1 /* 2 * CDDL HEADER START 3 * 4 * This file and its contents are supplied under the terms of the 5 * Common Development and Distribution License ("CDDL"), version 1.0. 6 * You may only use this file in accordance with the terms of version 7 * 1.0 of the CDDL. 8 * 9 * A full copy of the text of the CDDL should have accompanied this 10 * source. A copy of the CDDL is also available via the Internet at 11 * http://www.illumos.org/license/CDDL. 12 * 13 * CDDL HEADER END 14 */ 15 16 /* 17 * Copyright (c) 2017, Datto, Inc. All rights reserved. 18 * Copyright 2020 Joyent, Inc. 19 */ 20 21 #include <string.h> 22 #include <strings.h> 23 #include <ctype.h> 24 #include <unistd.h> 25 #include <sys/zfs_context.h> 26 #include <sys/fs/zfs.h> 27 #include <sys/dsl_crypt.h> 28 #ifdef sun 29 #include <stdlib.h> 30 #include <security/cryptoki.h> 31 #include <cryptoutil.h> /* for pkcs11_strerror */ 32 #else 33 #include <sys/crypto/icp.h> 34 #endif 35 #include <libintl.h> 36 #include <termios.h> 37 #include <signal.h> 38 #include <errno.h> 39 #include <libzfs.h> 40 #include "libzfs_impl.h" 41 #include "zfeature_common.h" 42 43 /* 44 * User keys are used to decrypt the master encryption keys of a dataset. This 45 * indirection allows a user to change his / her access key without having to 46 * re-encrypt the entire dataset. User keys can be provided in one of several 47 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys 48 * are converted to binary and passed into the kernel. Password based keys are 49 * a bit more complicated. Passwords alone do not provide suitable entropy for 50 * encryption and may be too short or too long to be used. In order to derive 51 * a more appropriate key we use a PBKDF2 function. This function is designed 52 * to take a (relatively) long time to calculate in order to discourage 53 * attackers from guessing from a list of common passwords. PBKDF2 requires 54 * 2 additional parameters. The first is the number of iterations to run, which 55 * will ultimately determine how long it takes to derive the resulting key from 56 * the password. The second parameter is a salt that is randomly generated for 57 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of 58 * attackers cannot reasonably generate a table of commonly known passwords to 59 * their output keys and expect it work for all past and future PBKDF2 users. 60 * We store the salt as a hidden property of the dataset (although it is 61 * technically ok if the salt is known to the attacker). 62 */ 63 64 typedef enum key_locator { 65 KEY_LOCATOR_NONE, 66 KEY_LOCATOR_PROMPT, 67 KEY_LOCATOR_URI 68 } key_locator_t; 69 70 #define MIN_PASSPHRASE_LEN 8 71 #define MAX_PASSPHRASE_LEN 512 72 #define MAX_KEY_PROMPT_ATTEMPTS 3 73 74 static int caught_interrupt; 75 76 static int get_key_material_file(libzfs_handle_t *, const char *, const char *, 77 zfs_keyformat_t, boolean_t, uint8_t **, size_t *); 78 79 static zfs_uri_handler_t uri_handlers[] = { 80 { "file", get_key_material_file }, 81 { NULL, NULL } 82 }; 83 84 static int 85 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str, 86 zfs_keylocation_t *restrict locp, char **restrict schemep) 87 { 88 int ret; 89 90 *locp = ZFS_KEYLOCATION_NONE; 91 *schemep = NULL; 92 93 if (strcmp("prompt", str) == 0) { 94 *locp = ZFS_KEYLOCATION_PROMPT; 95 return (0); 96 } 97 98 regmatch_t pmatch[URI_NMATCH]; 99 regmatch_t *smatch = &pmatch[URI_SCHEMESUBEXP]; 100 101 ret = regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch), pmatch, 0); 102 switch (ret) { 103 case 0: 104 break; 105 case REG_ESPACE: 106 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory")); 107 return (ENOMEM); 108 case REG_NOMATCH: 109 goto invalid; 110 default: 111 /* 112 * Any other errors from regexec are a programming bug, 113 * so consider them a fatal error. 114 */ 115 (void) fprintf(stderr, "regexec failed: %d\n", ret); 116 abort(); 117 } 118 119 if (smatch->rm_so == -1) 120 goto invalid; 121 122 *schemep = strndup(str + smatch->rm_so, smatch->rm_eo - smatch->rm_so); 123 if (*schemep == NULL) { 124 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory")); 125 return (ENOMEM); 126 } 127 128 *locp = ZFS_KEYLOCATION_URI; 129 return (0); 130 131 invalid: 132 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation")); 133 return (EINVAL); 134 } 135 136 static int 137 hex_key_to_raw(char *hex, int hexlen, uint8_t *out) 138 { 139 int ret, i; 140 unsigned int c; 141 142 for (i = 0; i < hexlen; i += 2) { 143 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) { 144 ret = EINVAL; 145 goto error; 146 } 147 148 ret = sscanf(&hex[i], "%02x", &c); 149 if (ret != 1) { 150 ret = EINVAL; 151 goto error; 152 } 153 154 out[i / 2] = c; 155 } 156 157 return (0); 158 159 error: 160 return (ret); 161 } 162 163 164 static void 165 catch_signal(int sig) 166 { 167 caught_interrupt = sig; 168 } 169 170 static char * 171 get_format_prompt_string(zfs_keyformat_t format) 172 { 173 switch (format) { 174 case ZFS_KEYFORMAT_RAW: 175 return ("raw key"); 176 case ZFS_KEYFORMAT_HEX: 177 return ("hex key"); 178 case ZFS_KEYFORMAT_PASSPHRASE: 179 return ("passphrase"); 180 default: 181 /* shouldn't happen */ 182 return (NULL); 183 } 184 } 185 186 /* do basic validation of the key material */ 187 static int 188 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat, 189 const char *key, size_t keylen) 190 { 191 switch (keyformat) { 192 case ZFS_KEYFORMAT_RAW: 193 /* verify the key length is correct */ 194 if (keylen < WRAPPING_KEY_LEN) { 195 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 196 "Raw key too short (expected %u)."), 197 WRAPPING_KEY_LEN); 198 return (EINVAL); 199 } 200 201 if (keylen > WRAPPING_KEY_LEN) { 202 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 