1 /*
2 * CDDL HEADER START
3 *
4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
7 * 1.0 of the CDDL.
8 *
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
12 *
13 * CDDL HEADER END
14 */
15
16 /*
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
18 * Copyright 2020 Joyent, Inc.
19 */
20
21 #include <sys/zfs_context.h>
22 #include <sys/fs/zfs.h>
23 #include <sys/dsl_crypt.h>
24 #include <libintl.h>
25 #include <termios.h>
26 #include <signal.h>
27 #include <errno.h>
28 #include <openssl/evp.h>
29 #include <libzfs.h>
30 #include "libzfs_impl.h"
31 #include "zfeature_common.h"
32
33 /*
34 * User keys are used to decrypt the master encryption keys of a dataset. This
35 * indirection allows a user to change his / her access key without having to
36 * re-encrypt the entire dataset. User keys can be provided in one of several
37 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
38 * are converted to binary and passed into the kernel. Password based keys are
39 * a bit more complicated. Passwords alone do not provide suitable entropy for
40 * encryption and may be too short or too long to be used. In order to derive
41 * a more appropriate key we use a PBKDF2 function. This function is designed
42 * to take a (relatively) long time to calculate in order to discourage
43 * attackers from guessing from a list of common passwords. PBKDF2 requires
44 * 2 additional parameters. The first is the number of iterations to run, which
45 * will ultimately determine how long it takes to derive the resulting key from
46 * the password. The second parameter is a salt that is randomly generated for
47 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
48 * attackers cannot reasonably generate a table of commonly known passwords to
49 * their output keys and expect it work for all past and future PBKDF2 users.
50 * We store the salt as a hidden property of the dataset (although it is
51 * technically ok if the salt is known to the attacker).
52 */
53
54 typedef enum key_locator {
55 KEY_LOCATOR_NONE,
56 KEY_LOCATOR_PROMPT,
57 KEY_LOCATOR_URI
58 } key_locator_t;
59
60 #define MIN_PASSPHRASE_LEN 8
61 #define MAX_PASSPHRASE_LEN 512
62 #define MAX_KEY_PROMPT_ATTEMPTS 3
63
64 static int caught_interrupt;
65
66 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
67 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
68
69 static zfs_uri_handler_t uri_handlers[] = {
70 { "file", get_key_material_file },
71 { NULL, NULL }
72 };
73
74 static int
pkcs11_get_urandom(uint8_t * buf,size_t bytes)75 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
76 {
77 int rand;
78 ssize_t bytes_read = 0;
79
80 rand = open("/dev/urandom", O_RDONLY);
81
82 if (rand < 0)
83 return (rand);
84
85 while (bytes_read < bytes) {
86 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
87 if (rc < 0)
88 break;
89 bytes_read += rc;
90 }
91
92 (void) close(rand);
93
94 return (bytes_read);
95 }
96
97 static int
zfs_prop_parse_keylocation(libzfs_handle_t * restrict hdl,const char * str,zfs_keylocation_t * restrict locp,char ** restrict schemep)98 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
99 zfs_keylocation_t *restrict locp, char **restrict schemep)
100 {
101 *locp = ZFS_KEYLOCATION_NONE;
102 *schemep = NULL;
103
104 if (strcmp("prompt", str) == 0) {
105 *locp = ZFS_KEYLOCATION_PROMPT;
106 return (0);
107 }
108
109 regmatch_t pmatch[2];
110
111 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),
112 pmatch, 0) == 0) {
113 size_t scheme_len;
114
115 if (pmatch[1].rm_so == -1) {
116 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
117 "Invalid URI"));
118 return (EINVAL);
119 }
120
121 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;
122
123 *schemep = calloc(1, scheme_len + 1);
124 if (*schemep == NULL) {
125 int ret = errno;
126
127 errno = 0;
128 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
129 "Invalid URI"));
130 return (ret);
131 }
132
133 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);
134 *locp = ZFS_KEYLOCATION_URI;
135 return (0);
136 }
137
138 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
139 return (EINVAL);
140 }
141
142 static int
hex_key_to_raw(char * hex,int hexlen,uint8_t * out)143 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
144 {
145 int ret, i;
146 unsigned int c;
147
148 for (i = 0; i < hexlen; i += 2) {
149 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
150 ret = EINVAL;
151 goto error;
152 }
153
154 ret = sscanf(&hex[i], "%02x", &c);
155 if (ret != 1) {
156 ret = EINVAL;
157 goto error;
158 }
159
160 out[i / 2] = c;
161 }
162
163 return (0);
164
165 error:
166 return (ret);
167 }
168
169
170 static void
catch_signal(int sig)171 catch_signal(int sig)
172 {
173 caught_interrupt = sig;
174 }
175
176 static const char *
get_format_prompt_string(zfs_keyformat_t format)177 get_format_prompt_string(zfs_keyformat_t format)
178 {
179 switch (format) {
180 case ZFS_KEYFORMAT_RAW:
181 return ("raw key");
182 case ZFS_KEYFORMAT_HEX:
183 return ("hex key");
184 case ZFS_KEYFORMAT_PASSPHRASE:
185 return ("passphrase");
186 default:
187 /* shouldn't happen */
188 return (NULL);
189 }
190 }
191
192 /* do basic validation of the key material */
193 static int
validate_key(libzfs_handle_t * hdl,zfs_keyformat_t keyformat,const char * key,size_t keylen)194 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
195 const char *key, size_t keylen)
196 {
197 switch (keyformat) {
198 case ZFS_KEYFORMAT_RAW:
199 /* verify the key length is correct */
200 if (keylen < WRAPPING_KEY_LEN) {
201 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
202 "Raw key too short (expected %u)."),
203 WRAPPING_KEY_LEN);
204 return (EINVAL);
205 }
206
207 if (keylen > WRAPPING_KEY_LEN) {
208 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
209 "Raw key too long (expected %u)."),
210 WRAPPING_KEY_LEN);
211 return (EINVAL);
212 }
213 break;
214 case ZFS_KEYFORMAT_HEX:
215 /* verify the key length is correct */
216 if (keylen < WRAPPING_KEY_LEN * 2) {
