531 if (hdl->libfetch == NULL) { 532 hdl->libfetch = (void *)-1; 533 char *err = dlerror(); 534 if (err) 535 hdl->libfetch_load_error = strdup(err); 536 } 537 538 if (hdl->libfetch == (void *)-1) { 539 ret = ENOSYS; 540 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 541 "Couldn't load %s: %s"), 542 LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)"); 543 goto end; 544 } 545 546 boolean_t ok; 547 #if LIBFETCH_IS_FETCH 548 LOAD_FUNCTION(fetchGetURL); 549 char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString"); 550 551 ok = fetchGetURL && fetchLastErrString; 552 #elif LIBFETCH_IS_LIBCURL 553 LOAD_FUNCTION(curl_easy_init); 554 LOAD_FUNCTION(curl_easy_setopt); 555 LOAD_FUNCTION(curl_easy_perform); 556 LOAD_FUNCTION(curl_easy_cleanup); 557 LOAD_FUNCTION(curl_easy_strerror); 558 LOAD_FUNCTION(curl_easy_getinfo); 559 560 ok = curl_easy_init && curl_easy_setopt && curl_easy_perform && 561 curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo; 562 #endif 563 if (!ok) { 564 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 565 "keylocation=%s back-end %s missing symbols."), 566 is_http ? "http://" : "https://", LIBFETCH_SONAME); 567 ret = ENOSYS; 568 goto end; 569 } 570 #endif 571 572 #if LIBFETCH_IS_FETCH 573 key = fetchGetURL(uri, ""); 574 if (key == NULL) { 575 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 576 "Couldn't GET %s: %s"), 577 uri, fetchLastErrString); 578 ret = ENETDOWN; 579 } 580 #elif LIBFETCH_IS_LIBCURL 581 CURL *curl = curl_easy_init(); 582 if (curl == NULL) { 583 ret = ENOTSUP; 584 goto end; 585 } 586 587 int kfd = -1; 588 #ifdef O_TMPFILE 589 kfd = open(getenv("TMPDIR") ?: "/tmp", 590 O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600); 591 if (kfd != -1) 592 goto kfdok; 593 #endif 594 595 char *path; 596 if (asprintf(&path, 597 "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) { 598 ret = ENOMEM; 599 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"), 600 zfs_strerror(ret)); 601 goto end; 602 } 603 604 kfd = mkostemps(path, strlen(".https"), O_CLOEXEC); 605 if (kfd == -1) { 606 ret = errno; 607 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 608 "Couldn't create temporary file %s: %s"), 609 path, zfs_strerror(ret)); 610 free(path); 611 goto end; 612 } 613 (void) unlink(path); 614 free(path); 615 616 kfdok: 617 if ((key = fdopen(kfd, "r+")) == NULL) { 618 ret = errno; 619 (void) close(kfd); 620 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 621 "Couldn't reopen temporary file: %s"), zfs_strerror(ret)); 622 goto end; 623 } 624 625 char errbuf[CURL_ERROR_SIZE] = ""; 626 char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */ 627 char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */ 628 char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */ 629 char *clkey = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */ 630 (void) curl_easy_setopt(curl, CURLOPT_URL, uri); 631 (void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); 632 (void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L); 633 (void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key); 634 (void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf); 635 if (cainfo != NULL) 636 (void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo); 637 if (capath != NULL) 638 (void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath); 639 if (clcert != NULL) 640 (void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert); 641 if (clkey != NULL) 642 (void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey); 643 644 CURLcode res = curl_easy_perform(curl); 645 646 if (res != CURLE_OK) { 647 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 648 "Failed to connect to %s: %s"), 649 uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res)); 650 ret = ENETDOWN; 651 } else { 652 long resp = 200; 653 (void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp); 654 655 if (resp < 200 || resp >= 300) { 656 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 657 "Couldn't GET %s: %ld"), 658 uri, resp); 659 ret = ENOENT; 660 } else 661 rewind(key); 662 } 663 664 curl_easy_cleanup(curl); 665 #else 666 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 667 "No keylocation=%s back-end."), is_http ? "http://" : "https://"); 668 ret = ENOSYS; 669 #endif 670 671 end: 672 if (ret == 0) 673 ret = get_key_material_raw(key, keyformat, buf, len_out); 674 675 if (key != NULL) 676 fclose(key); 677 678 return (ret); 679 } 680 681 /* 682 * Attempts to fetch key material, no matter where it might live. The key 683 * material is allocated and returned in km_out. *can_retry_out will be set 684 * to B_TRUE if the user is providing the key material interactively, allowing 685 * for re-entry attempts. 