203 "Raw key too long (expected %u)."), 204 WRAPPING_KEY_LEN); 205 return (EINVAL); 206 } 207 break; 208 case ZFS_KEYFORMAT_HEX: 209 /* verify the key length is correct */ 210 if (keylen < WRAPPING_KEY_LEN * 2) { 211 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 212 "Hex key too short (expected %u)."), 213 WRAPPING_KEY_LEN * 2); 214 return (EINVAL); 215 } 216 217 if (keylen > WRAPPING_KEY_LEN * 2) { 218 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 219 "Hex key too long (expected %u)."), 220 WRAPPING_KEY_LEN * 2); 221 return (EINVAL); 222 } 223 224 /* check for invalid hex digits */ 225 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) { 226 if (!isxdigit(key[i])) { 227 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 228 "Invalid hex character detected.")); 229 return (EINVAL); 230 } 231 } 232 break; 233 case ZFS_KEYFORMAT_PASSPHRASE: 234 /* verify the length is within bounds */ 235 if (keylen > MAX_PASSPHRASE_LEN) { 236 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 237 "Passphrase too long (max %u)."), 238 MAX_PASSPHRASE_LEN); 239 return (EINVAL); 240 } 241 242 if (keylen < MIN_PASSPHRASE_LEN) { 243 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 244 "Passphrase too short (min %u)."), 245 MIN_PASSPHRASE_LEN); 246 return (EINVAL); 247 } 248 break; 249 default: 250 /* can't happen, checked above */ 251 break; 252 } 253 254 return (0); 255 } 256 257 static int 258 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter, 259 boolean_t new_key, const char *fsname, 260 char **restrict res, size_t *restrict reslen) 261 { 262 FILE *f = stdin; 263 size_t buflen = 0; 264 ssize_t bytes; 265 int ret = 0; 266 struct termios old_term, new_term; 267 struct sigaction act, osigint, osigtstp; 268 269 *res = NULL; 270 *reslen = 0; 271 272 /* 273 * handle SIGINT and ignore SIGSTP. This is necessary to 274 * restore the state of the terminal. 275 */ 276 caught_interrupt = 0; 277 act.sa_flags = 0; 278 (void) sigemptyset(&act.sa_mask); 279 act.sa_handler = catch_signal; 280 281 (void) sigaction(SIGINT, &act, &osigint); 282 act.sa_handler = SIG_IGN; 283 (void) sigaction(SIGTSTP, &act, &osigtstp); 284 285 (void) printf("%s %s%s", 286 is_reenter ? "Re-enter" : "Enter", 287 new_key ? "new " : "", 288 get_format_prompt_string(keyformat)); 289 if (fsname != NULL) 290 (void) printf(" for '%s'", fsname); 291 (void) fputc(':', stdout); 292 (void) fflush(stdout); 293 294 /* disable the terminal echo for key input */ 295 (void) tcgetattr(fileno(f), &old_term); 296 297 new_term = old_term; 298 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); 299 300 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term); 301 if (ret != 0) { 302 ret = errno; 303 errno = 0; 304 goto out; 305 } 306 307 bytes = getline(res, &buflen, f); 308 if (bytes < 0) { 309 ret = errno; 310 errno = 0; 311 goto out; 312 } 313 314 /* trim the ending newline if it exists */ 315 if (bytes > 0 && (*res)[bytes - 1] == '\n') { 316 (*res)[bytes - 1] = '\0'; 317 bytes--; 318 } 319 320 *reslen = bytes; 321 322 out: 323 /* reset the teminal */ 324 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term); 325 (void) sigaction(SIGINT, &osigint, NULL); 326 (void) sigaction(SIGTSTP, &osigtstp, NULL); 327 328 /* if we caught a signal, re-throw it now */ 329 if (caught_interrupt != 0) 330 (void) kill(getpid(), caught_interrupt); 331 332 /* print the newline that was not echo'd */ 333 (void) printf("\n"); 334 335 return (ret); 336 } 337 338 static int 339 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname, 340 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey, 341 uint8_t **restrict outbuf, size_t *restrict len_out) 342 { 343 char *buf = NULL, *buf2 = NULL; 344 size_t buflen = 0, buf2len = 0; 345 int ret = 0; 346 347 ASSERT(isatty(fileno(stdin))); 348 349 /* raw keys cannot be entered on the terminal */ 350 if (keyformat == ZFS_KEYFORMAT_RAW) { 351 ret = EINVAL; 352 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 353 "Cannot enter raw keys on the terminal")); 354 goto out; 355 } 356 357 /* prompt for the key */ 358 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname, 359 &buf, &buflen)) != 0) { 360 freezero(buf, buflen); 361 buf = NULL; 362 buflen = 0; 363 goto out; 364 } 365 366 if (!confirm_key) 367 goto out; 368 369 if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) { 370 freezero(buf, buflen); 371 return (ret); 372 } 373 374 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2, 375 &buf2len); 376 if (ret != 0) { 377 freezero(buf, buflen); 378 freezero(buf2, buf2len); 379 buf = buf2 = NULL; 380 buflen = buf2len = 0; 381 goto out; 382 } 383 384 if (buflen != buf2len || strcmp(buf, buf2) != 0) { 385 freezero(buf, buflen); 386 buf = NULL; 387 buflen = 0; 388 389 ret = EINVAL; 390 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 391 "Provided keys do not match.")); 392 } 393 394 freezero(buf2, buf2len); 395 396 out: 397 *outbuf = (uint8_t *)buf; 398 *len_out = buflen; 399 return (ret); 400 } 401 402 static int 403 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat, 404 uint8_t **buf, size_t *len_out) 405 { 406 int ret = 0; 407 size_t buflen = 0; 408 409 *len_out = 0; 410 411 /* read the key material */ 412 if (keyformat != ZFS_KEYFORMAT_RAW) { 413 ssize_t bytes; 414 415 bytes = getline((char **)buf, &buflen, fd); 416 if (bytes < 0) { 417 ret = errno; 418 errno = 0; 419 goto out; 420 } 421 422 /* trim the ending newline if it exists */ 423 if (bytes > 0 && (*buf)[bytes - 1] == '\n') { 424 (*buf)[bytes - 1] = '\0'; 425 bytes--; 426 } 427 428 *len_out = bytes; 429 } else { 430 size_t n; 431 432 /* 433 * Raw keys may have newline characters in them and so can't 434 * use getline(). Here we attempt to read 33 bytes so that we 435 * can properly check the key length (the file should only have 436 * 32 bytes). 