217 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
218 "Hex key too short (expected %u)."),
219 WRAPPING_KEY_LEN * 2);
220 return (EINVAL);
221 }
222
223 if (keylen > WRAPPING_KEY_LEN * 2) {
224 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
225 "Hex key too long (expected %u)."),
226 WRAPPING_KEY_LEN * 2);
227 return (EINVAL);
228 }
229
230 /* check for invalid hex digits */
231 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
232 if (!isxdigit(key[i])) {
233 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
234 "Invalid hex character detected."));
235 return (EINVAL);
236 }
237 }
238 break;
239 case ZFS_KEYFORMAT_PASSPHRASE:
240 /* verify the length is within bounds */
241 if (keylen > MAX_PASSPHRASE_LEN) {
242 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
243 "Passphrase too long (max %u)."),
244 MAX_PASSPHRASE_LEN);
245 return (EINVAL);
246 }
247
248 if (keylen < MIN_PASSPHRASE_LEN) {
249 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
250 "Passphrase too short (min %u)."),
251 MIN_PASSPHRASE_LEN);
252 return (EINVAL);
253 }
254 break;
255 default:
256 /* can't happen, checked above */
257 break;
258 }
259
260 return (0);
261 }
262
263 static int
libzfs_getpassphrase(zfs_keyformat_t keyformat,boolean_t is_reenter,boolean_t new_key,const char * fsname,char ** restrict res,size_t * restrict reslen)264 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
265 boolean_t new_key, const char *fsname,
266 char **restrict res, size_t *restrict reslen)
267 {
268 FILE *f = stdin;
269 size_t buflen = 0;
270 ssize_t bytes;
271 int ret = 0;
272 struct termios old_term, new_term;
273 struct sigaction act, osigint, osigtstp;
274
275 *res = NULL;
276 *reslen = 0;
277
278 /*
279 * handle SIGINT and ignore SIGSTP. This is necessary to
280 * restore the state of the terminal.
281 */
282 caught_interrupt = 0;
283 act.sa_flags = 0;
284 (void) sigemptyset(&act.sa_mask);
285 act.sa_handler = catch_signal;
286
287 (void) sigaction(SIGINT, &act, &osigint);
288 act.sa_handler = SIG_IGN;
289 (void) sigaction(SIGTSTP, &act, &osigtstp);
290
291 (void) printf("%s %s%s",
292 is_reenter ? "Re-enter" : "Enter",
293 new_key ? "new " : "",
294 get_format_prompt_string(keyformat));
295 if (fsname != NULL)
296 (void) printf(" for '%s'", fsname);
297 (void) fputc(':', stdout);
298 (void) fflush(stdout);
299
300 /* disable the terminal echo for key input */
301 (void) tcgetattr(fileno(f), &old_term);
302
303 new_term = old_term;
304 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
305
306 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
307 if (ret != 0) {
308 ret = errno;
309 errno = 0;
310 goto out;
311 }
312
313 bytes = getline(res, &buflen, f);
314 if (bytes < 0) {
315 ret = errno;
316 errno = 0;
317 goto out;
318 }
319
320 /* trim the ending newline if it exists */
321 if (bytes > 0 && (*res)[bytes - 1] == '\n') {
322 (*res)[bytes - 1] = '\0';
323 bytes--;
324 }
325
326 *reslen = bytes;
327
328 out:
329 /* reset the terminal */
330 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
331 (void) sigaction(SIGINT, &osigint, NULL);
332 (void) sigaction(SIGTSTP, &osigtstp, NULL);
333
334 /* if we caught a signal, re-throw it now */
335 if (caught_interrupt != 0)
336 (void) kill(getpid(), caught_interrupt);
337
338 /* print the newline that was not echo'd */
339 (void) printf("\n");
340
341 return (ret);
342 }
343
344 static int
get_key_interactive(libzfs_handle_t * restrict hdl,const char * fsname,zfs_keyformat_t keyformat,boolean_t confirm_key,boolean_t newkey,uint8_t ** restrict outbuf,size_t * restrict len_out)345 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
346 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
347 uint8_t **restrict outbuf, size_t *restrict len_out)
348 {
349 char *buf = NULL, *buf2 = NULL;
350 size_t buflen = 0, buf2len = 0;
351 int ret = 0;
352
353 ASSERT(isatty(fileno(stdin)));
354
355 /* raw keys cannot be entered on the terminal */
356 if (keyformat == ZFS_KEYFORMAT_RAW) {
357 ret = EINVAL;
358 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
359 "Cannot enter raw keys on the terminal"));
360 goto out;
361 }
362
363 /* prompt for the key */
364 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
365 &buf, &buflen)) != 0) {
366 free(buf);
367 buf = NULL;
368 buflen = 0;
369 goto out;
370 }
371
372 if (!confirm_key)
373 goto out;
374
375 if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) {
376 free(buf);
377 return (ret);
378 }
379
380 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
381 &buf2len);
382 if (ret != 0) {
383 free(buf);
384 free(buf2);
385 buf = buf2 = NULL;
386 buflen = buf2len = 0;
387 goto out;
388 }
389
390 if (buflen != buf2len || strcmp(buf, buf2) != 0) {
391 free(buf);
392 buf = NULL;
393 buflen = 0;
394
395 ret = EINVAL;
396 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
397 "Provided keys do not match."));
398 }
399
400 free(buf2);
401
402 out:
403 *outbuf = (uint8_t *)buf;
404 *len_out = buflen;
405 return (ret);
406 }
407
408 static int
get_key_material_raw(FILE * fd,zfs_keyformat_t keyformat,uint8_t ** buf,size_t * len_out)409 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
410 uint8_t **buf, size_t *len_out)
411 {
412 int ret = 0;
413 size_t buflen = 0;
414
415 *len_out = 0;
416
417 /* read the key material */
418 if (keyformat != ZFS_KEYFORMAT_RAW) {
419 ssize_t bytes;
420
421 bytes = getline((char **)buf, &buflen, fd);
422 if (bytes < 0) {
423 ret = errno;
424 errno = 0;
425 goto out;
426 }
427
428 /* trim the ending newline if it exists */
429 if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
430 (*buf)[bytes - 1] = '\0';
431 bytes--;
432 }
433
434 *len_out = bytes;
435 } else {
436 size_t n;
437
438 /*
439 * Raw keys may have newline characters in them and so can't
440 * use getline(). Here we attempt to read 33 bytes so that we
441 * can properly check the key length (the file should only have
442 * 32 bytes).