686 */ 687 static int 688 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey, 689 zfs_keyformat_t keyformat, const char *keylocation, const char *fsname, 690 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out) 691 { 692 int ret; 693 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE; 694 uint8_t *km = NULL; 695 size_t kmlen = 0; 696 char *uri_scheme = NULL; 697 zfs_uri_handler_t *handler = NULL; 698 boolean_t can_retry = B_FALSE; 699 700 /* verify and parse the keylocation */ 701 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc, 702 &uri_scheme); 703 if (ret != 0) 704 goto error; 705 706 /* open the appropriate file descriptor */ 707 switch (keyloc) { 708 case ZFS_KEYLOCATION_PROMPT: 709 if (isatty(fileno(stdin))) { 710 can_retry = keyformat != ZFS_KEYFORMAT_RAW; 711 ret = get_key_interactive(hdl, fsname, keyformat, 712 do_verify, newkey, &km, &kmlen); 713 } else { 714 /* fetch the key material into the buffer */ 715 ret = get_key_material_raw(stdin, keyformat, &km, 716 &kmlen); 717 } 718 719 if (ret != 0) 720 goto error; 721 722 break; 723 case ZFS_KEYLOCATION_URI: 724 ret = ENOTSUP; 725 726 for (handler = uri_handlers; handler->zuh_scheme != NULL; 727 handler++) { 728 if (strcmp(handler->zuh_scheme, uri_scheme) != 0) 729 continue; 730 731 if ((ret = handler->zuh_handler(hdl, keylocation, 732 fsname, keyformat, newkey, &km, &kmlen)) != 0) 733 goto error; 734 735 break; 736 } 737 738 if (ret == ENOTSUP) { 739 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 740 "URI scheme is not supported")); 741 goto error; 742 } 743 744 break; 745 default: 746 ret = EINVAL; 747 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 748 "Invalid keylocation.")); 749 goto error; 750 } 751 752 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen, 753 do_verify)) != 0) 754 goto error; 755 756 *km_out = km; 757 *kmlen_out = kmlen; 758 if (can_retry_out != NULL) 759 *can_retry_out = can_retry; 760 761 free(uri_scheme); 762 return (0); 763 764 error: 765 free(km); 766 767 *km_out = NULL; 768 *kmlen_out = 0; 769 770 if (can_retry_out != NULL) 771 *can_retry_out = can_retry; 772 773 free(uri_scheme); 774 return (ret); 775 } 776 777 static int 778 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters, 779 uint8_t *key_material, uint64_t salt, 780 uint8_t **key_out) 781 { 782 int ret; 783 uint8_t *key; 784 785 *key_out = NULL; 786 787 key = zfs_alloc(hdl, WRAPPING_KEY_LEN); 788 789 switch (format) { 790 case ZFS_KEYFORMAT_RAW: 791 memcpy(key, key_material, WRAPPING_KEY_LEN); 792 break; 793 case ZFS_KEYFORMAT_HEX: 794 ret = hex_key_to_raw((char *)key_material, 795 WRAPPING_KEY_LEN * 2, key); 796 if (ret != 0) { 797 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 798 "Invalid hex key provided.")); 799 goto error; 800 } 801 break; 802 case ZFS_KEYFORMAT_PASSPHRASE: 803 salt = LE_64(salt); 804 805 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material, 806 strlen((char *)key_material), ((uint8_t *)&salt), 807 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key); 808 if (ret != 1) { 809 ret = EIO; 810 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 811 "Failed to generate key from passphrase.")); 812 goto error; 813 } 814 break; 815 default: 816 ret = EINVAL; 817 goto error; 818 } 819 820 *key_out = key; 821 return (0); 822 823 error: 824 free(key); 825 826 *key_out = NULL; 827 return (ret); 828 } 829 830 static boolean_t 831 encryption_feature_is_enabled(zpool_handle_t *zph) 832 { 833 nvlist_t *features; 834 uint64_t feat_refcount; 835 836 /* check that features can be enabled */ 837 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL) 838 < SPA_VERSION_FEATURES) 839 return (B_FALSE); 840 841 /* check for crypto feature */ 842 features = zpool_get_features(zph); 843 if (!features || nvlist_lookup_uint64(features, 844 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid, 845 &feat_refcount) != 0) 846 return (B_FALSE); 847 848 return (B_TRUE); 849 } 850 851 static int 852 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl, 853 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat, 854 const char *keylocation, nvlist_t *props, uint8_t **wkeydata, 855 uint_t *wkeylen) 856 { 857 int ret; 858 uint64_t iters = 0, salt = 0; 859 uint8_t *key_material = NULL; 860 size_t key_material_len = 0; 861 uint8_t *key_data = NULL; 862 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL; 863 864 /* get key material from keyformat and keylocation */ 865 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation, 866 fsname, &key_material, &key_material_len, NULL); 867 if (ret != 0) 868 goto error; 869 870 /* passphrase formats require a salt and pbkdf2 iters property */ 871 