437 */ 438 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t)); 439 if (*buf == NULL) { 440 ret = ENOMEM; 441 goto out; 442 } 443 444 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd); 445 if (n == 0 || ferror(fd)) { 446 /* size errors are handled by the calling function */ 447 free(*buf); 448 *buf = NULL; 449 ret = errno; 450 errno = 0; 451 goto out; 452 } 453 454 *len_out = n; 455 } 456 457 out: 458 return (ret); 459 } 460 461 static int 462 get_key_material_file(libzfs_handle_t *hdl, const char *uri, 463 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey, 464 uint8_t **restrict buf, size_t *restrict len_out) 465 { 466 const char *path; 467 FILE *f = NULL; 468 int ret = 0; 469 470 /* 471 * get_key_material() should guarantee we're only called for a file 472 * URI. 473 */ 474 VERIFY0(strncmp(uri, "file://", 7)); 475 path = uri + 7; 476 477 if ((f = fopen(path, "r")) == NULL) { 478 ret = errno; 479 errno = 0; 480 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 481 "Failed to open key material file")); 482 return (ret); 483 } 484 485 ret = get_key_material_raw(f, keyformat, buf, len_out); 486 487 (void) fclose(f); 488 489 return (ret); 490 } 491 492 /* 493 * Attempts to fetch key material, no matter where it might live. The key 494 * material is allocated and returned in km_out. *can_retry_out will be set 495 * to B_TRUE if the user is providing the key material interactively, allowing 496 * for re-entry attempts. 497 */ 498 static int 499 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey, 500 zfs_keyformat_t keyformat, char *keylocation, const char *fsname, 501 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out) 502 { 503 int ret; 504 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE; 505 uint8_t *km = NULL; 506 size_t kmlen = 0; 507 char *scheme = NULL; 508 zfs_uri_handler_t *handler = NULL; 509 boolean_t can_retry = B_FALSE; 510 511 /* verify and parse the keylocation */ 512 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc, &scheme); 513 if (ret != 0) 514 goto error; 515 516 /* open the appropriate file descriptor */ 517 switch (keyloc) { 518 case ZFS_KEYLOCATION_PROMPT: 519 if (isatty(fileno(stdin))) { 520 can_retry = B_TRUE; 521 522 ret = get_key_interactive(hdl, fsname, keyformat, 523 do_verify, newkey, &km, &kmlen); 524 } else { 525 /* fetch the key material into the buffer */ 526 ret = get_key_material_raw(stdin, keyformat, &km, 527 &kmlen); 528 } 529 if (ret != 0) 530 goto error; 531 break; 532 case ZFS_KEYLOCATION_URI: 533 for (handler = uri_handlers; handler->zuh_scheme != NULL; 534 handler++) { 535 if (strcmp(handler->zuh_scheme, scheme) != 0) 536 continue; 537 if ((ret = handler->zuh_handler(hdl, keylocation, 538 fsname, keyformat, newkey, &km, &kmlen)) != 0) 539 goto error; 540 } 541 ret = ENOTSUP; 542 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 543 "URI scheme is not supported")); 544 break; 545 default: 546 ret = EINVAL; 547 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 548 "Invalid keylocation.")); 549 goto error; 550 } 551 552 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0) 553 goto error; 554 555 *km_out = km; 556 *kmlen_out = kmlen; 557 if (can_retry_out != NULL) 558 *can_retry_out = can_retry; 559 560 free(scheme); 561 return (0); 562 563 error: 564 freezero(km, kmlen); 565 free(scheme); 566 567 *km_out = NULL; 568 *kmlen_out = 0; 569 570 return (ret); 571 } 572 573 /* This needs to be fixed to be compatible with other platforms */ 574 575 static int 576 pbkdf2(uint8_t *passphrase, size_t passphraselen, uint8_t *salt, 577 size_t saltlen, uint64_t iterations, uint8_t *output, 578 size_t outputlen) 579 { 580 int ret = 0; 581 CK_SESSION_HANDLE session; 582 char *tmpkeydata = NULL; 583 size_t tmpkeydatalen = 0; 584 CK_OBJECT_HANDLE obj; 585 586 /* initialize output */ 587 (void) memset(output, 0, outputlen); 588 589 ret = SUNW_C_GetMechSession(CKM_PKCS5_PBKD2, &session); 590 if (ret) { 591 (void) fprintf(stderr, "failed to connect to pkcs5: %s\n", 592 pkcs11_strerror(ret)); 593 return (ret); 594 } 595 596 ret = pkcs11_PasswdToPBKD2Object(session, (char *)passphrase, 597 passphraselen, salt, saltlen, iterations, CKK_AES, outputlen, 0, 598 &obj); 599 600 if (ret == CKR_OK) 601 ret = pkcs11_ObjectToKey(session, obj, (void **)&tmpkeydata, 602 &tmpkeydatalen, B_TRUE); 603 604 (void) C_CloseSession(session); 605 if (ret) { 606 (void) fprintf(stderr, "unable to generate key: %s\n", 607 pkcs11_strerror(ret)); 608 return (ret); 609 } 610 611 /* 612 * Because it allocates an area for the passphrase, we copy it out 613 * then zero the original 614 */ 615 (void) memcpy(output, tmpkeydata, tmpkeydatalen); 616 (void) memset(tmpkeydata, 0, tmpkeydatalen); 617 free(tmpkeydata); 618 619 return (ret); 620 } 621 622 /* ARGSUSED */ 623 static int 624 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters, 625 uint8_t *key_material, size_t key_material_len, uint64_t salt, 626 uint8_t **key_out) 627 { 628 int ret; 629 uint8_t *key; 630 631 *key_out = NULL; 632 633 key = zfs_alloc(hdl, WRAPPING_KEY_LEN); 634 if (!key) 635 return (ENOMEM); 636 637 switch (format) { 638 case ZFS_KEYFORMAT_RAW: 639 bcopy(key_material, key, WRAPPING_KEY_LEN); 640 break; 641 case ZFS_KEYFORMAT_HEX: 642 ret = hex_key_to_raw((char *)key_material, 643 WRAPPING_KEY_LEN * 2, key); 644 if (ret != 0) { 645 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 646 "Invalid hex key provided.")); 647 goto error; 648 } 649 break; 650 case ZFS_KEYFORMAT_PASSPHRASE: 651 salt = LE_64(salt); 652 ret = pbkdf2(key_material, strlen((char *)key_material), 653 ((uint8_t *)&salt), sizeof (uint64_t), iters, 654 key, WRAPPING_KEY_LEN); 655 if (ret != 0) { 656 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 657 "Failed to generate key from passphrase.")); 658 goto error; 659 } 660 break; 661 default: 662 ret = EINVAL; 663 goto error; 664 } 665 666 *key_out = key; 667 return (0); 668 669 error: 670 free(key); 671 672 *key_out = NULL; 673 return (ret); 674 } 675 676 static boolean_t 677 encryption_feature_is_enabled(zpool_handle_t *zph) 678 { 679 nvlist_t *features; 680 uint64_t feat_refcount; 681 682 /* check that features can be enabled */ 683 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL) 684 < SPA_VERSION_FEATURES) 685 return (B_FALSE); 686 687 /* check for crypto feature */ 688 features = zpool_get_features(zph); 689 if (!features || nvlist_lookup_uint64(features, 690 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid, 691 &feat_refcount) != 0) 692 return (B_FALSE); 693 694 return (B_TRUE); 695 } 696 697 static int 698 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl, 699 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat, 700 char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen) 701 { 702 int ret; 703 uint64_t iters = 0, salt = 0; 704 uint8_t *key_material = NULL; 705 size_t key_material_len = 0; 706 uint8_t *key_data = NULL; 707 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL; 708 709 /* get key material from keyformat and keylocation */ 710 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation, 711 fsname, &key_material, &key_material_len, NULL); 712 if (ret != 0) 713 goto error; 714 715 /* passphrase formats require a salt and pbkdf2 iters property */ 716 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) { 717 #ifdef sun 718 arc4random_buf(&salt, sizeof (salt)); 719 #else 720 random_init(); 721 722 ret = random_get_bytes((uint8_t *)&salt, sizeof (uint64_t)); 723 if (ret != 0) { 724 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 725 "Failed to generate salt.")); 726 goto error; 727 } 728 729 random_fini(); 730 #endif 731 732 ret = nvlist_add_uint64(props, 733 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt); 734 if (ret != 0) { 735 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 736 "Failed to add salt to properties.")); 737 goto error; 738 } 739 740 /* 741 * If not otherwise specified, use the default number of 742 * pbkdf2 iterations. If specified, we have already checked 743 * that the given value is greater than MIN_PBKDF2_ITERATIONS 744 * during zfs_valid_proplist(). 745 */ 746 ret = nvlist_lookup_uint64(props, 747 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters); 748 if (ret == ENOENT) { 749 iters = DEFAULT_PBKDF2_ITERATIONS; 750 ret = nvlist_add_uint64(props, 751 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters); 752 if (ret != 0) 753 goto error; 754 } else if (ret != 0) { 755 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 756 "Failed to get pbkdf2 iterations.")); 757 goto error; 758 } 759 } else { 760 /* check that pbkdf2iters was not specified by the user */ 761 ret = nvlist_lookup_uint64(props, 762 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters); 763 if (ret == 0) { 764 ret = EINVAL; 765 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 766 "Cannot specify pbkdf2iters with a non-passphrase " 767 "keyformat.")); 768 goto error; 769 } 770 } 771 772 /* derive a key from the key material */ 773 ret = derive_key(hdl, (zfs_keyformat_t)keyformat, iters, key_material, 774 key_material_len, salt, &key_data); 775 if (ret != 0) 776 goto error; 777 778 free(key_material); 779 780 *wkeydata = key_data; 781 *wkeylen = WRAPPING_KEY_LEN; 782 return (0); 783 784 error: 785 if (key_material != NULL) 786 free(key_material); 787 if (key_data != NULL) 788 free(key_data); 789 790 *wkeydata = NULL; 791 *wkeylen = 0; 792 return (ret); 793 } 794 795 static boolean_t 796 proplist_has_encryption_props(nvlist_t *props) 797 { 798 int ret; 799 uint64_t intval; 800 char *strval; 801 802 ret = nvlist_lookup_uint64(props, 803 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval); 804 if (ret == 0 && intval != ZIO_CRYPT_OFF) 805 return (B_TRUE); 806 807 ret = nvlist_lookup_string(props, 808 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval); 809 if (ret == 0 && strcmp(strval, "none") != 0) 810 return (B_TRUE); 811 812 ret = nvlist_lookup_uint64(props, 813 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval); 814 if (ret == 0) 815 return (B_TRUE); 816 817 ret = nvlist_lookup_uint64(props, 818 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval); 819 if (ret == 0) 820 return (B_TRUE); 821 822 return (B_FALSE); 823 } 824 825 int 826 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot, 827 char *buf) 828 { 829 int ret; 830 char prop_encroot[MAXNAMELEN]; 831 832 /* if the dataset isn't encrypted, just return */ 833 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) { 834 *is_encroot = B_FALSE; 835 if (buf != NULL) 836 buf[0] = '\0'; 837 return (0); 838 } 839 840 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot, 841 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE); 842 if (ret != 0) { 843 *is_encroot = B_FALSE; 844 if (buf != NULL) 845 buf[0] = '\0'; 846 return (ret); 847 } 848 849 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0; 850 if (buf != NULL) 851 (void) strcpy(buf, prop_encroot); 852 853 return (0); 854 } 855 856 int 857 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props, 858 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out, 859 uint_t *wkeylen_out) 860 { 861 int ret; 862 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT; 863 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 