443 */
444 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
445 if (*buf == NULL) {
446 ret = ENOMEM;
447 goto out;
448 }
449
450 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
451 if (n == 0 || ferror(fd)) {
452 /* size errors are handled by the calling function */
453 free(*buf);
454 *buf = NULL;
455 ret = errno;
456 errno = 0;
457 goto out;
458 }
459
460 *len_out = n;
461 }
462 out:
463 return (ret);
464 }
465
466 static int
get_key_material_file(libzfs_handle_t * hdl,const char * uri,const char * fsname,zfs_keyformat_t keyformat,boolean_t newkey,uint8_t ** restrict buf,size_t * restrict len_out)467 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
468 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
469 uint8_t **restrict buf, size_t *restrict len_out)
470 {
471 FILE *f = NULL;
472 int ret = 0;
473
474 if (strlen(uri) < 7)
475 return (EINVAL);
476
477 if ((f = fopen(uri + 7, "r")) == NULL) {
478 ret = errno;
479 errno = 0;
480 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
481 "Failed to open key material file"));
482 return (ret);
483 }
484
485 ret = get_key_material_raw(f, keyformat, buf, len_out);
486
487 (void) fclose(f);
488
489 return (ret);
490 }
491
492 /*
493 * Attempts to fetch key material, no matter where it might live. The key
494 * material is allocated and returned in km_out. *can_retry_out will be set
495 * to B_TRUE if the user is providing the key material interactively, allowing
496 * for re-entry attempts.
497 */
498 static int
get_key_material(libzfs_handle_t * hdl,boolean_t do_verify,boolean_t newkey,zfs_keyformat_t keyformat,char * keylocation,const char * fsname,uint8_t ** km_out,size_t * kmlen_out,boolean_t * can_retry_out)499 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
500 zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
501 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
502 {
503 int ret;
504 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
505 uint8_t *km = NULL;
506 size_t kmlen = 0;
507 char *uri_scheme = NULL;
508 zfs_uri_handler_t *handler = NULL;
509 boolean_t can_retry = B_FALSE;
510
511 /* verify and parse the keylocation */
512 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,
513 &uri_scheme);
514 if (ret != 0)
515 goto error;
516
517 /* open the appropriate file descriptor */
518 switch (keyloc) {
519 case ZFS_KEYLOCATION_PROMPT:
520 if (isatty(fileno(stdin))) {
521 can_retry = B_TRUE;
522 ret = get_key_interactive(hdl, fsname, keyformat,
523 do_verify, newkey, &km, &kmlen);
524 } else {
525 /* fetch the key material into the buffer */
526 ret = get_key_material_raw(stdin, keyformat, &km,
527 &kmlen);
528 }
529
530 if (ret != 0)
531 goto error;
532
533 break;
534 case ZFS_KEYLOCATION_URI:
535 for (handler = uri_handlers; handler->zuh_scheme != NULL;
536 handler++) {
537 if (strcmp(handler->zuh_scheme, uri_scheme) != 0)
538 continue;
539
540 if ((ret = handler->zuh_handler(hdl, keylocation,
541 fsname, keyformat, newkey, &km, &kmlen)) != 0)
542 goto error;
543
544 break;
545 }
546
547 ret = ENOTSUP;
548 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
549 "URI scheme is not supported"));
550
551 break;
552 default:
553 ret = EINVAL;
554 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
555 "Invalid keylocation."));
556 goto error;
557 }
558
559 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0)
560 goto error;
561
562 *km_out = km;
563 *kmlen_out = kmlen;
564 if (can_retry_out != NULL)
565 *can_retry_out = can_retry;
566
567 free(uri_scheme);
568 return (0);
569
570 error:
571 free(km);
572
573 *km_out = NULL;
574 *kmlen_out = 0;
575
576 if (can_retry_out != NULL)
577 *can_retry_out = can_retry;
578
579 free(uri_scheme);
580 return (ret);
581 }
582
583 static int
derive_key(libzfs_handle_t * hdl,zfs_keyformat_t format,uint64_t iters,uint8_t * key_material,size_t key_material_len,uint64_t salt,uint8_t ** key_out)584 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
585 uint8_t *key_material, size_t key_material_len, uint64_t salt,
586 uint8_t **key_out)
587 {
588 int ret;
589 uint8_t *key;
590
591 *key_out = NULL;
592
593 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
594 if (!key)
595 return (ENOMEM);
596
597 switch (format) {
598 case ZFS_KEYFORMAT_RAW:
599 bcopy(key_material, key, WRAPPING_KEY_LEN);
600 break;
601 case ZFS_KEYFORMAT_HEX:
602 ret = hex_key_to_raw((char *)key_material,
603 WRAPPING_KEY_LEN * 2, key);
604 if (ret != 0) {
605 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
606 "Invalid hex key provided."));
607 goto error;
608 }
609 break;
610 case ZFS_KEYFORMAT_PASSPHRASE:
611 salt = LE_64(salt);
612
613 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
614 strlen((char *)key_material), ((uint8_t *)&salt),
615 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
616 if (ret != 1) {
617 ret = EIO;
618 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
619 "Failed to generate key from passphrase."));
620 goto error;
621 }
622 break;
623 default:
624 ret = EINVAL;
625 goto error;
626 }
627
628 *key_out = key;
629 return (0);
630
631 error:
632 free(key);
633
634 *key_out = NULL;
635 return (ret);
636 }
637
638 static boolean_t
encryption_feature_is_enabled(zpool_handle_t * zph)639 encryption_feature_is_enabled(zpool_handle_t *zph)
640 {