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) { 872 /* always generate a new salt */ 873 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t)); 874 if (ret != sizeof (uint64_t)) { 875 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 876 "Failed to generate salt.")); 877 goto error; 878 } 879 880 ret = nvlist_add_uint64(props, 881 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt); 882 if (ret != 0) { 883 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 884 "Failed to add salt to properties.")); 885 goto error; 886 } 887 888 /* 889 * If not otherwise specified, use the default number of 890 * pbkdf2 iterations. If specified, we have already checked 891 * that the given value is greater than MIN_PBKDF2_ITERATIONS 892 * during zfs_valid_proplist(). 893 */ 894 ret = nvlist_lookup_uint64(props, 895 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters); 896 if (ret == ENOENT) { 897 iters = DEFAULT_PBKDF2_ITERATIONS; 898 ret = nvlist_add_uint64(props, 899 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters); 900 if (ret != 0) 901 goto error; 902 } else if (ret != 0) { 903 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 904 "Failed to get pbkdf2 iterations.")); 905 goto error; 906 } 907 } else { 908 /* check that pbkdf2iters was not specified by the user */ 909 ret = nvlist_lookup_uint64(props, 910 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters); 911 if (ret == 0) { 912 ret = EINVAL; 913 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 914 "Cannot specify pbkdf2iters with a non-passphrase " 915 "keyformat.")); 916 goto error; 917 } 918 } 919 920 /* derive a key from the key material */ 921 ret = derive_key(hdl, keyformat, iters, key_material, salt, &key_data); 922 if (ret != 0) 923 goto error; 924 925 free(key_material); 926 927 *wkeydata = key_data; 928 *wkeylen = WRAPPING_KEY_LEN; 929 return (0); 930 931 error: 932 if (key_material != NULL) 933 free(key_material); 934 if (key_data != NULL) 935 free(key_data); 936 937 *wkeydata = NULL; 938 *wkeylen = 0; 939 return (ret); 940 } 941 942 static boolean_t 943 proplist_has_encryption_props(nvlist_t *props) 944 { 945 int ret; 946 uint64_t intval; 947 const char *strval; 948 949 ret = nvlist_lookup_uint64(props, 950 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval); 951 if (ret == 0 && intval != ZIO_CRYPT_OFF) 952 return (B_TRUE); 953 954 ret = nvlist_lookup_string(props, 955 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval); 956 if (ret == 0 && strcmp(strval, "none") != 0) 957 return (B_TRUE); 958 959 ret = nvlist_lookup_uint64(props, 960 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval); 961 if (ret == 0) 962 return (B_TRUE); 963 964 ret = nvlist_lookup_uint64(props, 965 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval); 966 if (ret == 0) 967 return (B_TRUE); 968 969 return (B_FALSE); 970 } 971 972 int 973 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot, 974 char *buf) 975 { 976 int ret; 977 char prop_encroot[MAXNAMELEN]; 978 979 /* if the dataset isn't encrypted, just return */ 980 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) { 981 *is_encroot = B_FALSE; 982 if (buf != NULL) 983 buf[0] = '\0'; 984 return (0); 985 } 986 987 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot, 988 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE); 989 if (ret != 0) { 990 *is_encroot = B_FALSE; 991 if (buf != NULL) 992 buf[0] = '\0'; 993 return (ret); 994 } 995 996 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0; 997 if (buf != NULL) 998 strcpy(buf, prop_encroot); 999 1000 return (0); 1001 } 1002 1003 int 1004 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props, 1005 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out, 1006 uint_t *wkeylen_out) 1007 { 1008 int ret; 1009 char errbuf[ERRBUFLEN]; 1010 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT; 1011 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1012 const char *keylocation = NULL; 1013 zfs_handle_t *pzhp = NULL; 1014 uint8_t *wkeydata = NULL; 1015 uint_t wkeylen = 0; 1016 boolean_t local_crypt = B_TRUE; 1017 1018 (void) snprintf(errbuf, sizeof (errbuf), 1019 dgettext(TEXT_DOMAIN, "Encryption create error")); 1020 1021 /* lookup crypt from props */ 1022 ret = nvlist_lookup_uint64(props, 1023 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt); 1024 if (ret != 0) 1025 local_crypt = B_FALSE; 1026 1027 /* lookup key location and format from props */ 1028 (void) nvlist_lookup_uint64(props, 1029 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat); 1030 (void) nvlist_lookup_string(props, 1031 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 1032 1033 if (parent_name != NULL) { 1034 /* get a reference to