4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
20 #include <sys/zfs_context.h>
21 #include <sys/fs/zfs.h>
22 #include <sys/dsl_crypt.h>
27 #include <openssl/evp.h>
29 #include "libzfs_impl.h"
30 #include "zfeature_common.h"
33 * User keys are used to decrypt the master encryption keys of a dataset. This
34 * indirection allows a user to change his / her access key without having to
35 * re-encrypt the entire dataset. User keys can be provided in one of several
36 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
37 * are converted to binary and passed into the kernel. Password based keys are
38 * a bit more complicated. Passwords alone do not provide suitable entropy for
39 * encryption and may be too short or too long to be used. In order to derive
40 * a more appropriate key we use a PBKDF2 function. This function is designed
41 * to take a (relatively) long time to calculate in order to discourage
42 * attackers from guessing from a list of common passwords. PBKDF2 requires
43 * 2 additional parameters. The first is the number of iterations to run, which
44 * will ultimately determine how long it takes to derive the resulting key from
45 * the password. The second parameter is a salt that is randomly generated for
46 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
47 * attackers cannot reasonably generate a table of commonly known passwords to
48 * their output keys and expect it work for all past and future PBKDF2 users.
49 * We store the salt as a hidden property of the dataset (although it is
50 * technically ok if the salt is known to the attacker).
53 typedef enum key_locator {
59 #define MIN_PASSPHRASE_LEN 8
60 #define MAX_PASSPHRASE_LEN 512
61 #define MAX_KEY_PROMPT_ATTEMPTS 3
63 static int caught_interrupt;
66 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
69 ssize_t bytes_read = 0;
71 rand = open("/dev/urandom", O_RDONLY);
76 while (bytes_read < bytes) {
77 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
88 static zfs_keylocation_t
89 zfs_prop_parse_keylocation(const char *str)
91 if (strcmp("prompt", str) == 0)
92 return (ZFS_KEYLOCATION_PROMPT);
93 else if (strlen(str) > 8 && strncmp("file:///", str, 8) == 0)
94 return (ZFS_KEYLOCATION_URI);
96 return (ZFS_KEYLOCATION_NONE);
100 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
105 for (i = 0; i < hexlen; i += 2) {
106 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
111 ret = sscanf(&hex[i], "%02x", &c);
128 catch_signal(int sig)
130 caught_interrupt = sig;
134 get_format_prompt_string(zfs_keyformat_t format)
137 case ZFS_KEYFORMAT_RAW:
139 case ZFS_KEYFORMAT_HEX:
141 case ZFS_KEYFORMAT_PASSPHRASE:
142 return ("passphrase");
144 /* shouldn't happen */
150 get_key_material_raw(FILE *fd, const char *fsname, zfs_keyformat_t keyformat,
151 boolean_t again, boolean_t newkey, uint8_t **buf, size_t *len_out)
155 struct termios old_term, new_term;
156 struct sigaction act, osigint, osigtstp;
160 if (isatty(fileno(fd))) {
162 * handle SIGINT and ignore SIGSTP. This is necessary to
163 * restore the state of the terminal.
165 caught_interrupt = 0;
167 (void) sigemptyset(&act.sa_mask);
168 act.sa_handler = catch_signal;
170 (void) sigaction(SIGINT, &act, &osigint);
171 act.sa_handler = SIG_IGN;
172 (void) sigaction(SIGTSTP, &act, &osigtstp);
174 /* prompt for the key */
175 if (fsname != NULL) {
176 (void) printf("%s %s%s for '%s': ",
177 (again) ? "Re-enter" : "Enter",
178 (newkey) ? "new " : "",
179 get_format_prompt_string(keyformat), fsname);
181 (void) printf("%s %s%s: ",
182 (again) ? "Re-enter" : "Enter",
183 (newkey) ? "new " : "",
184 get_format_prompt_string(keyformat));
187 (void) fflush(stdout);
189 /* disable the terminal echo for key input */
190 (void) tcgetattr(fileno(fd), &old_term);
193 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
195 ret = tcsetattr(fileno(fd), TCSAFLUSH, &new_term);
203 /* read the key material */
204 if (keyformat != ZFS_KEYFORMAT_RAW) {
205 bytes = getline((char **)buf, &buflen, fd);
212 /* trim the ending newline if it exists */
213 if ((*buf)[bytes - 1] == '\n') {
214 (*buf)[bytes - 1] = '\0';
219 * Raw keys may have newline characters in them and so can't
220 * use getline(). Here we attempt to read 33 bytes so that we
221 * can properly check the key length (the file should only have
224 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (char));
230 bytes = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
232 /* size errors are handled by the calling function */
244 if (isatty(fileno(fd))) {
245 /* reset the teminal */
246 (void) tcsetattr(fileno(fd), TCSAFLUSH, &old_term);
247 (void) sigaction(SIGINT, &osigint, NULL);
248 (void) sigaction(SIGTSTP, &osigtstp, NULL);
250 /* if we caught a signal, re-throw it now */
251 if (caught_interrupt != 0) {
252 (void) kill(getpid(), caught_interrupt);
255 /* print the newline that was not echo'd */
264 * Attempts to fetch key material, no matter where it might live. The key
265 * material is allocated and returned in km_out. *can_retry_out will be set
266 * to B_TRUE if the user is providing the key material interactively, allowing
267 * for re-entry attempts.