641 nvlist_t *features;
642 uint64_t feat_refcount;
643
644 /* check that features can be enabled */
645 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
646 < SPA_VERSION_FEATURES)
647 return (B_FALSE);
648
649 /* check for crypto feature */
650 features = zpool_get_features(zph);
651 if (!features || nvlist_lookup_uint64(features,
652 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
653 &feat_refcount) != 0)
654 return (B_FALSE);
655
656 return (B_TRUE);
657 }
658
659 static int
populate_create_encryption_params_nvlists(libzfs_handle_t * hdl,zfs_handle_t * zhp,boolean_t newkey,zfs_keyformat_t keyformat,char * keylocation,nvlist_t * props,uint8_t ** wkeydata,uint_t * wkeylen)660 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
661 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
662 char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
663 {
664 int ret;
665 uint64_t iters = 0, salt = 0;
666 uint8_t *key_material = NULL;
667 size_t key_material_len = 0;
668 uint8_t *key_data = NULL;
669 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
670
671 /* get key material from keyformat and keylocation */
672 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
673 fsname, &key_material, &key_material_len, NULL);
674 if (ret != 0)
675 goto error;
676
677 /* passphrase formats require a salt and pbkdf2 iters property */
678 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
679 /* always generate a new salt */
680 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
681 if (ret != sizeof (uint64_t)) {
682 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
683 "Failed to generate salt."));
684 goto error;
685 }
686
687 ret = nvlist_add_uint64(props,
688 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
689 if (ret != 0) {
690 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
691 "Failed to add salt to properties."));
692 goto error;
693 }
694
695 /*
696 * If not otherwise specified, use the default number of
697 * pbkdf2 iterations. If specified, we have already checked
698 * that the given value is greater than MIN_PBKDF2_ITERATIONS
699 * during zfs_valid_proplist().
700 */
701 ret = nvlist_lookup_uint64(props,
702 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
703 if (ret == ENOENT) {
704 iters = DEFAULT_PBKDF2_ITERATIONS;
705 ret = nvlist_add_uint64(props,
706 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
707 if (ret != 0)
708 goto error;
709 } else if (ret != 0) {
710 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
711 "Failed to get pbkdf2 iterations."));
712 goto error;
713 }
714 } else {
715 /* check that pbkdf2iters was not specified by the user */
716 ret = nvlist_lookup_uint64(props,
717 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
718 if (ret == 0) {
719 ret = EINVAL;
720 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
721 "Cannot specify pbkdf2iters with a non-passphrase "
722 "keyformat."));
723 goto error;
724 }
725 }
726
727 /* derive a key from the key material */
728 ret = derive_key(hdl, keyformat, iters, key_material, key_material_len,
729 salt, &key_data);
730 if (ret != 0)
731 goto error;
732
733 free(key_material);
734
735 *wkeydata = key_data;
736 *wkeylen = WRAPPING_KEY_LEN;
737 return (0);
738
739 error:
740 if (key_material != NULL)
741 free(key_material);
742 if (key_data != NULL)
743 free(key_data);
744
745 *wkeydata = NULL;
746 *wkeylen = 0;
747 return (ret);
748 }
749
750 static boolean_t
proplist_has_encryption_props(nvlist_t * props)751 proplist_has_encryption_props(nvlist_t *props)
752 {
753 int ret;
754 uint64_t intval;
755 char *strval;
756
757 ret = nvlist_lookup_uint64(props,
758 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
759 if (ret == 0 && intval != ZIO_CRYPT_OFF)
760 return (B_TRUE);
761
762 ret = nvlist_lookup_string(props,
763 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
764 if (ret == 0 && strcmp(strval, "none") != 0)
765 return (B_TRUE);
766
767 ret = nvlist_lookup_uint64(props,
768 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
769 if (ret == 0)
770 return (B_TRUE);
771
772 ret = nvlist_lookup_uint64(props,
773 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
774 if (ret == 0)
775 return (B_TRUE);
776
777 return (B_FALSE);
778 }
779
780 int
zfs_crypto_get_encryption_root(zfs_handle_t * zhp,boolean_t * is_encroot,char * buf)781 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
782 char *buf)
783 {
784 int ret;
785 char prop_encroot[MAXNAMELEN];
786
787 /* if the dataset isn't encrypted, just return */
788 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
789 *is_encroot = B_FALSE;
790 if (buf != NULL)
791 buf[0] = '\0';
792 return (0);
793 }
794
795 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
796 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
797 if (ret != 0) {
798 *is_encroot = B_FALSE;
799 if (buf != NULL)
800 buf[0] = '\0';
801 return (ret);
802 }
803
804 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
805 if (buf != NULL)
806 strcpy(buf, prop_encroot);
807
808 return (0);
809 }
810
811 int
zfs_crypto_create(libzfs_handle_t * hdl,char * parent_name,nvlist_t * props,nvlist_t * pool_props,boolean_t stdin_available,uint8_t ** wkeydata_out,uint_t * wkeylen_out)812 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