864 char *keylocation = NULL; 865 zfs_handle_t *pzhp = NULL; 866 uint8_t *wkeydata = NULL; 867 uint_t wkeylen = 0; 868 boolean_t local_crypt = B_TRUE; 869 870 /* lookup crypt from props */ 871 ret = nvlist_lookup_uint64(props, 872 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt); 873 if (ret != 0) 874 local_crypt = B_FALSE; 875 876 /* lookup key location and format from props */ 877 (void) nvlist_lookup_uint64(props, 878 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat); 879 (void) nvlist_lookup_string(props, 880 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 881 882 if (parent_name != NULL) { 883 /* get a reference to parent dataset */ 884 pzhp = make_dataset_handle(hdl, parent_name); 885 if (pzhp == NULL) { 886 ret = ENOENT; 887 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 888 "Failed to lookup parent.")); 889 goto out; 890 } 891 892 /* Lookup parent's crypt */ 893 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION); 894 895 /* Params require the encryption feature */ 896 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) { 897 if (proplist_has_encryption_props(props)) { 898 ret = EINVAL; 899 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 900 "Encryption feature not enabled.")); 901 goto out; 902 } 903 904 ret = 0; 905 goto out; 906 } 907 } else { 908 /* 909 * special case for root dataset where encryption feature 910 * feature won't be on disk yet 911 */ 912 if (!nvlist_exists(pool_props, "feature@encryption")) { 913 if (proplist_has_encryption_props(props)) { 914 ret = EINVAL; 915 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 916 "Encryption feature not enabled.")); 917 goto out; 918 } 919 920 ret = 0; 921 goto out; 922 } 923 924 pcrypt = ZIO_CRYPT_OFF; 925 } 926 927 /* Get the inherited encryption property if we don't have it locally */ 928 if (!local_crypt) 929 crypt = pcrypt; 930 931 /* 932 * At this point crypt should be the actual encryption value. If 933 * encryption is off just verify that no encryption properties have 934 * been specified and return. 935 */ 936 if (crypt == ZIO_CRYPT_OFF) { 937 if (proplist_has_encryption_props(props)) { 938 ret = EINVAL; 939 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 940 "Encryption must be turned on to set encryption " 941 "properties.")); 942 goto out; 943 } 944 945 ret = 0; 946 goto out; 947 } 948 949 /* 950 * If we have a parent crypt it is valid to specify encryption alone. 951 * This will result in a child that is encrypted with the chosen 952 * encryption suite that will also inherit the parent's key. If 953 * the parent is not encrypted we need an encryption suite provided. 954 */ 955 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL && 956 keyformat == ZFS_KEYFORMAT_NONE) { 957 ret = EINVAL; 958 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 959 "Keyformat required for new encryption root.")); 960 goto out; 961 } 962 963 /* 964 * Specifying a keylocation implies this will be a new encryption root. 965 * Check that a keyformat is also specified. 966 */ 967 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) { 968 ret = EINVAL; 969 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 970 "Keyformat required for new encryption root.")); 971 goto out; 972 } 973 974 /* default to prompt if no keylocation is specified */ 975 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) { 976 keylocation = "prompt"; 977 ret = nvlist_add_string(props, 978 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation); 979 if (ret != 0) 980 goto out; 981 } 982 983 /* 984 * If a local key is provided, this dataset will be a new 985 * encryption root. Populate the encryption params. 986 */ 987 if (keylocation != NULL) { 988 /* 989 * 'zfs recv -o keylocation=prompt' won't work because stdin 990 * is being used by the send stream, so we disallow it. 991 */ 992 if (!stdin_available && strcmp(keylocation, "prompt") == 0) { 993 ret = EINVAL; 994 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use " 995 "'prompt' keylocation because stdin is in use.")); 996 goto out; 997 } 998 999 ret = populate_create_encryption_params_nvlists(hdl, NULL, 1000 B_FALSE, keyformat, keylocation, props, &wkeydata, 1001 &wkeylen); 1002 if (ret != 0) 1003 goto out; 1004 } 1005 1006 if (pzhp != NULL) 1007 zfs_close(pzhp); 1008 1009 *wkeydata_out = wkeydata; 1010 *wkeylen_out = wkeylen; 1011 return (0); 1012 1013 out: 1014 if (pzhp != NULL) 1015 zfs_close(pzhp); 1016 if (wkeydata != NULL) 1017 free(wkeydata); 1018 1019 *wkeydata_out = NULL; 1020 *wkeylen_out = 0; 1021 return (ret); 1022 } 1023 1024 int 1025 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp, 1026 char *parent_name, nvlist_t *props) 1027 { 1028 /* 1029 * No encryption properties should be specified. They will all be 1030 * inherited from the origin dataset. 1031 */ 1032 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) || 1033 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) || 1034 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) || 1035 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) { 1036 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1037 "Encryption properties must inherit from origin dataset.")); 1038 return (EINVAL); 1039 } 1040 1041 return (0); 1042 } 1043 1044 typedef struct loadkeys_cbdata { 1045 uint64_t cb_numfailed; 1046 uint64_t cb_numattempted; 1047 } loadkey_cbdata_t; 1048 1049 static int 1050 load_keys_cb(zfs_handle_t *zhp, void *arg) 1051 { 1052 int ret; 1053 boolean_t is_encroot; 1054 loadkey_cbdata_t *cb = arg; 1055 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1056 1057 /* only attempt to load keys for encryption roots */ 1058 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 1059 if (ret != 0 || !is_encroot) 1060 goto out; 1061 1062 /* don't attempt to load already loaded keys */ 1063 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) 1064 goto out; 1065 1066 /* Attempt to load the key. Record status in cb. */ 1067 cb->cb_numattempted++; 1068 1069 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL); 1070 if (ret) 1071 cb->cb_numfailed++; 1072 1073 out: 1074 (void) zfs_iter_filesystems(zhp, load_keys_cb, cb); 1075 zfs_close(zhp); 1076 1077 /* always return 0, since this function is best effort */ 1078 return (0); 1079 } 1080 1081 /* 1082 * This function is best effort. It attempts to load all the keys for the given 1083 * filesystem and all of its children. 