parent dataset */ 1035 pzhp = make_dataset_handle(hdl, parent_name); 1036 if (pzhp == NULL) { 1037 ret = ENOENT; 1038 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1039 "Failed to lookup parent.")); 1040 goto out; 1041 } 1042 1043 /* Lookup parent's crypt */ 1044 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION); 1045 1046 /* Params require the encryption feature */ 1047 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) { 1048 if (proplist_has_encryption_props(props)) { 1049 ret = EINVAL; 1050 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1051 "Encryption feature not enabled.")); 1052 goto out; 1053 } 1054 1055 ret = 0; 1056 goto out; 1057 } 1058 } else { 1059 /* 1060 * special case for root dataset where encryption feature 1061 * feature won't be on disk yet 1062 */ 1063 if (!nvlist_exists(pool_props, "feature@encryption")) { 1064 if (proplist_has_encryption_props(props)) { 1065 ret = EINVAL; 1066 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1067 "Encryption feature not enabled.")); 1068 goto out; 1069 } 1070 1071 ret = 0; 1072 goto out; 1073 } 1074 1075 pcrypt = ZIO_CRYPT_OFF; 1076 } 1077 1078 /* Get the inherited encryption property if we don't have it locally */ 1079 if (!local_crypt) 1080 crypt = pcrypt; 1081 1082 /* 1083 * At this point crypt should be the actual encryption value. If 1084 * encryption is off just verify that no encryption properties have 1085 * been specified and return. 1086 */ 1087 if (crypt == ZIO_CRYPT_OFF) { 1088 if (proplist_has_encryption_props(props)) { 1089 ret = EINVAL; 1090 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1091 "Encryption must be turned on to set encryption " 1092 "properties.")); 1093 goto out; 1094 } 1095 1096 ret = 0; 1097 goto out; 1098 } 1099 1100 /* 1101 * If we have a parent crypt it is valid to specify encryption alone. 1102 * This will result in a child that is encrypted with the chosen 1103 * encryption suite that will also inherit the parent's key. If 1104 * the parent is not encrypted we need an encryption suite provided. 1105 */ 1106 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL && 1107 keyformat == ZFS_KEYFORMAT_NONE) { 1108 ret = EINVAL; 1109 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1110 "Keyformat required for new encryption root.")); 1111 goto out; 1112 } 1113 1114 /* 1115 * Specifying a keylocation implies this will be a new encryption root. 1116 * Check that a keyformat is also specified. 1117 */ 1118 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) { 1119 ret = EINVAL; 1120 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1121 "Keyformat required for new encryption root.")); 1122 goto out; 1123 } 1124 1125 /* default to prompt if no keylocation is specified */ 1126 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) { 1127 keylocation = (char *)"prompt"; 1128 ret = nvlist_add_string(props, 1129 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation); 1130 if (ret != 0) 1131 goto out; 1132 } 1133 1134 /* 1135 * If a local key is provided, this dataset will be a new 1136 * encryption root. Populate the encryption params. 1137 */ 1138 if (keylocation != NULL) { 1139 /* 1140 * 'zfs recv -o keylocation=prompt' won't work because stdin 1141 * is being used by the send stream, so we disallow it. 1142 */ 1143 if (!stdin_available && strcmp(keylocation, "prompt") == 0) { 1144 ret = EINVAL; 1145 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use " 1146 "'prompt' keylocation because stdin is in use.")); 1147 goto out; 1148 } 1149 1150 ret = populate_create_encryption_params_nvlists(hdl, NULL, 1151 B_TRUE, keyformat, keylocation, props, &wkeydata, 1152 &wkeylen); 1153 if (ret != 0) 1154 goto out; 1155 } 1156 1157 if (pzhp != NULL) 1158 zfs_close(pzhp); 1159 1160 *wkeydata_out = wkeydata; 1161 *wkeylen_out = wkeylen; 1162 return (0); 1163 1164 out: 1165 if (pzhp != NULL) 1166 zfs_close(pzhp); 1167 if (wkeydata != NULL) 1168 free(wkeydata); 1169 1170 *wkeydata_out = NULL; 1171 *wkeylen_out = 0; 1172 return (ret); 1173 } 1174 1175 int 1176 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp, 1177 char *parent_name, nvlist_t *props) 1178 { 1179 (void) origin_zhp, (void) parent_name; 1180 char errbuf[ERRBUFLEN]; 1181 1182 (void) snprintf(errbuf, sizeof (errbuf), 1183 dgettext(TEXT_DOMAIN, "Encryption clone error")); 1184 1185 /* 1186 * No encryption properties should be specified. They will all be 1187 * inherited from the origin dataset. 