813 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
814 uint_t *wkeylen_out)
815 {
816 int ret;
817 char errbuf[1024];
818 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
819 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
820 char *keylocation = NULL;
821 zfs_handle_t *pzhp = NULL;
822 uint8_t *wkeydata = NULL;
823 uint_t wkeylen = 0;
824 boolean_t local_crypt = B_TRUE;
825
826 (void) snprintf(errbuf, sizeof (errbuf),
827 dgettext(TEXT_DOMAIN, "Encryption create error"));
828
829 /* lookup crypt from props */
830 ret = nvlist_lookup_uint64(props,
831 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
832 if (ret != 0)
833 local_crypt = B_FALSE;
834
835 /* lookup key location and format from props */
836 (void) nvlist_lookup_uint64(props,
837 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
838 (void) nvlist_lookup_string(props,
839 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
840
841 if (parent_name != NULL) {
842 /* get a reference to parent dataset */
843 pzhp = make_dataset_handle(hdl, parent_name);
844 if (pzhp == NULL) {
845 ret = ENOENT;
846 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
847 "Failed to lookup parent."));
848 goto out;
849 }
850
851 /* Lookup parent's crypt */
852 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
853
854 /* Params require the encryption feature */
855 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
856 if (proplist_has_encryption_props(props)) {
857 ret = EINVAL;
858 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
859 "Encryption feature not enabled."));
860 goto out;
861 }
862
863 ret = 0;
864 goto out;
865 }
866 } else {
867 /*
868 * special case for root dataset where encryption feature
869 * feature won't be on disk yet
870 */
871 if (!nvlist_exists(pool_props, "feature@encryption")) {
872 if (proplist_has_encryption_props(props)) {
873 ret = EINVAL;
874 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
875 "Encryption feature not enabled."));
876 goto out;
877 }
878
879 ret = 0;
880 goto out;
881 }
882
883 pcrypt = ZIO_CRYPT_OFF;
884 }
885
886 /* Get the inherited encryption property if we don't have it locally */
887 if (!local_crypt)
888 crypt = pcrypt;
889
890 /*
891 * At this point crypt should be the actual encryption value. If
892 * encryption is off just verify that no encryption properties have
893 * been specified and return.
894 */
895 if (crypt == ZIO_CRYPT_OFF) {
896 if (proplist_has_encryption_props(props)) {
897 ret = EINVAL;
898 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
899 "Encryption must be turned on to set encryption "
900 "properties."));
901 goto out;
902 }
903
904 ret = 0;
905 goto out;
906 }
907
908 /*
909 * If we have a parent crypt it is valid to specify encryption alone.
910 * This will result in a child that is encrypted with the chosen
911 * encryption suite that will also inherit the parent's key. If
912 * the parent is not encrypted we need an encryption suite provided.
913 */
914 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
915 keyformat == ZFS_KEYFORMAT_NONE) {
916 ret = EINVAL;
917 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
918 "Keyformat required for new encryption root."));
919 goto out;
920 }
921
922 /*
923 * Specifying a keylocation implies this will be a new encryption root.
924 * Check that a keyformat is also specified.
925 */
926 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
927 ret = EINVAL;
928 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
929 "Keyformat required for new encryption root."));
930 goto out;
931 }
932
933 /* default to prompt if no keylocation is specified */
934 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
935 keylocation = "prompt";
936 ret = nvlist_add_string(props,
937 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
938 if (ret != 0)
939 goto out;
940 }
941
942 /*
943 * If a local key is provided, this dataset will be a new
944 * encryption root. Populate the encryption params.
945 */
946 if (keylocation != NULL) {
947 /*
948 * 'zfs recv -o keylocation=prompt' won't work because stdin
949 * is being used by the send stream, so we disallow it.
950 */
951 if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
952 ret = EINVAL;
953 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
954 "'prompt' keylocation because stdin is in use."));
955 goto out;
956 }
957
958 ret = populate_create_encryption_params_nvlists(hdl, NULL,
959 B_FALSE, keyformat, keylocation, props, &wkeydata,
960 &wkeylen);
961 if (ret != 0)
962 goto out;
963 }
964
965 if (pzhp != NULL)
966 zfs_close(pzhp);
967
968 *wkeydata_out = wkeydata;
969 *wkeylen_out = wkeylen;
970 return (0);
971
972 out:
973 if (pzhp != NULL)
974 zfs_close(pzhp);
975 if (wkeydata != NULL)
976 free(wkeydata);
977
978 *wkeydata_out = NULL;
979 *wkeylen_out = 0;
980 return (ret);
981 }
982
983 int
zfs_crypto_clone_check(libzfs_handle_t * hdl,zfs_handle_t * origin_zhp,char * parent_name,nvlist_t * props)984 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
985 char *parent_name, nvlist_t *props)
986 {
987 char errbuf[1024];
988
989 (void) snprintf(errbuf, sizeof (errbuf),
990 dgettext(TEXT_DOMAIN, "Encryption clone error"));
991
992 /*
993 * No encryption properties should be specified. They will all be
994 * inherited from the origin dataset.