1084 */ 1085 int 1086 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname) 1087 { 1088 int ret; 1089 zfs_handle_t *zhp = NULL; 1090 loadkey_cbdata_t cb = { 0 }; 1091 1092 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME); 1093 if (zhp == NULL) { 1094 ret = ENOENT; 1095 goto error; 1096 } 1097 1098 ret = load_keys_cb(zfs_handle_dup(zhp), &cb); 1099 if (ret) 1100 goto error; 1101 1102 (void) printf(gettext("%llu / %llu keys successfully loaded\n"), 1103 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed), 1104 (u_longlong_t)cb.cb_numattempted); 1105 1106 if (cb.cb_numfailed != 0) { 1107 ret = -1; 1108 goto error; 1109 } 1110 1111 zfs_close(zhp); 1112 return (0); 1113 1114 error: 1115 if (zhp != NULL) 1116 zfs_close(zhp); 1117 return (ret); 1118 } 1119 1120 int 1121 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation) 1122 { 1123 int ret, attempts = 0; 1124 char errbuf[1024]; 1125 uint64_t keystatus, iters = 0, salt = 0; 1126 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1127 char prop_keylocation[MAXNAMELEN]; 1128 char prop_encroot[MAXNAMELEN]; 1129 char *keylocation = NULL; 1130 uint8_t *key_material = NULL, *key_data = NULL; 1131 size_t key_material_len; 1132 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE; 1133 1134 (void) snprintf(errbuf, sizeof (errbuf), 1135 dgettext(TEXT_DOMAIN, "Key load error")); 1136 1137 /* check that encryption is enabled for the pool */ 1138 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1139 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1140 "Encryption feature not enabled.")); 1141 ret = EINVAL; 1142 goto error; 1143 } 1144 1145 /* Fetch the keyformat. Check that the dataset is encrypted. */ 1146 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT); 1147 if (keyformat == ZFS_KEYFORMAT_NONE) { 1148 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1149 "'%s' is not encrypted."), zfs_get_name(zhp)); 1150 ret = EINVAL; 1151 goto error; 1152 } 1153 1154 /* 1155 * Fetch the key location. Check that we are working with an 1156 * encryption root. 1157 */ 1158 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot); 1159 if (ret != 0) { 1160 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1161 "Failed to get encryption root for '%s'."), 1162 zfs_get_name(zhp)); 1163 goto error; 1164 } else if (!is_encroot) { 1165 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1166 "Keys must be loaded for encryption root of '%s' (%s)."), 1167 zfs_get_name(zhp), prop_encroot); 1168 ret = EINVAL; 1169 goto error; 1170 } 1171 1172 /* 1173 * if the caller has elected to override the keylocation property 1174 * use that instead 1175 */ 1176 if (alt_keylocation != NULL) { 1177 keylocation = alt_keylocation; 1178 } else { 1179 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation, 1180 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE); 1181 if (ret != 0) { 1182 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1183 "Failed to get keylocation for '%s'."), 1184 zfs_get_name(zhp)); 1185 goto error; 1186 } 1187 1188 keylocation = prop_keylocation; 1189 } 1190 1191 /* check that the key is unloaded unless this is a noop */ 1192 if (!noop) { 1193 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1194 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) { 1195 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1196 "Key already loaded for '%s'."), zfs_get_name(zhp)); 1197 ret = EEXIST; 1198 goto error; 1199 } 1200 } 1201 1202 /* passphrase formats require a salt and pbkdf2_iters property */ 1203 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) { 1204 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT); 1205 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS); 1206 } 1207 1208 try_again: 1209 /* fetching and deriving the key are correctible errors. set the flag */ 1210 correctible = B_TRUE; 1211 1212 /* get key material from key format and location */ 1213 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat, 1214 keylocation, zfs_get_name(zhp), &key_material, &key_material_len, 1215 &can_retry); 1216 if (ret != 0) 1217 goto error; 1218 1219 /* derive a key from the key material */ 1220 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, 1221 key_material_len, salt, &key_data); 1222 if (ret != 0) 1223 goto error; 1224 1225 correctible = B_FALSE; 1226 1227 /* pass the wrapping key and noop flag to the ioctl */ 1228 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN); 1229 if (ret != 0) { 1230 switch (ret) { 1231 case EINVAL: 1232 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1233 "Invalid parameters provided for %s."), 1234 zfs_get_name(zhp)); 1235 break; 1236 case EEXIST: 1237 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1238 "Key already loaded for '%s'."), zfs_get_name(zhp)); 1239 break; 1240 case EBUSY: 1241 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1242 "'%s' is busy."), zfs_get_name(zhp)); 1243 break; 1244 case EACCES: 1245 correctible = B_TRUE; 1246 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1247 "Incorrect key provided for '%s'."), 1248 zfs_get_name(zhp)); 1249 break; 1250 } 1251 goto error; 1252 } 1253 1254 free(key_material); 1255 free(key_data); 1256 1257 return (0); 1258 1259 error: 1260 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1261 if (key_material != NULL) { 1262 free(key_material); 1263 key_material = NULL; 1264 } 1265 if (key_data != NULL) { 1266 free(key_data); 1267 key_data = NULL; 1268 } 1269 1270 /* 1271 * Here we decide if it is ok to allow the user to retry entering their 1272 * key. The can_retry flag will be set if the user is entering their 1273 * key from an interactive prompt. The correctible flag will only be 1274 * set if an error that occured could be corrected by retrying. Both 1275 * flags are needed to allow the user to attempt key entry again 1276 */ 1277 if (can_retry && correctible && attempts <= MAX_KEY_PROMPT_ATTEMPTS) { 1278 attempts++; 1279 goto try_again; 1280 } 1281 1282 return (ret); 1283 } 1284 1285 int 1286 zfs_crypto_unload_key(zfs_handle_t *zhp) 1287 { 1288 int ret; 1289 char errbuf[1024]; 1290 char prop_encroot[MAXNAMELEN]; 1291 uint64_t keystatus, keyformat; 1292 boolean_t is_encroot; 1293 1294 (void) snprintf(errbuf, sizeof (errbuf), 1295 dgettext(TEXT_DOMAIN, "Key unload error")); 1296 1297 /* check that encryption is enabled for the pool */ 1298 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1299 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1300 "Encryption feature not enabled.")); 1301 ret = EINVAL; 1302 goto error; 1303 } 1304 1305 /* Fetch the keyformat. Check that the dataset is encrypted. */ 1306 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT); 1307 if (keyformat == ZFS_KEYFORMAT_NONE) { 1308 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1309 "'%s' is not encrypted."), zfs_get_name(zhp)); 1310 ret = EINVAL; 1311 goto error; 1312 } 1313 1314 /* 1315 * Fetch the key location. Check that we are working with an 1316 * encryption root. 1317 */ 1318 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot); 1319 if (ret != 0) { 1320 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1321 "Failed to get encryption root for '%s'."), 1322 zfs_get_name(zhp)); 1323 goto error; 1324 } else if (!is_encroot) { 1325 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1326 "Keys must be unloaded for encryption root of '%s' (%s)."), 1327 zfs_get_name(zhp), prop_encroot); 1328 ret = EINVAL; 1329 goto error; 1330 } 1331 1332 /* check that the key is loaded */ 1333 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1334 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1335 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1336 "Key already unloaded for '%s'."), zfs_get_name(zhp)); 1337 ret = EACCES; 1338 goto error; 1339 } 1340 1341 /* call the ioctl */ 1342 ret = lzc_unload_key(zhp->zfs_name); 1343 1344 if (ret != 0) { 1345 switch (ret) { 1346 case EACCES: 1347 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1348 "Key already unloaded for '%s'."), 1349 zfs_get_name(zhp)); 1350 break; 1351 case EBUSY: 1352 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1353 "'%s' is busy."), zfs_get_name(zhp)); 1354 break; 1355 } 1356 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1357 } 1358 1359 return (ret); 1360 1361 error: 1362 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1363 return (ret); 1364 } 1365 1366 static int 1367 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props, 1368 nvlist_t **props_out, char *errbuf) 1369 { 1370 int ret; 1371 nvpair_t *elem = NULL; 1372 zfs_prop_t prop; 1373 nvlist_t *new_props = NULL; 1374 1375 new_props = fnvlist_alloc(); 1376 1377 /* 1378 * loop through all provided properties, we should only have 1379 * keyformat, keylocation and pbkdf2iters. The actual validation of 1380 * values is done by zfs_valid_proplist(). 1381 */ 1382 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) { 1383 const char *propname = nvpair_name(elem); 1384 prop = zfs_name_to_prop(propname); 1385 1386 switch (prop) { 1387 case ZFS_PROP_PBKDF2_ITERS: 1388 case ZFS_PROP_KEYFORMAT: 1389 case ZFS_PROP_KEYLOCATION: 1390 break; 1391 default: 1392 ret = EINVAL; 1393 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1394 "Only keyformat, keylocation and pbkdf2iters may " 1395 "be set with this command.")); 1396 goto error; 1397 } 1398 } 1399 1400 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props, 1401 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl, 1402 B_TRUE, errbuf); 1403 if (new_props == NULL) 1404 goto error; 1405 1406 *props_out = new_props; 1407 return (0); 1408 1409 error: 1410 nvlist_free(new_props); 1411 *props_out = NULL; 1412 return (ret); 1413 } 1414 1415 int 1416 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey) 1417 { 1418 int ret; 1419 char errbuf[1024]; 1420 boolean_t is_encroot; 1421 nvlist_t *props = NULL; 1422 uint8_t *wkeydata = NULL; 1423 uint_t wkeylen = 0; 1424 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY; 1425 uint64_t crypt, pcrypt, keystatus, pkeystatus; 1426 uint64_t keyformat = ZFS_KEYFORMAT_NONE; 1427 zfs_handle_t *pzhp = NULL; 1428 char *keylocation = NULL; 1429 char origin_name[MAXNAMELEN]; 1430 char prop_keylocation[MAXNAMELEN]; 1431 char parent_name[ZFS_MAX_DATASET_NAME_LEN]; 1432 1433 (void) snprintf(errbuf, sizeof (errbuf), 1434 dgettext(TEXT_DOMAIN, "Key change error")); 1435 1436 /* check that encryption is enabled for the pool */ 1437 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) { 1438 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1439 "Encryption feature not enabled.")); 1440 ret = EINVAL; 1441 goto error; 1442 } 1443 1444 /* get crypt from dataset */ 1445 