270 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
271 zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
272 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
275 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
277 uint8_t *km = NULL, *km2 = NULL;
278 size_t kmlen, kmlen2;
279 boolean_t can_retry = B_FALSE;
281 /* verify and parse the keylocation */
282 keyloc = zfs_prop_parse_keylocation(keylocation);
284 /* open the appropriate file descriptor */
286 case ZFS_KEYLOCATION_PROMPT:
288 if (isatty(fileno(fd))) {
291 /* raw keys cannot be entered on the terminal */
292 if (keyformat == ZFS_KEYFORMAT_RAW) {
294 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
295 "Cannot enter raw keys on the terminal"));
300 case ZFS_KEYLOCATION_URI:
301 fd = fopen(&keylocation[7], "r");
305 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
306 "Failed to open key material file"));
312 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
313 "Invalid keylocation."));
317 /* fetch the key material into the buffer */
318 ret = get_key_material_raw(fd, fsname, keyformat, B_FALSE, newkey,
323 /* do basic validation of the key material */
325 case ZFS_KEYFORMAT_RAW:
326 /* verify the key length is correct */
327 if (kmlen < WRAPPING_KEY_LEN) {
329 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
330 "Raw key too short (expected %u)."),
335 if (kmlen > WRAPPING_KEY_LEN) {
337 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
338 "Raw key too long (expected %u)."),
343 case ZFS_KEYFORMAT_HEX:
344 /* verify the key length is correct */
345 if (kmlen < WRAPPING_KEY_LEN * 2) {
347 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
348 "Hex key too short (expected %u)."),
349 WRAPPING_KEY_LEN * 2);
353 if (kmlen > WRAPPING_KEY_LEN * 2) {
355 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
356 "Hex key too long (expected %u)."),
357 WRAPPING_KEY_LEN * 2);
361 /* check for invalid hex digits */
362 for (i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
363 if (!isxdigit((char)km[i])) {
365 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
366 "Invalid hex character detected."));
371 case ZFS_KEYFORMAT_PASSPHRASE:
372 /* verify the length is within bounds */
373 if (kmlen > MAX_PASSPHRASE_LEN) {
375 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
376 "Passphrase too long (max %u)."),
381 if (kmlen < MIN_PASSPHRASE_LEN) {
383 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
384 "Passphrase too short (min %u)."),
390 /* can't happen, checked above */
394 if (do_verify && isatty(fileno(fd))) {
395 ret = get_key_material_raw(fd, fsname, keyformat, B_TRUE,
396 newkey, &km2, &kmlen2);
400 if (kmlen2 != kmlen ||
401 (memcmp((char *)km, (char *)km2, kmlen) != 0)) {
403 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
404 "Provided keys do not match."));
417 if (can_retry_out != NULL)
418 *can_retry_out = can_retry;
429 if (fd != NULL && fd != stdin)
434 if (can_retry_out != NULL)
435 *can_retry_out = can_retry;
441 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
442 uint8_t *key_material, size_t key_material_len, uint64_t salt,
450 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
455 case ZFS_KEYFORMAT_RAW:
456 bcopy(key_material, key, WRAPPING_KEY_LEN);
458 case ZFS_KEYFORMAT_HEX:
459 ret = hex_key_to_raw((char *)key_material,
460 WRAPPING_KEY_LEN * 2, key);
462 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
463 "Invalid hex key provided."));
467 case ZFS_KEYFORMAT_PASSPHRASE:
470 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
471 strlen((char *)key_material), ((uint8_t *)&salt),
472 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
475 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
476 "Failed to generate key from passphrase."));
496 encryption_feature_is_enabled(zpool_handle_t *zph)
499 uint64_t feat_refcount;
501 /* check that features can be enabled */
502 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
503 < SPA_VERSION_FEATURES)
506 /* check for crypto feature */
507 features = zpool_get_features(zph);
508 if (!features || nvlist_lookup_uint64(features,
509 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
510 &feat_refcount) != 0)
517 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
518 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
519 char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
522 uint64_t iters = 0, salt = 0;
523 uint8_t *key_material = NULL;
524 size_t key_material_len = 0;
525 uint8_t *key_data = NULL;
526 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
528 /* get key material from keyformat and keylocation */
529 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
530 fsname, &key_material, &key_material_len, NULL);
534 /* passphrase formats require a salt and pbkdf2 iters property */