1188 */ 1189 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) || 1190 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) || 1191 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) || 1192 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) { 1193 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1194 "Encryption properties must inherit from origin dataset.")); 1195 return (EINVAL); 1196 } 1197 1198 return (0); 1199 } 1200 1201 typedef struct loadkeys_cbdata { 1202 uint64_t cb_numfailed; 1203 uint64_t cb_numattempted; 1204 } loadkey_cbdata_t; 1205 1206 static int 1207 load_keys_cb(zfs_handle_t *zhp, void *arg) 1208 { 1209 int ret; 1210 boolean_t is_encroot; 1211 loadkey_cbdata_t *cb = arg; 1212 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1213 1214 /* only attempt to load keys for encryption roots */ 1215 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 1216 if (ret != 0 || !is_encroot) 1217 goto out; 1218 1219 /* don't attempt to load already loaded keys */ 1220 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) 1221 goto out; 1222 1223 /* Attempt to load the key. Record status in cb. */ 1224 cb->cb_numattempted++; 1225 1226 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL); 1227 if (ret) 1228 cb->cb_numfailed++; 1229 1230 out: 1231 (void) zfs_iter_filesystems_v2(zhp, 0, load_keys_cb, cb); 1232 zfs_close(zhp); 1233 1234 /* always return 0, since this function is best effort */ 1235 return (0); 1236 } 1237 1238 /* 1239 * This function is best effort. It attempts to load all the keys for the given 1240 * filesystem and all of its children. 1241 */ 1242 int 1243 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, const char *fsname) 1244 { 1245 int ret; 1246 zfs_handle_t *zhp = NULL; 1247 loadkey_cbdata_t cb = { 0 }; 1248 1249 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME); 1250 if (zhp == NULL) { 1251 ret = ENOENT; 1252 goto error; 1253 } 1254 1255 ret = load_keys_cb(zfs_handle_dup(zhp), &cb); 1256 if (ret) 1257 goto error; 1258 1259 (void) printf(gettext("%llu / %llu keys successfully loaded\n"), 1260 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed), 1261 (u_longlong_t)cb.cb_numattempted); 1262 1263 if (cb.cb_numfailed != 0) { 1264 ret = -1; 1265 goto error; 1266 } 1267 1268 zfs_close(zhp); 1269 return (0); 1270 1271 error: 1272 if (zhp != NULL) 1273 zfs_close(zhp); 1274 return (ret); 1275 } 1276 1277 int 1278 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, 1279 const char *alt_keylocation) 1280 { 1281 int ret, attempts = 0; 1282 char errbuf[ERRBUFLEN]; 1283 uint64_t keystatus, iters = 0, salt = 0; 1284 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1285 char prop_keylocation[MAXNAMELEN]; 1286 char prop_encroot[MAXNAMELEN]; 1287 const char *keylocation = NULL; 1288 uint8_t *key_material = NULL, *key_data = NULL; 1289 size_t key_material_len; 1290 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE; 1291 1292 (void) snprintf(errbuf, sizeof (errbuf), 1293 dgettext(TEXT_DOMAIN, "Key load error")); 1294 1295 /* check that encryption is enabled for the pool */ 1296 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1297 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1298 "Encryption feature not enabled.")); 1299 ret = EINVAL; 1300 goto error; 1301 } 1302 1303 /* Fetch the keyformat. Check that the dataset is encrypted. */ 1304 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT); 1305 if (keyformat == ZFS_KEYFORMAT_NONE) { 1306 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1307 "'%s' is not encrypted."), zfs_get_name(zhp)); 1308 ret = EINVAL; 1309 goto error; 1310 } 1311 1312 /* 1313 * Fetch the key location. Check that we are working with an 1314 * encryption root. 1315 */ 1316 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot); 1317 if (ret != 0) { 1318 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1319 "Failed to get encryption root for '%s'."), 1320 zfs_get_name(zhp)); 1321 goto error; 1322 } else if (!is_encroot) { 1323 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1324 "Keys must be loaded for encryption root of '%s' (%s)."), 1325 zfs_get_name(zhp), prop_encroot); 1326 ret = EINVAL; 1327 goto error; 1328 } 1329 1330 /* 1331 * if the caller has elected to override the keylocation property 1332 * use that instead 1333 */ 1334 if (alt_keylocation != NULL) { 1335 keylocation = alt_keylocation; 1336 } else { 1337 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation, 1338 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE); 1339 if (ret != 0) { 1340 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1341 "Failed to get keylocation for '%s'."), 1342 zfs_get_name(zhp)); 1343 goto error; 1344 } 1345 1346 keylocation = prop_keylocation; 1347 } 1348 1349 /* check that the key is unloaded unless this is a noop */ 1350 if (!noop) { 1351 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1352 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) { 1353 