995 */
996 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
997 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
998 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
999 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1000 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1001 "Encryption properties must inherit from origin dataset."));
1002 return (EINVAL);
1003 }
1004
1005 return (0);
1006 }
1007
1008 typedef struct loadkeys_cbdata {
1009 uint64_t cb_numfailed;
1010 uint64_t cb_numattempted;
1011 } loadkey_cbdata_t;
1012
1013 static int
load_keys_cb(zfs_handle_t * zhp,void * arg)1014 load_keys_cb(zfs_handle_t *zhp, void *arg)
1015 {
1016 int ret;
1017 boolean_t is_encroot;
1018 loadkey_cbdata_t *cb = arg;
1019 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1020
1021 /* only attempt to load keys for encryption roots */
1022 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1023 if (ret != 0 || !is_encroot)
1024 goto out;
1025
1026 /* don't attempt to load already loaded keys */
1027 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1028 goto out;
1029
1030 /* Attempt to load the key. Record status in cb. */
1031 cb->cb_numattempted++;
1032
1033 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1034 if (ret)
1035 cb->cb_numfailed++;
1036
1037 out:
1038 (void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
1039 zfs_close(zhp);
1040
1041 /* always return 0, since this function is best effort */
1042 return (0);
1043 }
1044
1045 /*
1046 * This function is best effort. It attempts to load all the keys for the given
1047 * filesystem and all of its children.
1048 */
1049 int
zfs_crypto_attempt_load_keys(libzfs_handle_t * hdl,char * fsname)1050 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
1051 {
1052 int ret;
1053 zfs_handle_t *zhp = NULL;
1054 loadkey_cbdata_t cb = { 0 };
1055
1056 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1057 if (zhp == NULL) {
1058 ret = ENOENT;
1059 goto error;
1060 }
1061
1062 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1063 if (ret)
1064 goto error;
1065
1066 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1067 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1068 (u_longlong_t)cb.cb_numattempted);
1069
1070 if (cb.cb_numfailed != 0) {
1071 ret = -1;
1072 goto error;
1073 }
1074
1075 zfs_close(zhp);
1076 return (0);
1077
1078 error:
1079 if (zhp != NULL)
1080 zfs_close(zhp);
1081 return (ret);
1082 }
1083
1084 int
zfs_crypto_load_key(zfs_handle_t * zhp,boolean_t noop,char * alt_keylocation)1085 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
1086 {
1087 int ret, attempts = 0;
1088 char errbuf[1024];
1089 uint64_t keystatus, iters = 0, salt = 0;
1090 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1091 char prop_keylocation[MAXNAMELEN];
1092 char prop_encroot[MAXNAMELEN];
1093 char *keylocation = NULL;
1094 uint8_t *key_material = NULL, *key_data = NULL;
1095 size_t key_material_len;
1096 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1097
1098 (void) snprintf(errbuf, sizeof (errbuf),
1099 dgettext(TEXT_DOMAIN, "Key load error"));
1100
1101 /* check that encryption is enabled for the pool */
1102 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1103 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1104 "Encryption feature not enabled."));
1105 ret = EINVAL;
1106 goto error;
1107 }
1108
1109 /* Fetch the keyformat. Check that the dataset is encrypted. */
1110 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1111 if (keyformat == ZFS_KEYFORMAT_NONE) {
1112 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1113 "'%s' is not encrypted."), zfs_get_name(zhp));
1114 ret = EINVAL;
1115 goto error;
1116 }
1117
1118 /*
1119 * Fetch the key location. Check that we are working with an
1120 * encryption root.
1121 */
1122 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1123 if (ret != 0) {
1124 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1125 "Failed to get encryption root for '%s'."),
1126 zfs_get_name(zhp));
1127 goto error;
1128 } else if (!is_encroot) {
1129 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1130 "Keys must be loaded for encryption root of '%s' (%s)."),
1131 zfs_get_name(zhp), prop_encroot);
1132 ret = EINVAL;
1133 goto error;
1134 }
1135
1136 /*
1137 * if the caller has elected to override the keylocation property
1138 * use that instead
1139 */
1140 if (alt_keylocation != NULL) {
1141 keylocation = alt_keylocation;
1142 } else {
1143 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1144 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1145 if (ret != 0) {
1146 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1147 "Failed to get keylocation for '%s'."),
1148 zfs_get_name(zhp));
1149 goto error;
1150 }
1151
1152 keylocation = prop_keylocation;
1153 }
1154
1155 /* check that the key is unloaded unless this is a noop */
1156 if (!noop) {
1157 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1158 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1159 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1160 "Key already loaded for '%s'."), zfs_get_name(zhp));
1161 ret = EEXIST;
1162 goto error;
1163 }
1164 }
1165
1166 /* passphrase formats require a salt and pbkdf2_iters property */
1167 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1168 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1169 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1170 }
1171
1172 try_again:
1173 /* fetching and deriving the key are correctable errors. set the flag */
1174 correctible = B_TRUE;
1175
1176 /* get key material from key format and location */
1177 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1178 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1179 &can_retry);
1180 if (ret != 0)
1181 goto error;
1182
1183 /* derive a key from the key material */
1184 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1185 key_material_len, salt, &key_data);
1186 if (ret != 0)
1187 goto error;
1188
1189 correctible = B_FALSE;
1190
1191 /* pass the wrapping key and noop flag to the ioctl */
1192 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1193 if (ret != 0) {
1194 switch (ret) {
1195 case EPERM:
1196 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1197 "Permission denied."));
1198 break;
1199 case EINVAL:
1200 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1201 "Invalid parameters provided for dataset %s."),
1202 zfs_get_name(zhp));
1203 break;
1204 case EEXIST:
1205 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1206 "Key already loaded for '%s'."), zfs_get_name(zhp));
1207 break;
1208 case EBUSY:
1209 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1210 "'%s' is busy."), zfs_get_name(zhp));
1211 break;
1212 case EACCES:
1213 correctible = B_TRUE;
1214 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1215 "Incorrect key provided for '%s'."),
1216 zfs_get_name(zhp));
1217 break;
1218 }
1219 goto error;