535 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
536 /* always generate a new salt */
537 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
538 if (ret != sizeof (uint64_t)) {
539 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
540 "Failed to generate salt."));
544 ret = nvlist_add_uint64(props,
545 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
547 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
548 "Failed to add salt to properties."));
553 * If not otherwise specified, use the default number of
554 * pbkdf2 iterations. If specified, we have already checked
555 * that the given value is greater than MIN_PBKDF2_ITERATIONS
556 * during zfs_valid_proplist().
558 ret = nvlist_lookup_uint64(props,
559 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
561 iters = DEFAULT_PBKDF2_ITERATIONS;
562 ret = nvlist_add_uint64(props,
563 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
566 } else if (ret != 0) {
567 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
568 "Failed to get pbkdf2 iterations."));
572 /* check that pbkdf2iters was not specified by the user */
573 ret = nvlist_lookup_uint64(props,
574 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
577 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
578 "Cannot specify pbkdf2iters with a non-passphrase "
584 /* derive a key from the key material */
585 ret = derive_key(hdl, keyformat, iters, key_material, key_material_len,
592 *wkeydata = key_data;
593 *wkeylen = WRAPPING_KEY_LEN;
597 if (key_material != NULL)
599 if (key_data != NULL)
608 proplist_has_encryption_props(nvlist_t *props)
614 ret = nvlist_lookup_uint64(props,
615 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
616 if (ret == 0 && intval != ZIO_CRYPT_OFF)
619 ret = nvlist_lookup_string(props,
620 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
621 if (ret == 0 && strcmp(strval, "none") != 0)
624 ret = nvlist_lookup_uint64(props,
625 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
629 ret = nvlist_lookup_uint64(props,
630 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
638 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
642 char prop_encroot[MAXNAMELEN];
644 /* if the dataset isn't encrypted, just return */
645 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
646 *is_encroot = B_FALSE;
652 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
653 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
655 *is_encroot = B_FALSE;
661 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
663 strcpy(buf, prop_encroot);
669 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
670 nvlist_t *pool_props, uint8_t **wkeydata_out, uint_t *wkeylen_out)
674 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
675 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
676 char *keylocation = NULL;
677 zfs_handle_t *pzhp = NULL;
678 uint8_t *wkeydata = NULL;
680 boolean_t local_crypt = B_TRUE;
682 (void) snprintf(errbuf, sizeof (errbuf),
683 dgettext(TEXT_DOMAIN, "Encryption create error"));
685 /* lookup crypt from props */
686 ret = nvlist_lookup_uint64(props,
687 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
689 local_crypt = B_FALSE;
691 /* lookup key location and format from props */
692 (void) nvlist_lookup_uint64(props,
693 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
694 (void) nvlist_lookup_string(props,
695 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
697 if (parent_name != NULL) {
698 /* get a reference to parent dataset */
699 pzhp = make_dataset_handle(hdl, parent_name);
702 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
703 "Failed to lookup parent."));
707 /* Lookup parent's crypt */
708 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
710 /* Params require the encryption feature */
711 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
712 if (proplist_has_encryption_props(props)) {
714 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
715 "Encryption feature not enabled."));
724 * special case for root dataset where encryption feature
725 * feature won't be on disk yet
727 if (!nvlist_exists(pool_props, "feature@encryption")) {
728 if (proplist_has_encryption_props(props)) {
730 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
731 "Encryption feature not enabled."));
739 pcrypt = ZIO_CRYPT_OFF;
742 /* Check for encryption being explicitly truned off */
743 if (crypt == ZIO_CRYPT_OFF && pcrypt != ZIO_CRYPT_OFF) {
745 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
746 "Invalid encryption value. Dataset must be encrypted."));
750 /* Get the inherited encryption property if we don't have it locally */
755 * At this point crypt should be the actual encryption value. If
756 * encryption is off just verify that no encryption properties have
757 * been specified and return.