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1354 "Key already loaded for '%s'."), zfs_get_name(zhp)); 1355 ret = EEXIST; 1356 goto error; 1357 } 1358 } 1359 1360 /* passphrase formats require a salt and pbkdf2_iters property */ 1361 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) { 1362 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT); 1363 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS); 1364 } 1365 1366 try_again: 1367 /* fetching and deriving the key are correctable errors. set the flag */ 1368 correctible = B_TRUE; 1369 1370 /* get key material from key format and location */ 1371 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat, 1372 keylocation, zfs_get_name(zhp), &key_material, &key_material_len, 1373 &can_retry); 1374 if (ret != 0) 1375 goto error; 1376 1377 /* derive a key from the key material */ 1378 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, salt, 1379 &key_data); 1380 if (ret != 0) 1381 goto error; 1382 1383 correctible = B_FALSE; 1384 1385 /* pass the wrapping key and noop flag to the ioctl */ 1386 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN); 1387 if (ret != 0) { 1388 switch (ret) { 1389 case EPERM: 1390 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1391 "Permission denied.")); 1392 break; 1393 case EINVAL: 1394 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1395 "Invalid parameters provided for dataset %s."), 1396 zfs_get_name(zhp)); 1397 break; 1398 case EEXIST: 1399 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1400 "Key already loaded for '%s'."), zfs_get_name(zhp)); 1401 break; 1402 case EBUSY: 1403 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1404 "'%s' is busy."), zfs_get_name(zhp)); 1405 break; 1406 case EACCES: 1407 correctible = B_TRUE; 1408 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1409 "Incorrect key provided for '%s'."), 1410 zfs_get_name(zhp)); 1411 break; 1412 case ZFS_ERR_CRYPTO_NOTSUP: 1413 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1414 "'%s' uses an unsupported encryption suite."), 1415 zfs_get_name(zhp)); 1416 break; 1417 } 1418 goto error; 1419 } 1420 1421 free(key_material); 1422 free(key_data); 1423 1424 return (0); 1425 1426 error: 1427 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1428 if (key_material != NULL) { 1429 free(key_material); 1430 key_material = NULL; 1431 } 1432 if (key_data != NULL) { 1433 free(key_data); 1434 key_data = NULL; 1435 } 1436 1437 /* 1438 * Here we decide if it is ok to allow the user to retry entering their 1439 * key. The can_retry flag will be set if the user is entering their 1440 * key from an interactive prompt. The correctable flag will only be 1441 * set if an error that occurred could be corrected by retrying. Both 1442 * flags are needed to allow the user to attempt key entry again 1443 */ 1444 attempts++; 1445 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS) 1446 goto try_again; 1447 1448 return (ret); 1449 } 1450 1451 int 1452 zfs_crypto_unload_key(zfs_handle_t *zhp) 1453 { 1454 int ret; 1455 char errbuf[ERRBUFLEN]; 1456 char prop_encroot[MAXNAMELEN]; 1457 uint64_t keystatus, keyformat; 1458 boolean_t is_encroot; 1459 1460 (void) snprintf(errbuf, sizeof (errbuf), 1461 dgettext(TEXT_DOMAIN, "Key unload error")); 1462 1463 /* check that encryption is enabled for the pool */ 1464 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1465 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1466 "Encryption feature not enabled.")); 1467 ret = EINVAL; 1468 goto error; 1469 } 1470 1471 /* Fetch the keyformat. Check that the dataset is encrypted. */ 1472 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT); 1473 if (keyformat == ZFS_KEYFORMAT_NONE) { 1474 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1475 "'%s' is not encrypted."), zfs_get_name(zhp)); 1476 ret = EINVAL; 1477 goto error; 1478 } 1479 1480 /* 1481 * Fetch the key location. Check that we are working with an 1482 * encryption root. 1483 */ 1484 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot); 1485 if (ret != 0) { 1486 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1487 "Failed to get encryption root for '%s'."), 1488 zfs_get_name(zhp)); 1489 goto error; 1490 } else if (!is_encroot) { 1491 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1492 "Keys must be unloaded for encryption root of '%s' (%s)."), 1493 zfs_get_name(zhp), prop_encroot); 1494 ret = EINVAL; 1495 goto error; 1496 } 1497 1498 /* check that the key is loaded */ 1499 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1500 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1501 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1502 "Key already unloaded for '%s'."), zfs_get_name(zhp)); 