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION); 1446 if (crypt == ZIO_CRYPT_OFF) { 1447 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1448 "Dataset not encrypted.")); 1449 ret = EINVAL; 1450 goto error; 1451 } 1452 1453 /* get the encryption root of the dataset */ 1454 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 1455 if (ret != 0) { 1456 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1457 "Failed to get encryption root for '%s'."), 1458 zfs_get_name(zhp)); 1459 goto error; 1460 } 1461 1462 /* Clones use their origin's key and cannot rewrap it */ 1463 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name, 1464 sizeof (origin_name), NULL, NULL, 0, B_TRUE); 1465 if (ret == 0 && strcmp(origin_name, "") != 0) { 1466 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1467 "Keys cannot be changed on clones.")); 1468 ret = EINVAL; 1469 goto error; 1470 } 1471 1472 /* 1473 * If the user wants to use the inheritkey variant of this function 1474 * we don't need to collect any crypto arguments. 1475 */ 1476 if (!inheritkey) { 1477 /* validate the provided properties */ 1478 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props, 1479 errbuf); 1480 if (ret != 0) 1481 goto error; 1482 1483 /* 1484 * Load keyformat and keylocation from the nvlist. Fetch from 1485 * the dataset properties if not specified. 1486 */ 1487 (void) nvlist_lookup_uint64(props, 1488 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat); 1489 (void) nvlist_lookup_string(props, 1490 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 1491 1492 if (is_encroot) { 1493 /* 1494 * If this is already an ecryption root, just keep 1495 * any properties not set by the user. 1496 */ 1497 if (keyformat == ZFS_KEYFORMAT_NONE) { 1498 keyformat = zfs_prop_get_int(zhp, 1499 ZFS_PROP_KEYFORMAT); 1500 ret = nvlist_add_uint64(props, 1501 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), 1502 keyformat); 1503 } 1504 1505 if (keylocation == NULL) { 1506 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, 1507 prop_keylocation, sizeof (prop_keylocation), 1508 NULL, NULL, 0, B_TRUE); 1509 if (ret != 0) { 1510 zfs_error_aux(zhp->zfs_hdl, 1511 dgettext(TEXT_DOMAIN, "Failed to " 1512 "get existing keylocation " 1513 "property.")); 1514 goto error; 1515 } 1516 1517 keylocation = prop_keylocation; 1518 } 1519 } else { 1520 /* need a new key for non-encryption roots */ 1521 if (keyformat == ZFS_KEYFORMAT_NONE) { 1522 ret = EINVAL; 1523 zfs_error_aux(zhp->zfs_hdl, 1524 dgettext(TEXT_DOMAIN, "Keyformat required " 1525 "for new encryption root.")); 1526 goto error; 1527 } 1528 1529 /* default to prompt if no keylocation is specified */ 1530 if (keylocation == NULL) { 1531 keylocation = "prompt"; 1532 ret = nvlist_add_string(props, 1533 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), 1534 keylocation); 1535 if (ret != 0) 1536 goto error; 1537 } 1538 } 1539 1540 /* fetch the new wrapping key and associated properties */ 1541 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl, 1542 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata, 1543 &wkeylen); 1544 if (ret != 0) 1545 goto error; 1546 } else { 1547 /* check that zhp is an encryption root */ 1548 if (!is_encroot) { 1549 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1550 "Key inheriting can only be performed on " 1551 "encryption roots.")); 1552 ret = EINVAL; 1553 goto error; 1554 } 1555 1556 /* get the parent's name */ 1557 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name)); 1558 if (ret != 0) { 1559 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1560 "Root dataset cannot inherit key.")); 1561 ret = EINVAL; 1562 goto error; 1563 } 1564 1565 /* get a handle to the parent */ 1566 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name); 1567 if (pzhp == NULL) { 1568 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1569 "Failed to lookup parent.")); 1570 ret = ENOENT; 1571 goto error; 1572 } 1573 1574 /* parent must be encrypted */ 1575 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION); 1576 if (pcrypt == ZIO_CRYPT_OFF) { 1577 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1578 "Parent must be encrypted.")); 1579 ret = EINVAL; 1580 goto error; 1581 } 1582 1583 /* check that the parent's key is loaded */ 1584 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS); 1585 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1586 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1587 "Parent key must be loaded.")); 1588 ret = EACCES; 1589 goto error; 1590 } 1591 } 1592 1593 /* check that the key is loaded */ 1594 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS); 1595 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) { 1596 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1597 "Key must be loaded.")); 1598 ret = EACCES; 1599 goto error; 1600 } 1601 1602 /* call the ioctl */ 1603 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen); 1604 if (ret != 0) { 1605 switch (ret) { 1606 case EINVAL: 1607 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1608 "Invalid properties for key change.")); 1609 break; 1610 case EACCES: 1611 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 1612 "Key is not currently loaded.")); 1613 break; 1614 } 1615 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1616 } 1617 1618 if (pzhp != NULL) 1619 zfs_close(pzhp); 1620 if (props != NULL) 1621 nvlist_free(props); 1622 if (wkeydata != NULL) 1623 free(wkeydata); 1624 1625 return (ret); 1626 1627 error: 1628 if (pzhp != NULL) 1629 zfs_close(pzhp); 1630 if (props != NULL) 1631 nvlist_free(props); 1632 if (wkeydata != NULL) 1633 free(wkeydata); 1634 1635 (void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf); 1636 return (ret); 1637 } 1638