759 if (crypt == ZIO_CRYPT_OFF) {
760 if (proplist_has_encryption_props(props)) {
762 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
763 "Encryption must be turned on to set encryption "
773 * If we have a parent crypt it is valid to specify encryption alone.
774 * This will result in a child that is encrypted with the chosen
775 * encryption suite that will also inherit the parent's key. If
776 * the parent is not encrypted we need an encryption suite provided.
778 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
779 keyformat == ZFS_KEYFORMAT_NONE) {
781 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
782 "Keyformat required for new encryption root."));
787 * Specifying a keylocation implies this will be a new encryption root.
788 * Check that a keyformat is also specified.
790 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
792 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
793 "Keyformat required for new encryption root."));
797 /* default to prompt if no keylocation is specified */
798 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
799 keylocation = "prompt";
800 ret = nvlist_add_string(props,
801 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
807 * If a local key is provided, this dataset will be a new
808 * encryption root. Populate the encryption params.
810 if (keylocation != NULL) {
811 ret = populate_create_encryption_params_nvlists(hdl, NULL,
812 B_FALSE, keyformat, keylocation, props, &wkeydata,
821 *wkeydata_out = wkeydata;
822 *wkeylen_out = wkeylen;
828 if (wkeydata != NULL)
831 *wkeydata_out = NULL;
837 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
838 char *parent_name, nvlist_t *props)
842 zfs_handle_t *pzhp = NULL;
843 uint64_t pcrypt, ocrypt;
845 (void) snprintf(errbuf, sizeof (errbuf),
846 dgettext(TEXT_DOMAIN, "Encryption clone error"));
849 * No encryption properties should be specified. They will all be
850 * inherited from the origin dataset.
852 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
853 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
854 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
855 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
857 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
858 "Encryption properties must inherit from origin dataset."));
862 /* get a reference to parent dataset, should never be NULL */
863 pzhp = make_dataset_handle(hdl, parent_name);
865 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
866 "Failed to lookup parent."));
870 /* Lookup parent's crypt */
871 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
872 ocrypt = zfs_prop_get_int(origin_zhp, ZFS_PROP_ENCRYPTION);
874 /* all children of encrypted parents must be encrypted */
875 if (pcrypt != ZIO_CRYPT_OFF && ocrypt == ZIO_CRYPT_OFF) {
877 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
878 "Cannot create unencrypted clone as a child "
879 "of encrypted parent."));
892 typedef struct loadkeys_cbdata {
893 uint64_t cb_numfailed;
894 uint64_t cb_numattempted;
898 load_keys_cb(zfs_handle_t *zhp, void *arg)
901 boolean_t is_encroot;
902 loadkey_cbdata_t *cb = arg;
903 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
905 /* only attempt to load keys for encryption roots */
906 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
907 if (ret != 0 || !is_encroot)
910 /* don't attempt to load already loaded keys */
911 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
914 /* Attempt to load the key. Record status in cb. */
915 cb->cb_numattempted++;
917 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
922 (void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
925 /* always return 0, since this function is best effort */
930 * This function is best effort. It attempts to load all the keys for the given
931 * filesystem and all of its children.