1503 ret = EACCES; 1504 goto error; 1505 } 1506 1507 /* call the ioctl */ 1508 ret = lzc_unload_key(zhp->zfs_name); 1509 1510 if (ret != 0) { 1511 switch (ret) { 1512 case EPERM: 1513 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1514 "Permission denied.")); 1515 break; 1516 case EACCES: 1517 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1518 "Key already unloaded for '%s'."), 1519 zfs_get_name(zhp)); 1520 break; 1521 case EBUSY: 1522 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1523 "'%s' is busy."), zfs_get_name(zhp)); 1524 break; 1525 } 1526 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1527 } 1528 1529 return (ret); 1530 1531 error: 1532 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1533 return (ret); 1534 } 1535 1536 static int 1537 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props, 1538 nvlist_t **props_out, char *errbuf) 1539 { 1540 int ret; 1541 nvpair_t *elem = NULL; 1542 zfs_prop_t prop; 1543 nvlist_t *new_props = NULL; 1544 1545 new_props = fnvlist_alloc(); 1546 1547 /* 1548 * loop through all provided properties, we should only have 1549 * keyformat, keylocation and pbkdf2iters. The actual validation of 1550 * values is done by zfs_valid_proplist(). 1551 */ 1552 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) { 1553 const char *propname = nvpair_name(elem); 1554 prop = zfs_name_to_prop(propname); 1555 1556 switch (prop) { 1557 case ZFS_PROP_PBKDF2_ITERS: 1558 case ZFS_PROP_KEYFORMAT: 1559 case ZFS_PROP_KEYLOCATION: 1560 break; 1561 default: 1562 ret = EINVAL; 1563 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1564 "Only keyformat, keylocation and pbkdf2iters may " 1565 "be set with this command.")); 1566 goto error; 1567 } 1568 } 1569 1570 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props, 1571 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl, 1572 B_TRUE, errbuf); 1573 if (new_props == NULL) { 1574 ret = EINVAL; 1575 goto error; 1576 } 1577 1578 *props_out = new_props; 1579 return (0); 1580 1581 error: 1582 nvlist_free(new_props); 1583 *props_out = NULL; 1584 return (ret); 1585 } 1586 1587 int 1588 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey) 1589 { 1590 int ret; 1591 char errbuf[ERRBUFLEN]; 1592 boolean_t is_encroot; 1593 nvlist_t *props = NULL; 1594 uint8_t *wkeydata = NULL; 1595 uint_t wkeylen = 0; 1596 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY; 1597 uint64_t crypt, pcrypt, keystatus, pkeystatus; 1598 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1599 zfs_handle_t *pzhp = NULL; 1600 const char *keylocation = NULL; 1601 char origin_name[MAXNAMELEN]; 1602 char prop_keylocation[MAXNAMELEN]; 1603 char parent_name[ZFS_MAX_DATASET_NAME_LEN]; 1604 1605 (void) snprintf(errbuf, sizeof (errbuf), 1606 dgettext(TEXT_DOMAIN, "Key change error")); 1607 1608 /* check that encryption is enabled for the pool */ 1609 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1610 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1611 "Encryption feature not enabled.")); 1612 ret = EINVAL; 1613 goto error; 1614 } 1615 1616 /* get crypt from dataset */ 1617 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION); 1618 if (crypt == ZIO_CRYPT_OFF) { 1619 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1620 "Dataset not encrypted.")); 1621 ret = EINVAL; 1622 goto error; 1623 } 1624 1625 /* get the encryption root of the dataset */ 1626 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 1627 if (ret != 0) { 1628 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1629 "Failed to get encryption root for '%s'."), 1630 zfs_get_name(zhp)); 1631 goto error; 1632 } 1633 1634 /* Clones use their origin's key and cannot rewrap it */ 1635 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name, 1636 sizeof (origin_name), NULL, NULL, 0, B_TRUE); 1637 if (ret == 0 && strcmp(origin_name, "") != 0) { 1638 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1639 "Keys cannot be changed on clones.")); 1640 ret = EINVAL; 1641 goto error; 1642 } 1643 1644 /* 1645 * If the user wants to use the inheritkey variant of this function 1646 * we don't need to collect any crypto arguments. 1647 */ 1648 if (!inheritkey) { 1649 /* validate the provided properties */ 1650 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props, 1651 errbuf); 1652 if (ret != 0) 1653 goto error; 1654 1655 /* 1656 * Load keyformat and keylocation from the nvlist. Fetch from 1657 * the dataset properties if not specified. 