1220 }
1221
1222 free(key_material);
1223 free(key_data);
1224
1225 return (0);
1226
1227 error:
1228 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1229 if (key_material != NULL) {
1230 free(key_material);
1231 key_material = NULL;
1232 }
1233 if (key_data != NULL) {
1234 free(key_data);
1235 key_data = NULL;
1236 }
1237
1238 /*
1239 * Here we decide if it is ok to allow the user to retry entering their
1240 * key. The can_retry flag will be set if the user is entering their
1241 * key from an interactive prompt. The correctable flag will only be
1242 * set if an error that occurred could be corrected by retrying. Both
1243 * flags are needed to allow the user to attempt key entry again
1244 */
1245 attempts++;
1246 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1247 goto try_again;
1248
1249 return (ret);
1250 }
1251
1252 int
zfs_crypto_unload_key(zfs_handle_t * zhp)1253 zfs_crypto_unload_key(zfs_handle_t *zhp)
1254 {
1255 int ret;
1256 char errbuf[1024];
1257 char prop_encroot[MAXNAMELEN];
1258 uint64_t keystatus, keyformat;
1259 boolean_t is_encroot;
1260
1261 (void) snprintf(errbuf, sizeof (errbuf),
1262 dgettext(TEXT_DOMAIN, "Key unload error"));
1263
1264 /* check that encryption is enabled for the pool */
1265 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1266 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1267 "Encryption feature not enabled."));
1268 ret = EINVAL;
1269 goto error;
1270 }
1271
1272 /* Fetch the keyformat. Check that the dataset is encrypted. */
1273 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1274 if (keyformat == ZFS_KEYFORMAT_NONE) {
1275 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1276 "'%s' is not encrypted."), zfs_get_name(zhp));
1277 ret = EINVAL;
1278 goto error;
1279 }
1280
1281 /*
1282 * Fetch the key location. Check that we are working with an
1283 * encryption root.
1284 */
1285 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1286 if (ret != 0) {
1287 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1288 "Failed to get encryption root for '%s'."),
1289 zfs_get_name(zhp));
1290 goto error;
1291 } else if (!is_encroot) {
1292 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1293 "Keys must be unloaded for encryption root of '%s' (%s)."),
1294 zfs_get_name(zhp), prop_encroot);
1295 ret = EINVAL;
1296 goto error;
1297 }
1298
1299 /* check that the key is loaded */
1300 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1301 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1302 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1303 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1304 ret = EACCES;
1305 goto error;
1306 }
1307
1308 /* call the ioctl */
1309 ret = lzc_unload_key(zhp->zfs_name);
1310
1311 if (ret != 0) {
1312 switch (ret) {
1313 case EPERM:
1314 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1315 "Permission denied."));
1316 break;
1317 case EACCES:
1318 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1319 "Key already unloaded for '%s'."),
1320 zfs_get_name(zhp));
1321 break;
1322 case EBUSY:
1323 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1324 "'%s' is busy."), zfs_get_name(zhp));
1325 break;
1326 }
1327 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1328 }
1329
1330 return (ret);
1331
1332 error:
1333 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1334 return (ret);
1335 }
1336
1337 static int
zfs_crypto_verify_rewrap_nvlist(zfs_handle_t * zhp,nvlist_t * props,nvlist_t ** props_out,char * errbuf)1338 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1339 nvlist_t **props_out, char *errbuf)
1340 {
1341 int ret;
1342 nvpair_t *elem = NULL;
1343 zfs_prop_t prop;
1344 nvlist_t *new_props = NULL;
1345
1346 new_props = fnvlist_alloc();
1347
1348 /*
1349 * loop through all provided properties, we should only have
1350 * keyformat, keylocation and pbkdf2iters. The actual validation of
1351 * values is done by zfs_valid_proplist().
1352 */
1353 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1354 const char *propname = nvpair_name(elem);
1355 prop = zfs_name_to_prop(propname);
1356
1357 switch (prop) {
1358 case ZFS_PROP_PBKDF2_ITERS:
1359 case ZFS_PROP_KEYFORMAT:
1360 case ZFS_PROP_KEYLOCATION:
1361 break;
1362 default:
1363 ret = EINVAL;
1364 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1365 "Only keyformat, keylocation and pbkdf2iters may "
1366 "be set with this command."));
1367 goto error;
1368 }
1369 }
1370
1371 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1372 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1373 B_TRUE, errbuf);
1374 if (new_props == NULL) {
1375 ret = EINVAL;
1376 goto error;
1377 }
1378
1379 *props_out = new_props;
1380 return (0);
1381
1382 error:
1383 nvlist_free(new_props);
1384 *props_out = NULL;
1385 return (ret);
1386 }
1387
1388 int
zfs_crypto_rewrap(zfs_handle_t * zhp,nvlist_t * raw_props,boolean_t inheritkey)1389 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1390 {
1391 int ret;
1392 char errbuf[1024];
1393 boolean_t is_encroot;
1394 nvlist_t *props = NULL;
1395 uint8_t *wkeydata = NULL;
1396 uint_t wkeylen = 0;
1397 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1398 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1399 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1400 zfs_handle_t *pzhp = NULL;
1401 char *keylocation = NULL;
1402 char origin_name[MAXNAMELEN];
1403 char prop_keylocation[MAXNAMELEN];
1404 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1405
1406 (void) snprintf(errbuf, sizeof (errbuf),
1407 dgettext(TEXT_DOMAIN, "Key change error"));
1408
1409 /* check that encryption is enabled for the pool */
1410 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1411 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1412 "Encryption feature not enabled."));
1413 ret = EINVAL;
1414 goto error;
1415 }
1416
1417 /* get crypt from dataset */
1418 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1419 if (crypt == ZIO_CRYPT_OFF) {
1420 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1421 "Dataset not encrypted."));
1422 ret = EINVAL;
1423 goto error;
1424 }
1425
1426 /* get the encryption root of the dataset */
1427 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1428 if (ret != 0) {
1429 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1430 "Failed to get encryption root for '%s'."),
1431 zfs_get_name(zhp));
1432 goto error;
1433 }
1434
1435 /* Clones use their origin's key and cannot rewrap it */
1436 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1437 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1438 if (ret == 0 && strcmp(origin_name, "") != 0) {
1439 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1440 "Keys cannot be changed on clones."));
1441 ret = EINVAL;
1442 goto error;
1443 }
1444
1445 /*
1446 * If the user wants to use the inheritkey variant of this function
1447 * we don't need to collect any crypto arguments.