934 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
937 zfs_handle_t *zhp = NULL;
938 loadkey_cbdata_t cb = { 0 };
940 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
946 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
950 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
951 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
952 (u_longlong_t)cb.cb_numattempted);
954 if (cb.cb_numfailed != 0) {
969 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
971 int ret, attempts = 0;
973 uint64_t keystatus, iters = 0, salt = 0;
974 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
975 char prop_keylocation[MAXNAMELEN];
976 char prop_encroot[MAXNAMELEN];
977 char *keylocation = NULL;
978 uint8_t *key_material = NULL, *key_data = NULL;
979 size_t key_material_len;
980 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
982 (void) snprintf(errbuf, sizeof (errbuf),
983 dgettext(TEXT_DOMAIN, "Key load error"));
985 /* check that encryption is enabled for the pool */
986 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
987 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
988 "Encryption feature not enabled."));
993 /* Fetch the keyformat. Check that the dataset is encrypted. */
994 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
995 if (keyformat == ZFS_KEYFORMAT_NONE) {
996 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
997 "'%s' is not encrypted."), zfs_get_name(zhp));
1003 * Fetch the key location. Check that we are working with an
1006 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1008 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1009 "Failed to get encryption root for '%s'."),
1012 } else if (!is_encroot) {
1013 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1014 "Keys must be loaded for encryption root of '%s' (%s)."),
1015 zfs_get_name(zhp), prop_encroot);
1021 * if the caller has elected to override the keylocation property
1024 if (alt_keylocation != NULL) {
1025 keylocation = alt_keylocation;
1027 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1028 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1030 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1031 "Failed to get keylocation for '%s'."),
1036 keylocation = prop_keylocation;
1039 /* check that the key is unloaded unless this is a noop */
1041 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1042 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1043 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1044 "Key already loaded for '%s'."), zfs_get_name(zhp));
1050 /* passphrase formats require a salt and pbkdf2_iters property */
1051 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1052 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1053 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1057 /* fetching and deriving the key are correctable errors. set the flag */
1058 correctible = B_TRUE;
1060 /* get key material from key format and location */
1061 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1062 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1067 /* derive a key from the key material */
1068 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1069 key_material_len, salt, &key_data);
1073 correctible = B_FALSE;
1075 /* pass the wrapping key and noop flag to the ioctl */
1076 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1080 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1081 "Permission denied."));
1084 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1085 "Invalid parameters provided for dataset %s."),
1089 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1090 "Key already loaded for '%s'."), zfs_get_name(zhp));
1093 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1094 "'%s' is busy."), zfs_get_name(zhp));
1097 correctible = B_TRUE;
1098 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1099 "Incorrect key provided for '%s'."),
1112 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1113 if (key_material != NULL) {
1115 key_material = NULL;
1117 if (key_data != NULL) {
1123 * Here we decide if it is ok to allow the user to retry entering their
1124 * key. The can_retry flag will be set if the user is entering their
1125 * key from an interactive prompt. The correctable flag will only be
1126 * set if an error that occurred could be corrected by retrying. Both
1127 * flags are needed to allow the user to attempt key entry again
1130 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1137 zfs_crypto_unload_key(zfs_handle_t *zhp)
1141 char prop_encroot[MAXNAMELEN];
1142 uint64_t keystatus, keyformat;
1143 boolean_t is_encroot;
1145 (void) snprintf(errbuf, sizeof (errbuf),
1146 dgettext(TEXT_DOMAIN, "Key unload error"));
1148 /* check that encryption is enabled for the pool */
1149 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1150 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1151 "Encryption feature not enabled."));
1156 /* Fetch the keyformat. Check that the dataset is encrypted. */
1157 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1158 if (keyformat == ZFS_KEYFORMAT_NONE) {
1159 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1160 "'%s' is not encrypted."), zfs_get_name(zhp));
1166 * Fetch the key location. Check that we are working with an
1169 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1171 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1172 "Failed to get encryption root for '%s'."),
1175 } else if (!is_encroot) {
1176 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1177 "Keys must be unloaded for encryption root of '%s' (%s)."),
1178 zfs_get_name(zhp), prop_encroot);
1183 /* check that the key is loaded */
1184 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1185 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1186 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1187 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1192 /* call the ioctl */
1193 ret = lzc_unload_key(zhp->zfs_name);
1198 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1199 "Permission denied."));
1202 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1203 "Key already unloaded for '%s'."),
1207 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1208 "'%s' is busy."), zfs_get_name(zhp));
1211 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1217 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1222 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1223 nvlist_t **props_out, char *errbuf)
1226 nvpair_t *elem = NULL;
1228 nvlist_t *new_props = NULL;
1230 new_props = fnvlist_alloc();
1233 * loop through all provided properties, we should only have
1234 * keyformat, keylocation and pbkdf2iters. The actual validation of
1235 * values is done by zfs_valid_proplist().