1658 */ 1659 (void) nvlist_lookup_uint64(props, 1660 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat); 1661 (void) nvlist_lookup_string(props, 1662 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 1663 1664 if (is_encroot) { 1665 /* 1666 * If this is already an encryption root, just keep 1667 * any properties not set by the user. 1668 */ 1669 if (keyformat == ZFS_KEYFORMAT_NONE) { 1670 keyformat = zfs_prop_get_int(zhp, 1671 ZFS_PROP_KEYFORMAT); 1672 ret = nvlist_add_uint64(props, 1673 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), 1674 keyformat); 1675 if (ret != 0) { 1676 zfs_error_aux(zhp->zfs_hdl, 1677 dgettext(TEXT_DOMAIN, "Failed to " 1678 "get existing keyformat " 1679 "property.")); 1680 goto error; 1681 } 1682 } 1683 1684 if (keylocation == NULL) { 1685 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, 1686 prop_keylocation, sizeof (prop_keylocation), 1687 NULL, NULL, 0, B_TRUE); 1688 if (ret != 0) { 1689 zfs_error_aux(zhp->zfs_hdl, 1690 dgettext(TEXT_DOMAIN, "Failed to " 1691 "get existing keylocation " 1692 "property.")); 1693 goto error; 1694 } 1695 1696 keylocation = prop_keylocation; 1697 } 1698 } else { 1699 /* need a new key for non-encryption roots */ 1700 if (keyformat == ZFS_KEYFORMAT_NONE) { 1701 ret = EINVAL; 1702 zfs_error_aux(zhp->zfs_hdl, 1703 dgettext(TEXT_DOMAIN, "Keyformat required " 1704 "for new encryption root.")); 1705 goto error; 1706 } 1707 1708 /* default to prompt if no keylocation is specified */ 1709 if (keylocation == NULL) { 1710 keylocation = "prompt"; 1711 ret = nvlist_add_string(props, 1712 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), 1713 keylocation); 1714 if (ret != 0) 1715 goto error; 1716 } 1717 } 1718 1719 /* fetch the new wrapping key and associated properties */ 1720 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl, 1721 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata, 1722 &wkeylen); 1723 if (ret != 0) 1724 goto error; 1725 } else { 1726 /* check that zhp is an encryption root */ 1727 if (!is_encroot) { 1728 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1729 "Key inheritting can only be performed on " 1730 "encryption roots.")); 1731 ret = EINVAL; 1732 goto error; 1733 } 1734 1735 /* get the parent's name */ 1736 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name)); 1737 if (ret != 0) { 1738 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1739 "Root dataset cannot inherit key.")); 1740 ret = EINVAL; 1741 goto error; 1742 } 1743 1744 /* get a handle to the parent */ 1745 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name); 1746 if (pzhp == NULL) { 1747 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1748 "Failed to lookup parent.")); 1749 ret = ENOENT; 1750 goto error; 1751 } 1752 1753 /* parent must be encrypted */ 1754 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION); 1755 if (pcrypt == ZIO_CRYPT_OFF) { 1756 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1757 "Parent must be encrypted.")); 1758 ret = EINVAL; 1759 goto error; 1760 } 1761 1762 /* check that the parent's key is loaded */ 1763 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS); 1764 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1765 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1766 "Parent key must be loaded.")); 1767 ret = EACCES; 1768 goto error; 1769 } 1770 } 1771 1772 /* check that the key is loaded */ 1773 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1774 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1775 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1776 "Key must be loaded.")); 1777 ret = EACCES; 1778 goto error; 1779 } 1780 1781 /* call the ioctl */ 1782 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen); 1783 if (ret != 0) { 1784 switch (ret) { 1785 case EPERM: 1786 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1787 "Permission denied.")); 1788 break; 1789 case EINVAL: 1790 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1791 "Invalid properties for key change.")); 1792 break; 1793 case EACCES: 1794 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1795 "Key is not currently loaded.")); 1796 break; 1797 } 1798 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1799 } 1800 1801 if (pzhp != NULL) 1802 zfs_close(pzhp); 1803 if (props != NULL) 1804 nvlist_free(props); 1805 if (wkeydata != NULL) 1806 free(wkeydata); 1807 1808 return (ret); 1809 1810 error: 1811 if (pzhp != NULL) 1812 zfs_close(pzhp); 1813 if (props != NULL) 1814 nvlist_free(props); 1815 if (wkeydata != NULL) 1816 free(wkeydata); 1817 1818 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1819 return (ret); 1820 } 1821 1822 boolean_t 1823 zfs_is_encrypted(zfs_handle_t *zhp) 1824 { 1825 uint8_t flags = zhp->zfs_dmustats.dds_flags; 1826 1827 if (flags & DDS_FLAG_HAS_ENCRYPTED) 1828 return ((flags & DDS_FLAG_ENCRYPTED) != 0); 1829 1830 return (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF); 1831 } 1832