1448 */
1449 if (!inheritkey) {
1450 /* validate the provided properties */
1451 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1452 errbuf);
1453 if (ret != 0)
1454 goto error;
1455
1456 /*
1457 * Load keyformat and keylocation from the nvlist. Fetch from
1458 * the dataset properties if not specified.
1459 */
1460 (void) nvlist_lookup_uint64(props,
1461 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1462 (void) nvlist_lookup_string(props,
1463 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1464
1465 if (is_encroot) {
1466 /*
1467 * If this is already an encryption root, just keep
1468 * any properties not set by the user.
1469 */
1470 if (keyformat == ZFS_KEYFORMAT_NONE) {
1471 keyformat = zfs_prop_get_int(zhp,
1472 ZFS_PROP_KEYFORMAT);
1473 ret = nvlist_add_uint64(props,
1474 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1475 keyformat);
1476 if (ret != 0) {
1477 zfs_error_aux(zhp->zfs_hdl,
1478 dgettext(TEXT_DOMAIN, "Failed to "
1479 "get existing keyformat "
1480 "property."));
1481 goto error;
1482 }
1483 }
1484
1485 if (keylocation == NULL) {
1486 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1487 prop_keylocation, sizeof (prop_keylocation),
1488 NULL, NULL, 0, B_TRUE);
1489 if (ret != 0) {
1490 zfs_error_aux(zhp->zfs_hdl,
1491 dgettext(TEXT_DOMAIN, "Failed to "
1492 "get existing keylocation "
1493 "property."));
1494 goto error;
1495 }
1496
1497 keylocation = prop_keylocation;
1498 }
1499 } else {
1500 /* need a new key for non-encryption roots */
1501 if (keyformat == ZFS_KEYFORMAT_NONE) {
1502 ret = EINVAL;
1503 zfs_error_aux(zhp->zfs_hdl,
1504 dgettext(TEXT_DOMAIN, "Keyformat required "
1505 "for new encryption root."));
1506 goto error;
1507 }
1508
1509 /* default to prompt if no keylocation is specified */
1510 if (keylocation == NULL) {
1511 keylocation = "prompt";
1512 ret = nvlist_add_string(props,
1513 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1514 keylocation);
1515 if (ret != 0)
1516 goto error;
1517 }
1518 }
1519
1520 /* fetch the new wrapping key and associated properties */
1521 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1522 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1523 &wkeylen);
1524 if (ret != 0)
1525 goto error;
1526 } else {
1527 /* check that zhp is an encryption root */
1528 if (!is_encroot) {
1529 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1530 "Key inheritting can only be performed on "
1531 "encryption roots."));
1532 ret = EINVAL;
1533 goto error;
1534 }
1535
1536 /* get the parent's name */
1537 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1538 if (ret != 0) {
1539 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1540 "Root dataset cannot inherit key."));
1541 ret = EINVAL;
1542 goto error;
1543 }
1544
1545 /* get a handle to the parent */
1546 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1547 if (pzhp == NULL) {
1548 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1549 "Failed to lookup parent."));
1550 ret = ENOENT;
1551 goto error;
1552 }
1553
1554 /* parent must be encrypted */
1555 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1556 if (pcrypt == ZIO_CRYPT_OFF) {
1557 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1558 "Parent must be encrypted."));
1559 ret = EINVAL;
1560 goto error;
1561 }
1562
1563 /* check that the parent's key is loaded */
1564 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1565 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1566 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1567 "Parent key must be loaded."));
1568 ret = EACCES;
1569 goto error;
1570 }
1571 }
1572
1573 /* check that the key is loaded */
1574 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1575 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1576 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1577 "Key must be loaded."));
1578 ret = EACCES;
1579 goto error;
1580 }
1581
1582 /* call the ioctl */
1583 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1584 if (ret != 0) {
1585 switch (ret) {
1586 case EPERM:
1587 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1588 "Permission denied."));
1589 break;
1590 case EINVAL:
1591 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1592 "Invalid properties for key change."));
1593 break;
1594 case EACCES:
1595 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1596 "Key is not currently loaded."));
1597 break;
1598 }
1599 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1600 }
1601
1602 if (pzhp != NULL)
1603 zfs_close(pzhp);
1604 if (props != NULL)
1605 nvlist_free(props);
1606 if (wkeydata != NULL)
1607 free(wkeydata);
1608
1609 return (ret);
1610
1611 error:
1612 if (pzhp != NULL)
1613 zfs_close(pzhp);
1614 if (props != NULL)
1615 nvlist_free(props);
1616 if (wkeydata != NULL)
1617 free(wkeydata);
1618
1619 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1620 return (ret);
1621 }
1622