1237 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1238 const char *propname = nvpair_name(elem);
1239 prop = zfs_name_to_prop(propname);
1242 case ZFS_PROP_PBKDF2_ITERS:
1243 case ZFS_PROP_KEYFORMAT:
1244 case ZFS_PROP_KEYLOCATION:
1248 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1249 "Only keyformat, keylocation and pbkdf2iters may "
1250 "be set with this command."));
1255 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1256 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1258 if (new_props == NULL) {
1263 *props_out = new_props;
1267 nvlist_free(new_props);
1273 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1277 boolean_t is_encroot;
1278 nvlist_t *props = NULL;
1279 uint8_t *wkeydata = NULL;
1281 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1282 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1283 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1284 zfs_handle_t *pzhp = NULL;
1285 char *keylocation = NULL;
1286 char origin_name[MAXNAMELEN];
1287 char prop_keylocation[MAXNAMELEN];
1288 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1290 (void) snprintf(errbuf, sizeof (errbuf),
1291 dgettext(TEXT_DOMAIN, "Key change error"));
1293 /* check that encryption is enabled for the pool */
1294 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1295 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1296 "Encryption feature not enabled."));
1301 /* get crypt from dataset */
1302 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1303 if (crypt == ZIO_CRYPT_OFF) {
1304 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1305 "Dataset not encrypted."));
1310 /* get the encryption root of the dataset */
1311 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1313 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1314 "Failed to get encryption root for '%s'."),
1319 /* Clones use their origin's key and cannot rewrap it */
1320 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1321 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1322 if (ret == 0 && strcmp(origin_name, "") != 0) {
1323 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1324 "Keys cannot be changed on clones."));
1330 * If the user wants to use the inheritkey variant of this function
1331 * we don't need to collect any crypto arguments.
1334 /* validate the provided properties */
1335 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1341 * Load keyformat and keylocation from the nvlist. Fetch from
1342 * the dataset properties if not specified.
1344 (void) nvlist_lookup_uint64(props,
1345 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1346 (void) nvlist_lookup_string(props,
1347 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1351 * If this is already an ecryption root, just keep
1352 * any properties not set by the user.
1354 if (keyformat == ZFS_KEYFORMAT_NONE) {
1355 keyformat = zfs_prop_get_int(zhp,
1356 ZFS_PROP_KEYFORMAT);
1357 ret = nvlist_add_uint64(props,
1358 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1361 zfs_error_aux(zhp->zfs_hdl,
1362 dgettext(TEXT_DOMAIN, "Failed to "
1363 "get existing keyformat "
1369 if (keylocation == NULL) {
1370 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1371 prop_keylocation, sizeof (prop_keylocation),
1372 NULL, NULL, 0, B_TRUE);
1374 zfs_error_aux(zhp->zfs_hdl,
1375 dgettext(TEXT_DOMAIN, "Failed to "
1376 "get existing keylocation "
1381 keylocation = prop_keylocation;
1384 /* need a new key for non-encryption roots */
1385 if (keyformat == ZFS_KEYFORMAT_NONE) {
1387 zfs_error_aux(zhp->zfs_hdl,
1388 dgettext(TEXT_DOMAIN, "Keyformat required "
1389 "for new encryption root."));
1393 /* default to prompt if no keylocation is specified */
1394 if (keylocation == NULL) {
1395 keylocation = "prompt";
1396 ret = nvlist_add_string(props,
1397 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1404 /* fetch the new wrapping key and associated properties */
1405 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1406 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1411 /* check that zhp is an encryption root */
1413 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1414 "Key inheritting can only be performed on "
1415 "encryption roots."));
1420 /* get the parent's name */
1421 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1423 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1424 "Root dataset cannot inherit key."));
1429 /* get a handle to the parent */
1430 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1432 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1433 "Failed to lookup parent."));
1438 /* parent must be encrypted */
1439 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1440 if (pcrypt == ZIO_CRYPT_OFF) {
1441 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1442 "Parent must be encrypted."));
1447 /* check that the parent's key is loaded */
1448 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1449 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1450 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1451 "Parent key must be loaded."));
1457 /* check that the key is loaded */
1458 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1459 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1460 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1461 "Key must be loaded."));
1466 /* call the ioctl */
1467 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1471 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1472 "Permission denied."));
1475 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1476 "Invalid properties for key change."));
1479 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1480 "Key is not currently loaded."));
1483 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1490 if (wkeydata != NULL)
1500 if (wkeydata != NULL)
1503 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);